ipa-python-compat-4.12.2-1.el9_5.4> M Mv ĉJ4!!%joLne)Ip-Bm5 ']g"releng@rockylinux.org p-Bm5 '].5sB`yXnh!iMQ0jKUArBAvbƇYZ?%d-. # D׃ڕ9޷ SӸvhH9a*mpJߍq[?採aohꦿ_iO:|+[mVPʦ1<'}MW 3~@V3|g/_ҰP" M`cyދϸtSw_8D$wĤH$MR8b"C>G^%am-ry45r#K$X@7?7d % [ MYqw     D\ 6(78@9: B3jG3H3I3X3Y3Z4 [4\40]4D^4b4d6e6f6l6t6u6v67 777X7\Cipa-python-compat4.12.21.el9_5.4Compatiblity package for Python libraries used by IPAIPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). This is a compatibility package to accommodate ipa-python split into python3-ipalib and ipa-common. Packages still depending on ipa-python should be fixed to depend on python2-ipaclient or ipa-common instead.g%pb-cfbd5371-77b1-4957-9d2f-d3da7213b982-b-i686BRocky Linux 9.5Rocky Enterprise Software FoundationGPL-3.0-or-laterRocky Linux Build System (Peridot) Unspecifiedhttp://www.freeipa.org/linuxnoarch -KA큤A큤gNf}f}gNf}6973ec491c6ab5421b3e5e4812d066eeae13ea7edd814467d6ef0941dca759759b55177234392b4193c554acefd31077eea460ac4497f31b48e28b001a7250fe8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903rootrootrootrootrootrootrootrootrootrootipa-4.12.2-1.el9_5.4.src.rpmfreeipa-pythonfreeipa-python-compatipa-pythonipa-python-compat    ipa-commonpython3-ipalibrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsZstd)4.12.2-1.el9_5.44.12.2-1.el9_5.43.0.4-14.6.0-14.0-15.4.18-1freeipa-python-compat4.16.1.3g/@gaggG g-@ff@fffff`S@f_fWf0@f@e@eԔ@eN@eeeie[J@eH@ed d@dr@dcc&@cFlorence Blanc-Renaud - 4.12.2-1.4Florence Blanc-Renaud - 4.12.2-1.3Florence Blanc-Renaud - 4.12.2-1.2Florence Blanc-Renaud - 4.12.2-1.1Florence Blanc-Renaud - 4.12.2-1Florence Blanc-Renaud - 4.12.0-7Florence Blanc-Renaud - 4.12.0-6Florence Blanc-Renaud - 4.12.0-5Julien Rische - 4.12.0-4Florence Blanc-Renaud - 4.12.0-3Florence Blanc-Renaud - 4.12.0-2Florence Blanc-Renaud - 4.12.0-1Florence Blanc-Renaud - 4.11.0-11Florence Blanc-Renaud - 4.11.0-10Florence Blanc-Renaud - 4.11.0-9Florence Blanc-Renaud - 4.11.0-8Florence Blanc-Renaud - 4.11.0-72024 Florence Blanc-Renaud - 4.11.0-6Florence Blanc-Renaud - 4.11.0-5Florence Blanc-Renaud - 4.11.0-4Florence Blanc-Renaud - 4.11.0-3Florence Blanc-Renaud - 4.11.0-2Florence Blanc-Renaud - 4.11.0-1Florence Blanc-Renaud - 4.10.2-4Florence Blanc-Renaud - 4.10.2-3Florence Blanc-Renaud - 4.10.2-2Florence Blanc-Renaud - 4.10.2-1Florence Blanc-Renaud - 4.10.1-6Florence Blanc-Renaud - 4.10.1-5Florence Blanc-Renaud - 4.10.1-4- Resolves: RHEL-76011 kinit with external idp user is failing- Resolves: RHEL-69928 add support for python cryptography 44.0.0 - Resolves: RHEL-70258 Upgrade to ipa-server-4.12.2-1.el9 OTP-based bind to LDAP without enforceldapotp is broken - Resolves: RHEL-70482 ipa-server-upgrade fails after established trust with ad - Resolves: RHEL-67192 CVE-2024-11029 ipa: Administrative user data leaked through systemd journal- Resolves: RHEL-69294 add a tool to quickly detect and fix issues with IPA ID ranges- Resolves: RHEL-66173 Last expired OTP token would be considered as still assigned to the user- Resolves: RHEL-54546 Covscan issues: Resource Leak - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-40359 With unreachable AD, ipa trust returns an internal error- Resolves: RHEL-53500 adtrustinstance only prints issues in check_inst() and does not log them - Resolves: RHEL-52306 Unconditionally add MS-PAC to global config - Resolves: RHEL-52300 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync" - Resolves: RHEL-52222 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure - Resolves: RHEL-51944 Include latest fixes in python3-ipatests packages - Resolves: RHEL-50804 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error' - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-27856 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install- Resolves: RHEL-47292 Include latest fixes in python3-ipatests packages - Resolves: RHEL-47146 Syntax error uninstalling the selinux-luna subpackage - Resolves: RHEL-46009 ipa-migrate with -Z option fails with ValueError: option error - Resolves: RHEL-46003 ipa-migrate -V options fails to display version - Resolves: RHEL-45463 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed - Resolves: RHEL-40890 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check - Resolves: RHEL-40661 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases- Resolves: RHEL-37285 IPA Web UI not showing replication agreement for non-admin users - Resolves: RHEL-42703 PSKC.xml issues with ipa_otptoken_import.py - Resolves: RHEL-41194 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed - Resolves: RHEL-39477 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica - Resolves: RHEL-46559 Include latest fixes in python3-ipatests packages - Resolves: RHEL-22188 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to- Resolves: RHEL-29928 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force - Resolves: RHEL-29691 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service- Related: RHEL-34809 temporarily revert a commit that depends on newer version of python-jwcrypto- Resolves: RHEL-39950 ipa-client can't be installed because of a missing dependency- Resolves: RHEL-39140 Rebase ipa to the latest 4.12 version for RHEL 9.5 - Resolves: RHEL-34757 The change for preventing deletion of the admin user caused a regression in disable - Resolves: RHEL-30553 Depend on nfsv4-client-utils or nfs-utils - Resolves: RHEL-29762 IPA sidgen fails to create SID for manually set ID for a new range [rhel-9.5.0] - Resolves: RHEL-26261 Fix replica connection check for use with AD administrator - Resolves: RHEL-18062 ipa ca-show NAME --certificate-out=file creates empty file when NAME does not exist - Resolves: RHEL-12149 traceback in ipaserver/dcerpc.py - Resolves: RHEL-4810 [RFE] FreeIPA-to-FreeIPA migration - Resolves: RHEL-4807 [RFE] Support in IPA for HSM boxes- Resolves: RHEL-33645 - Update samba to version 4.20.0- Resolves: RHEL-23377 Enforce OTP for ldap bind (in some scenarios) - Resolves: RHEL-29745 Unable to re-add broken AD trust - NT_STATUS_INVALID_PARAMETER - Resolves: RHEL-30905 Backport latest test fixes in ipa- Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure- Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available- Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests- Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified - Resolves: RHEL-23625 sidgen plugin does not ignore staged users - Resolves: RHEL-23621 session cookie can't be read - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-17996 Memory leak in IdM's KDC- Resolves: RHEL-12589 ipa: Invalid CSRF protection - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca' - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-21810 ipa-client-install --automount-location does not work - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0 - Resolves: RHEL-21812 Backport latest test fixes in ipa - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor- Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid()- Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'- Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4- Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4- Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied - Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests- Resolves: rhbz#2229712 Delete operation protection for admin user - Resolves: rhbz#2227831 Interrupt request processing in ipadb_fill_info3() if connection to 389ds is lost - Resolves: rhbz#2227784 libipa_otp_lasttoken plugin memory leak - Resolves: rhbz#2224570 Improved error messages are needed when attempting to add a non-existing idp to a user - Resolves: rhbz#2230251 Backport latest test fixes to python3-ipatests- Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA) - Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start - Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin - Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests - Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only- Resolves: rhbz#2196426 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.3 - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2192625 Better catch of the IPA web UI event "IPA Error 4301:CertificateOperationError", and IPA httpd error CertificateOperationError - Resolves: rhbz#2188567 IPA client Kerberos configuration incompatible with java - Resolves: rhbz#2182683 Tolerate absence of PAC ticket signature depending of domain and servers capabilities [rhel-9] - Resolves: rhbz#2180914 Sequence processing failures for group_add using server context - Resolves: rhbz#2165880 Add RBCD support to IPA - Resolves: rhbz#2160399 get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct- Resolves: rhbz#2169632 Backport latest test fixes in python3-ipatests- Resolves: rhbz#2162656 Passwordless (GSSAPI) SSH not working for subdomain - Resolves: rhbz#2166326 Removing the last DNS type for ipa-ca does not work - Resolves: rhbz#2167473 RFE - Add a warning note about possible performance impact of the Auto Member rebuild task - Resolves: rhbz#2168244 requestsearchtimelimit=0 doesn't seems to be work with ipa-acme-manage pruning command- Resolves: rhbz#2161284 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful - Resolves: rhbz#2164403 ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range - Resolves: rhbz#2162677 RFE: Implement support for PKI certificate and request pruning - Resolves: rhbz#2167312 - Backport latest test fixes in python3-ipatestsfreeipa-pythonfreeipa-python-compatipa-python4.12.24.12.24.12.2-1.el9_5.44.12.2-1.el9_5.44.2.914.12.24.2.91ipa-python-compatContributors.txtREADME.mdipa-python-compatCOPYING/usr/share/doc//usr/share/doc/ipa-python-compat//usr/share/licenses//usr/share/licenses/ipa-python-compat/-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpiozstd19i686-redhat-linux-gnudirectoryUTF-8 Unicode textASCII textutf-8be2beb4723fd1f74f0faf1be664886266a7a1ac50d4591ddec74c8274ee7417a99fd8449499c9122f10dfb9a5ab3e1588d434e7701128901023b044e6c2ccaf9?(/hӀ$E o$$ 摈DI P`֤,Җ^nA4 hoJx5/.v=*C8Q3Š+4N fSʮ+p^!ӯsڅMM6yk*-*]҂-Hn6[K֏I*wTJWZt#&Al΅մԺK^0+1NWm[ac 7ן؁t N^ IiO [e 'Z.mM7%Vsrʜu6HGS%oi%mA_ng-Vz`WYAl!=A|uovcaɖ k%՛ LV uiO.@MSMu2To\NhXzvS-ߥ͖է)į!*%T7}oVɔ@tṨ('6lXM7zy .-]7)y92<iH U:9lL#MNjӭuy&Bed Q=hq[(:tȨP\ZUG]$QRQA=tP)8!]N26Yܓ\G K^n]A^91NTU5{N코H>w~)_`nygm U׃m/Tr8Q2+.X[ $Q+IGT4 ?h~xCu N'Лñ^T& 0۩`ӍGA!&ѻF.1fqgv0¸uJX1>8!,Nz/v%Mg9֚Nn󚶥GA~ ˪ʩW*AdD CMٲ0Ԧ[ce4YӻJNRzPjb7֙ᅮ֮g6I9(j[uE ¬!m41bB^ZkKzѪڎ'wLjw!|Jەڶv:~MF#jmT[nN px\s2~fn^K:TL!3dZ #.^fN&ǂ{oux=?[Ot̪Ѵg 0ekrHҦ J\@$Qe_6aD&#y* _jjSի_.EWrP"/^Xk,m."[GU~jYF*TTGOwÊ^P7 V_[QΟM?~꿨5~n01jYZ"9͔r,ntmo]=L?!B]'(|$[X!kYb?VQ0:.Q6t`I89+oP)hޚ鰈ձi=-oK5| 9OAX`*:6+)n!Tn?= WY5Z_"414PZD^_V͜MڪE?9@7YC$OJ m@ݨg\r ϥܭ.p )x*LQwaRVVb; ,(qsL:S]6H)$:!.2SnztڵD:h!ZJ cZ^P&DV?keUڠr骫+@ ճYW M!YqP;BCKcs80L=_"$gTNS^bYգYm s[\)X;֍*kpG%j$0.Vg%!iu R bͲ( ϛj2ҥ hpTF`#Gxd 6<,SDIoWˇƿ"ϿZ^RXIAYQTQ\NLYD衇-]Y+y i4\`DXik=bY`/#*۾ CeL0c(N%lT%cvZUנAF9?h b^^& _ >/q/Eӡm U`ftGJ7;((R!r@!ySEp8sS 8C8AEݨ\Ҳ"4)tP 0<8Q >DsIad DD$mpu#nEŰ3C3(kY%AOlRJ.Q+ uq4 d\bL;쟓#k"\Bc^a|9EÓD]w#_<Ճb!'dߤ-sV>Y(I-.7(/(`ω4މ[\ NM9Ud^ l1(٦[QRGF)dX7\Ye (_L0;c θxc4ƒ>sc#{pV:Œ ?TŠ{k~XR(23bʟcy,uUzK[/&d <9C%*:6rm K;í`DT?Z@=P@މ7,mq$Shu0%‚Ƣƍ~xOjc޷Hrn 2{[ztg;|$K'*>9p66/D or f^{RЎ^߂xkP7gوL#eh RM3`W8XmQïdC;..ӡ?@!dq ߣ:¶J APT|[D-mYAD=Ŝ S[MgG2O%}Id _8 \dJh (݌|c٦KB2R<mI:uFnh( Ad3=yxM.yݙEύ '}ve'DBӡqODF6rRaMQ^alsWb;z*S%RNYe &Z4 1,/nyoi,gx&_U* g,y.Q̷3J. v*i XCˑJg'u>}f_UoxFE_$>ߔE& ÍEW`VZeIEapd[U-8>t^+_Hoϑ.ϔZkhm4A8╧@ :㴀hԴCxwX7󁜔/ 0\BOgaWS08h!x^N Ν!ڣ}팵]ΎBNʉ$Z_I W^+h)N$l/EN@m"|c!X_wM'@eZ1SxӬ@Q˗JjEԭ+Lla vY;}ܑ4Ǣ1~La2ZB8^Dded-[ Y@x\ldT 珺JDA>rSB L_TwnsU.P\px\諶31QGqg\Nh‚k|{%XqEK~h9m2oPF֦,Rts+&><ʇERJt eֻCA`m볐K Vc]GgyU $CM7Jt7ţM/C|% T ѕ!=%}h9ʇk`X.[D|^(sb+тhn17amywR04?ej*:g2kBdR'%maòi-kv{h,2M ,NyJPkU}?8gv[SnsD"V"7Eh]őe.lY`Jm$~-$U~/a 9p 7%x~ضKpqꉬHjd'{$oAVY{H,sڴ0XQ[~zNDʘԐaW~NJfV7cSV(^1AObH`$˪}K*tr8WRӑE.VJ?8TmQQC3فwd0ŵVg߮U5(q L= UmH'ǛI=p.**X+KCw٦H2#ߠ}-%Z|o®÷\1 S6qSj#9?v#X)^,BeyKpNqEF*8`ýQXl J?^Τoׁ4`I:Ѱu]:OJ);f޵X@$O*Gx*䓱~&$z/kjBYB5 zZOGEIY2 Qj=0uӪAΤK'D0,cP`C *ٯ|QڤKyltv*ZCUVIyUB7O %kl_!ˠr̚ZZſ-ZXC}%F@`j,>)I/xա]OJ ^xQ iY4=A+wz0+u5{rga2J?yUɓQIaߎr;% oE'qOd

ݠNlp[r.׉),|fm@#'E(YǭgXU9&\UoTmO3mGC : S OpE\ G~S}Ph" 6Ӓ|Rmh-> ^d`M[x=P.E4q%]="X: ):DM:o!ȓ+3BI!23+;kX,Asl!D0m&I.i%赟1!~jCJ'!c)SSS5s差={5z 5cV݉%'5˟Qb=0a3MI6>Ų#zDŽ%NO߃*\(("^/;\f}v{/"jAc1'.Z9u[7Ý! 6mMzҸ&svj|֡IϴeI}E椷z,{^x":HΉ&T@ bnLqL{I@[:M0NxoI43ɯ#43L‡ck= yC~⋢X;sV5˵$Jiqx2Ƣx!#b 2V].Cyݼ['LmߵF`"|G K$]{pwx pZ7H])Vv2EUtꖮq3$&ÿ[pP;yX0z&IY4-fKeHἅhw41? {ST`c5xGdd!!$ѝvx !q|*s0dDN:G{[346 9_,ko) >WK69m: +ldSjTʦ{U7 k3 ʙ=1j6FerPIkgu4VBt 4X鑬W3 L4|w޸wa` #ZpXh ɋt6..Ga֪I5,~xr !|,ROzo-0E Ow|KЉ-D*KJ:$"ß',f-¶'KD $,h~/F>Rhep^V-.1>Q~;\ c:_]J@MzBdǖ7>fJreNApOCѹ0"#% ^nPmS,1bhRá^Ȝ)D=I'lmBbmY"N6ϫ}.i6hKJ%/=JVGM"m[OE tg4?=NWt݇"!<ߺXN6v\0{~lZ#HP;,>g($7C EeͻW'5o'JD^A g4'E~P=?Dy;u]D}9'1p)x:su.ҁ$U n;kP^pd_aЙ h9M  ] 3kD&$2+ռwV*MEA Qu6|Ay$$Xj<Z3w&"}kƷ,`HtN ?\- }P;BDq!@QjkࡡU aH*n#A[hO2 "3x  3' jg_,z'fԐ0::uwD8nwy{:;'{r[mG]YeWpc-/ hw)n QXicݔZ%]y[WYOhVM4jR\9Rұ􉉞E)իuܴ/UUt/aE2ݫ"RQ\ߧ3US~Q_d нY-/"LQl٥.&wֺ'ws Y JjMǗ¹pcl:Jr^߮R;[w=0.v(Zte.W+`,/,{B2;7 [K+][뮎QVi3rU] eF#g>{-ȖV-|WKȬ(0wvqOƂ71BJ#W ]X\V$Ŋ!2r`MO, '|/5ۉY2**b~LE&"zRDL=q!܋h{p\MQ?ЏD{pܹ-]粛Io r'gz/.}A*@}恭M٦y Hv*핛뼂9kU/p9VMc|0){_š (nǣ&U<5aXҔߧ\w.Jp-<|:;]Y]vC&i}F(- #h`b ِY4LmX1'҅sm\<l`v,Bjgʊ{OQ c̈蔸oJ2 ٕ;ח(`tgqo;}& E>-2ػ˽HIXH!zj'ЮH9zF*[y^0Ϥ؇i&6?:Ղ<p-5dic$Vm0RZfo a 271q&rc`)Ïn[~fkQ1E§X*+l'PziX_:KPvkmruvo޺v m˼6#b՝gY\\%! $<!K_"}@u|So/FM<Q"Fѥ^+wE9Uy8,0n9t5-X.$G ~. .46~RE(5b%Az:&NptUvz~Q=T޾-C`ZV,T k|X^YM G8MYȠ= UxniV8T@N %P^vTNg(5 iej%J#Pw/ՅݢHpɴFI3i$"!?EӹsQ횚Ni}0Mz[?_J*!1N*? dn-ImmSYXՃ!ld֬ @L;Ar·2b]$TVɐ80hJSqi^M}q&}i0FQudRpne@ȟbY ni!SmS3& JigP:$,Se?T<|n< 喘Zw5}xVzQEMvrB|bRa55Ws)+H/a *|؝qҌ@4<$-&: CF|?ئ.C^7&W}(l03YDZ;fHa`#yJPN|kE9ucM;|=yw[C* )2څE?vC״EܓD'1UAJ ۀ55ΕTWI]B j|!4qԝL ~u3yvбծr8XnLmB?@pfhrR1)-.)_d0h`7l>nRk`raSant&j7~敞Wt7{0hfI:}]|~eQn08Y2`@u /IRD06lݝ.ч-T]ڭ.¢N)^,‏(ӻ3ӍWt8)@ $45|;,%24/kJlE\5jLW8 8Yd ,laRf\ޫJSL~p MI%D8شĻ7? eEϑ;'ar@x8kA& z҅[V NǼ:,a;%a +%|>=^\]_Cd3ٙ"!iYeA )sp&D-~i ϪV^bu W ([bU'qs[VNo[\@ Ʈ6"p j2f'pqP-B*:,:d:N)=ޕHW>*7^I TU}>˜Ș0S6/!1r:=/W!C`);v90_&fGn =?LH#m@% B%d+<*uHu8 9+H}a_o͆v\{>]<2_dj˾֨>'әrJSqbQse=Ⱥb\HB[eK8'#~񕔻+K>c;T4e@6!vp̸!p0̂<~L5q,8bHGe0{ˇ^\SXPxT<'#J9ŒlfG}l(Er.3#oLLeQϸE|˳ jt<ַU.8Cmo2J[>UYz2T#ȩɱ?[s3FE^0U՚@cC])k J +4sGmPq aD,m&EvHLpV.TlXY"H77{2AdzebEub mRdF٥m "ZTlZ& 2rOqDC80!?adԶ~5'T޴*>gFp #=FYvx UljUk8w`$S‚nnyJ:ʳeISudX[6;F]ݿ$2F2ij nAp 9q"`U4?Shh niracE1a\H^<)r%œ.HHtP~}ڈQΤDT KIM"Z,WC&eO'-4][IJ2ϳk~ ?>N(MI:2tV_$pɷd$5R܆`g6V<&ʋi$`v=oٯQSҰO7I `BA@<:,F̍ ̛_eJ #d"_Bᢳ@0>^VχX=?SXp" E|0DƉ`ܦJLyZj i OK+=-5a.1cRU ryO:"Bԗ' +G;XP/^nAobea1Y/j X^HPc@h-»r*lsZg?zH'J6q$Ο|VUhDV""` 7GǺg>'(t(9No\\d9(%.? ; ]v)#ϐku.3a'(4<N= b.P'B~N<]+X OktFæth!~"ܻdd.E IH! Xzu$.#='&n(]: M¤0 ܶ& I6G44 х2Of#(V` JEe}dq \۟$߭ )Z˱nB%>vѶ#K{q3|m `k|9DdL$,cGGHtBXTz]7Ϥ t6 Y.K|ٛ擳DV͕e8WYf?xgDQ/jdBƔд#˪qa$uO) ЪIk\~[0xP֡''CVoZo'_f2Pm)S9Ǻ ,qjE/bUmVf5RݾXJJV3sԔ|dCƒ+%M}9Bn[6% X}e3,ƌ%d;sj(F%2H_MsR5eC!|w'lŭ!pb{B's` t<, cpHp@AƻuX Ӽ\KʈfhDqS( 3XqmۘKiP.{Cy^k@cxu57-v%B(jSsK";.#