sssd-kcm-2.9.4-5.el8_10.1 > 6 6_6 3!pQp)Tξ7]mtZ`ga ]mtZ`\9 Z~N^gD`QwoaAv߼Oa68_E\D)>EFkE@۪']堸{ܺ[D VV+ S꺅qM#>]H"9zC Sb嚩|\҉7̆|KS%NѸˍ < x*恺 ز.4֬,J:S PAhD1yڋQ hBT Dbť)e&l$:Viv!b5'ճ:%JjN~^F)o dJR5 ߀ڈ!-D] ^3? c9^^l3yn ㊒9@nɎ1.Yr=7= E .A>S%3p<|0MmՕ',I7ada^E0W#^^s$_WT=f! N9#d0ӻGM*s!;+:91m*5a67bce1d93514637207383d915d50296f49553a72496a9ff51d9de4c2e648917b4f4271bdc3bbc087c5fd95090e8c945e561525ȉ3!pQp)Tξ7]mtZ`ga ]mtZ`"&Tnӄ}T&6\Hi> 4(4lu-`?]ܳB,0rhwSPq/v!*cȾE@ly6Z:S##Elҝ~.aA$w-MGٸ7 Їg}]l"_:*3Q=7;[~ںH<)GZ'QMfkgn3lt-7*L7gRJ~Ih33K(;6,R2ubq 9|τ{"B##K]nХ1/]k?V]U C8 ҶZx@? {௦vsq LhN,lʙi 3NΊj#APAxҨ߸ 65}*L]VҢhSC}; bvœ;ԅ].gZic,|X^6$g dDNc{4>pB?d   G $8U[cx       $  q     Zx ;;W;(89:i>,?4@<GD Hx I XY\ ]4 ^ bdefl t< up vwt x y.Csssd-kcm2.9.45.el8_10.1An implementation of a Kerberos KCM serverAn implementation of a Kerberos KCM server. Use this package if you want to use the KCM: Kerberos credentials cache.gapord1-prod-a64build003.svc.aws.rockylinux.orgKojiRockyGPLv3+infrastructure@rockylinux.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxaarch64 if [ $1 -eq 1 ] ; then # Initial installation systemctl --no-reload preset sssd-kcm.socket &>/dev/null || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable --now sssd-kcm.socket &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-kcm.socket &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-kcm.service &>/dev/null || : fi%7ځAA큤A큤ga0gadgadgadga/ga/ga2ga(ga(ga(ga(ga-ga-acfc8b31ea1b1931377b6c6c0f3541e0617be0a9e24769d5e1f32689120c0d6bbbac31b33f419589e342f20381138c0dea737fa71b0d67a0db97020b4451afd8c2f6ae53e988971d19b13a2104ead7d8f059bf8e7097a1a5d82ccb81764fd479cf0f6402f0ed5b4c965131ef5428609d1a44a0df599a5d299d39a7eb3811ef765dd40321404620d827cec7ce1b4ff2671ae5352dd98c526dcf5f57e23094c7c301dcc90e6ee2af455256910425d6f6be381d86f824130f2764e210e5362584c3cb227a323bafe35e56b759bf258f0c1ea1764e82f612b4f57e441ad2bc6e2135fe1eff0b81b1537c8c222c25b6321769272eb4f09d6f3422fd228c632f9cae11acfc8b31ea1b1931377b6c6c0f3541e0617be0a9e24769d5e1f32689120c0d6b../../../../usr/libexec/sssd/sssd_kcmrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.4-5.el8_10.1.src.rpmconfig(sssd-kcm)sssd-kcmsssd-kcm(aarch-64)  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/bin/shconfig(sssd-kcm)krb5-libsld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcollection.so.4()(64bit)libcom_err.so.2()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)libini_config.so.5()(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.15.0)(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)libuuid.so.1()(64bit)libuuid.so.1(UUID_1.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsystemdsystemdsystemd2.9.4-5.el8_10.11.18.2-113.0.4-14.6.0-14.0-15.2-12.9.4-5.el8_10.14.14.3g@r@f@fGFf! @e@e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-5.1Anuar Beisembayev - 2.9.4-5Arun Bansal - 2.9.4-4Alexey Tikhonov - 2.9.4-3Alexey Tikhonov - 2.9.4-2Alexey Tikhonov - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-67671 - Label DP_OPT_DYNDNS_REFRESH_OFFSET has no corresponding option [rhel-8.10.z] - Resolves: RHEL-68507 - sssd backend process segfaults when krb5.conf is invalid [rhel-8.10.z] - Resolves: RHEL-66267 - SSSD needs an option to indicate if the LDAP server can run the exop with an anonymous bind or not [rhel-8.10.z] - Resolves: RHEL-67128 - Excessive "Domain not found' messages logged to sssd_nss & sssd_be in multidomain AD forest [rhel-8.10.z] - Resolves: RHEL-66272 - sssd is skipping GPO evaluation with auto_private_groups [rhel-8.10.z] - Resolves: RHEL-66277 - possible regression of rhbz#2196521 [rhel-8.10.z]- Resolves: RHEL-39085 - [RfE] SSSD Failover Enhancements- Resolves: RHEL-33957 - ad: refresh root domain when read directly- Resolves: RHEL-27205 - Race condition during authorization leads to GPO policies functioning inconsistently- Resolves: RHEL-25064 - AD users are unable to log in due to case sensitivity of user because the domain is found as an alias to the email address. [rhel-8] - Resolves: RHEL-25066 - gdm smartcard login fails with sssd-2.9.3 in case of multiple identities [rhel-8] - Resolves: RHEL-25065 - ssh pubkey stored in ldap/AD no longer works to authenticate via sssd [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh rusvuk2.9.4-5.el8_10.12.9.4-5.el8_10.12.9.4-5.el8_10.1 kcm_default_ccache.build-id37978b3b3b3513f1733fa3e3b859e7b92261a08esssd-kcm.servicesssd-kcm.socketsssd_kcmsssd-kcm.8.gzsssd-kcm.8.gzsssd-kcm.8.gzsssd-kcm.8.gzsssd-kcmkcm_default_ccache/etc/krb5.conf.d//usr/lib//usr/lib/.build-id//usr/lib/.build-id/37//usr/lib/systemd/system//usr/libexec/sssd//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8//usr/share//usr/share/sssd-kcm/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnuASCII textdirectoryELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=37978b3b3b3513f1733fa3e3b859e7b92261a08e, strippedtroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix).R+R'R1RRRRRRR)R R R-R.RRRR R0R%RRRRR*RRRRR RR!R R R"R&R#R$RR,R(RR/RRR5utf-86386e7a52b951c3f6e5119e663a36fa0576717a300604ebd2cb3e6d8dcb2ec9c?7zXZ !#,V] b2u Q{LZ;wߧa9 xUCjK9]f1Aݬbfvp.p ӛg"X(и*v}uHd[ "wl z0(d+== 2a<M·Wˇmb&s1Yڞ5`-#츓aކpt$/asq筍8) rpm E䫌ou4lV*QьP7{<*LI ~ȱzOy$C"?O싇{[P+W_$U{15W~aJK1XP"DF;4[}7RcSHzENX{q:%_)’F%䝛s©i'g6$/>昏`[y|bfyǪ"#ŲmϟgwrׇՒ1?% k`1#Z4#{4<7!a] A` ~2$s+@_xD@bY6zczn{8Eg=L`G$cXhQ_O.fRW_'fxyX-D uң4ߖW"2mOt+ . 4-2Y`eW|ll+a R24o* CZ~3,8a7 wrRΛ"D-`eNSR|yP(K.ENh|5~cteE˟ YZ=wVGMŰEm`3ks;mS}BSI )5w? 務x9014gtۍ%8mwY u"r`𺯷3)C@[5FggF a>%/"8`Pҙ~{ivEl$/׹MIb)[U- X<Ւ>L(YiO \骯wXK)xQYg }[(?4}S;N-tL 4F}Q~ZwFuӗ >;[8_ݸ7ϥ;6:i+<)wZ? = %m:)wm<.[SCaD$0e'0^ 5OpУnZilNP5/l vWS^̍h_w`.Ok9nR|}RS]),1^G´:fJ1>)2HOVo&Q7#V7F#jʹj*K,C9%#YF}tGuiFM~LUy/]y^Y6 fʈ6;$z(|T{T/)^f?aE*+a&6{ .9EFW6@kQ e!򓨞xifH b( =0ɧAd X%2K#?i 2R5 $klQ0u;]b7,''+ށ E^gBYWUM 1nʽ3?X?<sHtKAcL\kpV-QOA$ g9>sc! 0 /⣆]eW{̥A#vb˧,Ǝ ރ3}qB9o5o7ycjli/F3s#8?Kň6ˋLneV- 3M4uIǥWh h^blde䝤oKidnSptPm$ [wg!C:1 _<`]PFP1>|*I.RD :(<;SFXv0U3;%4+)F=whT#Z3-A6bT:P {(6A )NHض=ޝ!&\CD&I_an^A#ڵ!8XZS]Eۜ=4UB2[$Ndb`;,~'JTDfq2ًd3vuI{,-5xLP]uW&Gy{#' Xzr=V>:)SQe\Ug,2 ljgTQbT|`]L7)ct\8O#//SVz|s do o%׉o<5| =OVShUɜ"))F+n?m't:R#4G7tXdymk3R=q*,mQZBa< !n"Z'q{S<^Lojk;3Me `TɩIEb[Qro DX;;{qAnRрvO4i^dV 0HrD+ƣgMayߠKqfXxU8exa._VUacvxJG(&H+`B+G٨5 _WD. 8Bk\^WdjoEh⢞I>䙛ٜ¤S%4_['U6Z:ø**D:ٸ?9Jau VEPF= y5RpF|k@치W*ZRȱ2sTOj?o9eZM JU!>*N {}lބDPtp=>E͏i&FU7:w -:~O:Ə2Bkh郏WЖ lHT#st) :=5~ |ع\T>)TtL!&a!X.f3Òv0k|bEϣK6? *QYJr UD%mo{ґB_@e:(\Su&=#`XcqmZ ȶڦM~Q,y ] :`5|>J3TwBv<a2׸[/Pfz<8-q O|2gf ۜҲ0[ۨ`oÆTA m,'.ʟҗ[`륝;@XU$DcT[e ό5`N|0e0Iӫko0rV sXu=V,]UP({/e| 8* X#Ş Ôrz1O,\ȩ ,OxfiRբ~C˩t;Pl#B.ReN3,Y0udJr,8V 3[1`F?*s=ʟ"7, N┉\!0+*TpI\nP1?7!@1԰13eNL<&7GXS)H\ /-Z@ҙ"]hkn]vk{ wvB`M>|dAM:\{Jbm& 6lJKt >!V8օY3;s/,~2O49q{ZMy6Ma^ ,,Zc+2zbR*, |pLxOz4T UwCΤqD'D(ž:o"˞};)JJ#z*"CrԼ9/PE)p=Mڜ~в޻'7v@۴'jAU3m{r8c!m]z?shI!Pف\{͡p>]x{_; :6J 'ax7AR䦲`bHN{Kp{,N?ƐbLOsD}ـ;3Ki6+ D")ஷ343y*/سyU2OhZ@]hxC. .%IQ1"3wq@t4:>w%pI71f̙Ӟfdz(f6Pesqҽ$aOah $ۺ^.#;F h`43 &a_GxSģP(۽/#nWp,qx9`[`% 4'|GFȌRu!&Їh2Ajj\^`hўSRRP߲P{`a(* j PT2?vmde,t}$'24Z,Y~Nv=W1CipeN' 3:y RBk3)[&cO.C{l%tH> 9~![߇K$Gk,;l(zV21z/ Ԑ0116uc[ַnmyE Kh+<j=h(J=Pxp=@[}I<2Ct,' /~`]T lMi_šrw8/x"U=3 s}|Qpz)P@7ؼ !\z8OA ݰEJ-{ǎEHDbD5I6fAqM4gyގc8O+|rAʡzqP Kk`wkY!~Ζ4ЅRcfN$.t,&.G&k fȖTmNM}`hXR]NeɝC}OGP_|-{Ӣn tX:S!<5Bh&qYVimř[jo1[]Cha0H\#RCj|]ɸm/QäYRŷYZ-j M VioM>ٸ|JB:?]ezX mꇡRg4;*g< ?*%»V9Y;<\S_ =Kk|OX:ie;{Z6~Å֔܇θ _P ^^bҌ6**Ä_G52KW_Z~,lՁs8P2AاډJ: 'ff+# bƛFv>&9;|6Ti}N J_U]pPMKcPoOڂsx|LہJp>=Ѹ[+sr̿(տqZEÔaWpqm3QOoXi^0g8 BLW]FB0D|4`e,'U`1is`ûHW"ct]O;;'3|sZRMSqvYZcK`x.ܳIU2KnI*X8fRȧWtKL&T7k=ɫ<(m3GY'Y]v/Ny3Wv87qx[A k3Ɓ˃<}ݎYTtZ@i6OS1X"O?@HPl^ڥ1}YػԄid73o69]r^1]بSvgE_R('R7->Y1#[|#&\Wy<d/mDjX.Ƚƿhݏo=Ů_K!3ycCWGA)Mjhv!r# :\']iP$Tp;{|t#y“Wk8#vWg`@} PRpS#4^QfRGBT4;3'А$B\Ȉ-Miy:b1k5IYrH?+T @`?aD$9 ?5%J!}R.1R\ħfފ? fޙ#`LAp^속6Մ*&Pas GGH9ÖW-5/yФȗ7QH{eǩTs>No/ԛ g٥֊!?NGk%iUS2q jGWSޠ و&,F jcv`NPy}&?RH 6sA b#^9$zZe(›G$_mYDguUtbh9-a{22F/drKnEҙP0G.& a!̳1.~6__tYmeMVj7XpJ~+~*ALv{U T=i4"6~cX]F8K܉WL] 6fT?4|44dX24':;cEl*c4.~^{h)%T#U|򝣐1LG`hYC|_U.W΃݅€TR>bnRԚME‰.^g>"*ZBȮd"buE@Lɼz*L;v#P8ǩ$ 7&8NX۶1Q\{-acvϾK2ғca$9yܕd"ݩ>֜eJp&jѡ/~dљqű $z9&IGrfԏ1L|"ޞ%~]N:hu=QY',{9hZu}5Ou}>x7JHr/46=ysOa.nR@^m9q7H#=W\&uBu'lHeZg%1AX E2L|C[pb?{S&<v\kTȤ#0|CgLv"$^e2>d&2W߂E4`7s-"= 5]b3ӇА]H>)j!S yðnn N?}>\(zzȴLyR+hڈʫ'*Б@3ov6>w[>鳅sl+>$1 iJx1 wtM+Ty3b(I^ 5` ɳjNq,qsC+(|aGq u췉4S*aApC e!UCFMr@DK7Rُ~n >y JJGPҧVE̾WrKEA-oCa4.-씛$HuI_ï Y^zVJ"9tѻ 8PXs Ez$W0vFLBVRZ  :82묧Tt&%Thv3Uci* p5Dߐ2Ol9r% gfaT}OC[Wz:E~/yR%C '*Qۭ҇%Es 3 Ųsh2CNmZY>_*o 屢4qK]N(ѥTtpAmӱ^O>UGĊsvY" A-DFKtT9y Pn,sQ-m16kߘ+-lFks+$:&Ԩ?[cRv$iKӷ/`zuϿ]ZS%['(zWP[܆_ax<]BvN$ao 4 '˛nvk%fCؘv1[zZVh`5)] FƦjJ" s\Hyz#rw%Qē$=5Œ}tQCUvCo;6 r˭L z?fD.ꠈ !&8{3+l[l-C446EͣF:^nyX.w5(fHy,X0r Bmqҏx(@CyKn4kIuܠ%7{`!ɹפ:w}I%%Jc y\z'f&tY`GM Hy|I4TH (8E,jJymZ 3KO岚 g]M?`"^} 0l@0,ƻBV<9Ci?&{5QzR`D?&S&YR.R^rɐhVGZS=όHo_%(ٍ{a]tfn"Y{܁6kSI2Mc}? %nZV1AX77?'y~_(GmIyҵ!t[rIL|~ 6!k [H!zRH$?2M"`g(3,{МSceq* Qfa*b!ii73мgLZ&tDz|tcՉ7 >38 CPWepu# _tNVCg!֛-!Ү% k=&@V0,C2v'r[bXR⚲([Gp/N!捱or>Y:̘+3Xp! Ct{:N;:lہg4*-}*3AA( 7faMŜAqdG河؆;Jh{rhtsh屚 kyjCKJNCQ_t@$4DٚT}%Lbln6sI@[=RYHX@lK+jrv}0fz}/oqn|c.B97[Y${q`0?#z6ilDy!*-zyo v4`Vud(*+fG ,-,PyDo.k1ŗ?&՜kVVCc^rHO1q tdɬEe/ ;9QuX%,hGhT#K\툤t▫gJ .Lw>L?RZCLٚB!]K ]AV'ȶ$ TkaES|Dp猄U V:7"]Sƅ,Ix<'U b¼FD{B9Nb9Ehe^Yᇣ&&߄Dm;Ҡ⮘7Vn80AY4lGI ڃEn/8TJW+ !8mAЕ4 }<48hO%{x\nL*M(KԥL_ݪ 뵜ӑ\F%v)̅>jXkl5rs+wml%.B!^ֱ3AEaoT9@`J}"=բ^O5MXΡ8:XlN~ ժ3}\)Z<-V@U} ;ޖܯЧV1* Ge$XbcE:UJ;|h5Y4PYeg ^mu2_ƃK;tg)3JsM`U_RȐ-D"<j"#N/z~@ Cf֑}Zw ^(Xf^ıS)H6,: }4f'h3.ԕ^+<(zhxX$  <=Or| {:%մi/}Aț@H.Gm<|>5m}"nlkM@/bH!eqz%r H0DA9Pr#UR O5棵FX`t!6sHSД3!`e#O(`Qdr4cyo> WhpϏ7]61sP2ߩKօ`h/>(XW`5izprٸ k"K$jT_hH8^ɳK1ޣ/ h!cn N?&ָb= P`<ͱR: /2 ~;M.H*]u϶4"vNsTfp4@6!DAOOMQn#!w)+Ca'^JCR:9{4/jWy|zG&Qޔ>GAAό^J,$B(J%RIVϹŔ^ugfNK6BvhI%u''$w<D t<~( i~G`1@{B5AIJF4xsZ?A3c$8K=:G*,t udRePB$}?yܼ6$& Pކk.:0!W8^{e)az~5 kLL"HĹN@;HptKs淕Se2Ré0E̜K{<"&~dv뜉,rfH.Rst1Pk-u]/.\"ۺGB{9vL& `${A!9|,&d6@#~$;  a)u]%""$,qX=3f{\=đrE씎Ii许j5qm( r@8j؜S!*h}ƥ:%WȰ1{g H!9k4|3%t/xoSkS8U cVO\khW Xg{t< HN KBA&K²|_$pFw5@s`PQ?>.9= %|?إ$3Qht -lޑ@TN nTd9ota$^ޠ8[SẎ,wB?%RMB2C{TsfsVbxE$jPQ|x=D7Fϴ+Lˡ_+n1|y66&T~:,PlJoB9ۀ,~缅sGwe I,(sPʍ]fM’pC6c %S(ŻN?$;c2{\{E:=;qYc, 9Mԑ1Xž)?+?@cJ?v8随!In}` J ^h=IJr "!I<OAFa 6[e}C@ыD+:U*V*Α.#) y7 [Ct e')Ce-8O͋贚?#>ըޤ2&Pc!]pQ lO; FEZae,޸x*6w4+i]p!\v sh <Ő~ugਯv%˃0R~J_P/ QM'{ә,rУ6lkQ9Cl`Gv*Nzά5] 6]QD*kTdQV-_Yⴍd9@{rwDŽC~4Uu5Q 1yǴ ƅӅFK0"r@ੀGV/+GɱV+ĔQ2;\`jnʉ~+K7t8bǣ.D!'@BBp%ˍgۣH- C-ej7V1SN6\ ͍|go˶'jw9IzXߢ1 YᩥKcͮOjZgI'L瀧K|Z:p$=<ՎmьEF]XTpZ8ps<~FD)8_V̲!) x @Q`<޶GɅXqz*%z,p~SǬi"'623rdD4\U. IʩҢvc 65njz;n1_U@QfI*EErB#8b>l __Ȗ"jÇH9:N[|Z`~c <:  wI]*Ջ{׃ԀGt]'wc fOo87zóypZR`ppTw\2IlҐTf~z IO+3x?RKSbTbWS;8(MJ=K"^zX`?'oi:;KU~0HTGͼyyՋ0IdͰ#/!um(`~!l Srl :D']ZI@ϋ ^Z&<,)!wc ᘹ»yVopps&GVVH dPHqpRY໾֍jn \vh;rKs3!/14]+śP%qߥJ2;\Ίe%u[ޟ22VUNLXUin-ӟ o6d? nL\Y`KssO_a B,)P4(>Gֱ}xj 6‚QEB~x"NoN>Tg/a|_5] d}sȤj/prhs3Qyѯ8/RIY#URnvaG.k>IZ4@j"-hUݝlbiOɷٗ3*#CJ1F]s2Tڣ tu6ͭ 3ئG8o XL0$0>3z i"d_`<~j/ xp󇴠r|:VF#^ܦ. :$5)i ۽۞yX 0KM!@~B*iﳩ S<9! G-^~*-Wq^IYz 2Fd OHP>+V^j4[uمnoޟ3>muVQ4H/`hB|Wܻ!(PR 4oAC֚SAcf1Vsl>A7CXNj<.ۋn3`ns0vC&1%E贃avj7) 2CYtS*rmt$aWi*.̯Vޒ֡%`bRt;~|%On$J(荭+ìҲl79G9G(skjr+P]b:PAv;*Zn:Ǯ#ΈuZˑH>Ŭ'Y;&;id5F_P5?^W٪v/&^.|U)^ AC-g8IE)`(ĊnF\NXĐ_{@0hGITeK:2Q'rFM<BJJʂhWs՛_$dʈ\-6U.$CZöY:VRWn'#ĆM)&lS΀lnw-QbZk8P4Xv1puA?B3w x>#k~l[w5z> 5Gy/;ldTY@P@Gߠ{s &3&UUY/JBƷGǪ;ԞoXLj z-ٶ^uv;K5GQ>5a0+Q35{r: V2>ޫrx2x:ٻB8DLz`.Eeb紽j)$nc@ [ILPwRM,Hp^5m'f6bU6>jjoD%Ssr*˺yVH6 b*]`d _fHy$;fhRxHÌ,W=xN!Y`#v 幃`; IJy)#SZPA &'SbGJER] oF&bi bWORKpcUll̝SU#P8U1k(Ftf,; Bm.|zKY*ђE%d5=1t==EH 3dޭ+P„U!i0%q kXǭz`t#je ^w2Q> `/Dy%xum7f) ` qN o zqO5r(C (sw52opG#D#rXp e ]HҴ4H z7ZO vy*:HB㡽AB7hYRV!)m\kNmu._X:&i56z;jip+U1t}M[*9HQoNvX؏pEr-M|@ZK<#=hl6"{ - nwk#ϰUн?T`e5fNv2F]DL>Dh \_zLf*B:Ltdc |%50O`_AP#~H!1~^-z/B3jH 6n;@j@jƷդ 88a(<7{لg'xwN2ںYzYg;A@@x3­ppF҃>.vY)kt&%!)scD*R;+_m#qD[{%䛶5'e2W&"ًJ1qs3NA !'s&|ϋwЖ Y/@*(|$s&ȯ\/~%5y h&2%;=M綒%ď,w1׈YW%F_=pWX0ݿ`~`M@hZQN8V ^s] %̸P׷YE Nfp ^%tORle|ouu J*\6숌|$(Gu|9m&aeojD>7. 5z"ݤ{2Co{49ɮC?ݔh0mU rv޽dYyb -*YY 2X68o%zcYrSO:쌀kWdΪu\WHnkn\s=se͗3~яAj"' i鸬ܹpA5lzzsU%^QMD 5֒]ܯb|bĜ^ڢJ?()/+0emmZ/[:.$S4|/5CjfGj~B[_Qubhn>?7flMHwɡ9o]>T63<4s>z^Si{eO<22򧮹 ?:LaooM_*ת}2 X˂T$ycz}Oo LD:b|fpߟ$nrkIs^pۄʢ6A)w^+p6uK9O4<0FJМ}Ux?Ka.Sv;]Ǯb''( 1:1gNR&Q0W܄Vzy5PnЭBIk)_Ӡ P4Djo ȇ``$[qa lBlA=jy`JZ/}XwҮV``Tni~3!+]eUwE tFw|,|nYXojb%a^3:.'H ؾ:Íaȳ3"(Wa d]=W} T".j z.f&Zi;|v- sOO.xUQ21q?ek C' }S9WYJb*h|so<f*8<ө 򾼫s'kIF+K)6ei?|/'4#9N@<ٔ 4{S.-<І?"uN@)€<`m_l`м۶* ͽpd]yj[ WrXK*Ѡ\ܱNB K$TȣLԙlf&\s~Z`QN>sH|y_Fd?n& Ɩ(&?XNo*B[;B)WnouY(P}u&寁𘖼_o"&Nf ?_c.]fdc448<3g:8ǡQ&˪˥'5aam .rasX?nRj>~\jU!mJsJ[_CkaX qGWVQ4nc{I (uB0 NLg^fke3o_}bl#JFKf!6kq\9"5CVn:VݬD:v?Kϝm4AY],UUxHS~.hۯ(;g8& r0Iб:mjPЩZq=jwiν4U4y ;VPA6J/Ҡ. p~ô^`yAX sLKqv+(jғQo^(7Dbd;-r]'H m%2!?e):Aou}иI +Lrݮ`hDPq/8Ⱥ~0;ɓn€6#@GxN!rk J(*聂!'Y v?폖~G͔,F0a{3<0n?fvRٍ֮sڵ5Zٺ<PB}ٸGq$\Ljxtg5X KnIAf U=ۃpi %2U3ĵa\#>PJÚFgdmB q'9 \qB7 I*іnn@Uv䕻?~e=o ʧڙBmCt+{ȬO,&-i8{Ml *\7~n5"9SszS:%B_ߴQ r]#sE1gU5,` %ٽ ~K4-ƵSs d,ycUh$hl Ϧ3K;fOX鴴}S[XKUjo^{K:Qsk!cX4XOo^9&Ux_Vf*" V6n[$/mZu¢28K\6%1p>Q6D(00wFL^'O[ w)~lFvtڳ4% .Lo5#]Oc<aF?v {&>+7펆|qcx+BP,Ì @r=.h7׀Ӷȱd2@M{ ZbklUgQc >baAl OТE[+ֲS !yZTXga. GXk=?ז .Y]?k?*@ P*gP^d]7#eb|ZBe2!Ҝ= Dt`.(CXt Rt, ۳8H4i'D _`3z9 L$E}:]bZD HPwYFxs/dxbfdYA%# BNeU[gr,uvyoc#|Β~&l=˦" F\o΀zDSWQ !@3F&4c4%RZk h֒]RG lH*#K#.C_ЖQ9cSb@KDVLz"蓐+oqWM'qa+0ߴݦ9G!/ 2Gz&07\IKLy u=C>loZ_B$rMN@b^qUcóʿŒ@ք"MÞwǰG@[C#YT"ڪ'*b̢!%0hn(3Wӭ6̿v wu4z6 2.kIn 8#&n8@X &F>a8U=/z-Cf!+;TI IX@i L%W\`*z i4`kM]+^uaΓ| v{gkdi+ '*"y) cnA๚nPA ZմF'=g[=W|x;˧#k岱oǸ_~ECS=.OcB1d:t}eL׈%tNTd0n1i rmj=]e1:/n >?kO|O bR*@BҴ"gqZ_?)I9HVjUdi!DC?~&& XƊ Cdv}'ſ\J&)ojD">P-4GO.7 NH!Ƕ!WR M5,sIZ,NK%6 R\<4WSI#֩& :Gh%sjP /ǃukNR4,[.TI<י-*Jhcq0"rS_̃.!fLGٳ!jFv|!o]9$q5Xpe]B [eTT%7jCl7٫r k:X0n)Glͻ [#d)?MR8&}mS#Ȣ+0ԣOD:&"_hJo\Ncgp g .:ғ3e^kWRGb`/P,)tZ A6Oޝ`$m k7 [[G-b_:'-uAa)IiDyw7$Ǹ.@N6O g\YKm=U[Vzpc.bS8N0hPz1Mp L8FΞ/owoJv<"8b敭\n0|;d߫%zzb3tPoI&pJ\Gd΍ 1h3X] {sˣp`t%= ?Lk& ƅvc @j9 &eĥ=-x7GRu=ړ=IBeH]0~bcR H㹇ޗIFIQ0)fyEC%u!+;AS@Z%+(v6FE3S.%l1*7ԪgMIQ横2n8Mg\zb*_LtajͶ8|;}3ѸGL(IX g({3ƤNJMw]rפA񥡰O2ؘ]ѷ7Q8z`ЉvowJ֡;>7Py8}[tFCV/vd53tH4wA ޻@{v;Gz n9w"5iz^B]~vS17>TJu |d0Sqׄ 5G-u$/?o7}IN4`eNn`9٥]`"MiC\UR^-]UFTZXC2/r14KA!dphr[%L)o$9٫ ğ8WntlbqYȃ[j\l8xaَhRnfϻ[iy("Ț^mO=lSᵷ;j>38A 13JVkԮ}Rk2jU"Sb;^b\ PpV:e{!6W|B2gV)3~KTr涛f0rƖ'AZP I;9i7ȆKp- !_X7aXr 8s=@7{0wL2JEar~]t 4%ǣGeց{Ǹ~;~G ;sb8k4fˏxGfǿrsa^^+Zx(^P˳ݺLm)\U|i *5_ %gU?đ 0.o!X%Qbl'r >C>mP(:WyO$< q)^xhʞw,WC*׫Cn÷/T7$zN!~w`ϐ|U0DYfDxk€@o_.#L|Y'pguD`oU)J{lHZXbh,[ba5vv_2ْyGR9'ڧEk< }!ި! }ٯNp&.ː-r*|q[5ŤCDp9n|U:0٣<'Q4Yᅩz둥Up ^Ս%&R;zO&z'NPct W2 t!Ou͜7_ 0?~R݆W⸕Yݗ<b$::llrb 7*^ @AvL5eKYg}1y0m_X g<ǥIV0au.c_ 3M[1lwN.{$SR {LdvvKЩxcE.\"[@_ۡ}b: ]vfjo7I'Jfƹ!yo O]:h)Um(R0ܗӂ>B6`qcsxzK>sXb9vԺAC|T㞼BԞq++&@pmoj&]~r' &XwIK^YʌއdWƟsCۆn2Nk`"]WTTecK=H> xS{D/s'.weNn:woiZ$jȆ.vMڀCOZrtSA\ǥ(uB'Ws,l2SḾۅ۩1)Xj="j*~N:܆#1TXe5Tŧ&N8.  x D"ҥ vȢ 9\J/^H{D% T *ܰے9v95U^\fƛÓ?V"Gk]dDBh٣h0R̩MB[KCkO c\ H@eg׷Vg|OyfI_%arXb=V:`o_A,W 3)_Y>Z8uH J7mB0ީa䁻#Bk 8%^`8F n+>mO Qe10@-0)X񤸨tbtO56I}3 (- F†34<})}&z2T$FLܘ$3.~:GD (Uv\mk}"6K˞v4wpD NjZY C}VWå9+yb_m#2j2i>$h7*@H(t81[R8l+י{9tk| ueq6hpuwl}a 0b{2%.-ipSmʎ]y$&Ω&~xK)˹DU5h &^0S)u#''8~lZY4қU}gWP!ױ$ChE*Z.Yh-ցsN)/ X>G;oF >χ(RTLVʼt ĎYq`K2d#2DFkˬ3 vJ2T5I_~1ţ 1"&AO gɢ}+ hAK[^~%((l ^n5K1dLHTT\WVt4̕4Tu^Wk ٙFuoJ-S9Fz dN԰dydrٺJ Fʂb1G%ϭNC>&p61P?L% 4/YQg&łf'wLWf#BMf$UĉIm7z֢(8ZTjs9Wغ2!3^QPouhGs+d3L3M ;xf:ol_LZ!~\m[Lv$Siz溎wH限2K>"f859E?)h/cF!|6 YC"g/yv E|R3,ĔE. " ݹwUSUT~bǟ$údjgL`Z;7>8tvXbV;UaXbp{d~k9`J}qሖ=1P?߄p֕;g @Ģ79i1Ƿw2۹74TK.G>a]/GR#sNh 1 }YHo-:CD!6<8Ќi+EDOnkވ!,X}˲. md%#`9?䝍-(t,xB-}G-/XPE H78Jif?My%r-I rrބʺ?KIdqVTlVW+fvPuI=]u5&!ikyX{N>L&7I6ǴvJ-ؠ.݇Ӣj<++G$c0#PeHr͹:lGj?Tu{z'Ot_5場37Pp Sl{hȦijw|a/i.& {,MmTϷ#+9R1NGk NIf"G0SMq攉R_Gͨ2 ד+ njlxށtfezy❶N^3i%7f#y%贎Y۳aF`ACGgj " Ю L )08|`g=[^&r !g|7;{@n9JȄS=jV#ޅ':;{A߃Ď 1)y<Wj\rvwtʲd`W av pacj@@nrР?!m ޸$zbϯ@Ӊ"}-I`/MWL;uV!a_M)3Fa#I p[;m}=;Ȧ7q ^%QSΟDW"? Z6Q烗fˉQx>yxdzN,4zVMCOyp*R,)At|SvhdD3_tNa JA$b9y98u'\Y͜ZdwK;+JYfD; u,5*T8mW/n]vӌe8ɜ0 4KDr؇?\h'jht`W+%0TF{Dž<@Eӕq4y  %dm-A|z$2;>MUj 4cwW̩IXM,X}WY<߰|Yjq""ݔP #$iJRӯU9ws!f&`S_I9F$8j8&#>Ei6_jr9p%a`M/ž;W; WotbD(t0 #9|jWm9HAyŎ'F FZv V2`DjrI &Z|CБj{41K( g3/^AKM,$ ; 0Q*Ӱe#lX ȤWHhc5I. 2ʾ-,wGbL `㬱)؂lUXX {&Ι0 ɑKq*Rnjя\mSsӥGPFtKI̐ɕUh@.f>`N̮>⬱E`8:TrsVDƇ\o)AC&4$,vզ!* ٤i Sˈ>QfN g>Wv;${/&L3 zQc S IT|WB+0EmjxJ~wL7xݲ7r%ᷫeo_M zq_&@؏qNķ{9?u E ?K8TK<, $_pl)jU5d֩ax%]XRudl=29)`)qn`$~w/,\TvQJrtZ1=dVBkR`p JԊ̌t֑o\L[Kub^g1|f/aFс+iܵbwEpp35dR 1$[{|/Qqa(yfiftP,Fٓؤ[GgiS|M M/VzMsh-IJ\ K ߰A]T8y褋Fn(K`ߋy{@ GГwjbk`qz%zFP1J,3|OBl eV v1c3uM P%=P'LsPꑕ(ԺHuWPê8Ӹsh"Ηn߲*!-k-QY͛Ȩ!4hj))GZL={aJQF>‰x~6~nZ q̀%zDWbt~?5[3]yW_༫ >[|s;$nNRY{LdiZJ)'vrNOsl8QNEQ;Qiej4166ޔhVI!}45]x%5Q*[ @l[52,K Zn )uI0DhKEG9j;(2T6L"J2y u@7QܙQ?WskGbYoBe}3S<8=#ǧe$5XcŮGf<^źhUJ2~FDx",5(Y47+}v]#E{!^lcU"mrIK;K1GRe_ImTBz3y+Rː\qaO~?zֽ ;S!_&Cr&z#5K+Osvd_Ʒ91Ѻjl~ŅWf vוqìd3Lᘲ٪P~2*n)@i +)/ 0RҾ2rPH6*l 턽T`DxuW ([pf LJAkד͜qm3vJDWE0Q[p|gYzLQ6O 1tQ*Ulvz'^9qQ%uhQ0u#h>/>̶-tA wnOL)cs&[Heer+^(3{\_ X+c -֫G?A'L"`*pT4|?@O _.]Kj[HOv#y")tn#zGžJ"-+kgƥGϬ%$48Cqp7?Xu!Հ<#+7gJ9))1UrSl3f0"+Uu'C|GvJPkjBuhao"Y3@ Q7`Y;%Nc0/\M{>ELIG\jE--2kմ]JN|R*E ߮NBSsg@&Rf~l݀' ނ A[ %E7?!0|[Ud ix/Jҽm we|YY @ x'=z;s=T*ެ~vOORԵ p#MDz{ i?%@+ ҀWnaŚfY5:co on<yѳG"o y9n_Y9A'?R$TA26bŚ^޲`PVE@FX6^y?t>od<7},VTGtFaPl  =WcՖXw.Lj5 HO֭ apRm#6 cX=ꞃx軸KMg=f}:>kfݭK*z>BG!2Ftuj)laAÌðE3kb8 ) ǥ,tdhc7Kx*"6qSޠm`-m V T #v[[S0ަ-FRij)8*K:';*Fj|/D!Jm*$@4b5G+I97ħwйDXZ\Yv $F7eٟhe30ȁ3w\a|k|@H>wnnFGbP~pj쓈L略$-ʤtqM,[:Ȃܕ_2MP:k^[)?0,\x}[nb @PB+G@wTDtű22VSB-Rlph)$n D?skMD Iks쨞N]m8(YɃ$6ߡOL$>jbXmW(-K;Fz+hAY0" ׻p^_QOAF x"psC 锤q?Fv){TwY*㺰Fdz[t,%yƸm< ,FpdV.:UڞP!8͉V6Gj;UMaŽz4B rxsGeWfy~\:r)S G] v &sLfAޙ4jfP~{k4T-aY~{cĢJpZW-M̌df`V >G6 Q9/$9ӫ|@̜d7f[ͩWHYBYI>#udξXI%wwU4머YlTs×Lmdw4u9ꠀ1TVmX FivK˻ \Kpf s|*&ߦE<lD$Ӄx#>׉iP+AS+ȆY9 n(iU9$1`yp0<_^h&OhceɭTͯsQ #2P 0m~ sh9/ljeH/F*J43Uy Ha@9ۉ2cOu9Pgtk//(틐.+9e~Qވ;T.nj[ol0  h]8XpW {q?YzPɚU,V'm3c}`IzzJ#32m5=?w{*E6ń6^Nwٞ $ĬWIGdmzLITsfif͘&DBy7ie3vR;0 l35X-&;-ѨF?@ܸ˽CTNq1AIj6c* j tZKy$y`k^L!  MsO`X>P^I=XIqbP߃6'6#۵|G'#tx1c-ɭdZFKL=˽TW(œ@-3*c֘mTl,p?WcmO~מTʕkć Ñ7.^Bk>{ّcd-ːmm;L(>ί2;Hf#EYzlςڟIj%.^X361dKAϝMOꃊgw>dv -,pԆK u5P7H΀TFP._ԑӯ`z''UBy2='QQ@oźw? PX 8"i3dT*F~MJ! p^.:[/rȠ5<۱L ˴W:q{Tm]S}ˀ ^dB'{Uiv 04V8ZTXAaat6<|0h/uɟǩ3(1~W3WsE+9xNLUj99GgKO(<C+ʜ>,^k;;4W "St,c*5O:"'$FNS8[/H-҃`fS\tK<4E:nTS taF5x/ +]KTL!9 .MaRKDBFnĴþ^2} F^e^9,qA 3(آLdX#R(w`, P+EKX.>Ȋ^6C}'mu+j~sЙi`Ϣ5`\h26e8 L rmZ"О[H6*. MUg\|1un}#w/e|UsY>kq+|7F3BqoLyZDeM*_t4 &b >\Ͼ Y UޓBH QƸgPyVfţ ֏U D<|.Cxoق92m7,.Mt2tv_0sfZ*JPq[N$`qghGl=< &h\)`X}w3kRx:lfx(VG ;Na<zu<$:;r|9uV0/|6e{$ Un(嫺ͫUJ8P$}P>',sQK"Y@A!& z[֙,]rwlAo#+f>ϢL;8d2.9Cc8yF(c\Ah@Drl `ORzՏ7g{ Vb.MkV馽[@a#0A0Eg/~G(smnDU&G0kXD25dgF*&BZmѿ z$[k<|!ِаzJKLdQ}ºFg]3pҒ:FFF:*˜aHW 74SQzSr.-m(v|^m'!GVqi[4ںУ.(OvILU/z}H|TN6lϤ΃\(|X bcݚ,wV7Lu_Or& !^ٳ'60@e7JGaYzG{z._O<ڿ3tw @8*XDIzC%P 5 H~=:m:X1hP9f0yf3k:$w5Yf(Eu|ǖOKUAw7W7Z*UyApHēYiSȾ14 ~0厅*xz*4;z? 4AxG])!fJލMs>h;EAlh"M*oTkAaq>+ȎĶq2v6V0$ k@b󌛇=?Ζ`k4Sa0ʚvpz5^ .GvzXn6d#<L@>xPO7"dq#C)2kV~%mT{U#t઄vv:fN~CKkڈ^>͗ou?+5w qP+m3qDzۢeq-aO4lePRPE`!q~܋ow 1BD)RlEhm%݉]ekmb'LA'2x3|fMn$FY00)P4A|IGp2?h"KaPCcb"b& sy93'.^_Bg#>$ hm{eϾJ{P={wT¹ޟIϐ60m6߈l8\T-"^P^X_$^u5flY{v9i^8YU)B֪ `E,fYUDHaWnRӼ:!;!]K@9fO&Hhj%no-Tja8kNv`Nk&fyl*wOZ`sZ:DA.<_dfzp$\*7-k@ 3ޏՀEd`/*RB@21'ħ&vp$Gn fSGJ;TR&YA#x"D96:ߏ56IWm!p2[o b)̕HWV>JOdEo4ww ^#`V|絟Fw 񜾒}ٮ<=ihճ>Wi zAAZGvMפ$Nb܂S ~>8Ku|ѧ-. uaj~vZ,v*3;K[LH_bӢIH^-PT`@ ~~N^gTPlf#x  8@ Uo-1&f#R $0 ì"@k~]DxB4XC7 CcC)!nw!iӾd\/2] ~;YfI| Hz\5DbR( }(/;2is{Ҭ@cY)Hݕ, H BG2uf@IǶ)l0wiw]M< x)1ծ| b828#s8&A7Al HH*XM,pTr'%$fkfN^YOg (4R.0? qŬrc`]N=b"+1E sH! j4&N=s ä~Oe0a.ʼn2/zigϯK@ /D79:1TVeԞ| ޖeB>nXĹ}IhH_{EymCöjmjΊ6 y2ڙYMUj=ǂ;?7NY<R^D( Fa5P/4R0]L >W7N1@9m*peؖR \'{H? ɘl9iڤKe{?2tf4JDn`t'p 7U'D5 Оֺd&ߞeЬ7mqyI:`J[LwWGU/x㳧ܿc_P;97`A8eMa\F.\rD`yr  vQK҆ŏuab /Xs:U0\ s(2%`]}bqON!˴҉@in 5ڪ1k=ђ ؀KS* ]q0z rXaRF5fS뀓VQ6;Oeѷ^^q.0yA1ed'Sme)KڿiИtEX5pdmqP1@3~)6 q9foZ~k9׆ ČsȔ[0q&'}OZޜ'(u 'A>7$^|94>5q")ڕyJ$y|^͉NPW^z (G:U_i䯺]iu B2?˶<&-{W&>LDL-{1W1b.uuM%s*\X%٥9 MKJ%sjcF* 5N GlgT3yP`=$%, QzI4Cr+<73{ PqV»j֔-{ch J!\iqFlܨ mkpvvF$p*ܯW4vPES f#K̶z2%A1wPj $<J3 ߰і^ %u"FX k:dlc7]u{k8UoLx[|-EE &hl@ɥ?.#H=+F!H J&qFk%<)o#y qETfwa@LJ9«GV~=DX @lۈ{KtdU'ðkg{Uc7,[  4ZA a& _kIrLsk3c6bH쓙h*,Bf'le0jqTO4v:TVm!R2Ϳr h-o#&`Ʌ)= c, xHYGdSq:B>G{b"%|'opξ}I |˳Ӥ:h,}ϲZt~# jG*4JӴ̘ڹWu2d-LV삯- xYK'0:SiPuS [BS-=? yE\6\f]mQOr%  .|2`hIC ؑ]!w=a1M-pV;zկ!C#VT?TΧҵ*+4攦/`BcXL?d R>ll)[.Y7aXhk.gUa`ػlmuU{aλd4YI(NڠnxTl/V6=GEdu;mx:qA8J_(u)*U L mW( jɃځ%fs'xSʁNy?)+m$ u_3‰?CzSp_gTӇ^C@(8>on=ɊLKrd S%e= 6t5ͨ9TV0OΑVv]0 HJ?~%ZEL^<{N_ E2 | S',5%[=j|.Mǎ4onl(7m]N,5KkFm\k(^oXC }AN`cԒ{~.¯\R<O lU+|V(qp=sNB!Ƃ(#ǰ lҵU8#J-8d.TxT  A%:>5hX@cFyb<2'3\]bs;r*i[WAG}M};; =ܕMWe'+rtJln&VI;0uFl`嗬>mL %k¢S"t> b ȓ'bj.wN72qYК;rRHe^F9:H͵CAF]0@`_=pxo5XՃvSVu0yxMW4[h=y/(p8RMcO$*oi}s(46$SKf8!~.)t3T36Y!cWj`MӪpxT5#?Ŀtj*Q 2!l5a˅tUZ[/?%sbdB%}٣+wDLMT-7{.Cn 64QQd@bSibp5Qv%}]ޜQR렮a}~ҡ#/sCjoS +h@"51_/_.,'$%]s;/ZT!:SV_GdD''- ᝃTZ'wKM4߽2G9LmGg]d/H^A<&Glm>PWACÄO!xfp9gG2BcBE9 !cuog;XTh8"zCLɡCAAy-н8S TsLKQ.MKZ}ttC ^S!XjB9-8Sۮ='lEF3)T3r:ER<8AxȈP^U"뒜Axī-k\Ig]2!.2cg4+ДW? YaҊ *.B "[gYG"ebmA"/>~ɦlf*&zHܾL9WJ9=*e@U\bZXB^}b WDžQs]<ձ@Vl2OahDD0Ʒ+z {ځU\e3~QW  /|M3$EViK VQ}&LjD{}#y0CE8dGc CdMmnٗT8bms1$q=Iu:<wnTNAg"{0 .ieQ{<#c.b3TPV})%*3 3=I9ŚM6jQ޴.צfyX-|z5r<.Jゼq7a2&Z&M'>tCE Vq]v V@ϫ6Tb~ЏoZ%%x w䑃EY%1ɱaAii݃הꔪ+F-K1^2;~Ӛ* `_q 5[%<ŽʵwEUbdZbˈt|/:HfXOWeu^oD.W읻<7H32Я&$;D|=f@rЉ.0A8g0k޶<\a?\/;Ty]yXWvyid]WX?Rru̓Ic"8_5MZJerTALWj*e[jNd$?|ᶸZp;Zk{%{U^"YL }A3Efr e}$7`A`Zu cOROm/~IS8P iUVs7`i91\?ڰ0v6s7&BTSWkG+*ӆZ,\O坩a$N^[AIJ>tE6W ۍ(øqyNXU 5+h1h|Wtx8uv"Q/\ ۽-@{.3y.}(>Uׅ^d\~No;Z+0b{i7(!Ex칱xs[逕O>,1r܅0:QBvcvOAk-f[Xlݑ[$cNoP-`lIs7Lu˃#^9V 4R{函%:H/_y\GP4յ󧑌GˌD ~J =tU"Sr:e gmMldxW3>+5sBCNbpX{p[R_˒3CyP`0LW :  r 6i *m3 sk=d@9:07u TJ `,4T(@$[=4 .콥fg}6O) F~EjItxGn@'_}|X2{D-Jwص`+Ex2pЉ1v b6r6. &u^54:ĚKC,|+bg鹓O{ _~_?0T]OV(0ඔ CTm|3upK1Dcu?A#7$T?**2n=11'h8=y79/6k8 a^]~E|4-mh>V}RJ/06\K'Ο]LM^Oʌ'@`Fq9不n958C0"rMO,W(-aguCH;uagڜ%EIWuN\0 |5tbM~QpPĞrZL[rd1PGgvD}z_4Ƅx*[fOO"Ӱ)UW^kg?Vzc ҏ࿷ .!.ao^USѻҳ<EgeY{\?,]/$ ϬeMy˰QދSpM P1L^ `&qRy`X@IR.QȧV۝&pnj2}$GDlc]"Û ;e=6=08eo R(CQԡ8Luzu&^:"QJPI7A!1~Hlë`[C߻,Y˱ip/ՓbϔEZM0`9n؎#1nP+ #>m-6z;S>ĭ,MI#?=ϰ=ʳ)^-s͈7*!zA /:!:p!l|I%A_v9k+2Du>njpãϢj7d '(vhBObٝ{wƹHu}0d(Ԡ! b Z)etDVP^EްkcQ?hF@v L}>Եtpn;s(->?hFx'^K$w<-.w,9{eEp~6.lhY= _\5@ŷM=(MP Ύ`>⠋]B} ]A//Xq$OzOU+V{pl5͞ 'XlhJMhΩ8JBr|gT"kɔjݵ.qp_Z VYQX!<]dqVݨ]H٫SKb% 'BNV%WrVeˮSQHԔڢK++Y⯎ 'AA&/\>?Ήl`:n$.O] 2 ~=v_m7HpQ 93}b*|C qtx0S[[AwOL.9"lv' W lfT W3Ai^X  ^r,6"ցX0KORJef%?:-uEY~Ƥ ,˰`óv.]vl"5'80ҿQK*~lRsd?$j` *x$6% 0;puuZM u`a9]3%IеFS׀h;1#! (mE$W!iJpPȃF1 J0S0pKzu>|6WIQezڕ͏) Q&ꦵ&bV IpeOuCt)C[cW`Nnk mh Un[2E`-XSvAwNZ/XAC/P놃)z*^4uK&{9qUi[<߉2#BIؼ/r [zS nKSc `X@R*O_D8 # ܃"gNGdMp;k)~G:u"1s+II|YT{ nGȣ "J#$Oc*R@DtM,d a>UVtq=۶.7P81BFL6][c+?KAy[FF-W68J[5Xd"S+{H#gw!UoYn'WarU뷻>Ru:-wxsx <3AB(U18U;(pjKu*X>-x l?<1gI+d*Ez;5亰bogA_7P=p`0MízXNcQlrD}\焸"M,X,3F8%\U@Fz޸#S:zLN7HeC+eDL'T T  P$D믄w÷fXqF̨&ghx\ W1pAxY E|s j ppI}r9 ]4ߒЬ Lv^j滏QGѪa>.G}2 >fi1MժZm0$ȇ(D):o ΏmUmd!@3t1jR9$(%))#Hɚ Xȕ5$A\P= פ7gSRq9. 㠐,K-s\ݨL#+04;UNE@d].RPM%=+]+=cvx^"#uFh֝s ļW5=CnL㜖 }0!?Uedٔ]t^l-¶60E`>Б/˝9̻HNS}Vqt9lA-/Dп'w%F ymM{ӈ "sd70)PDV yW9I*|̺(Ԋc`d*φTRw;Q]-T7\-6SC=?6^L %G1q LiҥΙeGͲe>+J9m3 }My+{8cNxٮ^'QFW1&*CHr<. =>7ghzf8sV5xkc_OF!IY+STv.:%6#U g:)nK@]䇗B7ڿy7)<߆ETxQb)>#XdE",,f¨U c]jX.歩Lͬ\eFJN-pW,WnͽIVԾۚ^?SZwRM*jQTkK9 W+Xݶ٩Q$%5]xn5%91}#䬕LadKKu8)q?eC.-\9Yf*Pi&"˰ʪe /tcV}D L V)Q׆F 3@=5SUzAQ+SEAUE;ą+>Ut% 7$@(W6dj/=^JI%_:}^ 2ˁj>[q#b'jfw&̲|il!40l^ V'O![)?L%5c5Y KHm%Q!A;%o ?/# V$Jtf:VfL[ h8o|ҙs &e-ϟ_4bLn=1#@#D] j؃%wY Q 1_J>_ 4wQy[ K#>F8C{6e>ZZA)'M5Ь?g *V'>0>υB( s cU]Nj5gKxbOj9/I\ևFK;6yfgYԥ& e{ak_?5jP} KA: p0sp`?&YZBud' D@a6kxB߾$dۏGFRiEB4'G>Vs r[AАLf=NXi 8#K Z_&b< E;QZ{d& iۚ!w~4l? Ew E18(5<-t^q6me@)P^uȔȩ|Uj]6JR>jYsJ8V_˂]_{0 B xEv"?UK{BpOEt3E/eO7FD x uH8лaS7'OHoH:? Ȼ$Sbze=dߣ0oVŕN:i-@7i@z8Yܪ `xusH~SJ @=gZ$tٴ*\$ UiZ5?D& 5r!OR~6T;K, ̻\4 33% '=`!h W 3` tS˻ R0m?GJ`©>iʰ4h#4s|:P (j PLf)Z5t J+gh)9V5'WirܯN}כҸo5$;5b#tn:W}љ1_!eu[ g(",%^s_j|U;:2CrR\^KO Wxz}R s2&HͰ2şllS @sλ7vB~$X?A` 5sgpQ(w1# [#a \hg~pϛV{*$U\J0r[$mSv)U0z9; /җ%O@XOJ&flBw8hLvw+~݌Q=؅~|Vcʃ8nV-~I@Aք0stԌltkFaN{_RՊGd>SGRը;I8~>!On lVj,xgb: e@&|rBoܖrTOl&a5YKGӅH ?u7C\8X~k~A@aSqw4Q 5]Ƌ_D<hԋ{ɪYAHCeyCUX ɔV CMh{MitP_VON,ZBⳢ"$\ez?[[ȧ&kWC'Us*(s9˺r::z@8T [wHLT'+J`] C,hFQJ4Roa(@ :N-Jvʊ۶L_~ib.=1~#*ÊK߹fHN$UEq/ En3Qpv楘S- .fk_HEZ%V÷QYޓ>,A@vhq.vБ{f\q6'k\%<,<ӐV`[a#]<|:|BTPeڡ޻?հ4~Y1o jD8 ^Re_)йX.>D<ߐPpR!Ir1g.2Ch8N]ԩg_O^'bffevX>c%_^/=(~LSGMzo=)\) {KG^숫|4ה_av\"dʵQou7SJD $ h!ޣ՜? 4tX;iI3֋{k4d@mAwBӀʾ&7<^0hkp4 1oG"HzŷwW/ݪ$.*Lksz#(Pi^" \,Iy-aVbJ\ ݩDbdT'h!$9X0Guy6ڷ+ľ|?y)VL\DUVfzM2@y,OF {E[R,@S}QK PڢO'jn}QFClwfV5s1/0AvqY irE W1$s|U ݼ'7r\}U}s538I)pc=Xf@cJ6NCz8<;AqPy66^1/, M sCӔTac<7^-{Seqfya؀z˛܇ xu6(5U ʍC2Slû=5ahCU)[>JQ!^~7nz2(a$aDecϹ\{ '{NJjj ͽJ={D-<Üߟ}FbT6nZVCV_ɰ1r&u~=m=WD-n3[ k_e'C02:Pc ޴JByR"_3_QD7V~Knj"%8|,1{?`BuW5O1w'{8a~'2`XCLbO6DGbsﺽB-cU[\>21~M3 cw4 jkn\kNчD:M*3`N!'p?A+JLnM]V~N;(ڝpCW>C_+2,j}=yY`.sX̑Y5Qs¼}vP9=s0۫7`}@6ږIymd΀h"7DWzB\Ȫ) ${篆%Xz+#dx,!x:l"a1^)RM. jk]Dz13EF7t8ʵ?Rq4u`BD&4(B?h3A*h=qO Iz^+MCLaJKn;?“Cn۞  ǧ[p~DHN4Y@@sr7F8g8@qڹ0!)\ ks1 y꽀Inv>' NM qZH{=zGtjpYL/ DŰz8J6JD>*a;E쵊62%|uvKQ<~n!`9m;{'LQw5_afFBqPq>Sn۬`='5k>nrЏSc4 wZUT+KqyfB ỵ[A)9dw@_w6﮳d0,3"P2OEYBN?ZQV]EY,^p"bt3n_,%1JPv՞/bH.%kLIZ6\T/NҿQ72lCCM9gANtnm$ZQuV2i4Qtd,NBc]rK߾y64,)'_{O'P~=3h <῀$3yLTQkHoj mEwTss9)/ PeY bVt'HUxLz/XA-DC iv?9MXttzHO@E存6jjruħ}r!4dmv)}$FZiz[ڬJJ{;@Q4/P3Y-y{=`?zD9+f-I$I S|.'7XC8|pA`JHoi2:%{EYZUOK 1k9߱mȉ]x߯ʏ?7E#ЃWup)!f-(~o+WhMezL>,@6>{泰ӯDiQ~hNlAƶU+ٽ$%O+K 5gYPuk-e$Etϟ5@>1pҺ ,YpݘRaxaLxGnjr1 ɰA'MЈk1巼b Ӣ8k+bu3}dwBAZ6> l ^sG9Fi4DQ~VUHAV ްh 2ۦ3zb9<Ք>X7MjFCg>m iI+=CL"$T6;[-4`3^vtvEM{Vd|f 1ga e干}9 y&tn&k2E &:wa\ "׈2ZY)~~[?ޟW5)[GKh&RH~Y&OE^130!WxEՓ-#A~AN M~ "fl8tfOz4e[=UIcIKSx[xxil/)gY4f> I}Hgd"Jc=! ehTt&=, @j*znw$Q _-0#kv]ŇNl`Gڤcꈋq}iFE $BFAPT?u{,muDMiaDl5&,ftwFCE[^ OUTq]7?RgC89Iq1TOJ>)~1-=M,j#[(׭ՁvJRnBmt 2,bj DIKòlBr fm']3cWbty䠄 M4)zP\j_5xg&?݁ u:Ol Kt+k%\R |23ܭ!Pz1 >C{|&W RN^)V: 蠼|A t[Gs^PRz=֖M;?SB~#c݀ξ5 Mήm-L`P+GRJWn y;T iqpm^^IYI|C$2b쳮bA%<~998$B2 dnᶸ߸+Y)"e+ϭlnX LB,T(GXQp|˚`򔳫S\X&`%55MhDz'z WitW)0LxИ+ uGgx4Dd6zſUU}5u.+Ar0S<"c18[G2#Y(%IG $w\[!rJbJ k31ZOLP麣5$K[[BnPm/|3J!.)X35*M"b7P!1etyiQǭh#i ¸4{Mv]?{c3 ,68ɕLvg4@ۖTlc8c So< #f*og <8l ݪbAԘ[=nqnHK4!% ’Q[$B&x)$e1}KF6.,xd%ژDi:Ohs_>+nejxa^ ɠ#+TGqvצ3\*Ep0 un.@$ݖ~tA^`?bO omA[*?zBLIʙ'-T qƦtļra48qbWo6'E I x6GЄh2XAsL}3ZQ  UjMrPy< (n>sJ^49YWM2} !`˶5˃=ɋ`C&2p ?7C"FXͶ=BΉxeHG6=m:9 -/qi)m(1GCuQr۰YӗZecj~ fF50Z[&[vTU|?藁bl3h;>idrbUi&m`8;*k|G*45$.k(,Tw]._{&kHx4r9g&9=iRcc*5b#WNϴdRJjh@ZӴ@'RȓȺY:W7[=NLa;6kQ/"S j;z\"fMZ`,e!}<٘ @ m`WkߜG[ {f\Q.i k`'YE'uC^#´!{wZ?a0=%Z֐7'[' uÍ&dRGr/ᚏ9RglK/8տV7Lq&H|=>>5MC;ChB7g^H#xqVd㨚3MA{Fx序/QbӬ]ph;\:+[,KrW~ ~3kp5Z ? ~:k`"}lym,_;4C&ӣ׭)uG~K" n|fmlɋ5;?⊛y|QCia3q#[@/ jUvpȖC1pE߯K䭐Z OD]'ZY&ոLFs袼e[S( T&c^X e1ѨM5jۢKT۩?^Vo-uL`0`/*xc?8>8Q0ly0ߣzZAO>|\pOn48Mt3)O&M~{w75jIJ%*){DEkEЮ Glhx/Njd3a2 0QJf4[`#s@H:%0f>t@`NV7h*KD֬H۷m؅ [(E@RU}ѭ{E[K8& 㷆mQbRM(܆ؽ 'WH+=[nVN ՗/6zd>V^8{\:GX#tR?IG97'> 7†ĠyL`l[rEjUY=lvZ!Rq&Avܐ91lFSH:'@*B%}9-EXݪXƈF|Kj. uSQݝsͮO]0&G\߂VJ E/HJ~Ĩ9`& QȼC!d?A_U& _}ƹ,)\U<9C\  8S([|\2Ry}/ J%,l3 f.UDFk)ĵtI bsWAX^a)'-y-vWUENVaq|` QJ  .-**Y l5K Tng8n-/j5oG2z;Xl{C_֙Ә;wͥe~[I .Us̺}vU :@8qD gnJߛ WVzV0G!z9S; ~$4+vϳ]ir$PHCfjHx*8k̓2ٛq^mG22* bRQ|BsLۤd}='ԭ? xVssAy _3zK:n(@>d(6@3v*4V5/~/0R]#6/v+WŃ+θ~$!"qcP^ $vn3IY{Z%"TcJgϪĕsM]Q!+8oU1Γ7u#j&XAgAn57@&J܉[_/4e 7v^ Jb[].觑(AI.k5 ؙBD:4Z 0\.%kޠFlKѹT %HK!~MoщӮJO&wXcq5A沝*З\m#o22pv^JAܶ!6txh 3K(fǜ\!M:±$ פߌU)QkXR(cZ(0~)f ֏Ynì֨D<2Uɯ+ϥIjLF[G.F^afZ`RU}0$WpWu1fdrqAvdS%F0ˀT3{& (”`9+ "}`a._X'+ֱ7.NM:km.>˛P, _n۞[!jYG{(vN# h'{'S&LΕgd~,$A yU-o_fh(TJi6;V]/C= M\]Dؽ++#Xluizo''E`X)ag"9u#{xz;@y2t>Hz!l'`v%+jը7n0%m#yan4=v,o։eb-9Cq1CZ)IڟOk|G.HƽKbUr'b}"Ct RТ5@ڙ (]Ke ].!Mc;V 3"GWi%8B䨋i6 WCˇlubSsk{y2HRr /G;eED'^fh) ?f3}oɸY] uށHto&WLk 0PODY8K6B+GGtЕm}r9З.Nv?F 8?6?s~eaZ6QN, NXhq}Ƶ~\X2IWMbLemtrIi,^)r}:%­[(']g2@~\FsTu}Gp0=6Nk]yTH,+;0S(RF7p0RoZ`Fի]='="MlIU'Od8{T t!+G-Z` $8G6Q9%PHx'H6/ 6|cF#ph^g T!F]n],Oh>|hy`()X7[ ^_kI#8}h/Wgf4Nxv=;ŘQ>Ʀ;C Ydbohj 8e|Moiٞ`͢v.: Vp{e~u@`& ]D$Ρ@ec)J]0gx0LJnѾݿN#,9T[9ƳV UŽc/PXliLc}QH؄◗|kˌlo|Y)A#ϼv3OCC%{[-kW,G#ܱ/9~nj 4/Z@υ4'%x)O)ӣs߸ ߩ.TXA~!X|9d@7\ԭn"Ӂ2338j-Af.vE߀VFk&a8samh]9`oh [J,;5ČMܩC/Mí\,ټ7tHOn% c@?[[\4HBCA@ǩk;א=#{qahjn\8ZLz4r߽̫ovHh,Yx۱_6#n/5[W7Խ퐧7#2n8FU\3/C:P<p!ÊL <g  kɝ n`Y,?cоcYCjqҗN(y³]љ"s1Ӧ2ǟ5v.(!#-XR}1qYn'3I& Hs{oH 3 Q7n n>MR0'ƪH={F ~7׉Hy`{Nr`Ҡls MRj3F) rP"=mKTwMD8wn~ei?NJE.+sF@?n)=P;zHsA[tQW/ ,W~g'@\Լk{AR$4Rld^ Y\P$"3OYE6rIu)UJ 㒐7[I+$A Ci\1(eӺ qt2z x &j=Ok7*"\M* 'L֞BU}GK:w-ĕhEk?$%xjr?֧Z зet0{;\a8GK}*8Kݵ%gUɤXb ݬlj""AT my'1 UwS2B9o_l Պ/?_=' S70U޳iN}yyȭZz.{FѴM@!Δ oIwR TQ)$yfӦIvK Dz g aLI| L g1Z.`L~.\K!/+e`;ōѓvaBR`{{!5L+v_\=O Ųb9|Z<<̣n ݀|rd&}Z] \??D n^( eHBctԱer!LTATM9ژΛrPdӈL4srsk ߣц  ~N܆r˄wawH?v̿ƒn:8=2 ӇȲcֽ1&ʉ~V/ɛW诓AmE66^q$,vt zշ~Jj SkFEc,mHZꧩ$)O+pX8K_n0'ԄHLiEo ]PH3F`h: Kt!IlXL.džo wTlLE҈8!noqǰQ5b9BP?ʘ*b{vzgۺd(Ho+4=,R>8^"Tէ]eZȳ5}lAAkjȉy I\fV4CyG22 &iDmak#0H c n5^ P/#$C3rNGFR;$xǰ=y0X X^Wh C=},*{IVed CX+@|hjYhg8F!7!|v3ۼyuTi(05_^BR %6-}2;IdEQ0%,*v5;6Uwrlw`5;5m:3"6|8)57_e0y7O)qbK殻Lb(.2>BS< M0zE214CDl;SL)%(~ΦX^;"3U8/,YSXGcަ];D N/H+ŷW@ ,>CaM>9g:4]5b{/b)-d| d@dzFG?a.Px7p_*3t8{zۻ zHʧEDk-6rqx@[BfIy8}L| q-_lư2Àwx)~9tO+W_20 9K+-B~*׉/ZBօT~ MDLup 8#:?5,97u ]4|GT%='߬_S91xxIeBrU"qBE뭐K}f(]nJOCo- P?[.qb~ʇlOtJSs!)H/vHl{)lܯL!Sftfctjnx2PFYe{܍P@^(\y-V- ` R @^T>,؅8 _5(4w;Ü l3懟 4a-[:g'´ ;jl9ib7>ӂʼYXn.YE9p S\ ^3#PrE7rVUW>j}CM,+fXs/ߺKa{U]ƭ#|O,g. bQ{W86 v0\z;1zAtaģ$oeo5k.a:̪%:X fYv i7W5Q>E2^Dl#cAu "׺⠡K1qa6;`@dCu}Fzx.DP[77aȿȴh1#>;AHa;M}u9ܝĝZݔIXgeW1&sM6|%o֢Cy?CSaXcoԚ=r=ji?&4U(޻R]˧ZkSs^3S'2v!k&,%\R[ N(;>@URYLuԏKQtJ9µ4gy2Sqqv}Ed D0ڌlvMD(QqIBK83RC($}(Dl Cw~IbOo+`4 +ƌf}c\4Z+VpفfC?JOk?E9|Wʦ.)FySQ=ROo<}QĒj#pNy|coO:/&=1Hm"1D}8w:(w>Y\#CA i W|v;err\.pV 3gO~fq̍XUw>^Mcxi9spԪS.g.iMZJgI~r kU/ce ̠$Wvыâz#oYŸ2<rz9E0 ?׾}Cm+.6NKTXiOEC. Kލ@%;¶oN Ie+tN5%h)` =˟G& 9WZċpKiC݈.>iy-J10w8vo,κHWbzgڔ*TBJ"A9r1YVLH蠎QcًZLӑloJ`Ap9ܾ^Jx  qzU^ߝ ycY!9v"+ ";F·MFgmFo(+h@594}+kSRvU^8VM5ۉF2S0 wd٘cEΖ%䴿bӫJZ)9U6=NܼmEI9Nr3J:R: w~~ ;Z7-!,&R7ڳGy9[>rOX4i'%VtutuR)K"sx?Kڲ/%W Be@³;WhQV0Y441o#f4ȜKfKVoeoyl!wf@zHgomj>eq)tK |~`/('Y<oo) "g6'ʿƭ^Ui@F dƅ7]%ڨ)tv#XN7Xū=^t+."Фx7\f19N&U z.~d'c)e8тi>DcU2׻JiqpD XuNҕm|8?'ӇDZʹ7-'7jr"MDn}K < |(~++ }`oIn/9IAL"?,,g$OjBǴXQmDKނ0#嘭6*9UkpOFR`To:¿yV̖p(LX!I " |"X9TBЭΦLs5toS狽@ 8bL髾gH:Ba;aBt [_zQ*jdѫH揩 *e;d6zWZ`_0Ph=8 $^̔ yyyoj+xF4jviD9뇵mRn" ⺑) Ư?W}m%㤙q $)a=ch_K,6kыaa>,oDp%:xWd-X'Ms+eFhx(9ZlJ]"}L{&zb룹]4ף3SHVy~]ELmZFci' ,čgI)oIKYm^bpyYǾU$IReȷ+6x/MAx߭.녛@A)Z\4P:ᷚ4nx*cxrwG{U:%U5Ll^w!`wpQ|<>F,g^]Ƒ<0-槙tIRJ2z/֒zq[pEh&AO?W`/1Ȃu68 :*k!$+$ch*,:r ]v2aAS''+\:OU.pӺ7"b!_*LҬkr\E^^˹quȋwi՟& hU߲߫He7"L 햸b~\ NASuz @T},_Is9 "6NctxP̅}=;0mOCr}wr(|a{Qm 3eX9b]"I5=:F/ͣ pcgV\>B:$՜7MZX|@GsF f4Z P+CF 6=k'V"D_I=_cJuzM=@ZN:ifd=o{"YKn) N!::R=Xwph#np[jɃ%lظ.+YniAѶaŰvUP:YT+iLuxVsCO #{Bx9Yh/FMClfܮZjZPEf-yi>\h^$qG4٘g 7bnQ֙;]jPГC3cCOuR;Q X݈ڴ454="w*4b [Y4ND_42](->>Wꉡ8trQE QuZ蠨P$&/X#{յ1V9:0`E>F_E8۷; "x\k5G T^,x(jLƦ6wqAIq`{$!&@-tn"d?ČffUB(',9o޳>9E'sY YUfGVìF[Nf$Vf)eL-X)(ϤH\[ m]i~Ykz#O;5 ^$ڍDصKbMKbԵJ""(O%cioŃwa{.[\m*K^}m>S|+>gZ<[)GN7)L2DAS~7wZC~h)媤A'( Zxf3 YI;+zm)~c P# !!*)MxnRb(3i^$x/}y2Zgv(8Wc]٦Ief,ρ{E[*?;@sjMzՈj%iD A{W^ qV //`YlDh>7]Hoz e6(C<̆,X#jf7dMW5fB< $HJрJR] =YgαINd*E e5qQLbjV ǵ̾SD#0U#h~NX17ܒ|aE^BPbŝn&<D$j?报|* KX*2CZ=JO4u3NbmY[l26F/QMIaUiK1D =@_&90Je.e3z dDϴ"=9ĵ-Ƚ5WY/jbώV170ntYvw֐ !xy#C9,0x|c>֪3Q2N!hKh瓯7tgL8[P=GX-,tD_Ѐ 셦}-2E -O>_3Ź ~>t3;]MB[6!ۀS4Gc@~RRƍp`',)*J8i>ANXebOu4{/Fp=,Q 3r>Q{br-,Yq,^ʲ.FB6BH33<2tk,SFqWޞ"kS.Y19#l 2gdnm#4QeCsazk_PWHXv!s"} ,V%QhaEK&6ڰe୚I/K9 gs1lx<6wbu3>p^U]s(k՜{n51WL3yHVwr)uc/a?(,%ggĩ4zca6pd…^Y'P) `- @+k%>&59MUxYM&$8DMDm1c! ֊ [pȧ$+ҍg,sAYJi@U%.g]Fi %].iQg{+I .2 & (E~$}…# #)w(Lh!`Zù-@ #w%LeSxq5%rm29+8dL-kH$9 u[rxmT(Z:X޽/@;F7cDҜwT@WPlQa&o|SxYvuRNOVֶa3RI u"GHm l-H@&V21iuk+@i%c&i8JsQҩ*gkҫЂ!1IOSm>Qk#zm2ؔ2i\V!f#doί>kgc SrY+n'2*Rqȩ%Mo:{=S jOuR(<JَQWrק@@$r`f/V(9l,ߜyss~3}W1s}FSE0p{%;,xuNYrXEGc_}4+!XmlHʠ7Dbd R:gkA]>ud7DËBO%N%Gues +agx@C2sMizz2rz=d&B[6a=.ĚNy^PiG">,|qGhާDHՏyݒ07+1>_TDKy@tZ.*`Ao@e fLH)|*/;j8. 7c)\  UgTqїm$jzY~^4鷻3w^t(ľEi56RT p_ KǻZ w!x)M"ARHFbqSPI*o|/n߇ l';6O&¸D j/es1^x8gH%zş%R{Tt3<@(]wclN9#${s sVޡnja/G\sGCK{Sќhގ}~,;#^g !yyh<O-?E0~*ڿfj3 b:Z Bbg~?1l ͓zsqfe,fn42e""13"λ=&Ke>lb6A~dGk<&C,qƢzL+ Ѭ+c**Dnywxu/~;_`#r3ϲlbEfU6"Fp5(]aQtSӸK;rty#vJyo2GWϑWW{gu߬]H. 6/ht*AhvQl"i*KQb)D c XufL b6$)1i!Hƥ8^Hi8W:/6 Ѩ"PٱOddlN)#ɴN÷u=E ^m%Tne18 Y6 fGr&C Gh3w5;JaPソ&qS=Hc_K9Y:jG?L8$ { j5S ) C),?~|^ZATz W(cC篸RDkMBÈm<'θ&>X!(i`(VŘg'MpHax{Κt.w}D..f+'k!e-d@]CTݻ4$Ӵ2P{$DEm6>~U>/ - xcWnJ0<(b{x”eZw(@%mY= 31OCy}oy_08mj@Eq kYr0xZ`Aﯟ,?B hu2=e%*poYus%kH %w[G"Wotc`cj*6F4gI3Vm׈ux>nhy9POyc,ξM @1J 9&9 .+P  '.&9rc% 2vBt# A؏/p æ ђ%fץ~w/7߮j)c M>x|^r8y̆㾷H]O5 ,%oXJ= z Q ºλĎKmvRN8&1ؽƤzR՘ol?yc%+`blpC>ޘklԒd u5tr8Y똦!u#6v]t|IH27mZa?G8 ԒC:*"w` u6 s ks9n}0u"\qGX$|tw[Uƽv =&5噯jނ [ *wHqlNț2u cI؜!X(ڽ?@FJlG_IvP)uW;i=0JW Wn:˴4I.K۹~^I |QMMyr$n[$ [7 '85ڪ?U󝦞H\ρ@%32;^x#[l+Qq8K\_O]95.Ԍm[I/;|ALG$w@ï!NIq|KV7D,*jg~uRX_[L.E{(dw2х;K.bY^=!9[R+$&YR@}Xx ` 1v$9葜uuX.O0-a/ϦzN7Liq'=1\P5^ v9ٲRh┨T,-12|l;y aE.(JU*_Ok?/E|{u.*s9}u$ѽN,Tq]6٨e6nPfMcMYz~m⛺(i x(TiDHg ԆYn,"`vťhKƳMyTht}RIҖ>r].&'|Ф~CE.ViP>]ҽ0V^1P?uv4I8s: X ت9Zʄ+?1ր_0Vy>",-M^p rᡌ>5S%ŜU[:eXO^rX'@;gh\ѽ ~B A v\Jũqpfld2??~'ш:f9e,R$@(܃rqk[4J^>3Y4/+<ز6{>Ijn{6w~sZc=f*"PpAb_0Rҩ*_;4f:'&&CL;%W{K%uěHQst?6 ܵIѯV@G/RGT+ޕ2d+dĿtvqBv{"=o@=?`R՛o!ye1b]u :+JC=;_Uaw!n]EqnZOUX^"WחC"z<6"da'fb" kZ80ET+fuBg}/-7V [I&R`(L.iE D3[4ZP0܋p۰Q%&>ˮJZZZga>2p@ig?|o ?-.0/}X$7ׇʑ[ؾ#yDcO{Y< =2<) qq˭/BIP-& #ՁIڰ#HXxFa7V,vEvhś҂1Ҹ~LO@usmsT6ÔrtTW+na=31 )^7fj,9ڏ/1 B7eiH`/! l}Hkas-Yc T$hypo +_ hT7{e`pM1._+5Փks:#],ZJ"soA]"N AT )m@ұwrLس]!ϋorjTT-ZPG)ۭmb`)d١ԧȺ{CUx[C^D]0u(\reBXg9rQҞC`zP6ӃB/u{NM~7޿MJS0`MĎdr\Ry:\|֣]S9fЌ>ư¸^O)n,1P"C#jՓA=}\1 !zK0"jxЕO]\/ wCVo~N#o #]WOpLP #E#o5e%$iD D|ʵ ˲(;KDvk:Q:=ѐr=owOp;|_I wPr!W(%S! Ls5蒢AJ;6/,ԵW!w9l*~)[epRqr.ޤyȐje>H*hB]ϑzJbr -0-^^nNeNt~ntf,t%Q t4/K2<nc0 a3Nf?]ƣOb6*3 I\PXI&T;ŴW=V/߃=uֆ'E$@{(vnEY4}_ u]+~gWJ`f۵@?/ .Aw4)"}TqAce9 >; }_J:^4GV8cO 5 e'|Ns9~yt%Slz̷؜y'~4'#ynޠt/*807eldP^vmyY[y^Q5uB@uT@NkYHl1͇ z4/yuxevsTt34\=`(:א T5`K4"f<>v1v_|QyѬYWLyb`Ctj(.V}C#\+ ۅH*%M4iH1 ,e] l[u4+DbpvSY3)܂8,aH1Z FM4m,m8:[dj~ӥLryy !{(\3 >#Y 5xn}pr.ͫa`mm3 ڇ p)¤ΔZ+'7{%c9wY8P<jMu۶Gi!ZFp!\ezC>Jp3Ϭ&}7S v |nX^Ghuf:_8ۀa//eQyYr@JևG]`W7+7.ZtA5fBCgxA#j !=͢ݜVX%mH.ϛB3XeTvJEjںz?q"r:%IEN$$Tb1uדa`eŪqW@!\D3Yr5#fZjB?跤4j?j2ȑE EpLzLXYSe_u< 4R stNy>I`\W@*] AQӣ|1–^dxqV?mk.':gK'#馏g͕@[r'&ש$hgӵj!ĝC6xd7Kw ulfj7xT(+IL "Pg4H-2з6֛BCQ)}AU )ؘ5YYddC4~FSg DP]I{gIf.F+~n^J&,&b~%lHZE+|ڸcLBN;QMVߛ1jqwFT| O˕n6F٦7k ie 6#@.q:$]K{/VoV{|A}Ծ~0"Cc`!r + aw 4)KN^Q6/d &>LN`;?\İt ´P9:.UcŪ6r5x-wT_roAJn0<'w!-eAJ}}[552  ǽ:ewv!)9=3ƌQꔪw̗-@("LmqT(yQfXW@&po?PdmZg/ v|ۂ@FvaT:@m\~aB=cMr"y)I3m4 d2f7C!Clg*jx 5$L+aY\ⷼ V SBP6JXY}ή*N5-z u / XryYP1a6 +i@#@ pkֵZL/,vMa;;y:2D9x p2݆DT4,-` /vTB2Wε!2goًC)/C_;%;<v ~dcJ.)KpWU"o*?C1HWv ?| bpNZTZ$/֣R( vr}r Mw{"se}cAcRxگQiع`hwdK/*w8*;>cݭ )T??3 (@+:+:ԋɝ(\0P9-~H$)/jsYKtl[EÒP3G}(-btFgLx)Wն6=&uhKxUNDTtsGB/ : aMwA3MTp+aki֥2*#I40Ј:Hm>v,c"u;_l"v62 #7?@ɿ&etI'P@^tJnZ~ $*s?%cVHu M^OwN7E@?ʆ2n9$K P]5Y$$PІ [8aZT S)n}' @ I!lgZJ{ir.hlTQY/=qq r_EtxFՅ!VVW*nY%AE,qk0|S%(0ͣd29Niϋq9ݺ4' oZuY6[7p8Qm 9=>%[\X 8H6= ӽ.=4ټ:=0l:(:3T1RTnċlyo|4̐S)W,/j7X iX/bV<(&{oT1ɽ.Ƨ#-Ⱦ5TG <&o62#gD!ÞuE7E ގ@vB=.gԭ8: x˛5:zЊ?bOwDm怫gq?͝{H6OBeN{Oܰ QE#aTgQ& QTk j=!2U3VSi^&QWlFUfab}2GyّLJ:{u+15P$ժp}EJc8[_՗IqttZljSϭ|VqU`rB8>A;LN-i%v.@آADyЍQ%[3(5d5# oؤul*6{ܬB~] DтIG_/Frzr5A@:Vi9?q5D}a)P1li;;u_/ߗx۾{͒ ;ȏaP :i"5[b;s2eً L;=t3Ћ\hPAUGyLfcBGﱫ bʇw _*qdF]gI 3`0b p0U`2UZFҠ1ƃ7 zi/@>CeG{& =pۭcbmi{X,2oiTs@a[ĮzFi ܪa 2qaȌ~i5Jwvާt?/z@Ƅ|T4{߾d)4Ce\jYb;ސcalΤ.V9@)0vN݌o ߀&O }7*~iybRK2 NR-Gf)T> VxTy3Pe6@_q(f7SotN~7f!3Uv;׀ȶd3K}I{qb-̫orD1 Lb]hZHfh- Z+(4)jO1&I :/ |򠽹QǛ3N˃cHK)cȨS5UC)d%of4!]9HvV鲬VɳI2h\f>挷Jxv՟&Trs.aI~,ŴQ<@G>8s}8#e*fLYd'շC/.1:yEe;g D9|5!PӸ7&n῕X!c=Ӕ!!@H[*~8w콋(1B`H4^ zi{TK!6UQnO(o NL1^g- Β=SP.1ed,:Uꛆ3a s=~B l$]Rf+;lļ^f"'iN88% I FZڙWzlA:j@#R_MAV%T]:Oݸ$aYf63E+b%?o &Uџ#מMͬi6 J3J0?~kF;= (tZQCo3UP+3_=+ UEi x\DQ"\FLN^8XNZq4Lq*_?2rv>&dGq^̡ FYHpTQ$e2 \;%ۘ CS`[.AI?`(5aԛl md/ 2>h47:QʵEKI4Jatc2rb2Ivor=mR3 } BԴؐs+9$ a7W[㝱 +΂`6BfE899-? ˆ*_55k>,(Z9TZC@;DTPJ)V^DE֭cxL/LRߖO?5al=NL7{2=j ~xns}2T81Z^`q=;vD B&8;" rSydž`v,`\x֐lY߫›Q͕ 0p/TT\W7U*/bPBÛa,d\oC n[ELN-DR?✍7w5Ǔt=w@\LnA=ɟ0S/{O#p%.4YTMS\ȇOiqs,p;%%֫oRhջșzS~$Vk[My*bV *egQ.#Eu=\pL}Le=J`IGS4&=*p2$—K˰UQ6rGf@<+&AHaiG¶^!ofkmR`RJ+0D&\MDŘk>w&C,*\!Qs}[ik.^ gatL\%hc"JI_xMǥSf\:x%Gf5Wٙ*g.h0SbT]`%XgwYK̇廓 Eo2&f] 7 IM,m5 PٯݍVeJƒPmvDsS%AEFgP]ˎ-AGx!bh"M"q>R*Mx¢) A%ArdbkB_:^h̰SX*!l՟JZ+h״ENrʙyJ9'A<5,Dv˿%"WRJlz@}= sk@f/± ];s`SHR B1mrq(kؚe0#{Fu̝B\؍UBEDF`ӯBnb3Iz0z56U}hit}s (jDʄt|􀽇x|km Hn *=ab8*|[;'re"۷icG= h8)wV3їYm@H}:Aʙf*h7 rꭽS(,kG1#0ҮPՓ-?.&D,ƭ_7HL79D7?Qg:MmIihۚ(7N<8 fB  A903Y' Slhwlײ]FĺeJ)ư@J#ރ;ߏf=/JxduAғA骳,C?ݦjEmh{$?ol?FT?ǨH-}}]f9Sf¢q*0~#`ᄴG?1׌ϒSp(|),㤱<6 Mx|Ͱft05&jI@MЉ?r7gA<8|@A9Yپ6%mXޏ72ASfn[@gdf#Y?Z*[wٽjߋsv`aIڏҞ*#b,FWfQ,U݋ IɄbiBefY~޲Rb1QSZAO+P+`*H0:M_2)qc~+kEȊoPQ:[ fzR*U|_\[ܲ 2o冎e ֿ?ק'@ Nլ!_p҈ ȵ>?<) pۉw%8ne>J:w0$Ƕ~,tŶw߉h;RЭZV Drp^O땚r*s WMFS]]b'Z]s"C:qdu`T-0#xwG/Unֿ'BzHD!>i9BHwZN zE&~N)s|Te ~/){ɵm6z7CSD`w[?~d@ /:1UT+ˋ4H9E둂,Mfi,B>ZN0?KGH'/2es?G c#_j9Z"3:pTBvŷDQFn[SJB N/)/d%d*U@wfۄ)ZHȎt`D&=HE-}:vO"͓=O"cCwfz<}L(>UtBNNA5] f8BݟǛ=Pv?1(q&'h0N%}rOZ暒*fJ:+ gLU<2&czM$K="31m*nOCEv +GvY2<@5գgs~3p|IpI,%9{>W3 g;'[Kd+@%![R78G9bVHTE@vT& <xaKtU|q5 >U!6}HI:HM{)Rϣ sݨIn S%y)ubFv`LȿkyuO>>iE)p>˔oп0}.jx!3'6gKV*\Y|L~j6-3#<SZhlݏRlɒ3 85"?0}#z>dv=ձy)B#&"73Ld0;TMs>z w6n{8ͩD;5/KIYf%c]Bp2v~Ίݻ15۽| 5yl+|!:ΒX6&KOLCs0s6f$ g!#n&(!-;׶1mMҤ=]!([Hua!Dzn_ީfIl6X; 0x֧?9i/CH6lw6-U;&=J;* /05=~ -=|FreUpɶ&^跗B֐Xtx_ *GJOf1]eq8bj: DU[Lu+3EBR@\k l` H W!vi5@4_'VA#25?k3 LhNӟ[;(J"QD7F/73 7EGFg*%hT<!B_xftm8xscɱ K'枯8KkelEtwJ )XN6]sAg)zDߥNȧJ]h//™Şޖ1ͭM +{s=^8SXÆɐNQAўOB|HLkP vA>Oom ;$Թ<"2njm0㒳j!^zKL0?HkLlkq8 H Ts'=s|!D(vAcG<}C^ϼK^)-J~v4^cMC`+-4f>d{n&5A!Չ*:3,~6E*uċa#2쉓+Ytj߽Um$ʜGߓ&+Ye EmHzKT; KV1۔" Hn^&;|M `ڲfF+*bPQBY u%>afN')83u_S%>·,Y%3?/IZt1XJ:E LZvg >U{; ZRhԙ H¾3Jh8O.uǧ8gWT ޛ&6y?~wuJ R”"l+ Ŕ{: ̱igPBG&9QW>ąoJzy8HB- bOydQ'3seU|LlW'ZXZSv76]79`1fGK6\}"N"ҸzmWtϘ] 4mS`p> ~w@V)= r6)hVEXrr9^ǧ&~R4'CzA[F&hfrO''I]]>.NqYo}._a$j^ÄROb! |:IY!cK9mJ^@ppD>K UP 3.xyloofm'zwVlx njղXf DsMx#Ă2rG&fFFǬ&~ YklShq묤흙p-KxOaRsb lɷ8 1l<Iw̢̠ 2hP2cuRƐ^* =s pnsHbu?;C94s&JMʽCUEH>c) Tl_3t2c-Y˷\P[U>*P^"wu fl&0'z7-+C?;T_. :;gb4U+:iT`w eiƄZQ#xpwL&Rkvpɐxhdho_`9JZ zį'OnYZ(ҋiN3^ey_eh}i~uX͹$ KKb@b-Af>Fk!pjvԂ)21z2OR^>bp⇪lXdHc_/RHp&l F:<[LɆc퍷)ݭvR"hš .;#C |<Y|ܼ׸']ʈAnHOk5p^u/ڡ>.ށNOĹ~MXv &MJ&Qsp<='Zmߤs5'r-ˊ8}4)ΙZ(2GߺԄ;0 oU*0qu2}SZ'ܦ͜ SuhK-7o0a;o,^*Ǒ́\8lNK%vdc*n NT : }.fW4HHK\ss"3Ig_Eڪ|D EE`Kc Ynׇ-1Ѱ*2[Z)S߶|J w_5*Hc(QjVVE!E3ħJDGS8S~`z#Nbˌť}]D|fG$yZRqt*XZ:SN3=A0,:|$?gScKr"jH$I{Hi,4*yBr3} &OI/=Ƀm ,%^ֈtsP7wy}zy/bhaT àz\^6B*Ħc7f{I#m<$5u6xyt|p eb)k̖`8>K ~#=0 Yաƒ/H u 8f>]ÕۺO+V!|h'h`OF%&Z_{'|i:V^q'pQtTYmjё0"TPoK'{,z]״5O$[<o#Bֶbpr]~Kgkl!ݮ{v{C:zz,]_t٤%3^ 677oWn=㍬Zi:lrngzXU/4>V!MPm-16oggџҁ8:f,kGYOWm$)$aNy6ƓQdNX/yxuc_J(8q}Hwv[m6=6Y:yz;[8R]T5^-ǭO`e}K~i-Ic%cSµM١?N(_~ qC I֮D9-4j^twC}$F+MPs:V+cs_%q쏴-AZI}_ ûk {Kc)\l4||`~-z,\$K)ipJr^2۝2GZuTUTE8%gyFpD5Au^Ĵq%DN~!`+F], 1c-^ya+ |x].A "Xsm) s#-i׼@H Nգޤ2 @p?VAwtfXgDlC$xIMW i~Fp"a~ l(6(4F%:??aO u.YxY MwlswJ()$,G}G11q&8oy ElM&7r/#} Dч7ZD-BU)~ZvP TC/aM`jnKzQm4(4 E W*ԴNۢAR :V#N>bqeSZ/f샕%*%aBH~ɧ*OF~u ADci,T5JW}1x F' l6w~mdXC>cU zQz|g!>\WS}I}yN#;&KӇO< J7{jYW"U{y`V49/s.`"+$9(s4E; 9hC:gw#ȃᇃZvTUP5XѠ;kEPl|:v&'^=d}cX.-ppL[0$iZH0  fGM`zMP[Sag*yNF hQ{- bJz@i_pynG9ȂqpD=Pa.&$׭g͍UKUZo!'Ye6JX\Vu5h9+5v` w(z߭U+כJƏs&yb.q\ [scn9 )םvYz[ ,#7O.0& 8rIkyc+i2E<wV+4AF hLd蓟$i,򰑚;t:4)3 F&qR|B[:1a%UJF p[v?<H"FRCY 1NI?LDR?ԇ!32!߿g*;}i, 1Lِ9ن0}#% Z3kDK˼D==ɞ*oȵ(Xq>?l@\0-#QP߾/y;,cFk 藁ږ4EPh8E֩øt5niEPoЕ<f+לU,<:PV2`Y{߈p< \>w|ZСK ԜAPjK(G!Hzu_v<|GJ/\:'29X?S2.DqꟉ~5WzOЧ||Vq3g8,v{%ERsj4u:C= a:i c)C>?Inր0`PL;ڔwĖ: 1}-(OCŴ*m&X3;MAuXHgfy-4UFЙ۰tRa}YYD Voi1y#(ͰdO*gP/{~k VvH{0Dɳgsc/SO)csKaBMYJIĿq{QhHeuZY@)1GL dCc.Qr4?jk;{]G0g*+- b&αŒ(E\5/$$ )^dh6 })ju:Ac=V9Z',rOfANz0cLտ{|9'VGx'(5G|# (h9([r.0EsJ@ݲlX|$("FlW-Yd[hOHR[(l(.f`s;S-=J4ƚJVpˌ9R|?Dntb|~1>m~{, @$Cu@?+0-d{P ܣx9M|UǿlFG{x(>IF?}&?WM5ˌv8ɮh~<"곮0GNRP6#}ꀴ/rU9< \%%Bk4"Nl?l;Ơf#ROOb2f:>ĉIk]9,d-z! 1C?+g}Z~ӴR6GP6NwIsgk U\lM]EBkiv(2ЉO)Y_u˳e+>'QLu'QBJGeiѿto\`fK .7 o di{' qK(Q"]D}^>SrGTg| J WNkb%͋]:j\B,`{TQ v_M@7Cwz*û RrrBUyU;̓*P5f:w8M&Y^yT&nz} K/,T uӾ6h)[__X6cls~RV9kjx%x0T >7!fֈдG}}(svT^(;j*/G LY q~ %\@'(r3Rf ! I)(ձ5!p-AB9d{t$*x~n+.O׼~lI[)꣖U- k?Z51Ta;lcVNKY]c4vIà릇ab<*xC)cvPݛxA0g̢yce_BoM Y$ִDjjx]cW "lT K.â Bc`%Qj&[V[Iw I&Kg,3wRR`)h;*Bfc3pµIeꫂXR0b5Bf?~t#Y0wbTDBtk] D(ߎ̨s]KE{Sĭxzmy@BY3c:Y;zkpWYl#Qq{5{G< _hA>D XD8L]Xd= O3I?y HQ:W#[C^'bUTj'yQOȫ= &;kn2g?SdxxUtKx]9ϙ UvF_tެPAZAuȎ:RPoXqSk/%4zɆT"o|C _ MF#-EGSr{҈q/ĝ_UEmLby-&h/96{_3/&-M*9_PuYX*{^ ֭R'E)%bELW喭su-nuu:+\J#tBja?lhԢ=C [-S|5ߙA&(53n\k'狤:pwg&\fP-P#ݻx`n;oUs7mb$0(d着%؁^/U%}c9_;i7[᥍^}ݏznsM3%K/}j9Se޿Yh( _Wr~jxuHx4(I *#T8#8}ʂǧUuvXKٸöx>w9[{X6Ij/#(hIn+,*fևW/r:h?)f$-yP =v8:W7*>YQ HHPm,C TPJȫѣc&og} 0 N)\; ~Sz*aQ;)S!&Zu^7aWà =fi|O,lӣ=sN Iӳ;N.@B8&zϩm zhG>xO1"v@U@;Z8 2gJ=TW;vIWoUPhfG[ p:7ƙdF؆5E:S9 M[bߎ0)"sr L C"v61K>p$ 9 sJ,<#7+QѺ/7kH˨czO#WlT?5۫tp1Ӌ;2$+c^Vw}ևU=S\Z#M \pC3ٸ!%Rj]+%}aidC!]5?̑8v{Rv-r^⺹Zg"E[]LuMXF}"!ti4|GuP ipÈ%wY8-̌T^b'zoq/>DfsSb4Y( 8!rVFgX>K4`srYCnx"{jj,Bg)9 R! LkTFU:^a:Oܳs;D> +'TS dof!BE` $5n@ymN.^K 3FPOvUWL&qՆ x/x15uSK0#߮_g*mUHOi .A")B?`g_,y5G3: s9uo$gG^Zb BoP/ĥW dΊN j-X\/klڏ0$8oBPPh h݃$[ouR6jRv- Ra;v8-Q,Qj#_.'o4#wpBEK:^eW;WK~}l&6L!HI 0NrYF, lwy0ZB{u `H(<`H. I $(&q烱61.޶xa逻9 Of5\.qNKKL@G2j  \=[&\ Eǖ4k15HplQq1V ;ROhE&)O ~29FnY㳋Ryp;t~K/3n<ϯc%y\G ztqڜٛVEMbEj [rCQxiJ۪΂:UqAac5+^Ay_)r?({al ,ZtuB^Amos} ][>Һeғ.M (B+\c^j`?ZĝUVfqP̟DW1 LM&Wn\G+NJŤK-_/(s%?8tDkQ^KPÑ FUn{bƪA\_y+[Dx_GzOnϱj7~w{`m wV {f 2$?ȵLe2sA{ p"ȳ^$m{S9e>|Rs!l ,iHY^pU;HՖT<ڂ5p -HBJk'L ^4RHSN#eLDWCUM%Ύ3E~;D >PP``:y@'XsPͷcy&1=7~ۧ]I |Ci[P}`vn$Q"{-[! S6.CwJ] %aJ  H+6572}>+ƮFѡ`^zeֱ Vn)N ?xOBߴ]+"r%~ Eh)!V&|sǹq5/4aw4e"U6.pr,'w[RYh)!<NJXr|tbxY/U0'o]džV3bXa@jtu{r%VZ8:?=ڦo6{)ԗVD1偊4>sSAwt\$Mm`z̉qVQ}&O۾˶݁ 23[ ][A!Mv<w}MGKZ](:^!_I۔u2x{9'ln'y<..SlJVd(l1X'- 8yOMOD{fWzFE_BU~NNH*0"U]୆#zѕ24V:кAbt_#?Wr Y&etjI,v`L=yY Vf3'O* 窴Dq_砍Σ]%L)TL9u43ƞR^1XYPҋ&|}萙4y")7hJ7zϪA,&8O#4:RʑYjQ睭Unn_4ѝV%VPmU 7&ytjjju%_CDQjFh~GzRNu Ƞ@ P kҤ/$&X7EJj$qACٍ$q/~a 8fSF88z"p?}U'-"a{|F)Q'J^G;Ϫ^%ٓ9lL݁+-lgq\c޺gp㻵琹dƞ8 Lxr:pgOӂz6wn /{*ru=+nM#\jU"akk`!P搳]6k+FmVwCW2y?Dj-U2X[Ul{b˪f(hj'O ~2iޣ8cV>_ױ94Xi*~J`7h4Ј 9캛gFnv6ST<.13 NqYP\-qZgs`oaO§^ ըєML6Ӹk2:SH&A96=_!q ?TɖXO߅L 0~\ӈ#yJ_tJqcpEPmwt 1d/kb V}'=zU=ȅLŞ#Y4jFInR4Ie~jLUͩua4 G^̊ZQi[zG0[K[r C蔕Ūb ,d͗NRY_DSF\.b}rQ;ɰ 0^+rBiVS N^bhTMN"T:aلŔ֣fwYrw2eI M~_å 蜀lTqBj wcxt(Ӂ E;hQ%DY k6 P4>'J:al0tG7h>Vԋ$ }'%ޠ};RU)`=%eDцB+%% hS[r\*]ubb*oYt<@UA9mǒɚ2׈ ;b($(\3!V4aڼddr"@\E݄/'_<+:M߇E|NCg4V/6MUX}%'ʿϼ kf)Sɾ#7%O#LB$j)l*0+ -\(Pf!t=Sw<~M^LRZ8MT;{yirBT0UE9A̐6ÂX-q63+5JʤB2̳沐:ͻAR=nfNB*7H2hYtV' BA"} p$P8tn-pumHJmKGu҈U^ J_Cd$H):(NZ)*GeHwe7:RWJ,~ÔLqk,ޣQG;eTEhq,r ‚؁7 g~]"?lf1ہH]6$|%GH #I>T~\px2 ʘe"~k_thĝ|^.n$eU./g'7K-CWm. 2 +aFtZXϜ¬F 9g2wo.ob~M 8f fW%=>8[1Dze]+ IckAԣLe uFA S:rxޑ Rasd@Jlf.v`fNdLto}}|8LT-A`ktuAՂ+7`54~ 1њnbm'QNeBk-/ CDVoEEL zćT rzHZ\g_4FFs/@F^xYX)xT'l{bD@0jiq2(Bqo~oJ!*j/!|{e"wFAǡ8l\i׍9824®,wt=<4=gM55IZZ^:: x jWJo FŷN~܍F.6hM 7<%nw~z'~N+Pvo?AOU'b&ݵ:+ٺIl$6Lm,NP -Ng{ga ðK#~kLx\kpp [s`-{F6%1{' aWxVokM2Ikq& =jxpwR^y6%%_")|3V2z aAT o> TV2x& !wMQ rq@?'acKN٭c#.:}ȠS-ّMLREֵ0> Lʡ=&\-s!ZhVgRTp@jCJ1/޹ϩgw>)1X:o ']h".[i͉^VC ScoO9{xQMjL>|r7a cvNcM y`h^t+%oAQ=F󘝅9:lMFb7bLra´oP2±tJx0[ME;|V¼>;Gǃ_۱0U!sP1'IsF}fګhi0dVWh7{7=)SF4^ב2$}G~em1AдNHF)< tw솃0'}E(p&$}ƴ>g;^ wr`r2^6@%@JƬiȗCQU b]P,$D n+xk"u Q Q ii*mlwf6\Y!|}%=Pa6PŨ {ȷ]s9qs}:y:ʘ84UX28eg}j.Yo:}n8eʑc/k'ZX`><8~0]w<5}cXxYdJ6ONSk2tÉK($T+{ ˒gqEbGpE ^,zyxڲaȢa)J *Xn5c0a됦fd.,ţ$e.ID_5Y"&cO=^{rc:+.͆í⯄Zz@^Mՠ_c_l9L*4V'Doo.%QnLmS(Oz(2dߞ>q ;#kp[V畁}dnЩ LAX$G/FE6{pȭ(tItKit`,;rYRyWEz^r2anBQhpz!fiH$ˬP(ˉ0DM/ I~/篑^IV^ŀU"zxl G;0nx>booOy2[Ԥ;Cd2QaKph5n$wՐ&J&̘G+dNo'"h5p®y}[1Z!,Y76Tz SZ&ηT hz61*"%I~2ex Ss}7E">'$H^Jip:(ƺs(Q|tޖi^M,f+sc4 a]YQՒ݌Dt[ŀ7RN'|SzE(52`?9!.-7zh؛%4;8\yO–g9aE<͡hF=ރJDŽ,G2,83Y՘., ը&R0ՙE[p@Rvcx_OR""@N"p~YKUwaΠ6M-Sڎp#ޓu5uݖuqv?h >H,u }7W1+JcʻFmDBZE%݌4P)": 5)+{7}P.҆.d(-{/h'w>Vͮr)#1ސ{h˝̙<"q 7-owP&SSB@&6zz J&w%2{Uc|>2XXH*I&Y3Ъ|,F&=B(K ͕8j%oncK;R@_0$sUnvNi4`CϛÒ"v`$DApI\#}Xdsr6h{v"kFn:u9(ڭǺJyЊ?>=X/%=!ټS+RO;'"Y6*px)OQy"3cvn jV_L?ـ2MsVBVhMɔ ,k~lK8–7+tðe2D!E#Ḑ7l9@7Zǥ&rG*|9!<3Z@dQP4*(Wog;yed],X|]s ^BHû`NgF8//O^X=$јb@li`Ϲ&Жshz㐔kGϭ̭N~xL1pCME}*[?~л%}YusXpPyc pC` tk㴃sZ;CtXdat@o \Wd6x)&]7 GN{ݪ&)a"a8U  W6?7 {'2&dID~ vXEiR毘,8ȗ┳D~kRTB` €/q )IH͑xaE2y 514Xa=;63PȔU^`XH*v";sfH!6~u~<0B91n-]/ }k{;Őnʭ蚖&Sk*GC%aC`!RN VHG=|cynSTG[C\b0vZE5ve&LY})'w%$ywR.詺 vVS*瘤'V=>?pLpU3L?ӽp) H?N̊!^ŇOn=dN܇[Տ[F/f͖ /(ZWIf<ǣHhWR~ۅLF>"[ց+&S_i;{%>8J}ȞKq; `$ ݱUqM2A$)FÁeQ2\ }zYY:֔:E4 2ȉAa|c/b40^)Qpx~M[ eD*bY&% 9~W\Ј]2 c&?Hz"0\X fw`Q!I񹼐ٮBvsE̳/`'lQ*]$CM uDFCx9aٛooHMR*"*Dl <+tG*go{ɾr(P\\xR'Qx79Zrur$mN lDyhGQ@E7\hJHѤLW[pѡMSDnU`]@eFp&`|ȀuC^n "ZڲH""dqBpskv9_uD.'E,G{*> yD4[s弣QiIqɲ$.+-B[>_0@0r0V۾$[wx<0mlu ߂yQS񈌜ayPI״Zn|̮K۞p!gBI 1'+d:5K: ym=;Ĉھ͗}m gWpS5f=Nc0h5ǜ?6T!NQǎ_R?2ȹ͈sqBJ@$5pA΍1٭HB/7O>4(0k̟Ĩ~6HL4fԷtd4'GӒ g_I|qegOe7 CawfsLj[“;x,v3xnXRwߌBntqo5%͵F9jB8I= ={WZ&d? ۜYhSPf䛟 -h|IlGEs{N{i"z3 36AŲ uW8g-~Sfa LdO֠:F +QK(m ,D17/zC/뫮 UyFSV3Z@s(x٫;Af@'oϰ 9}.OZ)|>@ai 4F܊[lX<wf0>Fvczx#uF]-9P`̑ wD-"=qA!Aq ݪ4ٗTLENT׀v7C_sG8DL;P|̟ O g ː ,'\VMJK"k jgT?ØC>K':zf $l-:|=Xŕ{ /Su&%S` @_τX~Fv񹔂.:./t/&'#  &_mF1kЄNE/m]xiWKlIZгkGH@NJ>#ϝ,pau_՟W/w$^(i" \@:> tHzJ{vښ׬2T-~ddUiy7O:OuH98j ^Fp` \I&ΑsG4so]jrSXarK¾%?uBbLP0I7L/f='l{v%j} GX%e&S%@Y#z-qY=!p3>؛\NP q!1%('U"ltR{._ &y|;zS1~ YJ^z# ԝn }n 쐂o\n:ԲjJ,egJuGz 6ilJ :ȗG,ʤ`E.at"ց#2sh^ʃ΢MiE!na^XVk}֭!`w^%饢T'%%ErL +xqlpKWO:6ɴGL[Ft76L=@G$D}PрjH3!1%|d ^G=~*X6=. 1k|LW~y w ";iG :F?_?=NMB vRs V[iۓ4&׽dcfMA!hG_pѡ_7ek4e/69R$lʈ~$b]a2JȗSDW;Ic2%P8))oZӐ>X`jT{|3++ L P08gAx3U;t #wO[ EO6мOZưl66 r8G@|EXP7%Ė!VPp?6iĕ-`=?΃6}X gݏ3 ʤ~6i7LyB8:GsAn,ZȼOg9`Iz3's=B YtjONmfd5g.̵)D2; ]jVx7pH'Oawq<"x MV#չl"k@\q/,wbM_G(Scm$dۥ,SyCz1o`]I ߯h]34 kG짵ӹn5$jc4WN|Jy>dGv)HĴ&;V 9d=;$zP^gDY8׎,UD7Ew%89J y36+v ?ԘZ$jːQj LI |OVռv<*qP@ ҜcݤtI+//߱&©ɛltB:k!" BdUYX l?i~`5,M4{Df\8.8Έq#JQNȔ ;`gH <#%S(6r-,P0k7yu[Ag"E#yph][*xxJ#"Ðzl :<vGb1:hbT&:}Ju5P6Yk<hs2-T%bF$cP8پT"7\U=rqJ蛯#ڈ5,y!LV\$l ߽Wz[-^Ci9m*Ȕ]N_n"LеbY)O#ʀIqbЯ&@:}r%6ܯٞ t'x &"w:9׶Y:`m.Zhffӳ_b{`>f]NdmjN>7@>dߏR ] &6HF#  Q=䯃:m˯X'y B?.-{Ҧ*-G|n2AqCF|@0fXY7אYh*}Qf=xҐ(V+y򌚱 3 1Uwn)\ACwC^ b ZrW:[rAIKw^3v'ߎzJ%6Vr_^Z3UqM=IsQ,rʊT0\_+0A=A3dqވa_W!W"Y4f?*(18G*Cn3E0(a8. &i.Q'")lF}έ}jggXs~^h3 k(Υ˟ai8i_'ɟٙ3RC9l0!_-dhKancA.E>A Q5h}@ Ǧ?##Qfy.`t$?X< G3%3AhK- cD6I56:&ېXuCAHS~S@q%Ҋ;qgƂŸ-7Ik̪C7db'Lj#Qr+O; ]exT0Op8ؾ07rfT|Z{ݳ $YɝC)3X".SV H$55*&'dŨt *ds N9lʭ88޽* 01}ٶ p^^9a@u܌՝oJRmXR>K%x7_(RGn=gR,h9;2S~0s'X<Z\@?3œWpAAinqTgu%JmN ;YR];E=8ե؂#fhMZuw\ Iy)u&08uLEK$^uEŏynf:Zkpwp)J4Q뫎/+N Et2>Tjg=HRu,;EoYA=Z&-ᐔ=RJnȝۈ^ Ԕ(}Bnw؝ƂlJJFPV{>&#_1{@PK큜u 'vrC{9_1; O|tu)&6nςeqٹ@4t-ՀbYېbNQ/]Rm6a'2P{43͐$( 6NAWLQls3'N>M:7#|KID^obz) 7HrKDTҏо~<`5$E{ύ7 #$78YeO xӡlr?_ a ׽9j=Lo;͉,p+6X&}1~bF4hudkg"&[{J5GeLF_=_Xk/yZ,h!gP [À{D=bFWCLI^( msWdfW{?2RĄfq'ZqoXZn_ƒBsy1g־)=;Hx[E_i_2wZ =pGiG}yq#+vX/s_n8fq8G#H@I a/m ,ۏp G6RްC$ &-KF@׹eW.lMtƌe,RҥrXAоJaPrmx([eʠP(*Z='C ,?(M#GrTM<[EVC q:ڃ6~z,Ef+0 gz a/\|wvl(,M𷎒Ɖr<>VLvt N җZ"kI EW֏gT*ϱÎm":f@RD6 KB>;+$/'u9((.8deъŘO'i%{B;lZ3 o@h^:YG`66-+11a `tcb^w3XBJ"WOr#f=Cw0E4^VΏp/Xsewھ|U\$y|Rt EmD1 >oD DlQ{3˿vJ7kSKn,:M\WV&}.Pb^y0->ͫ6@HItl̖LmlyD ;T IuGw0y J$#u a-E_I:Ȅ{XzS&.[.O{q>̃b-x"g_?a9ة=N 9p>fh`c3@NmE ( \s;a#Tm.;zDb战ņ у)[5f/}|NU tg |rc1h0 q`Iq{+e0cx3o669Knds /-$b3HB*`_T|gbk RQ('\X־Z,PPY J߳Tw- jȶw@h~.bQ \%YK+$Ԃg@8db]iܫ &>Guo5sLu0oh*Ħ4xyGMP=3eЮN[ wDĒb\̯HbL{, O} `^zΘJۭCAo {yYxqs7nȤJ<9)t+'~c.DgSn DqZxLS% ]!?/׸a :--a_!MF=x`5VfqAO׋ϐ=mxr=BcT/5eeTg+?Yq,Ox-Oqnucoo*3H2GkkD,`o݃+rTx2XpubBnhOQ4-34H7&It5 ;h'}v)eG>ev;c5&&N֪̂y OX[x4^k^BM)3ΎNpJgTH zuq$F .vzVN]I$N!JҶ&8_~:`Gg9&攝_EʧSU#S<1ԠsODitNd:|ƍ= 5@j*/KyP ʄaHS:#_kJ{j)4gWL]ې6`I =L E [+>3o* \`զM] {u/OA[U-Qw<_HHbXm|6c7ŕ){ck' |z h:32QdDKQ$z~ipb |S^vEoؚ'Y"3BC s7gMgv6( raD (!DM_[+S9V"9l eZZ`V.Oo߀ѢXo׿^֘a?mZܐ9mslLMY4Md;t3- ꎋمKf]J$VJ4U ra B5=w/Z4+*o$:.y1(huHr(/?>!@ q'Z w/,6f0َst%*Ƥ̀x :%($&pGO`@G,2ƒ{憩d35vzG'H!3 [갢6/ELq$$ 3o7x^ ޸;HS% ғ9ʏpwe p^YJK,ƶӹ۟8-~&|a]1[ n~'IdyiNJ떱Mnh0zo> kN͙"aB%׼ ;s4mQz~Cz8)&-?p %¬ޔ3d͸8)熦{ybݎ\YQ>6|0 la{TYN]Ccy!7 B(e)g@7RmNj [tHMGImPV\#%(mv(s.U)ĊGZ%zGZDŽ7w ,"Ane}ZR6ZqtS`N֮TDWq5Ṡ4DX̠wZ>F"(-<:\K9BkFN$1x-\zXL-6abz7k)ppgńQJZė^'hp| SFwHM7Υ8F+xąr  }3#AM> M4DyK*J`r+CF_s|~guS\>@ mhI-v|73.;dáFc8;f*XdFUU%<7gj6h/syh>:u)׍G_3/aCLكO%+̼b(ʭY]z%$k"UwҺdť:+6GƨzH? 8#8Wy#pXtHzL ¢{盦E9buA j ΀ZIMPˊt}b[c0T/-Z$Q컗CqESJ2i{ le&22'y2 F C;w;0^TvHw@֛,.t xƒ|M'8n;0z!NۤEoz@[G_Zluɲ Ԭ+{jd#a&tP;ZJ=G)$ V8G5ExtrRyr^ɏ8`LinYEs'B|K<"#ם*E.ٜ8"cz,JOʝ]nBH UlsUŕ,fλ:~ƚ:y~ YB4ɏEY,Ce$k ~rӎZ?>!JQ./Eu}HH6=R ௨OQ|>ifVy$=}٪/Auѻ"rw݄|f:j0>YbP4xҘWה~CծVל[IȮ7">Ji$Tki2ca2,{jB A~"8k[o~'tC #y f(J[R&zeT1<s5E pų/YN1 u%iA78oz`q5?#vrg 60}Q@czcWPzxP"6QEG&b`\x T"/ 6J.5yK#!L,;R~62<9R\KՓm~-Ql2cӚc7:] &(r7W$\:y(-plV"4Ym(2joQJ L@[Kɩ? tQ$9puˍ=)=؏#;r6c6Eq-zOҫC.>rEqHLE{i=l4Wf6Ѿ-Sʎf4&,F^_5Zj 4}d" Oo$Fᙎ=t7Ͱ"$|ʒLKk7uIM4kͬ܁.66l 駩> A8Å!I!St}'Aw#\I4_ &g(0KM!?[1zz\6hN肕$bi 8lw4T97 Z ǫ8ܺ8,&bL\b#FޔhMނjO| AJRfY|2]DR]?w.颴g(EYdTXi 㻠,@n#cUl3&Ξ*1m/Ot9ĵ(zT#"@)~.GxФb!BB޾˙7}ע04ܵ-8ĕLg A@#{ </<ߩ'dpH8ӨjPN}rRi]YlnfH!J0|(MSǧ @#Am/k\-;'FRm` 4X~ko3>Uut Y%?nV n1C s1$ !ABw} iUoRX~4˂DcJ'$nY5i`Z Y#c\T5fFhFF6 e.6tjd| M8({9ZUiLx?jP̎<-| |%ˊ.w>2ʱ.lH]|}00+=IھIpC EghUR^3+̙sfqէIY? x傠sce^߈IT@pYjN%J,& ;CizO!}ogr"-.K|9 [z7D%=o,mueYq=I$Ua}Wu*`7)οJ]`:=!οZYv:cCG |:@W4ͮ_Rpˌ|[A:ch$$jh`=cҟ>kUQc04,o5VBSDK0!Yog"Xw&x34q_[2i_hK'Ƕ 0S%V1O/Nx4Z%/w!5nVeYX=ELjMFWdi| \w2~j,5$^9͡=:yl@zǪ$uQP`Ƚs|l2V.Y2-Nl'i2U<+m /aG=~a(X`e\EԴa}3uVB$1|_,龜GZEValrA)=nKF AOt˗7.3 *Jޝɋ&S ى>[AA9?tn.P]gEjiջllZ&w:襁Ͽ)Gi V A37ݪ4􁘟 s1;P " bó WJfvDW~XuJt,68eqy97qn vOؙOv+m  7 XWr@F./zLg>?h\s}c_E2n!y3]ZF 狴+<ݐ2:&l8Wx u_]9@y134T)]@z9{8Z 8=`ɯ-JHw:lo4gTkzxFï蛽Z#KTJ>sނ9lx)`TN:,͸Ÿd)`Щe;NXΫaHg|(tMffa:?GRIو ن9ł3-ȱǭpbZm,#yeJeF`S4Ţr0,$q8 ? O`Vu9E n8T}n\^I:lqa3Tb׊Qِ{h}ߪLżY~$k14yoW*4"H> C~sHpq80timnٚ]x3Q S(K);psW^SEҗziD UǺϻX0 ű-@BI^G 1(mM:_/R MV9se1M]/|R ߪ2S^ hϟ Tl%^(LwHЕ DRF8l; `Ȅm6w(䔻dXt,TBѼmK+Rgīf自'"o[pPn(^ABU8;;J EMm0hï.Ǚg {*`7`;Ke~ՀUNbu&f|9 ?)=.N̰$[2#bGlrX$WX ?Tsh2gq踠xw9Վpsb KAoXƠWWA-aMUnv&=.APM;ecA$҂ݠ9ULm {) YZ