sssd-dbus-2.9.4-1.el8 >  H   ?PTeQE U]T>9 6%B'I[e / M*8SMpp$QPc<%dcz1q zP_aSE!Q]hnQ;)@H.튅MoBe:!}e=&B]\ Ѫ_)\M<QyX-\d%X!&nYѥ\}$S$4[&Eu]YlERF 'e Ց8$#^iO>1㭷߅t-wkZ0JɊSK_ҙdq ۬p\_kZArmU$Q s!y=J%2J;׼OTXWޥUEO/!ΦpMu@:0x a[?L:\Q$Geq\i =ktyǼ:٦'tFU,8!#(̘ã\I[~LB z Ŵژ285d54a8b99dc2367fe66c91a32566900fcb8e67099845f3e698b1ded7ae6729388f9bf044cff3d9b1860537045b95200f28e72c0302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023032094617a8d1fa0d45128e02723bb672a2da6b0bb377c1bb1e4e7b8f9b3fc6e6c9b11580c7e0a68e8e5f2aff6af02b6a023100fa646f7c12acc150289373797e1e19022aff6c8b2fa1338a280445b3b9ccbbda877cf35a7c42f29978ab5cbcd5680f0d0302047c435bb500683066023100c64fb3b48d9992f2163ac67777ca99c173674b2f42c1f15e68aa37f23028938d1d389cc889b2ee9fa1ae5ec953a5cdf5023100df3624b6338130d0f44895eaa9de87cde14f9d39a89e1c13579fe3b4347dfa785e8c74fa8caf64d7ae642122028b9b800302047c435bb500673065023100b70254c419bb9826097d77cde518ff97ec2903e4a4b2723fe86666b95c4fecce23819235a5f1968d6355e5301253b25702307ea15e845e35703e7abbb3abb98a4c0a5f381f9a2bd2c4b64265a69ceba165b689d2416a89611e576bcc58c2924e38e90302047c435bb500683066023100cb16f1a2069d2d7bf916eb40af766aead9461d1bd5d0c8f2d7fc1a858e35f8529a212d15d39627dcead2253bac1df9970231009c11213808b1a993811990bf674aa1babd738d8704cca38d266f626a18094c98c5fcdfdce8eae062f7d144914bfda8880302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb50066306402301e1c632c69bc2b3acc8290a4bef5602abfda9a0def7a10712cd98a27ad0a26588b90d5e8ec4139694b816e72688d768402301256a96fbc006757e447f3c1c02daf7da865c47168f75ff2c4a8b66e406772266323bfafcd97cefb75c3ab8b6dfa79810302047c435bb500673065023100c874ca817a84f9cd10d3d72b1d8b7f0ff5891cd4b0ac38d8a92c2b8369a692ae887c43ff0dc12d8df41385678b9e948502302d1e61187fcbccd10a0efbad58a9ff15196d1b0ace93e4a4f5de3f63f19a78cf7158de2e1e6557309ee0c6f720baf64d0302047c435bb5006730650230542dcd665caf6644b86bc4c0df60046e271cbc764504b4e44b727fc686b445a8e4c8c5abb6e9cd6d9c11800f285641ee023100b0379afd6ddc778871afceb1bb750e159a4f48d247a3cd2a6bcfb8c4a86d3341b0458a96817be14b91e66abcf06a9a2d0302047c435bb500673065023100a5ca66e97f6e2a98a0d1e60e31d02c75b9be28e56c59ee36dfe6ea52932ec6d29076c606bd363d36eb0d1528da8b4c540230177d2c02f2db36186bafb80e71f35800d74ec179a8af73b7c045b2c3663f36321ae066470ae404cd345e4a3333f8c69b0302047c435bb500683066023100ce4491c567a0affe9b1f8f012003455e2d169bfe33407f39bf1a59f14d21534665ad706604a7b269c9a42b9c5094d636023100d38dcfb1657df369575656b42f2ca8ae640ada9b61252570edb9b39d11e6127fd2d7b52582929db40cbe7fc399a71e12eQD U]NF0Y]4h!˕~`MW҆ڛei9޳Xբz=1ҟ:v:vř lN8MȜEJD,nl[swXR5I~"l+k%*kIN.syzU LRVǀƷظu ^{67B:M%Фo:t4_S0uiJuI¶e jfI;>x8%hykVS d2F֕P$4;t9 #Qhg;0/D8:u0Ђ^rղ4}D]IAj,%Q/Ђ4&g!E:!W|kwL Ƴ2Qm9B*Ȩ3ltxAXü`B4?$d   8 ,IOVm $  <  T       4 p  66 6( i8 p9<:gz>?@G H, I\ XpYx\ ] ^ bd eflt0 u` vw x y(+ Csssd-dbus2.9.41.el8The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.ex86-04.stream.rdu2.redhat.comwCentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxx86_64 if [ $1 -eq 1 ] ; then # Initial installation systemctl --no-reload preset sssd-ifp.service &>/dev/null || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable --now sssd-ifp.service &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service &>/dev/null || : fi%KA  7A큤A큤eee_eae[e[ee+eVeUeVeV09f028cd5ad8b15e0d13531d362fd4f515952a830f6c821442cb3f901cf292a95e1ad0208837c5420c320499fe7893c74e86b41de318e1bdb22c5a88da1e3f8c614bda7917c82f59b9e4db0155423adbe3c2f1e3c4361c8fb7fd4d1dae5a9e364601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9035257ebc67788c65aaff87eb593fdd3bbaf9e617d9787ea3696b0ea4467a8fd0494006da27f6e40a22d66c83cb4fa486765f5a58b41243385f3e2f0bee14a45ca4774ac7d3cb56b52fdba80ebb21f20bf15b9f30e153ec3c2c25cce3d127d3b3ba889d9ad834caa74ff8e4a49a14aba19aa4a24e61371d0f2ff14b0bfa429aac9../../../../usr/libexec/sssd/sssd_ifprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.4-1.el8.src.rpmsssd-dbussssd-dbus(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.28)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libifp_iface.so()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.15.0)(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsystemdsystemdsystemd3.0.4-14.6.0-14.0-15.2-12.9.4-1.el84.14.3e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh rusvuk2.9.4-1.el82.9.4-1.el8 .build-id8b7b3a59f6cf757f5b9c4b511c8e8991063819sssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.serviceorg.freedesktop.sssd.infopipe.confsssd-dbusCOPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/usr/lib//usr/lib/.build-id/9c//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/dbus-1/system.d//usr/share/licenses//usr/share/licenses/sssd-dbus//usr/share/man/man5//usr/share/man/ru/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnudirectoryASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=9c8b7b3a59f6cf757f5b9c4b511c8e8991063819, strippedXML 1.0 document, ASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)+R(R$R RRRR*R+RR&RR RRRRR"RRRRR'RRRRR RRRRR R#RR R!RR)R%R R,RR0utf-87ada8a31f2e266f50f8c79eee78622b549d32204a77012827c64188fc42142be?7zXZ !#,] b2u jӫ`(y//cBe5ngt<hqy[uCKV%%UAKi,]"1RP㿤B. q[P4@\1RФlvpO3zu'_rRLߍ)\ c;K0ʩ!L` ܘ9 hIT[†>d1pw.V  4O:'۟-!d:o@j>E.ero\Ok0sj ﰀ'ÂOdO[qHw>ʷi%jQd$ 07˜+ 7"*9@%?t+~р3L@7NgЍTjȎL%Q~ /æ6M?6F-ȵ3ѶH#((fb+Ck Xpʾ͒ɬ2O!<UBv$=/9:ǖG/шD&~[W ͜Ղ1L*sX?,f1dŒ.to by z4b"m٠gs{u rV:;YLHva(%&^~tGoŭm ʫU"5YN2Hk%I L})1癱$]IjY|vq.WJ=wf*Ƈ-kC~-vg֠yĥ[dn!h҂'߻3X_y ?\%HMm!hU|b=Z+z| Fyj,Uԫb15.|]+yNUrݨSkAl:JW`Kl_wA9[Uj@CsCŽ,VY?#=e+ SMv(:S Nooa*{/|%8WmtI6 չ{߽u2ҷɰȜdOvrl򞅲 =y/5#!A שYOcA 3o?~X4۴v-PW/dm*I T $L1!vN6vio"f.h387]hvD$:D _* $Q{W֠i)z^~ ù_ U .([Bʸjŝ7}IY%Q0eq{hʪ㋡w8w FG[JOvZb QQ-0y%BK +")1+{_%ʉxL lUK{ RUn|緰e[ؔވ tĴ^xi2 ^da#8Ƚwছ {(agDZcy[dxO F8q:LȶDFȬ8c7 ̀.&`QevZbxϣ'8{r K}R9D~6Pq]ƀ?9&H1z/fs!ESY08c$Omok" Y'8|Oa沶$펯|=Hz۟ hx%ɘ鴈 daۣzࢵ˄) <<5 FT ^b=aۄ/mߏߋq&q7QtY ~oL k X,|Dĵ@Y`'"оK{g=בO9O!YXA!wlå?ms[J2me4Z=y&L[ŃY3{ 9d:8s9aʹrRI 7ƍS@س3,jwXӌu ҥaChhlN&SWk-,{sR1ͨ)D'y{DV~bNjPeK +oB\C߈БLtKQԂIM(9?m.}h}ld7x: q酔AsMoQpb;X/ K># s |jBT}%Uc#s0|VK~(ZrJֱ]E)\~@ Q?>L`cbzGn~5(Bm*~ԻE;u) 'H3iѫi'L}Lp*t] P>52LhANДςu|_HL~'-1e򥙣OX'B܎ï$}mI .V:\!%[>И(٦%xf)T޷OQnMW\ P!hAݸeRUe0dt/ZāyA6o lGHqmMWGN _~W4B 0AR* PL!E-xPhHAd@Q[sCnb^<,g@Tj #Y3?Jo扭^Ꝣxf>&ECJ'*0FpwJu>4ImC㹐ʱNdU m2KٰXF/J,Ӄӷ.nM ^bleݲ쉿{VZ4(G09#iԒ_T!/ +7|k8!"JILhzL*VtКڌX°62r?\CgוWzU,i {d8$WmGbqq =QG&' f~\ԗ;oXm$B^UX Ytk fk Usp`Q`͚jf7U)ڟqg#íΎ4y ?C[zCo~ޠo0աs  V8rRwIC4eZ1A?.N,9ڙEc(JVkŏæ.rTB7Y|Cx'7$ᎂ-z) qfhlp畎7d$V/{;*5Ib=njl[n+uGy+~.uy8! 䮠E?1sdX~r0Л3|WbX:шwH{M=$\@ tlZe?9JpKR +шSw%o%Մ 7ieiґE/(Q?eMzǀR[.ȯ_ljP11$?S"⵹^;QjUQM`ᲦE&rF -?r oZjAƙsj[3 Ho 6eHƵ ;cjz_LB{"?#)EtVeX$qZ(Oƪ:,JT/wߓ,NzC9KY >XWC'܀B93! N&vC&}p rّ"װH`2y)Aw̐'Α1$≅ -$XDN֑?E?LHc{5FsPG'713Yʷc9sSɜ , Fr{_:Mx%h}VmC݆DR46`,;\x; /l̇•2[T;9Y p1QJ17?< W(>spj jo f"հ$JLUjl;'pD@'hiiv#2^!xG <|2e%)g~Ņ@V DL^C1Ǚ66PQO6։-B])^ DaLek@(RVڟ :ZN` {P{ݏ&''T}q`R Gp6Cu$]6n}?4 4~ԧXèf(|>V.`\Hښvڕ5-IeHVZNjǯAouan?Lkif~ {;!sܥPA١嵄dk<,Ӻ8]{Ƀl|n_YgB9aK[hj̦xIa,S}mCwuնgcFUG'$ڀĭ ڈGDp")8蟸Ip{^>UJ= w=X1Y$I2C֢J %4o-6k3$"Pc9jKq.a 2k>k 0. vGl6ʄgƾ#"xd")'gpYiqV??Ōo}lK)hȑCR]wT|$> $Jylb3u|Eq5,7 9h&fb [N՞_`$*{GX@h քVk< RٶAy^n a(7t^{ 2 SF~x.{G]FH=f]T' sxU IΑ Z@`>mQU] XC98Yu5pf.*!;|eu5 ?Gu+c'g!so%+sQ8O >KeL3 qF>遅0yADJ.Ppު=m V 8Wv"6ۓy@}MyMe1vo$\l(JlQ=℄aIS |hR,gDv~3!&^us[6cp6B򷪜q_1a rɃ.{E@JeR 4 xy^&(gu"b=~X)uµQʔr qP(si<#[0q)&ŕ ^@ŷܫ橒MP ͩXOfx~d4r|8%SowȓDMC.l)3c"hTg;w[?tvESGPޙ)HgOtxL2tLrVΘxOţZ`vt=K]SP?Lv>A/2zc/b(sbtVc<}M] =spՌ]PΓSFwM@^^Cv$*nxh-=0jf__h븇{U "j-zB SDSrkǨ( 촔9xy?*K`n0CWc/`9lD`^mq1ŕX)Tiiؓ7i89~&;0L|nm urZ鵕 }289v|!Iov! H6E;)R9EZN5%ȎM0/o‘)Ͻ>Pٽ *8 Gz^~.yiP՝ # ણ}PֹgY)ҙ;wIR:@xV w@#0t\Mv \χXL"G(ߥ#42z?@E]SjC+[xvu}3S,nx]"-rw0TД`,`sH?UlyO +hfK#RFJkUyDuB b˗`<|0`C^c؆6kYmm\-G+ WzlQg\W۲9_OjCix&l2^ՙ)F>s{_n4/(c~p ) (ZmUGS.%.lM#;Qx+F1gJ8~0UD1 k'R⒂&&r؀͇vְDg4įRt! ee'T96w?{tXhs[ĭ |v#8m]6Z"s=li{2\ɨ?6D_􅪦lKW)*X#Aw] }K1*0Tʶ%Y8JiJqǟ*@s rn6 U'N2ۭtlMcNM޵%U)J^ Ttgx>|,^NטЯaM&C p-[^+\g~A AؿEoAQdDa{i!6̕Ep1,gpT83M8X~Ge*?W&IxpbEPbfb%JD`ju"|Kݲ属DC}ǹyY.-;h!gzk4Ao GHdlp~n^KQW(j䄅Dלg K% r'SVP/m;V9Q;7m*ۤ5qOSu4BWQԬeŒj=?5n}h{8|voj>#E߿e=hCFPq ?NBk&o-˒N9)&o;Y( ui5y/"~P'V=b?X䫯X+}G!)CQ_ZtVԆe(S^zLATRp:Wmyh;mt(} /$rUvAR|;,9B/}Kb+j~*d%I28XYzUyNe;zƿY2 ,E[ᆄ1]9J@ru\I"W>#,[2: C+%HH)Nwd<@Ck1jgdú9^1keDdLwSI\𿵩)f$)Ii!`?tE +6/WR9JTbd4I^xTBt>Bބs;%abS""N:Pl.Dݩ IZqZzQӌ.-^irC6h_20z̐NVA{#fY[VVY矦fw4z޵~g{z؎ {1it|kkRs~˂r݄C30ؗ<,+l]@jc07$E9%[J!IѤn3n*?G3/JDҹU1m&%[ξ b`6??y\N[Np'SX頀""y+ eL&`טŧwlS7Q Mĝ"(- tu a3b s ,] I;F2@lO:m2eZ &̦b3QivK͋>ˮ~{bLۆ?WHԿ &FNQ!Ȧ`V| :rc(|j  3sX+9F4|ᨌ?kio־ < 7:&#?#6j+&VO?$\/֘)'Hl;;W^1Mւj)Ry՜Otmb]/pb#$ QژWPѼ/@Orsy>;B-͒} 8BV=e%M0k?yBSϦrC0(*p[ÔU⛃ 'e+wuo?5 r| `/9xjemL<{HL :8Mc'PG"-?GNw0A[\]U&FC+pd+P҆T~ ^| D&A\*o/J]#S=7ю!Řpvu>ZՔEvSPue{h^dȘנiH9b=lXsQsTS5 s$F.5TevsWy* =ȲlIzpg&E8t>yȘ*8^Gͥ6le2x)TdR~2NN-le ڃpA'i[i\ MPv4O86)Rja҃z=vX M"\1&lZnh`s(qFB4IRmwrC9&KP}ImGTw?@0/ 31܋tY۬s1npsma)e~L")\KiU8s/R5U_+ʂ7Ѐwdeܹ녆t5s^ o5p0":CN İD/؟{؂[f?+;P`o~|=k#X<l.~cE(|}0֫ @jX=Nuq:3ΩmixzWDHF)oZ$ !̓tlLj m\tGXq8g&W۠> .y϶Al/Uaݩ9h].L?q_g9?L9i>x> 34 4?OhE,ƝmZqvqPx]C8'>;pygY 4܍ߖ>`z5CӰlª;\?oKpTd^V3|g$ b`N⃪hw mO!Bg0#Bx~ƢT]ZYR}Wn bHk< ei;] ~E8I0z@V+ h)Qi}Ff܊D[˺}g O5OD=_[nEi,`RRiiϏKqe`=7ƌERӠ? p430O]ѐ3BhD_ɖ@){G"ɘd xQ~ 2()LfWmjz~#XpGSxNOrں [}ן)d GV0vIܦGRA=kx9 5 Ȣe-Ǫzumzު; Ұy i1#WyvN ɮ/u FoㆶE1Hm&2OIG[bGJt=~(O<EQj^CA6&=[-j_zE˱,:Z܊B1W2 b斥fi /m|r/ލ@ ޾+c Iw3 # "9 R0{b2sɴu6!0P:,JrADVo) -֡v> &m{+_fq7UO"+n'oo6),O!`i Eө- \yYTd7B܏D6Siںa޾l;QQZ&6,+9&'b^1H]cA!*oEna-(rgkkX#8(gO}+#!!/XuK_a4jq%Ztn]1,H6XǴ00i?nzY|zS+Mw3%~p>N$?+FDߨ;-C4pW$֮TI6(! x|xI/N$e vuO wFҫ9g5a47ၛ4[F㠊Ȱ[Ӻ{DVa-,E%zYxd +TV&kV1d3Ǹk^GF7IϮϾJXuQJ/n>3dOG:KzK=lF=A\ēUmgi3yP,hk@&-aY%DV . N/PzO(s+Cd y08C)=&o/SS2^,"\!aǦ]uTHEX!i9]pGLՈ3E'3ch)Of,U>ѴX_ay@9'hcU9מ"׼mOjĈpKIyY !b4Sg: \IliD2 ўENZ{S(j2B_"OTxAX&XFy"fBT}j;ݞ~`{X[W-%Y1MU-aM:- C5`a}74;!Ax݄Ɋ檱\Qm 5+|x`ͽ q  @hīUJFA$J(~bi-r⎧pis'hZx\75>y`7Y\,i*Bz+ Г}RiBm1Ư$ .;i1נz`O#+ & 82_݉& S];gų?*Y(blQ NB"fΣZZp q~/^DŽIyGO|[W0茓>?^0MZl>,Le :sm=Y3tS܀z7^`;Nfh2~E6LǺduPyE=j%ot4Fj݊ƥGz:Aǎ<[B uT&yR"Zfł6 18ofPT橂MJKKƤUo{Oy\* E \ȖU춱H@%2U}*PɅPduw;x_<,Oҽp+oլ +"0B}% ۲L1$hy-Y75D)N@ؼGw{S ms{NʷJ; QPy_22AX?@ TkߏiMBJ:!kۻ>QZ ?nJ +/lW,dJpٔЧu~ĒΤLsB^oTTs r%G1TKWPkWC/H?> :PV1c vK,K {CVjW0O,J/<؀ȑǨSqc=>ȍ-Uݮk`A rخ=l2U!vvnTR5문97+顈>oѪe4ΐ7iު$㤭#Ӆ-t z^i4O=MiTC\ OO(uOV`p %h7@sƞHuo`0נKSqoy;<d.8ͧBN~Vtc/5HE]k#=C^Ap78DJEM6YfjXây{:]F! M/ alvt%4 u=4mppD$7M)} &IϟkXgŚ륤mIlU=Y9jk-o38Svx4rY\os#D$$BdEEݼxYL1kI_43P ߿T9 ߎMss:@,>-u`~J9вj\sd1JE%)1* U=pck߸cUno*feL>WeYSf2dg2DS:_1ic@”0NHKw'SdJW?ك HN38^߉nվא@#2G$1xLoFtX%͙O4k߰{:B c W{  [f˿ǻ`M,YLgu!U,pxQ:yb1i!dճ{j|!vdD8®gMFOGU4cr(X3>,GW< tQ–Y}΂?䭧}}IJd*G=kLpUFA!$cdf=&9-ܠ\Н¢jN׀FÀ.-g8<[yH/ E pfs8 S%BK3lcu\/_'"YMRs g sr)D9Ifz?#gE8S,::}\ yo6paB_ocJ*`Uw'C OGڝL51)ég6sΏ#T9DL3fd{`iR FFCMgtdgzX1"ڑV:R.ݡ(eX<ܿ^\> ٯ9qjbӅ(ϲe|E"Єř8tr:[23BiZS1szb  u"ՎM{RYD`Y2\ѰVዃnP%X ^Ϻ49PFFi%ti^mF}vnMy+IT+}xl+X.\ņ-4kܴA5LkCQpF̺S0^yVRE!]ԡ[I(}*-zkh-% 0 ,1eՄD%Wr[G}؃8c\(*sԦLu?#B({>2ueECj"'oбC*v0@%9}'"n2j_'sVTA{P5,xΨ[R/MEˎv R)Ǥ8pg~ĉI^ ݮѩ/1u3O#"gs仧,b{u3s%iE˃lVZ#5dC#fBzyBXڸx%ξfw}#o nA)9AѵI1 ,T[QϰB;Y]EfM.S7_6@نR%Ivj+aqi'J]a'D{t{D@+Ld2xzp:?YF^3¤&'XA~9(r5/.<(01'gӏiI\9025li!'Tdܺ$ ΍ DmKK3W)jϗst%N򛠨ۡLx,/r8?U\(W ^*0{R䡕6|fFt<7V.4&eUjGu I\$6:`I>du!5VwH[*z  I+>\(REBi_1=`OW }Mp}+g!o]2(Oר*Zi%-IEhe%$B6 3DNr_ bȲ}:W.YyHhAsaK{`|C2oRfW%ٺZɤqk(!R`0()@oI yϕ"UTl)k!uIajHDG;(f`.<C2zܜgw4ނ)0wũ슫j'1>2NJ :'iCz}Cą4"7 XH߲~z]Ꮳ46+a XW,^mi!X2V;=|{e4S*XU&v6B:_Ă50XNH-SkSGg}۶\z5Gb Xy:+ܭrTPczQ9V]w54Lŧ&?s:\lUm܆&l1P[t, Xv Tt&hJ^> GyN;A פGNU]Ěha(~d0n{BAQMpeikA%Ec7Touƽ uoՊ%5}gzvn2&-羏[P$TR#-2c9ԪJ;'8r ([Ya߁.x(\,FXYvB0[gQ]gyW[Y1""<>Ĕ t[o5׎{fVܘȃz.u,!,RWɺf֒+%rNR#\q딛 %;G-$$X+1<ۮNKxp C=i= LsdcVS;!!6=*Qq2oEOMX^t`&;IBFX#n92 B*61-HYrxZ[JX}/ȆWha ׌vCJTb ~ -Pȹ4l8 R Tt-шr$ea%V`V;OuqF%#U)0V{eq\MaN?!g3 s0Aᴁ#?[3go$ d&"1%]!  v!Z]׾k/`yn+'l9}4Z^[3'&}pCz(}@g:[dY/37cγ`[c?˕`2N1@47uH:\I)3`;^TYZpl(M^;46 Lm)sUқCD1nCԙK]w]7|hJ#W䵇n^H p-[- rz =5sx[<Ŧ9{4;&=ZV4 Y_Ch<]Je}*TY,$# \ݧA'LcāZ>y^'{MOh}dQ twk,)K%^!*s xNFA lGlh #q&'lA2Y4Si2IŌ2",%[/AbPZYQQr$_v7kK˸~B$iblgrt{kT\t>Fg+`SWjBZUn-c䔌#5-AͽZ]y܀tʻה|!'SSзA(:/'0*ɴݰxm䖾xJLꋺœ?^;3=}PA~?mhkE\血dExcMh+=ۦ|: @KCйML5wbw\r!ɿM[VbPr7nqlCmԋ̚xrѼUM 4L`)n ٨r;wF-9ߏ6hk6 !D0\ 膻Ӥ3+]Bt@Zp\i 61<E;7gR}adHei}Fd?nh[5H}\A(e o9{RN g`!0&^"@+M27u"wR qͩ{0I0 ({Zk]yՁ!Oɑka{lg,Z6~Qum'l'/yd`C6PC:x5&<(Tr[`¿ L_X# ɖYQ&77m.J7;U"tSe߆݃™1X~ej5AdLzWpsVZ(i ,қb4tR8Q^" DMy1p8V џԏp"X/m +&)R3w$Z7mQ\lXD "+ւ8%d(kus 'snskJnZ2aY]/\x|ᜒc 6%V'3Cb)7{E,$6`b#7>s]]}eOQy|JnTPm^?Bqo aX,1M+ (UJ]}b˂1y5CL JǴ(XT/ hͮyD=;A,'Ғ6jv$D&ܙ:Dˆ#\S0|+}ܕʂޞdZwuUUx7CkD~m l$;^Lֺu'σ;N`f;$v*xW ϼ&41^08LyXi hprk:Sc>1b}L?V KO{q #:|B "#[]Ci{ OD|uUjx=ʚj9"tg\zgxrF>3D.S@h?cԝ>7=2idĞXa7(wna.?#6a=oyu}jԳKVf"JW:[%r6r@i؂u|\_B~돬aN% w'&)KLTH^fdK1FZXcO Qd3OzhKI2 wdl&pyCۢH_ Bgx(қdYw;&$(nv+ 吼8Tb `:n^x SlH>_NGZ7\0e?@{,zH-h|( ^Bi ,"Xx;1H>wZfYہJ9@NZO9g1mGmxN(K8M}0+Jp+4/MAgbq@|mO͊]EE[\Slէ'55>iǿ1KIŃA^˻ɻvvOQwxB4bUa00ťH#&V*8œ&d@? ph~T Iƻh)5D xg9)4%]M;?kGMڶatGnP(9U?Դ p ѹKK\ta%Y]5 FB;yxY*BH ܐcÅ4)""g7[GnOftB~(;75z(FsW|Qo.Oӣas(,au1.e߈p0MGb~O@lJ:e*iKVnROx%T房.HՉi<'NVhr7;~ LmxN) .lRГf=8 01G5?~&EH_%;+{&oA )*@hEtŬf|oJ~GN7Dxqc춠PINJ8UwedX rOXh( Uk%ouZz<8bS#M.e~^MX6*jՀ],[ .II`ed&.W)WFQܹiulhM  utR}OL ԁ// G *2/؊Wj'K̮{h>$z۳poZi4[AmYx!#-vU(ծ<0?&ҟ sL_WIM883c[,C^Uy$}MG&Ȋm۩_8P9?'S5xO?"ujN)].ѼQ`T#* vT^Yw8fǝ*V$_YBad$Zc6U) Pq#}̸|S*6}t)#ngml]ɝpf,&~X)hm[M?sBz\S_޵&k7(;֍r@dkNF9:TEՉ!UNܟ}:,bn1')!,̠@Jt$ԁu@-/ %&*m" :bC]h9AANЎvzW-ƲBlꐙZM Naxs AK;UՐG^}Z%gQ? Z27. *mGsFHڇW~AR uE֒YQ+KnN}= wv4B"Y[$! :bĐEçHct^c"@EuXR7tYI~{=Y V<z3|P9vڧF^sJQ*"Vx./[bXpTq%dž=}xIq%+H])6ށXu9׌(? ؐ0Je؞j ")Q ʪ#z Z:b8˄ٖMiLB绊 Bz K탪bbmU4k׼90ɔ֯ꪟm^×$R5Xma5  PKZH*y*xwU-HUq*CW`#T>jfQBBJ5>*drcx&pGvHg+Y|t|>M tfjL/&(DGؿ*~3KVCy\jQGif[[b(Q|X~n=c&pY&fH:_Nj:J<Ԉ։^P6IG?'0 .] cN츽QQr?J}yokp4긦%MJB;Ylٻ="98 ,Qvl:lFTn%Y7{ 6e"jx5;M%@!]4q$Nit=N-zmE"[s3U TG|ҨDL]I[Wʸ· @Ļe(X d&= *8n}੻.6tz~;:L*]|%-Q'o*֣Y?f̢3ctɊԟTR_fIJBbkcl88U%!5Fo Ev\Mq@Oa/N]1l&}ٌR$Pܞ3'|^M z(W! "i R0۪+\кL~5myM;`+/x!1Ewгi+|UXbW7t}%?c0`]61SuYpsRQ/2M pMaˇ$} $BFḐSbo#; ({6OE8-<{XK?!{.F(tAgl:,د1ΰ!<5E3Ջ؂ZNNRj6bL4hC9?U41oB{H ,2UԪ.DtXI^ʘ8>rm!!u)yw|X,47ӹ܌=x;YqId_=&mf ;>Au:,L5P[jy@n$W (['*ľ:GԤVCk{y_;Wff&'ɩD1_9^T۾)V% Z}2v>RM5-!9y='E x蔀87!\PRkU(^+B3Ȗv3rS~@AwPOٗJg7kmb+I옉Iʢ> V.q-HOY7s2vYhٓ 7FHL~ʱx./Ar0Q5jaEBax8Ky>h_ LJLMɿƔ 'xV8@HX5|՗N=AX6'jMr ?؊5S^6nfj;Y%e,)(w3 ?'`NrpWA7HT5󷍞5*6Rj案7 ѺC+"zAqJdM7RXe7"2^]KC3 骉Z GxkEׅ,M w>L @PաoRds)VRԣTKD] 6ߌ2\/2:@'><\1)"]zxD:O($i=[vb=- ĨHTHSi⾀&-֔1~C!݅8A{0e]#=BxBNSy) wS_n´ bVʿ𷠘F)#q]?_Mc148v7AI[A/gQbo5lzFG5A3/mp}3A\jӚVwҐ"}ᠩ;ԗ,OFuBTϢ)`]޺06uR}a1SE#O@I#=YZvfΙ=Y^dzO]-rYLQ {6%ks H<}V㺃\H xfn ;N.(>Gq6(i\U5J xn; gYRnLw{/jf}ur{pN wC0"Hw4c 27|Żq7|(_ m7i2vy؃~&l*N>|kƞ.2w.)m#Ot? ]FzJ!8 EjqU ޻:'Pg&qASnJ6:J t8u"Sr߯^6iaFW}cf\% 3%UC G8h'O#KA9l/,rY$"WTQ(rP$oa)xkOMЗ"H!hXo濺2)7wY(hbPYb| Ug Ѯ~2m~' gUh K&cM5 tt.:0nU.GPcI#816@ s$yA؎$zWW~50q<E|z[c2B؆$vװkn x ]\I\^ Xu3OꞂQCoj]_dpHZHdm\f5yg'Pˍlns,2Y4aLΏĎ˄ { 7m F[ݓbvS[\q%.x: ɞU+7$n5 d פ]EWgN݈F8=rZ&XcYeMy)UL<-CtE/ bH u[iBZs(mtxE] kODe'yleW6VS•{T-T KIQPE`7%UZL𓨵ԋ#<&@ UgCsΰKFVtRvD@,#Ѵ?Kj&%U㇛ ̣qZnr?C8='Stҵ~DO*|u[0{RX2<̶CԤ*Ӄ4ztSm")raUwΎܩ r S|FiBa4'iPkA4谿,uӷ4ad&{;_Pb}t'\Լ̄O$Fv↖z4ƅGk8COv(xS8Q[$#g=G^t59/RX'^ ^i#a)Ů0 (8_Vh1WzPͰpeZE+^+q:2D'[f q_ 6B.(@,*=ߥ7 p) Rnw72pqR-:;}x ڇY 9/gR۝EZ^nAkf9hGv9Z>(K N0ixk"ķUn:F&?:ypFW.Q;BO9ϺArס\F;h-db@%pRѲIbvæ).)lDTWܺR`WV &?v`7|wY;SN^ RH%^hqsh6/+3 ~\2eҖk"ItHcNG(y\s%Ydx7.Vt.hLR^J -9?eoy.||h+C 8L:=}f,$τ*1&mE > \4C-] ~r4G i7ͺXʽB0T&^c^P- UR -MD4zɣ$_^E-!i%(LXuزHSD6Ì^t]{*E!]׮ݦf(~8On/94| ^'ywqkO-gEs6ЧWu3t0^[W5IVSIcݹ[t 0 9(INiYylC6kϞ 2Oo-H"2}#hK>41t)rCt$xn(]cO%ao6gZﮆ2W:cqhB+D(h 1dn#WvFص >8-w}2(Gux\ڭ#C-gdt qVr4eu~|BcRL\,l=ؓub^ cicOY7#_+짴?ڼ:8Sג;}໣DF0cjye0iU_Ue,#kKk7 n Ut_{30oR` RB^Ȧ{9͖laؾ%LS)T76v/벽YDsyg 1p[SC'ľy睎zHa*%c$ʪ*-¯֧tAH< <8E2;sg7?*ği뷲H7b _#bFnI)Ls*3H[Է Ӂ}qkkG@67FtύW_wQ`9<,K>:J݆Z p$}TpfHMϴ>nkZbI4 O޷9ɭ7}ל:6Cֳ4O%$gw 3ݼiy{F е P%wU⯑;pA2$`2?=#^E }Lx.aYM+<^_j%B )E"XU*U>-H,t 8^WXˊ虍d1% KR<8M0ʋ[,cޚ[p:Ci>Eguwwd!3a.TZu)'KUqk6o0id)U [>=Cn JAC.vU=~F-36_0#yRX]^FR>M c3;4#}j=Ca PVy+.DH2ہj|8bBB[%Ezz^8  <jI4hG.M?pl[2ﹷ;+]SnO||`@c@pW^YC<@m/DkB wˀn!3U5@"De$ϩ d&IV͎͡ {l2Yx iNIqay!ʛG!qAnک7L~=Tϒ3 tNچ`vjs!*T5Ţ8sRLU0 Ga7q "ķtc,PRm6/Xڙzy^M;~@zʂ''p$/`B-jEF ,ͿR߫Nқ'6@"ǰt ؅/үn YW(aB8MHD7]_Wuv+J`26jۛ(QY=iY~"+6I#'< ?vgҬL)¬(WVRu9o֠T?Wm{Cs=' .CC̃ pzښƈ_#±=;Ide,A)>liYF zSOV)rO;TNY"p¸hqQ#s[*U~7\v:q%dǧ6g„wf34,r2J?Ht'Jfpgc|V $Ck45 ú?j rDdE SЋ eVկc#0ʂi:>tm*O{ 2t$#Rʶe-Wg9B;-7 b{zJoϴ $&FH NHa {cE^tZ/l92pId=[J" ;֝O Y;^ l=W8*wSLV#: O)&,~ZdO0 %Z1i a1toW~|#Ўr!Ir\]o 'DiV)qJXb;tkU[UB,Dw4DZO*?(U=rSKi~WLmi؀z=_%jl)Bœ%记&iC9``).a6ʕL&YPSy՞D|x: i0ưuqø䫌CĿyT%@<'h aa)o {7d nҋt/0K퓢p#|!ݹ vҊ!1Qm/wʌ̄a?80*ЕB*qŠ81֦u"JC^v0ovЬxXt1J_^TH,ac!6͸邬@jyzCa:}JYmd?ԱRC;>g~U|6Xf$kA; L( {biy Р  ̐vxpd +Oa-1CE!BTGQ s(7^ѝ9ڲgq?u(Yى[mS*;\haɻ'Q8>>\OvΤ6 2A4$2\`F!ȃvS_{l~;YUe<^] f! ܉iGV7 xU,NY C\W(mI.޿q;8 O /u4WJ]Ξ\GE)t;۰ilׅ ˝a+&;Br:%AԿT7*w |;Dh83 pœ;'FJx$tb' Y-ONuSG~`'/kgfw##xZ7)Gj-|i*Vē{F޶";a\GSOb 2vv2:Qӕ>̨udnqa9)G%p9 `rӠIT̏G j-zd]6ٷ8 ~]1!R@988cq9ҲM`"0(z Nw[J-%l!wU\Y6J/ M"6FѭXݴ Ý#θtϐEH$!PlYF}ͬUN.-F9p[5KD\򎏻5'%p)\J<eR,3;a9;%b"]+RB~RqF D Z ̭Fqei u'ߡK_yM4;D\o5m *L.EE` r V})"%gPOMVK!E> 8_udսٕrh1Zg/l$(DtKqWpl΂D3*.TBȃ|ZXTsИ~+72}D k3ib `L\H*P?Fi<]KOA{,RkKNj\<2'/1VEx}݅JcF'叆\aH2f?Y>QaG8~1uF<  &FmT+;j6סH@[YI3$i,q 6$]: lY} ӈ]]FΌXY%K%߷1b=CQPioBH %;ö]0Q{'KAqg*;M*0W`F~.p+~o' ^8E8>`UvpSHd_/TJL]h,u6V~) ǟ7a /8f :~F'LX;d,0pW^, |7t2K:AX)uVFVx:VѽriOMڐkDz%x6Ky g͘g X\/A Ecxfb˘X g6 kYMW#R&M"w_RF c㢖0W:9%}EN@w]$б@i_ΣI*y4@ AJD:+lD3Nl ]8FB<)Mӯ: mK!>;XJ#~1iꔠM~t5"D Kzz0?5>6> DsJmX`Agmeڱfԥ&jd=<tcZU9%)XSGڢ]jXq[,R%yݍãMqϩ]G]Dt7W7{UKKf2$}od[;$YH 'b D@QX)9T3H iy*ʅQ|CyrD3HUR?^J;''^:L G#L|~+#Y~xV>0h耦 GuڛQ0xmc‰If:]>!ycS Ǡ]2y !|erAaN8@_ܰ>RmЏ#CrMr,H,tGq?m\NI#$us^n8fV$-ښ֮h'<IVgemdF!0N9Rӊ+r:a3xNSvm?҆1|\Ʌ QD^sn`I1ӊ涂FfQdRz( ]@y0vw6@sSxn`x.q*Y{_ϩ[ ׀ST0B # ~X^ulq ) Oyr6Yk7\ Rk&ZK)CK𯟻LgG]YTCѦ{Ն?>^tESZKs͉ݺRauyeZRDi t=}l9Sygv5D-.2?|DMU7ɯ^-?r̉{<[k;Xw:\1/y mJV%5J83FTG2 7q]AZ&{Ow4P^P9S@hx<+H_AI.!v4ոE%pUz3WCb/u@b8(G'P"a!(Njpչa=' ARw 8t\?y;6\Vh܁VuH؃D>Aڱ]k\#Q'}a0~RlH'(*WՒzjh/bfSH6]"lMC:"M9s[S=~!ߵXIhεmi48/}_"`CU2SgalSeb攭H|1h(JȕUa6BJ]ԇ^I}u.uQ#JݔZIʪ #YtncX cu$qe xjfWw <1/vA= F[EDP_R>|*]Æ"'źڒ MyU>DBPNq_ k1x >YB\/1\VBx|vk#󝢐/aFe4|yUS D9 U%GEi `*Ԣcs7$ `U'(À7:u XL21KHgu hbϭw*fek )j,?DúB 5pZHȍC~ !GC Z0F&,C<)Ʈ3϶RtQܧ " BA_9BvE0uIL5Qޯ02^< IgKsAZQEKo~ß+đ\6vU Q#Jt9.y~ k/K3؍ Q$$T Sӝh(CTN ,^#v,2d 805nSkRT Kiei-5*?E(?8"(G Ά`CU_~~K'8ʱ˭k1j).UAlw~]פ~\)4kŬpGCx,n/H-{HDbh+jrzPKVũqE´ x J6 -zb !KLyB|-stZYI5bbr6Q]-0Ll^93+]Ci/I`b˚Ua8hj[LD\X$p1[ث@b69lrf5tOc=9$҂.x;ͮE~qq2h1My`'ҩ=nI`ݻ/@nMg8"yc""K|U8ub%?c*@&gK[vpfTq^,ˤWS ÞTIϬ[%Rc@8פfif ve~ e/Jqy.2>Faɛ9SH[,KSIʚDl2|H;(S߰.*їR2(_E GV?[%%1AIsʔ"&}„йnCGV$GXiDu ;>(P8C@@jS?%(ؼ]~^\Y7)JԈC A/>9|m?"7&jm]|֐$3VѻwiyDo\QBC bck63"+1"I}SӞc{ 98ri0YrenDD:İW |>8W xK_t`Ի_]d~2 l}V+ @ S AcaPs5DTsX8$ys,ցQ=_{RD]M&+q^mr:oa i_*SK--ZpۅzɅeECv*3$"EM@zi.ʣreHh&"+=:MP?WUW<-Ef真.٧GDM^[ѥ577be,7͘*~j,kWm&״Ŏ֫chѝfA]@ sˍ7@mCo:9c䲧-ǶRp V|MbGkاSPpW9y)&VpY`-Ft45vqR2Z9 5ʂaMh3x_Ku]Ļ[&p|&!Ԥ &mFK.Nr\EjN1Av2Is׹qCs0\Sj-i逘G⍪EsW({j9?4R4&Zφԕk"xWT 8Ɉ14EsqX8]m/"û|wMYwmh8rFN%~AH[Mɩ8O2hYQ>ޤ; $)Kb>÷zM:A!umZ ~a٤Xgg $9s.DII+$d=;Ի{9P0ff< .P@[ʂ42݁|}Κ1Zb綋,yFd}[[-)>؞X2ؗwEe3S =Ab Oi Gqܳ6W'k){Hl|σfd̩ ̆)&-javeHz;;8 Y}fA3Sw t4]=Fu9 'sl}~jV/e#_ e 0Ėz؄KʓMT4A +)DԹm{A <,䖨@}u;㽏 .L70Ժt\GGa.eWX2]Hk%Cԙ#!]9A3.ɚGM+pBo9=ͭQ@zZFtV0YX0'}J{AI2JWAmpvHc#*BtH' Q0m#a(mtߚ0T-)UTxXqYZg7 Xu47B o'w$mƎڰ 30?'bWpn`nӽ*en5Ɋiq3OFb}|xmuL6 Dku6nGxC)+}iOCI,ܿlq%@|ŷ旖dh# HȮJY?Sxg^=&k;r@7r& Ea"oTW4 7bӓ P`ePdP[GmGղ Y{|Z5e,$f!`i:@%H :(kh'MᖽEJ8fYAK֩!ƚS5ZӄcD8.$h+>o"vO焇u(tvlɜ4i`Ezeo˕ABiHˎ/h USP(EX.Թ1rI}d@◀[L\50,D^9R(0}tRi?1zrJotbyll#2rMcN)/F@j F8nU_tC.u0NJ}$*gjyqeh[;6{ &e=xm(n]K +R}vVGvPt k{[ZcJyGne5&+GhǠBI`j0m$U]uȂcg>cĘh. ߟވCS[bTo4/;Z/6tIvABȱHEK+=dQ]y<#-FIB5f,MuSKSx -AHݷbNɴяis,l Kg\?J_}b2Zh*q}gw <>]vGD>C G慘^1Ay@v +[!xn!'wo` ]otY`R#\6yVPBr5+sy:IC(b? k1$sr`= ~*E A<HFKf#HY!Y6Fu,ǽ ){1!Cl9%T;ĉ=[g{/X1ȇ <պEh+ FNKcyMHq@C͸2HWr,oqSM4$B|Xgd"wM(˴Wn["Fq.yO(c: [*,%bvyGNI 4={fymN ӇXA* Nq^lHd٥sh/_`kPn"[8\~~yh;dN&YÉϛuwA R.38H}x3r'zk[+C0[arhͨdf^J{<˻]|6]GSLjԯs O 됹kZY#gp 5'k]`븵N{2ld;yޯ1gB^J8tEy#2h?uVO/EL O~{b( #+?s #iiR̉{{.BTX+ ]$"X/rPOh~}_G֨?lx]x M߄O4[GU|<͠Š/_#LMߔd >!MDa8| .~,jl :9b+-U`s YJ|PFJ5k:zU] 4+b%DKfk'W' oD2ۗP?{Jxu^i_SY+zM6:5lit#AM{nN']OGuH`&O{HP2 {\t n/')Sf??"(zc/v !a8.#YTyz!߯wg};J{N/^YY#X MNFo+\=> Ћ|HTGok j|`6SE2=jо&E#H)0qVDNGf_|; 55I7Kȕi,#튠(JwqȷO">xt%kQ sqq2{[Cz/~gIХBU +? YO D*"6qDC-v)s KT'ߥin~xVK h1Ľ#';oF&{"ueUeKzy 3꘵ 4C/b ?vש)m  O7kC xV<"qso>W/L3pvQ>M;F.SS% G )o';W_M<905._Q/NS?+z9 $ {$`]R;r-7fGtk7u"|{(:5=ڔt9cdXY֨ ߸'Ch9W>8Xf,AAY##\i?b?:ev^`T;j(F  ėbuI5e:PԛŊ%:38FL,$.O.y~]uQT,Ԗ߂9(8GhAte`㴾)Wt9P\Àc_ "9kD@݇9Z'XeBd).]O] w9OЊTTvs-@m$L絼UDW'Va՗DPۺMk% *ܝ[X}Jp@,ZSfI~*s|Zv*N,;ap_feŔEsP[rs6JXV*wg%҈*si.6z5D<.r֔WRj7xv7x,`mt4SGS8Mi #JEx)]m]g,Cf;}>s ҃7!{{%>2sg~Ә0jd 8R̟ s!}kKT:0猪\"[s6wxrfdTRAꁒZmE* 7 _K"$^ 63 閧lMe2!IwѵQK9%'fhmhi w{6τNy)|3lt\ R [ >dZ'O^dE}K Ѭsqnb$=s DϡqP.И8nbޕHo:di8)% /;\gcT?D 50G`9`u{li¿ȀH;}m[)w> t;$ Q$ iK|]Fd.ub GTk,! .O@]PYؠm&ЫPzOcfcWQQIuŶj}b*\&$nU:eޙՒMusNm#Le?q՚E'&UJT8 g=qG1N .Z(sH}q(6SKKqj#nuW\#DHKJ6{):Σ(w%gmS{ GAIx~^JUD$6!wn(9"3d\n qmԶF8B%ȋfz "Bd|_$O4p3S@Ys\(S7Y=UzT5Fql;ͯ  T=„ $ /x`=nUY/;d.praXOf=jx,cݖo\ _4S*(ߤ8G_UA%ɶ`?HWȾRVǞR[0+|W#B4Dҧ 3I5@(e+T<6Tp Nm"ZՍo!-Ń,$}c0^lIIAmQۡ;g!s0_Y-:t I j)6Ūw{9WEX!<5H`}:w[\iY^{3jG5UwcXkj]c`44 T]zjf'ՐC+Rs__M/L=Z'nKJsR N!Q?Rzx, z{$)hoF\>Js)V^?K+v9Њ`d9s+~eI2c?/b`Kھ0` +FpdybGˮG&}j Ӣ2I\KYd!Cݑ1=RVC_Lj}:n9! AiJYx͂@9f[S1KE$ +l%T/mJ!qЇ;$DTk\ѫ" Q{@%κglOd֘ͿH]v%IE>,[X/4\5\@Ij4b^ r-_J7yЌ#pP.p ?a I D(I}bǭ$f#1mRNB,ilaY"2@MWHDumzLyhgژ!5ޝ+-2*x>]6AE00ׅP3sO"X[)$$Wk f[e÷ThJ }IlfS6 ^/#1^./I=Wim?CcL֘A>2J妠u}˯rF-c,=c.zIhԧdѴ "TY+|/Gbn s&aW!'h:4?Di7D~]IEjp@3`[Dy{b3',=S#bnc'p%Oѐ9F),_%_7Ib$uMêˁҷ;5fhŕL[Ia,4uΣ! GF_p| "ۤ&Z E0 `lӇא"_Ӊ5GdPL96M޳CW)LXDѯOO@"{T ,1(uV~ ׯ |vv vl6ƒ;-@ww<%e I50#b/Ó_-2\~Z\:@+7JilFְ-lQe7+Tg)oH7z^..ԣ>=kP䨄Ҩ@xNw5F' ݓfUDTly"wb+"(dI=nv ~!Q7$m!lA2w4Ird:\84%RMmt`Aż1L vrFGCP^R %P=; BCf\#s1Tp%W"S j}y>Q\›ZJ-M rgܺK!> K$vSUg|x[/,{](m-q|*5ݠ{4xy=⟴dOdj` -L֏Z"VN`>tBazK%;7!*5&ʼR)[ FW/Ϻ@&t2EzڥsL[-m!nF`""VHyz17ۻr1\$'gTSݦ%?S6%^delj%A!Vl|ʀe EZV=%5ҵ'bg)Ȣ2-tT7MJCBEذn /ZJg.5"wc.G(O%3g⤳}hȄd'ᮇ)o,[Wz=([~E)C ( nWCAJI:xbd˴] LOͿ$!F.QCv_Si#mcHE;7d1AJlRtsnwY R7ĨNks+q%XGc=j >L1*d~kVI!Lo8ۜ7`e)], V%|k$@y |2q\>aXf:>#Fcmư˕/99!8ЄBe8o uHlA)=?qE P zd VgV~w=i?Ϯ!MeuiL1!6PH쇏\OE.X} 7[.Kk# 3z[ފO%`Z*ӧML#ri|&4mP֗(Aеq}pCGj \aܤb~@+-TYwhaB겜c._8 =XAY3 A@EcO+88A}Y(V"@ ָztڎyF=>AdlT b5"k$U$9].J"Z{6QRwOT&N}(FW~h1 rCn<48@rWǖM^bys²1rN!m6EʁjCl/w#l}l-|A4,v/ gv3Ju`GIt6'CFZ< ;h§(+Un|+Nnc=^?]7'O%=1XKDQj5vrI.U:[P0@ 0Qa&aN@쯰SZz]8Cˠ< ݝwzVU n_ iHfn5u!0Z O眒X8j9W)!IF"IHlxZkd!A Tk5'T#?P* W'McZJ̝#}7c1h+ʇ:+.IŠυuL`\aR* AL&j (kGbEFO)EA M~!ͨD$w]Y IzC8L |#]DQL1W.yDZD~7K XS_d,G,,N<`hv.M1ja&u~l9-!?kmG*S>DwȼC†!&:TqwYd":J}˶Xl49 [;%kT> y߆lO,7ܲ{Xុ$ZU>Fد:fCv} twL 0*|^~}wpadK,Y>`߿Ϋ{4orJA":La:u gEtLa=4"qGܢ> ҕ9$.G$A {^KE]3ՔW˺ZZʸ: Ud|iAĔd-+ ?^HЯ{'PR ǒLkpG <ǐVͣeʛpl0H i-CCYUMX ah}.u;6@DЖe*lyK270|' HgpR/a7?H~-mr4])Ʊv򲦆r ʃ$R"L8olƘA7"+iu+@(v4t1Ed [*}#3~n0oKPuUDX?|#Ȧ,(SsvR2"'G0io|}i%"0c/Y,Ivh_E  NQ-om %ٚUxwf#"8d]W yY?{8N$;=L٢sx_҈aB.(H?u \;\Q[vUHlȄ=YLZ9^5 %Dl% Փo0bk~ͻ-cߪ~Lls1*k$#1&OTmZ$~qvKM2!`fn+:Gӌ;%FRmoP WXwv8Cn1N-JA[ ~`C|dWS8vALqGsGW{(@4z]+OJl @̶pG' GK_O$7;5 Ѿ}jZ4r>c]MEcv¦&SڛOC9i !cDu+ L];M1-·yMi_pu{ 4B^UyiOuڇC$ݐ&q)E# nyGD * 0E;OB8k>08aS~AZ,|FRH$싦6ᅮcn라CM{StkL1};iV8n]xV!LR ֲtwA[+E/<Gh#',Y% <#5L)msu_Uik%r9_GSS Ag!lc-!/ MpNyGrG@K GpdjDLG0Au,k#RҶ[[٣N.nc $j?֪q&VxNGWL(O EM 7- A'%--=+sq8זiPYr 7Wݷu{>U)~4i6FiAW+{V*}[lpnĩopVg!$WP,MY.ws U`@XbVrKu=*T)P:[(Fcm5RHE) v"6/aDވ ~o!W%m"HB4PHm6Jt8fvp 2xۂ5yAj3@_]8< ئ0JsLėwRr >_%['Z-Rw:ķ'|xP_ ;^Zi!0͙VswmnHުIp8?BKQ )U0yY ~ OF.7tEdz6LG4F^:wJ_4T61͔~RϽQ }ɱYBf?͞$}嚑SC: 1H{Yeg{$-7ڣul~њ}s0Z!IW,d43&Gj]JDvw22o!s[;fӵ 𺈋gH tT}}/X0G)Fg43QC@ J$K|L$vo=S-浞VY!a,| Hv8$_ qѳOLF2Vs=MDE گ=i+jxbybfmAu/BszQ Ɯo6#XX0R%a 2ҧV ΊOmsCcz x<) Y5F(44ti6-rF*WY0G"n-2GQ?Յ~(JInӂ<{W,OZܫ(6+ٻqJyF1*zúc+W ,.tm),G'dlIIw&jYsI? yF*VX%^:'eu!MpǒY@~֚@b HB&?8o륫D\Dcd#Ga?Uzra rZ;hǟMDGfKx!"a!R6!~ޘ}{1OBW\L1oMS'ii- v1QAjY{̘87j)>:0*o3H_]XN U^cezY~Ho: N%*0٤R"!쮊my;1b^\>$=MLhHfn=)džoqvXϴD ` 0%ƕ3:v8'Aأ (JyGw0mV"r$1WPtOΪligbx @^Y8.e mش췳VMńo\w]:uV԰v]g%N:z3>Yx ]ԁ}S*_ك]ǡQꋒ?q~".նnsHhH4)aok0ō#ЭjtN'޴%qX!.wIBt8l{M*=./XnR"~jV5xuFrHm٦$}_}WW)@DToxeD;})@>姺iJIjMuV );x2j(hZz9e \H3Ms f~͌Q̦d?JX[nO˧ % ѬRҧ=υ~ˮ#YrcExf&ױ8R~T|ݗ)y% g=} `P-T+L$g_ǓSAaVa'(tG1VNEU#4 6bٵix/n0w#wѭq@X%L_?=adg퍞g((]sxO*7B+8b[:4HKyo`lhEimK*)zooUSCݺȤ.R3pgx(>e; .De$jPx5剟@졷UBʧ(U/滰k!"#9 ٟfiko]vاɏN: yl]b Q}`SwPjd3FLI VK`cԾ9 kDp.f}@^ 4|# M Yg-V > d6ěhOԚY1ZBQ`ua0Cڈ @|0HrP2ȷh'!a-Qin3{ ؁ Y(~)łNNM`HWTt x7n>^ dV\LKz^pM%{=kj>ȶV([ō#ɨ\hbvCBwiLiYF-h批R aOgZ7B_g5r-lYJ~ۃ8*Y#ҴN񣤿Qe0Ruhf8So?T-=\ԈmqN_yTK`HiWhDZWsP{#mIĿ2/Es}۷ݯ-T`A-#!_sm=>P8p9·b˰:go~fegͻ .n-N֣ק]&pamT[omuN|+75.%3sHLsmN%H5ch=rA䱉xB8Hju~?<wGRLrlv#͆Q*2%R;q+W GCD.B&(;Ҩl8hE <$eA1FrT둄XrۃKC{z` ~iײφ&?}׃~k {/zNP\ݮ(,5#Ҳ@k(A]jlK<=DnxgiuS~nH48[ -آkU-͉oN([L[!Wku4CTȔMB)4r-|Q}O&LyūPrlBBE~,EaDV!V|cKƗ|һ erp?Lû3Aٽɣ!Uq$f#Fh?ɄOZUcQZ-lIK"R!0mW)ԃ9% _GYm 1uG̢\dԈj77Ч÷s:a9՝Ѣ^Yx- a/?<:dCB.ky@8JՏIv eΫlͯ;vDŢ) ϻnDE~Gjy]bx%y*(3WQ@183OG`!']9*}ҁj2 ARy] T0c'@S:[6;i#讋=ODۮ1kޡ~p. ;.a93;pdWA<H%g~fm;HG!7njA_40YVt+>mā/$Ͱd'(L,RΗK=rCv]GMtzz0r`?Fm0qR@XYݕ;Sݙ\^NvZl7 `-;2JޜU80$_c(Da횽.Oc(˰%cvZaDZ`94Z$&`ȋT3M~,\8qt{uۖS =YU#4goMC`p䏱-Q$!{mb_D$iw]jV9lw[m@9V tk&HΟZqf$,0C衕ň@nD9{\rR.w1ȣ*Hsʻʿ4zUhle h$I?tIcU$Ë*k +KCgt_F?=) cz dR Y*@щ!+)OjN 73"7P} 6NXtl P孫?qTUMQpa*:{1f*;r&~JNMҩ ?$[D8<@Dfj[)J˸_O1(WyZyVdȼG|ImYh4R~iг~yIz "E|[,HYwgzG24l_;]`Xܰ4$2wm[@%*LB5iU"'&ð|"nf6 zHK5둆TPzx4|]*C#Y u˜]a#ۛ6?GulG7lMҳ:Nr^.J3BR5ٰϜTQXqԫsՙ3npuwăReh𦿺 k.q~CЎkN|ϏjILc9n'O0sײ梔E $J<[#"^+-QA9apSIy􁴨M+;Xӆ[<)WI!qಶ[Wy3&*" $Knۜ2K~mQw3YQZ"*5pa u78D)@aI.)yXЍF'c[4+KFVTO ng)[>vOۚ KTKkd曆TǫdU]>Cͬ }^ ( A6'YNp\Jf!LsaZn 70 ^;MqC`eU뺍靖X-n"ό-=6teL jj*~큣p&Acs_A a7^[K{ߙW#tjc@W1\:/)q(7ZR:%|BƂ5_?AlXMlpk2`GϽBZf_r!zyv J(MF zw!A(3BvzjyG\Bw圩b7h2_!4CQ|1920Ӊi,wiQ~nj.2 i3CJ|eQ91o\h8:]CaD/:^4U$Yg%UF#j˻d g I)p]>;wǠdܨ3 ZL[ƢOޱQ >mXin?63U.:݇rO6OETi4]"B>Si:4U8L 23FvO.a]Jqǻ(cRJluZ3y3dE6&E Ho^Ll[!')T-Wc,F-k6-G9 cwc?#q\_ݶx";M$s,.ez\qtzU/O^goWJyAg0]_ 'AcLk62DEmܗ~}54̷ٿR-6KX۝/W˟nRkj7  $?`u;.ޔ?_~c@n KFpdǬ/3( =s嘆?4|]R섨SYe4YN?>"Ѷ^ܒ$'^2R{+1bU<6>ґ[/ۙD C}na|ԥZ†>}l8{am<ۏ;9xyB?I{<uybt0^*DpO )j>u)2U1V"pPISYOa\*;t$=F7KN-mQcq+A dSNE@*>!&,W&JTy!z8AIF+ҾNW?"&sQ/q|̀cnlUiZZTډF(Ap \#=S꺆Wc= pCw.PA{ɜb>gDL+ &w"OF8=#=~L5*YₕX n@gB8]m=0-]9p#CG.r?CQ#(ᯚIytr '葋M;Łd՜J -ϒ=9 aÑQlVdlՐ#T< -GRc=.Z@oLY W֕!qbCwzg:?#IhkigOARsO&Oڇ9Hi&~Kž2ca(Ll0b|DMj=7M~ѢYBni6o_9'E՝IC 'Qd J:q"Y- n"5غIrV8wR2<ƶjNmJfV\a.cGbtͶ%.aciJ ׃]*f=I6 3R-'<]c(nbD15 (UeŮÎUy"ca*4V#4Opf{цά5[ݖ$%"Лrx&(DֲwP+=ZbYY{V @vx!ߥhUWg&"?K|k 5f` &dgRӪtj6q" [D{ͻKBʕJ4SLڟ`w|,~ueN5Ǩ=$kxחIoqZa`reeN{9ww0 \m?=L:2Hn۝ELܔ6v3j}΄s&>u=o7|T<"vVFz.rkw Zj:s2qmo}>`,9(fA^뚩$6&SE3&Lb=C7xq)KKP*^9aI6`=u`\%M ]w? #BZw|Xk5Y5XA)Of` dz<[i,|唛Np6D+|<}p@8"C3Am[,H2ahRvnuYlb-+)Vp_Ep>'3BLR`XZⲏǙYR vM$F Hn{X: !l]TTgg_- b;D}a t1 r啰s{4;;kE99;@8=<T*Tbk% ]e[J=-X!N9Mg5V ğ!$nH`L/(T-.y>Va͊T6{0gjIЋǔ%l ]0On$S5ldLo)"P x4XN-nBt 2pг*G19 ԣfM$RyXAt5ZE Ӡl:lv>oY^[ǁO>5akp"j〫6\ omZзtq*:*yj W_kcp}l4fA8ef8JEvIx >hǙRg[~3K%}d:t%tOlz'؛"eD~rjz<:8|ٞ"gD.:ied~KȼWN0ߤҝ= ѐ}28 T?kw*9.1,pdnJ<5nopb] Q$z6k.@RJ!j60Iz:W3KƁ߮0Si &X Pv=YgJ& h8Ʌm:geܵK-"~K ʜs[!#D{(/=$X.Z ݬL0XKgbB'-$EJ獆!ovk[6x̢hL^O@`EinE0<#ۋ]ўSduZ",9 zSC~ϭ#NvQ9i,[EK?F1_rRXA1<˒K! ԹB5^% ^?ܝ/l%o"Wv^>z*8y#  }:5i{X 'p<_(GZI=FϿ&:٦Dўͼ~fqώMۗVIC& 㞾JqQx2 +Z|} 5ncs>TeS9G{TVFbUݜg0ЪgU6b;s:%1UؠU/,CP9晄 hb-WZ"Aq[9^lXLu 3 z!(jd|~ ( poȷQ%-P]!p8- B8wFٯ QC⒃}gzz ~qܾ4>0Ȝ,:G|B]T+s,pu絡s*GolXA]`%yg(^k<\΁Fl֪*eMWwy;,PJ'!tEgMfos})-Ѥ0zwlj+`@Mq^6)qēӭ4䲺CYK8Zi<~;EDNc ޙ&dħ =vS|VN?|:0LNi F܈ ){p5Jt0ApaKG|:B92B=A몯Bާ_V)Ե'"#?of߾8'#&c<@Ah%!Ԟm; e:Ulj|!}uz%]i|нB:uʹ'^Ӕ+7aP:b^btfz#0N>Uq'q<Pn _f+$*a]|F D,P{lx Z2nycuta EkҚތx%!A =9+ȤbQ\xiO.:z,{b )kр^a 2m"&Alsp PdG9qO#@P ~`9[뻝g>iNcR7idQhTl(kQ;Uڼa6ͱ)E 0 u*˵Wp4 @B-UtkΞYP({|k?oR!CnQp[:ݏQg]_\.NLpUPNYt7:euyڙߗZgK*Ek!z-r1=#pˁ[w2wwq{"a5JW!2, =trFϺys C!n6vg1xeZUlʡ [}sa ZVi`ɍbVw y@XV~y#cb-ͮ?< aSR)[N| ** 5Չ-b:&G+9;JP"nLiayq3]u8ċmvǔ2EkbpEeUZ$~v 4!Z.j(+opd.(4oo9ZI8Lk< cbK@%FUW ]B^ʽi9)XhȒbåN&OXyi%av7 ,p>MBq4Rm,&IP[-%@DGqձkŽA7EjK3(N$ # r5!T-AF}y"*Ǵh& C&<ii ݡ7@Nex#SeAU\6Ɗ>$'WQ&&ʔ'[Mdg$Df/@^dzg,IY}^8nqf'.~{Gc?P$\|wvbFOE(P!AMa5#*Ia3W}$N xlҐ6ϡKH5}og/6272XǚLIx >IۺxmuG} @D yВK@7vpKkaJV$M|++t\ }',{S&3oWR((hav܀D=N0q)\77H*a(J-NX^qL*ϓCYϨҔ1x%$:yNW-FSP+] Ah)Q'GZo{a]oH^ S;u6WdllŘEAvr@MZUaGz_|UEV2,Vc:GRD-JY0IT\%["k7AdhX쏙kF*dJmзeD?URT!;dةo J5NU 19Bo~mQ6Z&,N}3xb b d'^b. k1 ADOͫ#g\WƘ]7Z!4VzmKS eJ*hSu|YeԞLֽu1ls3%y[.`=M5#a1F ƛqaѣS ir"T#(#6=)'hqth|bhP4hbAļa2Lun2퀬iG&=f+ 0+fsJxZqv& |G$(3u+Zomi C" M>J1 (P'.=Y+>ͅD$͢Ju0lx`hkBg~l)c,6)户YBmO- ]60MMP^p5`aX6Kdт 3@ h@{$V"U 9\Ν ⡷hV;ey2 gBm!fi8؃P}fxaL'K-l7i  jPgҒJ,;o]AZטU?ߺu&BrR F*3SrW|Ɋ0<"BbF"jKrQ2%6OU"&r\DƩ)2,1~Bhe:4I,AXWLKA?LOß|c2FRsӽXi q s %\ aDZSqz4Դ`$bТ׏sHt7l-n!Bl; Ȯ<q[C8dlr09H镯UK-m>¶qBܣtcI-' &VkRTf-y08FOnA|!b*i;^z\J\o׉V,uy@Blv_3yTOV&tY2.R[ uKLar ݗ{q~E|fL"=J NoPOUMuX1,Y%x j_t],s;nWA>qg0WI8BIm3 5.=/ce!oHQ@HrZa7a-Q^,d=i4ot6&}OJ(oRoxb&SqTƷ1hҒ+Xi\Wp긏MnW%D&{Yfd GrE0B"%eXf>Brm w!qj c`bz'JNAjY܏ʥsZB "ki[Yw-08 rޢѿ%QOŠI^ 0ixO(LDq0G]) Ȓ40\ⶢAf%YEӹy&oE=Vw [# yP} UKTq:pAAnqDVUѫʼM ۾UlbĞf :x*ytyEbڮ{2UN+6i%͘,oTԤRAJx8,+ r`y6(5 \kN "U[?7t<= _] \]k)8c]>gNOoYŶO8JERCPB%;Uq//t$ N)ҩ̮M= IE߮Atkrh:&] 6oݚq~o4NyGO$[lV3)c?3~R*|@kAY(uo8¾4@Eݿ(\2j *Eqv0bCOU q!XuGsO < sVqy&4>Eput[lGs5rf c_7 Gܒ(|"ºM++mTO`}R KĺsAρ_d>@ ;ynB}d|zw1%Y_8 X=~N9GNjT5Y`1Ptd0̬Gd:.a%YM3aB3XwӌEtn.2+ӗ)ﰄo?-JAцU8kDY^I5# v+W2넵s!2:E.T"Zh0(|1?Ii] #l =m6D֘5a@~#hmK-أ Gi!f<Ægt#{@K]˞"}y7*i?f9q ѩ4ݪ@^ "+;Ǫ;: j?jqN:͎[@q L G1Y[<7$TRT[Fǭ )AdH͸ ?R)ڗJυJBY˞oHCFF`k9#IapQn߶ 1QNSc*lE>^U4LT#;}+L3{}v=EA.[ٲL 8y:nt E,p o!h(I[aRInY[fg讹;X/^#ml9.hHBcYB/J^;T/0ґr )Ţ&oc[&0<9Zq\GGVG#ϼ([;5#߇&xaɍ[oö֏NCvRWX@e=0LDŌljhZvG9WL 蕴ot@/ ^՚E 3CuȱJ.OzOmkV!V'UKm}ȗJ9EMĘT뚿r Q }?|*Ndoak}rlHf(R( R0}5,4⭴Fz6iQVhE^AvI` jTo'ˡ1g^ [=,NTd ceAb?7\&B>"Q6ŚiƆi".XǸS$=x6WM~vի[kǝʡU!+[u^=Rl@Cn@ &~X.%sSӘF$#e[Ѩ8uJ#رZ= b4=F $V@ 7CźY ۭWSĊWm]ZrvP)e؜WX.]RN:G, QDzB"I1. L3,ENۢ 9Z颁q󬰳7U0Q<@]Ng 5%=}11RJݝRJUWfSi 3>‘ U >}dIR5̈sҧc)8qx~4)'%0 8%X3ۗoM2ud~ul:,Ғq4n^MpIMDקX&( d#/y:cYf~x]SyDsFvS*l^+X`qx,ФKVpzUH=Dr&.eQѵA`Y݊Dl4QPil`(g2knGIQ.}I}f=,qGlGں#<t>c~B٦t@b⡀3a/#+ EkV&3?J$BJo좧R[SZ Uus]N}a_< d9덃\ @y ԭաiܸd`h+O E7z',E(PU'S.HprpptuAVc8y̌GU ~;>pMI$wåHV"Qt5}- uXR.Hc% !;,KzKcN55:Ir >9LYw6WvTe6~b;4n(2qjp-e"?1.+v*SRlE@iZ?}X=,2'r[xXϯwzIގ-U$ypRޢl/2ˣ? ҙƛ&C|(Ct̺^9Aa|ksO2Juۍ&xUJiN o!q✫pe2It 9.-/t룔 iPrG0?q|L(3JS)ds-hB½}_5sO c= Gɮom /ZÝEDf@>Lۯ\z5%!$a%2!Uly9c@e½F`:hW)h}߄,ioU.y33(o79y\.6dF}Z$Yt6f@Z{V>].Q60YGG]@TV2]\hOa3Ro@+;"?IjlĵJ :Qyv^y*F#@)x\qjmdcSi{OZ$,ӱGE?T2)d\ɚPV7-ބǪMKNK =r30;3W '.s ;Xׅ%H̺ S\f B鏗!+5ИhQ"D?dJ'fCw9]ʹ>cbVdI̬7;ㄸ6W$s7ljoQ5֣5)4,# /sK}k낲S k0#P D=@9(J偓+{*BR#e%vdkbl׋as$dFUn"MQnj:N1`Nj[x&9{ fwn<RM80z# ߐB)毸2.x/bBs3t<[/յϔiKY"{!<!P`k(r+h5/5rO E~]]g"5,r#Uԫ)roKq>8ț pD_tooc&zn^fLjƒTՔLĞ͞^Il"v+W9g0xϿGj1rC(fNKm?#o}.\ k*aT;CȃM >!@~'. AHދ òʸS{(?oL[ qDI{0$ݎ4 _i 2x(C﷼HAhZ)B,YjR_{6L;~`1 *V4K DMŦQi`y*VhسYH ]*- Qi2k`VB}1d/|`r'[͗ \ KrStaXJvqCvʻ K}V"I$2fyLj)2E4gGB&=AZ1Qi>\D=X uϻ ̕ZRӋ6.ԣ~N\׳ˣq-jݣߒ!xx87AhNNHwwr~qi\ h΄&N=O{!ap,7"1dݒVhuދ"8)#"ѻMP*v{k%X< _2A󌳹 {LRUwgcoi^JȽ.L?ᐔQܯ @~bzUXJUl~byɔqs1 uH _蠨v[C4\Z_͗+_blӂJc 5aI%PROQ z%1ond%Q]1|7⼹k%΂@!Ek݉b dIo s1fJf_aeF5>\{VZxaCf:o,ԭeD}Mɻ08<ΝA*Q>{{|Z\|3wK`J!#:1$_hdNEs(hH@OS6zmgU69 1~U+][BP~@@ET: GC9lR]k4TdV+YT샇o'Ȓ,4t;HNЎ! 5<'td~yDQtq߇K/u~I[@(<̭]{E%Q@ /" "E}CtQ ]UAΈ#7eٰ?gawv=#Ve`ǛΜ ZFpOTpĢ @wOdOtH3#ѡLKvavBR +AO[AI1oOo!ۀ 2Pp8ĩ!d64/L@V|ׯ"mPj2wN"\M306g!%]<, rL@vJd3&saIySfr>Y4EHQܤTطCQѧ {eG)FfÂWep.-؞+"_ X!x|oN[t} i-,]dˤR!eX[b 6̨H⋰܀ oEKÂopf7{ڽXrZۛzbuE[:!Ꟈ 18^^WB >F'S@тXWW]p W[CcR Э{]hNYUY %ђ1ߒ!%lΚf&|×ۑ/?⊢hLSb(B T~(0;'B"Aup/ W?pGJ36Cnx?PL2:lN/ᳬH3WDF,4O`ͳ@ sڪ iݺ-u33i0[= p<֔k?gO aK xel&Q'wASD 0|ԐLzkYOF`a:r@2J4Q7mu Gոv,/|Dǜ>}LYکPbe&* /_~]IcCYakзJꓱ(k W4XM^bg}mO%9r7:Ӳ#pfx~[3sy&&C1Jr$bJxn9vRg=+~wjjnJbR?PF@?zkU^:Q]'LJ a TR?~oDDV'2Υ߬n!Þ?1c`iH,@Έ5:{+T` o[&-2gG8wX14%jrrV3ŗm>:APELg J"PJd%ZRF1fâ:k'b~h)oکxu+ xXe&.wl$@>2 pV)WJemEY300)9 C_mQharu:AuANPM f)y`¯*D`J/cjy7*Dn} Ϛ?,I;wiHV&1@j'#b. qo{X&7V\8:T4_s+5k.s8+Odlxh>nէ!}`gdl9m ]x.'ß/h/(Ғ?OEZ0β̈́+a5v#LSӮ-'.lD>gKK 4͙7~W){+-PxIӔΈ|oAM  *;%uYԏx3|rPὊo5(uF0H#P6'T Uأ ,@KNyQ꧄&=a{?/ެ!ēo 8Kt"Ms2ǤTEƚěKEXrR1ByDf閱7+sW#6e0= R|֑K>Ծl\ dۦ&t?vk5[;o-aǂ "Q́(Z)a%U9`xdRa_ifY[6JCֽiaP7a`c=̳Jz83i2:HO/#j۽0a9şqY`5>e~cXKƣ$V@NLT\ ,2xRtsB)dR’#Q*W9mXŒkr KksM)7E%8c,k:I"j~б- Sh8l=}d¤VȥÓ(wOS1ISЃyjl =>[RN ,}pO97 3A0o 24x $y[ݛ(U@n[X#sDŽz|$ zo srxzޙr'A^rڭ0Ʀػdxe9㔃y2-\;C/2 jIRټ=Cg),]Q~&~c:(ְZjN>L~C$>Ebևh,Bv+@j-^_Q˶dMxemD,2#`BA"AwE+2O.4l CQ|`''Gbw2eS2 ,3:O,FYjDń(DŽ:fցmGl.t9tvGL1v>lPAP[%0U6ytwaI!VV7 IEd ^S-%a\)"]KiHmT/^LV߆0\GC`6M,9/3͕3 7 + s %њί} 7Ԍ -]Yl%3{P毱 jA&DapPĭ(ˊ!BA_J'E^3$i֧ŕfDܙL9smPu-? j=7k߃MI4Ե,Rd]W;u(;s9%0XQz<g:^]aݨ}q\RgR89Eą1оv0iU*)0wROy{3Ӝ}j+BWaiv.&$5׉"&CϟSԧ1C݄_#*0!"%l|0dhۡ0$*qXNIbPh9KƓD Ҡ%S02C`c6lO3D_N.Hͣب QHyDH AW.Q~o o.>c KT|"uŷiZ`%cP W8`bO&"$fñܓ{S\/zZoms/r]!8! .oV}@_r,6mw4F~}%7c o'aJ0r3%ǔgzOS:i/ȉӲ)'ľ௤rJ ׺3[Y-S#lJJLUTl[zc#:zІ[fljl9͍*rD>O3:#< Bـ*5}C25kN8S#!d̜I؁^tHZ|%TKxGbiP5n!HIoE\Ǯd-2 LOMEj'blH4>db& j(NؙAX3+zB,qQ.P|V!;`i^Q(mXXz+ kڋ5 VԕGb㼵 ani@n꟰ $Fu*t//G>Jtj_uC=5^s oفSBtn!^!|:5i[^ن+ʡ(Uqje?$)jZK6wc·ݙU H9RaplR '@2gAA1VoE W vtoǼe5xgGB_Kβ!* SJwiOv1]G,~Ӽ}% e)04a"Ma/X0˿)Wz(΂:Wt~AY>3Ptq,5Q?PLA q*E 9vS2/#aΣ$Vz,*Pe@)%#ѿe (C]-&pv3tbC0O_jޡ\f{V7#T* V#VJSrlc)U.:#NԋSa[ Dlua -svI f{K`z+āoj5.#$x[VxA mfG%0Ff?]4P>#-MhNQ+f>a*w*CgKX9k :I-2M̂9z;1h lmO>H$%(iR>9MۄH]A?1*WF. 僮"3w+ǐQ*C(`;,9xE?W٠3nvkˡ^]yy]! pQR`H_qoLDR  xmg?ǘ.r> NF{<2SWsFmY7TzyL+d "6msz7C`kb YucY6Ac+g=J[Xm J.{)yʣkf~K970̀|I ;s($[V@wfA߈6|4 Vw6Ă=Iuv=݇aR?"mFEs|+6dMrq`d"v\q`I_N6u11ބxUxzTgG]șΖl7Z%v (>oZIYTek c޾+q3)_X$'E:Қįx`>/K4sA?==+_֚5bڤ誌&#+*1z#^!G:;scjR|"psUC@381c!oz.%mL ȣzUv'< 1o۫L RAӬt`M5鼰zlf}k!|9H*;ZSW 3a4G#zA?ədJ%S{w q>r&|}.Ek+ÍAxFp4<,JI^D&6E񛳋M?۽_>_ D4JԤ%tZ-)]wsI[l'uʨ3ڻzBXa.6]ebcrD2n|dSJ3F5XK#DZ,BNVɦQ1L9B @JKϥGG M 2P>t#}h3opyΝ&ť~:_I G AANls20;rfF#T: \m%X~~Ur|~X߷sN'=e0 '8[rF/ŕ0ew g-xw˒b bK }x](+XG~#fi:5L,*vu/ i .\3Ӌ24!n BNUwZŜ\IӜ4O,0X LmSOAKGjhkF?HŎ4z  S!{/ʭyFpH+;!,|\fT/dn5A,I l98*I:ba˸& O:%0o oQ?=i;:nQoϵPzg^DйTX>GMRGe' [ o>"։GD)ǀ3fQd8#/܍N DYA؉ ($c|Nwu2|}"/yAH ]^3jfЍhmSp!_h|P_CE`L/-wS,X^T@\:-tߙ]:GxzJzAO_ |畒i'Ai@jVvÝ[k7SǨ-ȗ\!U߷qR}OvALTT0R^ q^7,~N}QP3<2x)`JGY<$fjeFuPX.H >?!MݩѫTj " U}UX^6 9˞qr:]i(^)K 0^nv\x%A%lIBY#AYDNqk FWZ?X1kFUv撪H>='U,N֒alf%Y1f4x0= 3_HwvAwQ&xqgJGbHfX~΅'cg% V?C.Q>3@Ԕ~w$)bt!R0:.-0]iGe_6~55N3+7J,CeCTJl4M,㹱/9;=A7 po,i')~aUVl>nZFqpX+h^<{Bڇäqklj 8"<6$8* F!Ajncۿy&QNZdTERig4#FF h:4+v2ڛ4':76hM2YE*Lr|$0K?׸cRoo97&3F;K^8b2n^Zzҟ;ԙ3Rx0,Yln<$PvIlum_'F15h -3ЌY'N$}mw ?!7!7*gc k"%ޖOu'apVWo]ilb{܅ND0'lEcoc*|G'KnAeӇx8pB56cBIIҾ$q`HKO=:F)>R<p^ⵒ+7W~ 1(/q^}Y,&5*0q'C"P\G)qw=5aLw\ID35PCwIy2ï&+BlOĘg(4NLY)a.m 07`n*jtL9-I{"k(!VN<$\/2Oc3a)7瑾ȬjryZ^}IiȞxM-6i.`? P~k8rA1$Y<$s~d@[ff>Ht/L%a4Βn6?MjL\0\apduƮJWzW!-#&!.vD+żx.&6XcPZn\9e"ffOCʔP"Z+#~IϱrA哿oBI޺?QlkvЃ$д= $f),R‚h=Mw~1ΣVg6#G~dB3o uÿ }k#{8?0)aëp"KDHoEoej(jWbKۜ qRDɏ20?ھŀXbOHm]C& a}roظCU.oj˝7x#ݟČ|.pu;90Nx{7J|%qt |MqN ǿd1,;+*l)x@ĩI{f%>KL np MkBL*oVžwԜKZ8/z 4nҠ%6T>eyn+/1{ d͢ƱPk>gik0!yfxؔ۬_$ i\r6RKV7mU(hSW"&@83N[md> eql7ZMh2rgha*_CV0* 5Ks3ѻ~ q5:nd/DղZ>82!p(prdT0nP8s j" r_h6Pjqƺd0)WeqG/]9u?jrXrp}<^KJ#JO+)~:z.øPmS%杈p(""{&}\P7X*د$]@H| +d*zK Sn/7)45Y:w) y$,ge}"'4 pr@Ӑh^T7)PG393}ʞCoP" %#:$I/?;%e/KuSg*lhc>@h룏h+"LWrqEHp(p7Pmx䨻zoVH0(,N qo-z~x|tg:Gvغ$D=zt8"M_W/aNbz0`-U}f2&m:h̬[/4u~r< {~M(KSgQ4G fNZ ׇ\p Yőtu#nLH Zѩ~Kk"nxWg~\\jr/H9}\3esE3Vn xb{\S{@2 *X{9nIn&CXZ8 qh!TOdeFҌY ŷCKe3=݊0MYoo[&Hh|BL EDy1*IAaӮ :BEͭ C3Y9LTLAkYm;H^/2!z$z׈N]o tz))ASMx(ɣ Aـ,Hsĉu5-#vĹ{ډjϋ9]б~$JVsqzu+9P]aGeƽ!ԝoHRk0Du- 0Jl811#HAk)$+7+;(26RsP4 ,#cJ ]EY)cH72@ C^TeC/ZcjPk W sml~ۅI;V(e+6_'cB/!6n%nJ9N*F㾎d5Taؐ[o2+Yq\TBQ5 1}k`g-o|"Ӭ}/W*a YWq6^x+H&٭3~JMg7g莶\A(JS)$r̺Gt<^<@@n%p[&[µ<矻YALiѳ6͒-݆ oT=]q)-"HI茰1ez$+%dɋޣZ/dPYJL2^*^o@(gRgtzC!l}))z)9tID(Vu \Nw͕ \zv^72"V7 'G /+}bV&;qB~亐fn= ɩ"$\A+ua 9I=VwMlg{$O!y(foWnHm|$O-)`O~ Ӯё~S|軸$:$bythKcn4'37g~rI EWܗ;q X7rNz;V;DG^n Ks,cΛƴuHCe62Щf,H+P}B}saFWSbr \Vu0Ya$i $Sԍ%m73yV׃%0 %[5NU.D'lQ mѷ0=T?u`%kNnk/cK&Xj8 {2a^ς8ĝEw>M%UeG\2jeo ~RZ(0~ÌJ:mŬpBIJ2|jϿJJ}ZȿE4 +Y $-$H ;꾻[>p#*(VϵO( oᚇzln0"T\~nL2!RXX!i.m2àԱ;n0)S] xQr*l1 Nw؂f%'Q.:$=ρt@7DhNWl zX%ޚP7e6G+Z@92|I9ݖ߬PN܂Ty>Ի FIfz<@Yq,~%(G9[./RZG5DZ` ͭ ]S=2&\Z>:UjiӫW/c[<}z~}ªTΔ9(l3Epc+BΒ! _5!*ցK<;DTx7h!#Su|ASbpDQ}'9@{:y||%GWZ'x|hF#T'òTGզ@гNib4) 3p69sQQrFܳ tmE"G5UOD~s|-Jې)% (hjH dJ-uy) e WY _P\P>Vw"Iw+wmeaoh]BieTN*|kh@4`m]y/jP~ -*bV\OZ[gOU(< ;{5Y=2.<Gk妒;'E[=].[,jT`4sE>;Cʹ6sCt(R0]? e6H4o|4=Gmes+,+ʠޏ`urw{3!$b< <jgES&d 뷔6A r"dMCDr-WF}D-I*G? dZ_yM T (wi[\0aO"Ef#ݝFZ\Hj8l$_Kܿ6R хyMŰѬlXϵ_(;P[Hx7D>Eows\N5emlmpC;8.] 0#F.u|vWhXNFkFKe#-b 22z.˰znw_=S~/]D5r@eҒ-t|STL<+$ŵojUC^4[/il"t\Zo}eD Z{x ChĖܿr]Kvd3nY9*@wa=S,/$ŝf֙o)sʳ4Hq):>vUɚ@p^tvBBnaN?XI#^qWF9!H:yS>cN#GW fu2A%nkIqޞiV"C]DÎ_]> ԳDZN*fS `Ѭwi| He^Kgx^,3y6$a}#QoHۅ!]5WVj)yXH?*U~/OxӲ|k(Qi"JiN6-OG{RxϤb +X{TF:[5c<$lɝchKڻ'5u"Τ) }H}3Jf]ʔLAM_NXrq'?@W u\y', /06Yt7FE\7>.+3KxˤFCTϽR,2Ex/C6<܊=FYä 0! if+*b?g ḫxni5 %C%(v|e/fy]tYCOBaшk)'~X( {~ngG .lR+֧Z@5_'a|P+uWd'{;dPm?A\EXEF"VTtꔪu/էP㺡 OC!v9mS Fxu5`H/?EÓ1T3^1yki/,kCVA 9 Zs+.Džt~rK.1En$.$~/듶~5otK)9zy:j9Lhr%PJWk)*37Y+,}0|r*lĘ,Zj0ӟ28uk]:#dff,[?:ȉ*|gÛн&HM-y;: =T 9Xz(M7Yl ۢLK>TeݗZ#إ^ 闑C;# \(Uu[ ևXfdVyK&VEڰ $Шa^3cTjc K<'}eT_%,ZH,k41M]N>54 į_t1g)^BV+T< j1\&nMr&"ǿsxHh|j3] JQkK*,Y,c\C\hz4NCPn%Q6H"#:j,UUdl5״+<$o$O(mqWi^U1YM_y(kMþ|/m&R=$>yF31R<(Y1XOmf,3s& \`ۭ3Yhz,}9\(ڹ4dJ:?h<@H9&ϑ,t-MsM|n}ݮl̔C˖A9JwfU6]Wr+:7,k(^;3IF-U'H1i%gAz=Lߢa`M&'ˑx.r4b=VVB/K9+QDA&`0$[ͰTjd*l4B 7uw 47d"2eI_ &>˽}:1DYixaZh} y؆MwyNJmT's;FÞX,`aA[G.3ӂylXDB>!Y^:'C:V9vh.=v_W'q5SXُ2)<;4Ʃm\=99Ҋur$gP;$-K|}Onwސ)LfIrTˊ^B7L0sY75 =n`2*`>PtaS9DYGT - 5{z7 V ѕ;~ Zꞅ{G.=bWY9sh؋S+zY.Tssa|AL)H' 3 1vڽ*3YNjUgN>թ~ir1*qɤ|7`luE~e,u|e'fRfoGg`ݸ<$c 7IqXF$R?*KwrܯƋ:3`0H| =c.5Zu'_ԩ˜]DzxDHiW>Z }(fXyQh6#6j#ˆQ,= )w]>*`n 9pOMh-1eND_pW!WDK}d5/kCF8jahAv ewC|>FE",t|J]=>F'Z{?$)pLSl|s^3H:UW.Iܻ| _q l܄2 g_9x r,n-x> A^#"!S6wHٗ ^b q>UiAYׯ Mjm"oo[ٰoQ^% {l-=z$5DќX|jԪI:bud-UGX'ihVf/TO ++Su,)%";,؆>>O1E̜a.B}T)\Ba{mX hj9E/TAiCwjzܖ{G`MV `e\P`w\tG0stm%;T:psloZ`5+I8d&/,|2-=Q}c)IL#0 &I)=N0F 3v*LS'=XH{-jW๹xg({! 6S8F0C0:{?݄Zhf#`_hmh0ѐw284 7Ĕ;Qog|s{Bs8ēV}R0!`uf^PwT FO3Fw̐D]qtu hviài`qY\GsTM>*Nkh>P$8'0WhU+:wJ=A>|j RBr}uW) [m{1)tpEz\fP_ QŊ .4<9ĂkD9ܨT0؁c#iҏ&)}WI`n0ˤqBuܺ+Hֳd&B'_@%54$D-=U)"IcO"ECu . ߗAnJe~ݴÐl) & Kᜁq_me3QE@dyq*(]<|_϶uv8bFBԂ|)-@!%Y`ng?c{ ٻU &t"V<P@@/QmezS$^C,iˮ$ 61YwFk'a\Ů]햖oT~kvci kP?[{ΌTqb8ټF@6*lZ_ A᧝*b>+%u+°(ߪThY$mhb-(~-TI[)c҄o&L~n79YV%SXO},Y&lj\> >uyfDEz.6E̔Ws1Ӂy2}&g̻xd~Q'15N\ﰃz uk@%PK0sI Rhq)K-yR29z52fIg&˞q5tQFTsIDq*xxe xw syCE]r2c`>腭lx 4;~wq(&K4K* Hs!ك8pYk;|1Uhtf(Vhg^U+(\cpln(H>k'saT=*eҺ}PU06,|ks0,MS_1ohy K i6ӝ,yqݱzA$Uf=GNCs!5,FQ˘f=sI1L#N6nB K;wkN ŜR^}.g,Ru|SvQCW(Hϔ,`Yr< l)~Fa$Qd?ԯ 5CɅ)ta1{O ŘS!HL[h#:qPޛ>Yah.qɩO.*by(G6ݴ5EnԨ: ksaBC-6nz@C랱<ZTǍPw}6v^;3,v*~2tN%_w # ~Cb(#o4O/FznlOA}T*y<ׅs FUaЉ$ʟl"ͦ'$D[&2cĦicg f7;պ={uhK]׹ސ]ziݖHdQl #xC+yps;eQ5~ ,')@ctIߎF t = 6r1\ P/a[Wa ꋜ` LrԆk~c2Guf e|EenIŨ#ksU6;&bXaT7迏3>`ݥ-if{Yˆ?j﹡ozHcδ ʃB`)A a=#74|uS 鼣*UF_AA3o$ `a%<)FhC/zu ֎wTXxܖT\o[q5D+0:E$` Ew7?f$W@qn 8½d R"} ȃFѿn@د*4\bKQQE1>a$@)z_>`;$=!aQwp/$+sH(({7`*aь,밙{jKp.#m̑GAQcMt 2M6 +7^BT%ҏ`&@ɡ>GH]8aZ"nQ 6Uz!}[WAt0n ]Mn+EOIQk7(K78K$Qn VeEeE8rF02O?1?_7" VŅoMasc3z1/vݔ aA!k::\/x-Z2P-q%,.3$TWQd@uf` FH5k gnjbx4QQA"N|1V*&6~4I Jg"ܐg࣓ Čͨ;w*ohEBё`#X>T6qAfMPiXR^T;G(+9y%|ҮT=dn6RkPMQ<'hT$i[y3qj4%VbCj/lƗ~V7UDKzeη0'Y]Y=FF#g@k@8mX8unwս; }4:Xȴ`*(XRa]ƠpYYsrU:KyX"$d-gSiE$vTX˜)ˆRnSJ=X))骎>қ">7猸Nح.φiF`W q}ɶJ8`_|rEl#[-R/{\g@*>\xZF֕s"3!+e% | 9X 6* 4Q`8]7apF jF:}Cv̕k}0cə"[xFJ< T) 묉50wW#Eڢ;q]ͯ7l"Mu'Gibv=.X1-*rƯ_T9y 4Gu3)"&xZޞ-YóVÌRnZeI<;[ wuI3GO~rE,3 3!)a|7)z:Ad4{ eYp)?z-߆₇RAGQeK$㡲ig䳓(,'V 4p•O^ҋI3f>3Tr~hW}e Dõp,k/7lbs.{GyʮԶL6:R<8əCIVxYML$v"\ýď29Q#]dlή@2qē,}mz!#J,E-}v0Ux"|T_U.x'_iQ܀ JE- %URpP]Ix,3X]Π>\2D5Q&y߇l^* \44,s3OL/? "^#zۚjαi:$`$qv0"6I6pؽMy<25D1stٛߣ~FsG&.Oeo ollqREe㶤 %6缪ohL}DZn ȼ\_g2F1]6gIL9rZid>3#43Sm1  6$գGH*ڜy_&r$ pa7lGhUj;6f 1;ᓔo_hBWO6B{}(ѻ't`׈`X`S/^UdWb3'-T%1$_uw9ԓ(: ;[e>jVI4 ab$/]ti/ɥoL ,<:t7qH ''L5V=~O.16ȝj5PEi7McHeLM_B/ IafFOUiwajBF)$`~1_hoˎ31|@8YpP ~0 OT?k)2L$R{1&GD8}Y鑼3CnNIwJ0k 4~Hf@CjTYT 5 x 6B ѷUuP^nqy=kjMJTEmbσ?V.dδEi%el :ǡ,) u+ Ew(ـCH֤כ8+l(:sr )+*>Բ7VwP͛ŹW-3 ߜt pNZ bNc|;롡1bFd ~v.N5e? %PgFߖM dSM{ɶј͐ VS`S '}9)PZRS4Ǡ_ թ]Pηeӈgk֜"ӁNSwF9tj/d~ۋ%GX&a @]S :EBelsR@|Q}GVG6K7ȩj0 WCZ9mDx*t+HJ`=-46dLJ Jx}p(:X&J 2v_;vpҍKbYDoɀ{OPJ"܄ͷ Y! ^o%,r0s^6>>BUe2ɛS,$K:b=䢕gsqb8h(0§icCic[1;g -J kuӹI?jJLq`{`7p yiĩ T*>G'o2O]RT;\q,bi'|> =g+z?wWnNfq¸ް-Ґ-9ۨ '9"2bUƚ/X!l$r#mH⍸%<5͎:k2x&t\AF>Z>?9HTC\е xEzyS;J(Ú\J*Kjp)h]/K Re0VZ9v5+y9`F芮Hٚ_ zxo+㕖Pj˭&9&Qk.{R.Ro"TTJ8'tԹ02-D@7e(88'xПI_azyKl?Zgµ06wϹ'"PQ +R0# A\tqEFNaVh;l,o8s{Vﺇ]ā3J-42EuBc"MWO6Ȕwu8iED^M9q+] xܛIs*%yS1H<;Oɽ6Q\a<밙QE8 AqJƄM:T^ݔj >EE 6,ĪUt}WMh mo ]gA.15qJO[B5`(AK "XpN.>tUַd /j8Ck0{m!G O#"W<>grIIB˅)x16,lACI7?e5a1+X=AZ؃;VɄdGmpxX (eLu< Tw^ǁI:{#2ؑD}C,!]$7*0S.s/SAT7~ԟuu0@5^oR\|`-ֱYGJ~Pr[v 'q/ 79O"qz8|z8dok z=Q۴[di*pOfQ|M k >:r!Z)KY< Q2=R $_EskbIWvO c- ר\OځHNBy/j"8!I8cTrV $BuR0+Yu 2םO0`I1Y:ʓtIӰ\ޟ /Sb9.CE4]{?2Ι̬E6J-a\$s"ݖ:ӣA.S`MRA^[SgbЏ& U QV`ξ$qH(r㳯 o3|MCB3μh! 9? |]  8NŃ a( K2I<t_%cS+1A,ds,#ꑏ>K w5m Q'چI}ق&ȃOWJ "_ʽ搅E:e(bb?{ڑqob|\O)R:"%v"A}>0ZqHdžIc_"_Q)DF,z\ıps\fv I/Ŵpqw.M9ύ˦-C|OCfaӫb G>La Z5Yg  a.TcH4,ejN*]? ^<{66Ɓ5%ޙDPL*mLwơdՏqiO06UoGېO \.Dkm$~|R;;FKHe,Dj/jE%JĄۙO9dC )Tоġ5LhAZO:iJFrbmrP0φhIMD@%I8B˜7Nb(̲(؉w@,pS-ꑵ'v Rq}S7LH]_9"/@ْ1@ bAwtZJ,P1K0HO*>AjVzMBC|_QJSK,Iܫ4:yFx${xd8j3M+h5;z_^+@+׸]es~"iUpM3X fT %>Su+f#lrZYmm 9KAm~d,=EDŽ;j67=R~dAR-3yj5,gxW+< M.?ZHftY:hEY;~6妿,c0|t}ŽeN r~qcZ%S:@eQ]&cz;X# Ƙ''rnğn- Ny] S{d{Ĵ,Buʋ90}7zHW=:YuZd͛h%DX`s4rAθi[X8{)Z;Br|ϟ\ r) *5^>Pvcҥ"+mliRABݱ ߢ"|70L?/҂jMm>1; ':='έ2N[,dt Fg#7dH.Fݱ,(z C si)A}O9!{鞼 YC *J- 2h_,@-2t,) Fӓ-}e,*c>V/fvu'd!cU1v`ɬ7g٨*0rcmn u4ģې}Ւ(q4a%="lmjD& #F:%C b!@W> OĨh K4Q#|8/fS\{ ;,l\ZJ>htTgC$4x՝( |2ǽc Ž"0Y`oV  41Yd[Jr[ ̀H[ޛ(a8<âeX MTt浨UkC3] Թ(IђL3-0&lpͧ;o@H6gAOG} s_ۄWֹOz fxP|Ąr9C]TD&cKACQ˘?=시^fOu;'C^"TPPNpjs.q 4!hOXLtL_ok%bNSS)3`tU'py8gʹt3Au`PM݂G%'d0z  Nb o8&)^-fgW <cX"SՊ(CkF؃2B'wϛ<@ 9FBSI?4HI)5nV릺7gmZ)I 6dB#m "d)v>-s{+ ǫa5zq]"pu`xvig^ Hz#= 3r08`p6 8NK;T0|W#aGbT\)@p4di}#-|YEQSX QuHgZTx\!!x~|5>{,Y؄,kM兩TuXĐqBʌ{w_ƕ5-Dj 7 $ݝ.~?+'͚  m] ,\H\*$Nؠ!L#T8oZ.ʚR3}!glvhRxӖqtL-ug̦EmSgcj(l|}4W'iJ+ ?7J^F7;X( 64cr|6cDa}Ѐ,}}$N Znfl^j_-+ݛ ;}A$/!oB4AqASy7%:եp(j蔐̤ah,nΤ&w*W&LYIxMZq ԀJ/&s`;fO'{,s7/uV{NVt0ډ7عL2B李g?ݠUr]\lL8煉%E9/nnNLF:AjK!ƅ}j/TBjJk8FN Jx|Zln|۾=+9hhٚ)69K0d):S[JAA|_DFl~8o:A }sC`G).+s,'QDa=7sX8YM.2s63ZəǷbɦkG?ҜWotj_>D-D#?iWmEOҎ-H/]BJc}$JslsI~<0l]ՁTHןJJH'ipll{[h,qI)V΅`q^z><*Z39`^ٿwK9>@ n[yV?9(MO3=PMEªנ7F;wp(=aft&m5Jhw;jhخ'2Jl9hq#b еfH/LPZ.+BQzMFEqawlys'=nAדjau4G~g^8*{ OtT*/zDZp&n-@5פ1/?wjDv/T EogOĺF;Bz5VVƔ(dV{1bzH, _U[M(""X蜿-$ma! ڐQ hLuYeM䧜R ~% ˍҙ&"!)^ok۵ J*xHTIos\ҐbL 1߇#7_Dmѽu\fI$m9VM|Rot|zv&@ٲ%Sel?be?^</%t p= (.TT}4v):Ra|&}Q(|0f!Z&)u^ܔ\0aK&jɑb`I؉/޼gfT&?BO lΥN ApKŅ?ĶaJ4Q~d+:lIՆ HɝCCJ.\@1$ >S pk[\Q:EU'w;"j2Wyֵ,ڿ?ЖfΞl<(cw;AS>^Dr<\G8s,nS<"zv0D&*zNM6sd]"tL@`}Qt:tdUiXbSD#я=Y%*Ƨ?VuO41lQd rʂyqnqB~ؕu*UJX( V.&baUn{3W)!#†>0'hn$qRM~%SˈI}닭 ek|="75EPF?5XVy+ԛɵˋ?h ۼaJk7q\cS[ !;r ۩ukoһf?ءKG Uj p:b4$ڤ6ytvLtֻ  T>uTH TMX}_5R$$64?Us&V aKn{ZɄұ Pߘ)OD]z S]FfsY)/ճ| Veo /s)N 2ޝ &Ug9!줠06w^ߐL?;]Ŗd_u=cqe<+0X a2 ET`9 HXci3b%wEI-En~Bw"E$GϴlT*-G>ei ῈAc M UPf"pʆ v8XAC,:q^B*>Q' !kyFGȑt(FQ! nW( }vأxN;n1!N?,Hb䟽H \}yHdY?TyC*Zqv:KX>˯^b}@%Oz 2E~!ZؕL#-2Zsko˳{'Dhȸ쮖,Wk"X02xGkgI2nE->a@|IRd ?L4i08j_8wS˩:7}VmTtR(iMU8ba:B[*]-~Uy=]ʬ Z'AB}ȄN/? ԑ=2YvG㡟"ϞOHISPIL3KRf'=EU⁌֮v\=@! w{IR.Ok^rAZ󕩱hD,( !$A棫(_I,WykcԗrƃE 2$2dO$:ٗ; G 'g'8uh5Ly4G۽k5OPEFms|tͬ=<[4 b_JfHˢ&}>0ňMMcE/yO/N)ѭ6ܰ{MeT{o®SǮ 5-9oȣ6sΰFЂ/l@U }R?̄ҽhҦ/R)nN_lj`$E]+{lMF\r跴Ăva)%B?xX{wDu'ȇt@raRK +#)pE<.rS{a@pRcҐ3}Vmp(aAtå2txV8N'ңNo`*nB`(ٿA??5n sLឮhM("T.y~+HZ#VPdhtփ󚄯VO٭pbn3yu6.'i8BrbLاdGيEA?2ѰJ>ƕxl[k&yRq#}5&”ʟYļwX;e\jTv\iGנ{hҿĔ.:hYxÙ8<s8X5r3M я֏NRWcs}yMjܨD}/6 2Njd\VdPNZ՘׊  ~-N؃_Qnެ#ۢ`-JG(M~`z@m@Ɉ&srbϏwL֘VI^ȧEyKڛ]./.G)`a 5͎8ytLz[HY p;>8=]3y V7߲i@y%ʨd&LEpdi2T<mW.6(yƕx+pb:ME6p>U5dNe('\Tc8;lPK-۞ YZ