IMgaT-xS] ;7cvP=!%f5g`Xu@LA\4t1mf2:xWX^iaMCzam!&dP3Ac[ل7 00pD*,="+]u&@k߶n{"ʯ$׭D9^3E(>6}wb@1CI}Ǐ2/=sL%~LscE?Ȥ|!+<cA! v7ɘ=;MЛSn xXP%חaX a;%8>w)5|u}.laZ^ Hfy^8Vi]~=̼է㦌dsJIas. >xE:ݱ iʧаڝd:N{ tYtA@wPJgu3_]᪔=[ ¶BoWz'$0|7N.7̏Q;j>eIyز|}r< xt7?_W.tE5,6n;S\,BrD ېpaFNG%@ Oʃ'qSaiCx('!|RɂP8}͆>r[(RA((P0rHRL AN]8Xu78C?)F T2 *pCV![f?82c!tdk6=.z Ak L@avj>:T$(Vw6fZ:F(0nuB^|p5j,qEf|0w]$VnfrQBvu[P$ŎGxטw/Y6/.ۭ^ҝj϶L)92୼hZB+@b&H"O8;иp{DaԒXQ7ͫRU`uoOEKs$ ̸[";]AB!e'̹4Db6KnYrK͆9oF`- j5MK#t;qh'&xu^>BI]9z)o;=e;I(jlN-hWj<)QB. 6805:5DG3v ;-vo]Zb#kكӈ6l6p4: ͺ=yXb‰βBdfv=i7=|3tO;NlhͶ&scx:s&9,YRft lU^"Dps[cLM“l  z=œ QG%fL\C]>]EE1Wϟ:wj PxIL?ȺH|7rf}:xgp&WS(9aP&geΚ}K@Lh@YLI){0I !vv&sH"_:ƄMt0 .|d ,Sl?b2)oF iB9WPmP SdUT3M.'PZCjA Q q*7J .c6m55nZE=Srrd40@KA[1!P^oܴN[آ7?sD kk(})Z m$ae8 ! \恠鰈YCHw.INuz)Q&'H>qT#=9R`sN>sMAdFC&ydh$}4-G_2o,c[xKܩ6,:?38r ~HATƐF).UI? > 0oG@3 *d%G]te1aYƦ)4v 4gu!E,b -΄ . 9Z>(RTւ3$6iډUy'w7$Tq8ca#cOmNu!g"u6|)wP}Z5!Yb fd+ʁQ"y} X(bk{ۍOݚr9嫋(}At?)3'yv0p _xEWBiSֆz xbߩ4{\-c#JF"- L|_' tg7C,qsKndqP`< !Y ]A\>*ŽKL8_p@sGrHmw_q+N3 ҬPOQ5.qD"֪hd|hN%j{O|CϩTh|z @>%GHS)<5Q04AXc~bf(NjZ k5{gM~~5J)vuc$G&яXdRHהy Yc;{R?୞,aoF%{>9֍ӻ=u82(EV/{S Q` EKtq5? >]<֒% ܖ~$t11?&"z GkZC[Zx' @"!nM[46B]i4x!s蔔Pᛡz/Ix_L>i͌Fbڗ*:$9mx2@>AgdzZbcBY)1JK'V oRe*ZTQh1|bG  BL7Ew}!T:B CcaW|4#re/x* ^J Dh|zW wca}1Є-RG{;ZaV =V*T)Tt5n1 P nPx(+|%+p΍""l+BM~M^|+B- ~vrͲyqG !8 cd&MIVncYqi@cSPZHI#x h"WMPrHG&JnqT/Kx$k.Hge݈VdUjM>47]8tXp:١6;^H7Z5;c i1(jDxU-*idT錈b (m;IS 1J.$f,=(S6[j"?,1œ +nivT˪`nqWK[|m ٓfVC{u)FF[1ӏ$iva{q)`&Sbҗb9?nsZ;bN\71dǴJ,%c/!'fUNћ [<Șv_YH(pq8d]$T<^f$>xFDr1M)|"viN޷f:y)H4OϝT\ӲL J2\ȵKh顙rC%Fۚ\yr"-R^H/-..-yCN5(8!YzŤY is'G`yK0%וFGOL+GljnI^+./;)%vGlOX~+e [Aa~YnQQ\i/**,)Y2M[ٴʓ%V`Blwi '{*(Lƍ)I%8Eɟ59^PZa{h_zV0OEIFdy #N,aB/(* ZY"wYnq+ESG>SK"Q29",up66?@[2(^#rtXœfRQP+D[D1l~Aqȋ6;*pO͞v60FP;"Om \HZL< K' S%W) i*l0;PRCV^ωG.`bj#;)Ȟq*p #g7M\ #YN DY(]D{,rtnC9I\p'QEs)]bu$lQZ6ӽfG:ĥzP+^mV5 =^_N"҅շʭ>J]{b|]K,nY%Wa!_alt񝵿ZDFJnSvZ{#h?EԮnE~nlħ35+٤S=;`~T?$߿TC j/ L 5MFO̬kgnIVq&u^hx>'΅1-IY(RrK\˫d>j:<ߋd(pyjmGf'ow zٰNfn"At|;t~`EE*qc b\M*I ;I50o :rvË|BlW,oH;H3@vUôc=6A 2]P;;IEƐ_U`PTޗHU{sN ;ʢlU1AMLg&yQ0 3` (( /訨5. dTկ홞g?sgSUN-4)}}4G{O#}PM7j5*(:[P4FR֦aȕQakuYݾm58l7L]y^͏jpﵵ{Ƚ{f6µײ1F(3UZ垵Mkl7F{f^:ZONɁ ^iw< &%gJs TϩH>c]Alwv]{!9nr֙S-c\~i]t[TRl`~2f=Ztkz^L_:ߝ#b &vO,fAn2_[ ?k|<,d H~ waM> k S< YC d;}I_DP~aJ)솩o = d ӆDSlXNK긤.<CH-#.轼 > gVjX1ՕKG V״a-:|l l:{ҷda޴ 0) ʞviγҾhM9tEA=R fK&gC*Z2ɤPwԵe)>_-Hy)`=V InҭsQa@˓ZD~ 㐇YOfY Kf8鱣MzŽ{`vh!LUgN;3Ξ:Xq*<5ʍw-3[wmYsa~&l] P3ʸS&`renSS&?̧hVv*tƤ} Nȫ-b2ۙSO?%M0/{o>R.o8[Գ O\~ʴVnve|4›IZC[7tmYљ)&bj=,--삻-[k8Kp /q-r))-n6 efȧӧ4Pn\ײk\,!cIu( Oy :)Xr"+F[ʳ1|_:OXS3p, iY,J.F[)m)V?HZLt$xZI[6i'~:.Cub)<F,*{ O9b3<2FpQKl5q@dH[чExЕBP}: שγ)a=)J'Vt9U@$vhw|xp?GX`V_CqA3<ͼ^ tTE?<툻0s\f18kDXN^yJApKoet6/?7/]ySvqsy A76.)Pzش";\ .FcOs$6b(~g2ɲ|NE1CZH[5t_ٟcɃ?e!~e}4P,ƞ,㿎yLu?^Vrޜb3S^V׉LȠZLH1qvCon0ta2$fLܔ0ġt׌O*"Pc^&@ɕFߒXPfܤ1J;'3 >&xM6Нյb+i֑Yl.>OėjA͚gЗ!pAw&԰M;{ceXlc܃֨A1%3.~H%zӏU zQ1S/5Eֹdd(WΤ 񕷒;|:FjF )s95youpyƣ昦M^r-IK *?B#o̓ Шi<"rfתk7Ú;>h$ u)uN*uNŸ{3Ùyv$c$odtxd*EρUFwc"U5Laʦ7U~er`LB$EeπA-PH@!A /"+-yuv/'H&$B@?7dސ2C`Hkx>O)[p?GS˾^9Q/EKO"u-l:A-Zd1e[ëAfCW2څh=KIW~#Hr[C5AS: b(?2vw=ȦNigԇ{_1gy@Bٿz5$A[ P> K#tBk}#*YϦ) )i]Wa}p:֬e& "Q}waZ Q}Mzŧ3@Mqž"OdS \sʰ l ZǙ-gٍ  - XDa" Hđ>BX]OWX7$_!-\4 %1hܦf1TҸQ%摦צEm/ e%Օ Epp/G*HW-o9, ,¥HPҪkQEBxc["lAؽ{ r{ä7.aC ϒx3 a#MziBu{;(.Dra$|m~շQϻ/e9~NUSQ+cm!G1Q?u,dЊ6|$H{eHv큚ͽ \x+Cvw`Y\UYK53) 㿽õV`-i jv WW>j2[9]m[~BN+#ܝ;1}=1sD绢YQu}4#|jtU|6d9(Kkk8:9sY sqI?].x{qoZ+ȸ.A"xgVp =E28š_q6_P ih97CaekҪsY;+a՘[cAp)y<)g _1~{?w 2[r`lK~RZEلB*ձ&Tl5gݼE5^MVpL?]2~mJA*Bvwne]3qv 2pY!?SՄT;Ґ~B~¦erOB%dTs؜ʤ'#m[ Vnix4wHL5=%2i 'z{[x4.F!5NDfdOOUy3Sh }inn,.To;w#mZO8Ypoʵ^< ::^9*eMGx}ҐOT4X[%}Tfplu2"tqvcfk|t+CM'U5?QP FA2!XGx+sKWKvӵ, M> el⻼4mk{@#c/fŘBRP5+D*R"D٤AS>frB0 I zbƣ^[.C94tԳ*PR >(16\VwcLEw*wb*ZceFYaXݥN ¤ gb|jfjkZsW, 7fGo#Un>44n MK<{Cd.u%j)G1t[ GpUr'J$R5ᗧ.= !@tXʻ?{ Ί?Pzwm8? tcPwvk[A"[oͷTi): }}DX}IW4⼴hY:3; +)3!`¾ē)֨w6?N㳈²|)ƛt=!XBݨ?8XEYe_N #M:?\XM\]̐!\_@g~ZV$T3)r[/x L+&(T|?I<,JFg'Wv{F(fO<ޟzțA6?ozl5^O󼆌$eDbo8jIoU0=A.TSPQcxF5=5 evx6w31mu m:wQWgHYփ)PV MJA$~1`Y.O@p„4)]Гx%rQø\̔(!@!}.aRIh`%#La4`-kUiHs;#2'g_9ޤGw87'b4o&p ]_3M3҂bzш4o :wTntBHu_+efODZF, ˭:Y^'Cq{vJ2l,ћƅъvL6isݘǾ_@vCHdޞÂZhfLOqcę/53l0j5xc?o C: _8Ea gbĺ[z^1LɦyE O`8:Y]0$͋y7N h.iWMѻ2,s$tw76`:dַ(|eٌpf$ Hk!Z[_?L:֙VKYZO'޷=Sf8rꔖ2 gGk_&6m/-{To|:֎wNZz\bLr2!)\&+7&a_(+J%?5h|#P^ȬU~D4,&tnw ~gUzC 1),]LT"V*̰⦰C0۠Q$.5p_<LzH2h:T[nsɼgmnOut#C-0$Y0# ̔REt[  9路/7%Dڛ[a]<\k.6=wE]KxF`<^ ZPzBzV;ʳt n J1\[xR7߂᩶<ϸF<"EaSL[O^Ån`33_+Fn郧]j&UzqU qxp:u8.;R;mtX bZVm&=[ Q\<D!߉I(SeLJx:+zqGT3yziի#ląjqw=`Q󼈲˭z7DŽwٝ^Iuc}= ˨Qn*ډ"͏8,UQJ JގiN6s eC8M{XřOBbJ5FӘ~ 4 8F^ב'uYqB95+'}Sw砝>>M;Qy%U p>g^҇ fSjOW0 BJiХF@2iu5zӵ#9":sS5@fzEJT|AgD1H Gwlo#ܤT) k҆HJBJR4KxO?^F 8s><%S%%&rN(7;c@fayOuK;w@_F35̶ڥQ{feQjIV!⠿O|QH0+%!<8FV'gTUmNJ\IKxn ʹʋKۘ~|P@Πl_ {s =3h6*\\YxԯD`SRz9&fcЍBlU>f'x޾AjK'zWT?16yҪs1M c%L\pL_YdAMU0MScTm/>YYF9++y+B quՑ>넹g\edKTGP%tc& q#Nk-V w4s1+)DU).¼  Z_1K1{ܳЇXrY*#e߄6ۿe> rQXlT.ZK(] B f!N"r43W!Pj+٨;tYiap<<![ <Yx%&TC6}84h?l@@dP 5n/oZK&IwDL%jKj׉ymN.B;rPhvRG(IzA %j:I&PFҝgKnœp zk i@GfӀO諳3W"SpU^#8#D/>+VPi0m;QI%қ>K*'ӬyOs?1ΝP}F4)tob!ޑ"˺y8xnk1Y|A OpϹ`{p"""FjOD$ʎe ! ! ^zr OJl*[1ḢehD0O=*U?YרcgjUW@`SSI!|vVIԅ ^ %lS,UZ7ABv[%j+RBnJtg6__Bk0V+Ĩu;tTOSj&hwVVpa xTU|Z&myš-Ώ o>Q zPY &q,$rŻ"wA[p,G/0h&)5Vh(W[ -bJUb\ [?%//p囪j*$DENEXZP=, +%0[KOWj &=;=I^ 5VeJ_R#, ǧ=5@pU(bK/ŃbsҾXc/!ƵFp`6T@&۟6F=z>UPp]E]BRi-p\AOĭX8ڤg􉨕ˏXjU R[Ue}Q=bAJ¬ vУtgZ -dRcu/kpt3/)s/dj f]jDbu0da=`yD˫ )Rc02I9e&@p&8"dwt/Ӄz1챪;fN°?E} #^w ղ?RfRCpEӥ̧$\S4\+QZMHJ/%Da։o=&{p-7n᨞idc$PnAZƇ  Ahǚ >@j_lDY9S !-cH&6`g[TW%EA3!df1p `̽L`fSi:>šc7J򦀠kY(XPؐ~q-[7_e<z5Rޙȭ$H=1 !$=~S`9V8"+$#1<1=?g.*5M->#Y1z?Ѣd0Zr-0QϦG!@H>y-#i?"&MzyG%ZBCZS#kg|:NV3)e1L{, p>u^W>*i~aRkVh6(wB2S.J]e+\ ,a=Ï/W+čeDldtr!j"8ǛD4(%GAg)gUϐyU 惽.~.IGS^`#(lӲpk&q3j? )Krȴ#R_+-?xzvxgfGR7Cr8yȓYrWWELAn 5^A;d_Ttq<=u `,p}ѩ' : }]lo2{dcؕÙXq?V1n -ϑE;'hAms]UP]&=S qI'.6FQ-ZQy϶i `Bq$EA5|VJݜœIwUj.nwe{X\lu:p"Ömm c5LQ]g7QxtjH[bFSextfX Ͻ3F@Wܭ!#fhE(lޟmC=/pä+B&9˰"V&́tVՍA XTj4f L%ˬ(+,x\- (s𺫘ni2>پqqOA_aXAĻ 2+IdGZXBj?o5ܵkf7}[GgCޟXY np]7I];[wowq,Zi1t,?1\ՠ[!r06.rކhz*h9u6VڨbjЀK?mS}++ 6`Mv[Y@r;PLd0$Dv:l)N_0W }XQْ8' xz^(s UW7TR ?jH"}jH<]Ke%qE0]úgaܢ'ftنn>0F򀣩DE4[~M/IYKlFsFHw\=ZZş>D,9tcn|8KH+bDyio"zRnw|zkx(=mU̴\`HPC&*VcL䮬Nd*z=&Xv2G-=an[k7K݁o LƒRzQ. 3 r ?ڦ/=aIQKd!m%j]dzǃb7[(.t;ϩBL:zQ1y`9 B]O._PG 7=\auZ-嬊rəyPN٭-32v+V(wY v4H}ف-x¤TK;9c&>Fs Mv$6/ᅂ+&-Y䮁_xXoPwp}VjlgsCI`z\ 7U_ SCY^0qL&;𱟦s'ram S{:!MUq]CŵHXxnDU4RUz!3/ 8t$63k ~#M=&.y6rHEptZUNf<#0y:FtE,MO+mHsowodxE9lslC4iSp7%/k!}V=eutx of##p;-[JRmQ(U'yKQ90mW5 @_K u:7ozH2!Z!xz9c)͞CoFikW@p8 q__c^9 銸pzrLnK Q4qryq+W4m"عbg3V9,K61I@r lW. :j 2!&huӅ^+bE+?L42UAUl8=?݀freYo},j7 >\#_o;ΟWmt1J)EpU7w1=iBTE`xwd+ JH5VuDX2)[IOE #1ci/w-VD@TeLZ2z_wb|sZ[q%|~:ۊXlHٛbi[YIwU%dMo[v㓣ILWU &u6-/s%R̻N%uJk;tYIsUeF%=`Ns)M{?8IW^ܽVON.;U_@kW#j3 @QMK~M<,.^5єJht8OgP)ܺj8ݒL 16l\~ixspT\x=֍,-S(oW(óa 8L1ӪUGk +йcWɔ0hKWxZ㶰fk܏& VXFlQvGmyD(H$]A'x.$g_iY)=onhN_Q5GF^ p#3ٷWs37LeUؔ*-qujsDGKi-.gdCLJ0GUv6V Gz<18VSH[QrOY0+ &[tf4"{ tE x@oOZp76e[E8Q]NԞǕU Y?U٦N0T*\<?B@45ch Ngiwc65R$s:xR3 HǟClT_D2%ut#7SeNk 9-.F:eI+2Y,¦(q4cSApE;gaBBvlq}8ڧWW*ꇙY!}^O77[ygu^%%§/H723\ψ\emE&ͩȱfeml04-It *}?: `A5&EǏ]m9$3Pc.У{e /:y^o)V)K->Gu}|=]=B$įW< 6:Q`T4TN:u0eA˽ifʂ VzZ2%lU_Th\ԸmurgZ(U""WK'H@* ھ)A8ITga[;:7Ͻ9L'r Fnǣ^3ёmu20\{fR&%Ʌv9v:nME2fcro,޼.+G%@~a/έpr m?3~i^:;(⯫%u'0Y,lZyc{+ LP 'ƫQ {#=:Z tT}ټMߖ9ryLl* j񞴶HwQ bK& {x߇gS*"}ݟG 'E}O(Nق~k|Tkω7 l{Jw0+|zWC)zNί?oqKma=DX G^ޣ:KW݀|-ftfML[zE?uZo-u)[ bɷbz63/?}vm F4N~ZWޏg6eaj:ӜcbhH*w5# UkIΫġ|;⨚?ה $bA sq6Fuhi>~tꙩJs3(z4w:]/;Ã[%) ȝ''au2O=>1|>)Ĕ5v!ci$ zAWͫ#By[ڔ;Q ?7V }?\B1pnvig< J1`(B$Ãn= 3G8`k`g4if!ksI2bra3bh/r ~YC=SeZbr/Em*Z^[Z|ڏIZ~h6j\u >x'I8%#HaNz+3-mַ2KvjgR~gdh$J^Zz5f oս`fZlIB, aNtS>,8/|o F~Ab:`|rlMp tTЂX͢H'zlsA#/J3v'brbL4ٌhkځtP`L7S FԢ=^ρ(=ak^IxrH%a;[X\(nHUl`9SGJLVR_ i_,hΫf,xGL?ɖG@6h ,6=(Lte#ɸo  aoZַV"|:0dȾjk,ɹED3JN!3%i[EmJWCmIuD 4QѷX*lds۠ͭ02tv DC\d6XGڱgRqO#M!= 5ѸEU=~BΤCj;z?[Ǭx8pی0?qu˭!(bl˻ԽyuԂ@e׉vD$ ͔#Y{ͼ=Q=$vs:xv%hfv7*n 0Tb~|LK_Nё RCőI;<wn] xJH6K{<09kco|k.Z͒z}̡M-G>#m$#4^ 9:d";j.AVz=VMwgOjԖXUG[58lj3mm`s3'@ ʏ-ӴRc.ZڮMonlKOѶwq߶ff/kaiatv]Iy|w{UBj=Vw} 7?AC/k]PK\6U$U:II^yLhw?TT#UUqchN,]5݊s;B*p @ޥ>nUOwYs(I~9i(>PIiJ$ngI }+]n`Ekn{ x qgs7fSTCol_D#=WLw"6NoaqR =(8Τ0|Aŝ$UHt7Sp&.tkk%W"߸cN_6KnV9%ҍ0CKX:٨~!UdýmI%tq;J!&^vY #jޥ:OX1CQ?/g. K۪QT;W+US x(pcuI<)]H3Pr)Xt V EЮH" ՙFO"WZ,80 %0X9S"0Myd[Sca -& "{$o2T#B&A_5 nw*E |wJt[_hxHZr7U'+R:Um_Kbr|tg5JEx` tNmatS/ Cb)@ 2.%^`L:n2xutO%A:=5.9]jٝ.d\zBfw'wz|\TЕ*E$_܏sJI8¡%g$20'1 _MKXO,Gu pS(ꄶ{@CN@Ӝs"FN۪P 9m,g+1zl?e?ό(F=ﵱrLV^STױyQJMAӔ@f ҳ,*`Oel9wd{,绚ʇ 1-ΡDaY>{W\b zH7Zz~鸥+ ]1PAmx]s#?TˤXyݫKX;d$hb;3rꪘ؎ҰWƂX#:wQel=Ձ., { t|i=]&etQBr^_Dۄ.42knvEų(I`toDz~^.* #>]#МɘxC"8*1`-=aHЛ䑌XJ8x鯐(l\v5` `|"A% Ll\Ihz/"'ԵzޥZFh(K2ֿ!mHta4@1~f1y2,Z[*=hrӻC-Mse ͉"}CLr(by!eK~K+g*$i9Y=L<(5{#Mku{0H9NjG(LUWٵP]:W g+aGiTos]{jsHgs T9XLGChi]ciDڋ* [;#%jqgƧ3O cc$d%sHZH gk}.sH V.,مsL onoYu/#, ;m0:ϗ&~g:יU}nr5!3,oNJVJ}(.mnp&W@aQu_sH` }[тX ?FsIwxܶ3yt|%%18vZT_UÎwX8׃;HnR`Nmґ?sZK69NڬmӰ~EaR8dܢ,L˅Q֧d*QT|=Ȓj!tl u 94Euȡ鸇>5@#pSᑬ$x@*­D'|qXy ю 4QKh1uH~Pe,OkY) %Go=zUMt6K1}!ˏL 䞋mmG(cLR>VC &͊$|GsOӦXCdGd=rL:dM8&s^o&U,_-UdgpU&γ X&[y]+ G`=TFZ!䧭& Ս@JկMҨ2gp7e9 vFꈬVu_!([Q93p9jMLJm5όs&f\؆yˌtN5An3vu^}s*q|pJ9Ibf^O(,S0v$AP,Vʗ\sףyOQF =0jNT_agW)ŢSͤ)>ҕ)=mmuF۵6wMt]+ 2[<ߛݴ/]}9W@/Uyxl2-j~9M~9y~*7d AMtC!=g- #@i] _W $6hVnތp˺x=\qeP ⎤(zȡB4$[G|blW\Tkqޥ=>^փdU哮7diQ$1!س5x]QowK@q]Zbw H:-\+ i!sʨ-bGٙK_I:!tAPd'+T&T |hfMA%,Y].\_.G]Z(jZDz(r]e˔h[i5ST*L֐"[%.HN$xG nԓVsnN K7u')Lb?b_}6gҁ-+t *%//3{2gs,=m `Tߔ?W临Jܬr_Xg#eA\n/^?ϵ4_x@tOżʣz[:.H.dlt+Hh@uca =\jWMivW' +C]8\t\ uܣꚗ1d$-; 7\:X*f AdhN;- {eĠsqvu "_yCÖ.0҇1] |Hw<J8i%dD[+zg},߭.ܛ:!+<w;{ߪqwNz|ڮ^X<;݁e Z{ũ%io:=IQpU@3U?yMCI!lDFvWy}n:e_B)JF0opR׿YJq3zb…*'{gdU/ie(yUI4&>>`Dd,GG?f L~p'yFũ哘`5_9+;>֨DK=^/\k EgjU/y(zUy>S(m? Ǜb\IV"ƪn&bBgCLc$<^y*Y-[ycW}72bm3 Jqz+`ts{`MècY7ZF.ֶ F+5ַFAjbZd9[~;qGgj }P?覘6ohCYu1+>F=p豘b>󍆓Q 1y Dm.O4H҇p?'«悁Qh:D3gJi hyA:?H2W$G<|IDjmj}tŞfG$}MN(~&xn&꧃Wf)a-aҷ$OXqޏ_#7(sY$?|o{"[?ыB~SF" pm/{eg}xf&@;`w׉*%<) qIJ{{à%kw>LI}۞{=s=Ov JԪ%` yYR{ |\o[\>$IPX%Ud(.77 /A8øH~D0tבӗW/ AiRۇ3ÇAGΠPfLi Wt8pPQLO*ǡQAjn#`R+(+F=<{'q9 ۠xFau:<;&bv@sk˦0Bn׸BpTkUD7tbg*JwPf+oNՆU3"-Oj򷷪l܃ؙ[^9j> nP2?P)!\ cC^ɥD:%䫽FBŬ ={/3j`DWk(q2}[ w>Ntua򄙴Դ@ĽDD{ً4K&źqIs1v^*[Ń=*SCKd7/kIΚ!sbIy>iR.I eeLAҨwn7,5cLkZ @!@ uYHޗN xgYU}t8%ڟZ2ә3tk (̀ Okl[_RPY :7݆Yx;:FyCw-,q!F9**28XСaB2laj#V Յ?I.M#^6#=LCfQ<@H/ݡߚfu,MNv\0 (3M 0c$[IıѼx̀ Jfnda~`sQrcKQl{p3ڟhAs~bN , ]pb!_DT6Z̬4,̯|" Z]uwȥ ?jFtޥJGVB!#bHgHf S9a~bK}ݨ?^n?\!ʽWLXو"'34!߸83دyi6{q]諥tѳ e}Զ:IW,E"eジ}0~(Us8YPymWSY0°>3ê/Ko p\iPWXw9u\5C:D ^Ɯ H*a^ _)COk*mi$Z= r0cHg;Ns=D#·5EX:rZDDZ0q"i)u I6O|RJ? Y:3p'yUr*f`y.^yEkWK(r9"ȝ\$'Q$ EJ5[YN}gCG^*bVFii?f8k 4q$h%G{:38=}'ҳ9=3Bco-{bc *ȜW :1;KԨLZ>O޿O8O nHG&7To%E|VWttf)*,,4.Z_y6x>c ]47nyq;b$ RL?1WiTY &~PBj?ٿ+[=}?4e߃ws3f GhE#o$ 3cu}LUUA ܰ3_e@foϭtVkoz)dhUNj"SD.q-QA̡hLg)z9Wi'm11'[2K"IY"j<,bw/"h~iYڭc5 p:q}dlW/Lm {|7_f*"0Ծ^:#bPo}Q3 d5e>JMX=?aBgZ7`_g4(tyn.jOa_&Y ;ĝ0~+s\#v Esm8~(b*@ZL@w6Ck)&r ђ9Zd@{`큟I{@gѯ@d]Mnw QiE K%.@A`g/xO{?Fàj9a\-s4I-&g;::{J }(TY^jLZ/f5kU_ [|l9oqcd?rxcG߁BE':"MRexּ>XO1-l~|ͨ%+v/ݫ'Fۏw9~k]k/I>U\c/8z7?CC|jI$~U1]K=5|k (Xhنy7BXiSEt>G %^J!d qYn;f"{d-5 rHXb*9Db29,Q G) 'I񭲾MF ?), !64f|v%D)ΏhЋiq>jZ o C۸;t~')ݺ C+s&F$qEˠ{*grאs0"FH9>>N ]#nta< !8 M6=2b" 1Z͋jx2I uKuU!DK4b DdN:F"bvPztbE+致kdh[=i`,t|'#%sBat:7f:\ e<hjiZrxjA3zns9 F'٤詗J!3lԈgeriV _BWY͸:[:^;I 5!Q:,Ƥt5Ҁ;_5*0#*yϫV47i⸋BvyPI)Ti.*/4;9ݪ/N.5f-G{úJ,Qn '>Q;uyib1;G%* aMbNlPq9O2Kdž3chA\`C_^|G3k?U> c9i輥Vi3޻k/yjDqM|n7|ԖHi Kam䱒uZ{7ը/v_H7F{p/A|1;JOGe}ZRf3$ߦQ~ 0[Il tQZ# ӪV['2\֖=1S-L v5hWZ45 trcv-qU|iH.fzsA5K/mp %([6u# 9h(ҽSMz|vrny#-,!y'̜p)VNYa&1.7t3|kdqlSUNGHmF k~ʝart2|+m2e8g.W0<#. WZճ*/(c-3Qv#aq]iFҐVjC`ێZds+[9kaYiwPd+0.e'JSٟ]5]x˪[ZqnpVY`~_T`n--fi~jY#jv"Z_A4!c70rVE_,-;*OehEYnN wRd)<ʚ+aoUI|Fj2|k~_`/+S-JڐRM*g3`6/|+XX ?̀~' T.{5[Ga_֦ء˰z^lRO'.+-O %Οtᬊ]kcά`_nj )S;eh}ZsˡxNZkVVZVjy•[86'W_zV_.zyNRC~Y/Ӕ75\#ţd6T3Rq9_).YiP=+/1'f!eYk)j3ᒮ.~]Dt(Q#QtwW2G#xoTi I IrI lF0!k8#+UPY_sZ_Xqremi@remirepo.net UPY_sZDAN^ X]¤!F⏓ȨTw,x;n"x7Q;hgZHEal?Mk\r4w맫xolg˽x "IAevc͝!zge]rmHd;álOSˆƢN<Š L3 j`Х45 frEbXO%;έg>uYÓ&}b=DVy n= ɱ`q!WgTJ!+4h!ib[dDH`wwmwftOI0e2.&їʗ P4TF̶ks7_R aQ-8zSl ;M{FIڦEcT/{8 ڥOh}01QV *XƻW|<˔(2Ƀ\ӪL߬!lpw%g.rULbbac9c194d556009e34a6228daa469269e66c8fca9d8ca9bcad0a018b4aff12ee9b293fb46167830dc8dd1e291c42d2d5c5de429gȉF0!k8#+UPY_sZ_Xqremi@remirepo.net UPY_sZ=c-%G Ύ€5w}S1JFi WIدgph>vlUqvuS^)LU,qMR)9KKIڬ @$-gvݘNׁ(* aLO |Am:dˌ Nuwn21Xɚt-qf8ƌD}i#ևat0PkOIş% gVdx /\e/lq=.Mw"w)f i^MI@[x9jh֤_ GC3/Ud (Yvep~_.LrK]S.]+1cUn僀 ،3aoF!ۈ~cc)CV"' H6&4mtq~'+FܛIS =SV+D>p<9?9d ( ELPhl ?? f? ? ? ? `?\???v(8-9-:!-G'X?H(T?I)P?X)Y)\)?]*?^.xb1d3&e3+f3.l30t3H?u4D?v5@w7 ?x8?y9 9L9P9l9r9Cphp70-php-pecl-oauth2.0.61.el8.remiPHP OAuth consumer extensionOAuth is an authorization protocol built on top of HTTP which allows applications to securely access data without having to store user names and passwords. Documentation: http://php.net/oauth Package built for PHP 7.0 as Software Collection (php70 by remi)._Xqnbuilder.remirepo.netRemi's RPM repository BSDRemi ColletUnspecifiedhttps://pecl.php.net/package/oauthlinuxx86_643HG|; ~h^9n YddylrG^8+YiG S5A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤_Xqm_Xqm_Xqm_Xi=_Xi=_Xi=_Xqm_Xi=_Xi=_Xi=_Xqm_Xi=_Xi=_Xi=_Xqm_Xi=_Xi=_Xi=_Xi=_Xi=_Xqm_Xi=_Xi=_Xi=_Xi=_Xi=_Xqm_Xi=_Xi=_Xi=_Xi=_Xi=_Xqm_Xi=_Xi=_Xi=_Xi=_Xi=_Xi=_Xi=_Xqm_Xi=_Xi=_Xi=_Xi=_Xi=_Xi=_Xqm_Xi=_Xi=_Xi=_Xi=_Xi=_Xqm_Xi=_Xi=_Xi=_Xi=_Xi=_Xi=_Xqn_Xi=_Xqmc0e22d5fc952abd5af24a4fcbde4c39cce39240325aff839e0710a4f929fb0a724afc24e84f78d44cb7722c42e32832fd46d79a2265b93e8f40a0d7ac719e1ee3ffd1e52c5784394c72d03af2158ce8d17ced32e010235a5152be3710f3b4cf6fbed1e92ecb9abd19157e9c9c1cffddfba190ba66c93c06517d768de6fb5a6eb174701540008eb9c4c0d30cb7baeeceb1cd2cb00925931893a395d0af7c39c8361c29cfed52521e60751cbabee9b5adee35a75bcb0d93afd6770b5f61bfdacafa09c72bb25cf7125b16cb5c232dd07ff971af9d0ba0adf7c6e9dcc6c3e186b1dad7d50889e26e280b3f36e438126c9866420628b25706e3067749982e7c1e5515e845f7adb21590b23df02cfcc2ea38710db778b414d361b71415062ac4f6e6774d6158967074fe0f488069adc7c7ef941a1171e3dfa4ee26b65d87b49f2481f148b1cd8a54ce3a56a82d3de5dca2c635bd2fae388ef64fb6767b22e4b752accefa21154535c1055c040e746875a0f67057f256a520805f5f9097dc0ad96be4f85cfd66e3beb41096988b716fd6233d460fcafb0539c4c9ecab22f239f4396e5e4588bdef8aa164f9115262aa77b0acd1391a9f4c83036ea4ce7c20e7473f2bce10165e87e307fda85fa7198e6e684e0fd7235f2c32fbe489037c053cc6fe827411df7e42c36bba5a546ccda49749fb68260a7da11243289f281a4ca8ca98ceca701c0d8b4f70f5e630c7d3d70478c69aaf144630e832f53f5a53296399affce64abbfa648dfd5f74bdd6cdd55c79f59e44e178000711e91e63ee162c068806317dbaf2e7c1a6d0c1b1739a1f5b85982e3da91f5ca26d23d13b3d20d8c718fc394968bbf96b1636fd1d4ca37739c89d2980fc120af27300f467298f631e02566421d61c72418f4f3a6d88ce4916c10ea946fda05d9f65726286c1cad4518cd0c77e2a276cd6640501b6ef43bcadbe1a568610790ecdb2733b909af0034b32942943de1727b87d954a9f351f74021889fb67aa3f61c0d6807c871d34cf65dafc5b8bb1374a2d2145298cc283e9bf66f7f38f29657052f08f70e1bae475f50fa079d5845e1b62091aa14a409a3ddc1c84fdfd02885998b1ac6a35d1f26c6d6bc749f5ddb62ec5437e8ba3703c3d8d5b9794fd69300cd048bd3062d9e05c9e9dc38514761cb001a2b6e23d63a18fe2b3df7df6a22a307a797626a34d61f0535b10fa1dacca4ebee8da7de81ee60e9b84f36f48cd46d29465512a20d3e7d3b8ff02d19bcc870d4bf08a950fd68197b48c3ae0aa417e78016ee1d2a2b13589f586894b2796486de9153771ecf6b77b3b43a7b248768823e68900af36928a68c9d076fee03937514aaaedcc0d312b09e2b9cbf094dc21477f94a5bb9d403c12a073d7f188d0232b4f40089143e3a4e7aed0d8c055c66c4c6c961eb4d7069c8b553803fcdbbe88d9ab7ffa3e8fd0e9e2af1d1198b36beea52bce2c7622e34b660358ce19eff3df3a82ad4f1c477e1b0bc8b90e5af593b428a718d36f9cf286e28f18ad94d806c494913caf66b0485830858881e19a152e03f11018c0094ad81dafcf3372ca4a447b0e12310f05b8c1c8a9b68cd72e9727962d6df1d933d91a5256e4b0d17fd5e3f4328bc0306d6a59cb41acad5cd32e692b79d5ca1382d1a85e32f5d7cbefabec67bb8107955a2a2690fe152ecfee8637b61c49a69d4bbf7dfe3408c6db79f471b9734a69988c716ca5a575e29f3c16d321f613193a947697bfd2568932d81dcd7260b4cd2e32d272c226ae07b3992ae31e4f437fb83c1ef29028c8de9c6191d72b63625ae46af03219b27757176201a22340e249ba2cc33f77e2a0cccc852513e080d19126559ea1dc60129c45058e725160412213ec99a8ea0387722e770f82defa24c1108e62f7a59c342c381d60dcd9b07c4433c6ca93ce2f52c259234251f902b0bb610589590bb8955b02a5350fc4f0cd109b41092ac0b3778f41f85b06c4725559dea68c8d5edf17fb2b5d9c16a17a581a59186952861737c34ac1dd1005a75324bde114bd5c37393742d6bc254fb23eb4f85c3e76b2b85a590ca3853533960851e1ec10c192361b0fbcad9b6a5c772e928ee9e3dd26f219df3c50b80ef9ce7cc051d30cc5851cbe9d52ce79b8fec69b71cb49789ac04f5be2d0f69f01550091da663e74b4eb5ab31de403f61b2bb2ad31cdb4894ecd109a9175f91278dd05c6ccc5b64d99233bcc6b4bb46b3e69457a1b67c4d1e05828ad072ec7fa2b7b9438dd79296141641cbdd826823a6a6feaefd5e1c40b2b9fb541faa7676eb20ba9af1487a4ceb66a27179b3b6158d0b9b7aeb57c3808a8213d2be6drootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootphp70-php-pecl-oauth-2.0.6-1.el8.remi.src.rpmconfig(php70-php-pecl-oauth)php70-php-oauthphp70-php-oauth(x86-64)php70-php-pecl(oauth)php70-php-pecl(oauth)(x86-64)php70-php-pecl-oauthphp70-php-pecl-oauth(x86-64)scl-package(php70)@@@@@@@    @config(php70-php-pecl-oauth)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcurl.so.4()(64bit)php70-php(api)php70-php(zend-abi)php70-runtimephp70-runtime(remi)(x86-64)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.0.6-1.el8.remi20151012-6420151012-643.0.4-14.6.0-14.0-15.2-14.14.2_X^;]]nU]6\t@\@\y[ @[ug@[O+[4Ym@X@W;WgV@VV @UJ@T7T@TS%@SNpS)S L@PPj@PE@N@N@N)f@N)f@N)f@N@NYNMMM@MMMXMMRemi Collet - 2.0.6-1Remi Collet - 2.0.5-1Remi Collet - 2.0.4-1Remi Collet - 2.0.3-6Remi Collet - 2.0.3-5Remi Collet - 2.0.3-4Remi Collet - 2.0.3-3Remi Collet - 2.0.3-2Remi Collet - 2.0.3-1Remi Collet - 2.0.2-7Remi Collet - 2.0.2-6Remi Collet - 2.0.2-5Remi Collet - 2.0.2-4Remi Collet - 2.0.2-3Remi Collet - 2.0.2-2Remi Collet - 2.0.2-1Remi Collet - 2.0.1-1Remi Collet - 2.0.0-2Remi Collet - 2.0.0-1Remi Collet - 1.2.3-10Remi Collet - 1.2.3-9Remi Collet - 1.2.3-8Remi Collet - 1.2.3-7.1Remi Collet - 1.2.3-7Remi Collet - 1.2.3-6Remi Collet - 1.2.3-5Remi Collet - 1.2.3-4Remi Collet - 1.2.3-1.1Remi Collet - 1.2.3-1Remi Collet - 1.2.2-4Remi Collet - 1.2.2-3Remi Collet - 1.2.2-2Remi Collet - 1.2.2-1Remi Collet - 1.2.1-1F. Kooman - 1.2.1-1Remi Collet - 1.2-1F. Kooman - 1.2-1Remi Collet - 1.1.0-6F. Kooman - 1.1.0-6Remi Collet - 1.1.0-5F. Kooman - 1.1.0-5F. Kooman - 1.1.0-4F. Kooman - 1.1.0-3F. Kooman - 1.1.0-2F. Kooman - 1.1.0-1- update to 2.0.6- update to 2.0.5- update to 2.0.4- rebuild for 7.4.0RC1- rebuild for 7.4.0beta1- rebuild- add upstream patch for 7.4- rebuild- update to 2.0.3- rebuild for 7.3.0beta2 new ABI- rebuild for 7.3.0alpha4 new ABI- add upstream patches for PHP 7.3- rebuild for PHP 7.2.0beta1 new API- rebuild with PHP 7.1.0 GA- rebuild for PHP 7.1 new API version- update to 2.0.2- update to 2.0.1- adapt for F24- update to 2.0.0 (php 7, stable)- allow build against rh-php56 (as more-php56)- fix %postun scriplet- bump release - drop runtime dependency on pear, new scriptlets- Fedora 21 SCL mass rebuild- improve SCL build- add numerical prefix to extension configuration file (php 5.6)- allow SCL build- cleanups - move doc in pecl_docdir- also provides php-oauth- update to 1.2.3- EL rebuild- build against php 5.4- ZTS extension- update to 1.2.2- rebuild for remi repo- update to 1.2.1 (RHBZ #724872). See https://pecl.php.net/package-changelog.php?package=oauth&release=1.2.1- rebuild for remi repo- upgrade to 1.2- rebuild for remi repo- add fix for https://pecl.php.net/bugs/bug.php?id=22337- rebuild for remi repo- remove php_apiver marco, was not used- add minimal check to see if module loads - fix private-shared-object-provides rpmlint warning- BR pcre-devel- require libcurl for cURL request engine support- initial package  !"#$%&'()*+,-./0123456789:;<=>?2.0.6-1.el8.remi2.0.62.0.62.0.62.0.62.0.6-1.el8.remi2.0.6-1.el8.remi    40-oauth.inioauth.sooauthINSTALLREADME.mdTODOexamplesREADMEaccess_token.phpconfig.inc.phpdiggconfig.inc.phpdigg_a_story.phpexec_api.phpfireeagleaccess_token.phpconfig.inc.phpexec_update_user.phprequest_signing.phprequest_token.phpgoogleREADMEaccess_token.phpconfig.inc.phpgetContactInfo.phprequest_token.phpnetflixaccess_token.phpconfig.inc.phpfeeds.phprental_history_atom.phprequest_token.phpprovider2legged.phpa_private_api.phpaccess_token.phpcommon.inc.phprequest_token.phprequest_signing.phprequest_token.phptwitterREADMEconstants.phpfetchTimeline.phpphp.jpgupdateBackgroundImage.phpupdateStatus.phpwepayREADMEaccess_token.phpbalances.phpconfig.inc.phprequest_token.phpyahooaccess_token.phpconfig.inc.phpexec_yql.phpexec_yql_refresh_token.phprequest_signing.phprequest_token.phpphp70-php-pecl-oauthLICENSEphp70-php-pecl-oauth.xml/etc/opt/remi/php70/php.d//opt/remi/php70/root/usr/lib64/php/modules//opt/remi/php70/root/usr/share/doc/pecl//opt/remi/php70/root/usr/share/doc/pecl/oauth//opt/remi/php70/root/usr/share/doc/pecl/oauth/examples//opt/remi/php70/root/usr/share/doc/pecl/oauth/examples/digg//opt/remi/php70/root/usr/share/doc/pecl/oauth/examples/fireeagle//opt/remi/php70/root/usr/share/doc/pecl/oauth/examples/google//opt/remi/php70/root/usr/share/doc/pecl/oauth/examples/netflix//opt/remi/php70/root/usr/share/doc/pecl/oauth/examples/provider//opt/remi/php70/root/usr/share/doc/pecl/oauth/examples/twitter//opt/remi/php70/root/usr/share/doc/pecl/oauth/examples/wepay//opt/remi/php70/root/usr/share/doc/pecl/oauth/examples/yahoo//opt/remi/php70/root/usr/share/licenses//opt/remi/php70/root/usr/share/licenses/php70-php-pecl-oauth//var/opt/remi/php70/lib/php/peclxml/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnuASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4cd365846649daf00999e4fc9c671b90cc441532, strippeddirectoryPHP script, ASCII texta /usr/bin/env php script, ASCII text executableJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "Created with GIMP", baseline, precision 8, 300x193, frames 3ASCII text, with very long linesXML 1.0 document, ASCII text, with very long lines RRRRRRRPR PR PR https://forum.remirepo.net/utf-8b64d68c171a1c5bac5016450f3240d02a25852cbef94d0841ee191b26806bca7?@7zXZ !#,aD] b2u Q{K Ir([=qʇ}^>(&xЯ~ S%Äx*7{ "noxF!G)9#}r5]T i?7Ad1NF)=Žp(-$o7A2 r5xz"f mN Da|7Bݻ{UTѡ, tN/W{\)ȢzEht^B?'yfZu/ Wn9B oMw~a]HM^{a?{t"})eA-&$Y<ɟ9N,80iI[N{24_zK4D#K|:|OVy}􂞢(M/O+7[d1&VerlZbyCxoՆ^s[0 n*.AF"0Qj{y]HIj$|'؇~5>UWdw ݛ{-A% 5߰9[c@%7@;{ |dw޵cVE+9=@D^ֿ\I Oݠ{UXk;-ӃFw 0]փ+i՜_/ <6BNȹؚe-XA>đ$Jf|sLAlEz.}ZU;ˈiNrTE3BʢلL!h >IG@n?CIW>39]D6xh^N\ ^)ΩCC>R\oNҋԛ( S9w\30$[ @u8ӊaMUirm2&t>J T6$q:L"EMuOn|G,F$̭KҖ觠EO{z}v@dG,4} oΡ60 969YgJA50J/ f0}Bs"Q1eۙڏ|KL=cۆpRFVmɻHۮ4tk0LQ} J#`Rdٵ/3V" j+ rSpHJ@Pq.6\ob_n5l-G[V8Sq)Ϭ¢,=nSqjAvJM..i#2h.!@'y'ty `}6&b$72M!') o~q!4Qo:sr]{/=+TՓ-j|Yd!I)5[(Ǽ`XH'a,źU=M ^ԼRKV%bL^2=O&RSYYV[ K%7UH- Ҏ?ߛ_@CԾBɮCr.:_g7ּIbX'AqnLw汔uO֚O6; Njc Vnuqe~TE^(U§x}7?0Qq/I9O[+'ݽSrL->KLƟd* 1SSu33O(LK\:dFڋJWM&#Ef޿7(qy ;A^z:(! ij!`x:{M^ ϛWk0 rp%##[=r@QµӐZ7w&2j+ Ir"){t|'VvPp_<|'~ De%o9/T?ZF+JQևW[q/|m},fd3Kj)# *b81 bͥbRIcN6է-vq֣`%j4qIvY+,|dERm:$4I6/_RpS1,LkIҪ gKo79 B\2|kq=7q]S)":W'aIʒͭട'0m׌Wk8DoDTŐnDȭR0QHIH hY F8wx)s-}H5 : a_GBt_ٸ k%dZhgmn!A#/9F %V[Ÿ&Rp$y{!%fh i핛+6-P-ft_qAӳOQne58+n#YDS=7}U3*;;<ǮGv[1ZY6&OT@7goC%]xl6AWW N((5P[}֡9^艩!b|p}@4*iH9F[P.m&Ͽ[0"]NNlSџDAm#jL  J:Z:p>V2 p{>bN֫%O(sG"ͣbH@SUBa&+]_I~ UaBdxrHW&fc2 F'mL7[?Syt3p ?[*|?Yb1JWl ;l EN)V)A0>^b⮺] \`"(x\U"^AqUzaO'&ݿJT}m5ŎsةceS*ka~x ΅MՌ;cvZSuӝO`uґCq'G"GH [3l{4kpaDTD D=BƱIL$l)o%1V@U]ZNj?O~7<)T+ s5?Sn&iR-6g e@.N'mtmVЂܾlȸno&4+#Uv+Oc'!d҆㔥'lC/6 .IJ}y |doy7]Q'!#u#J"  |lM@ ԪX]wWLk\,z V|4)>,ӕ]4jN69j\j]h %T~Xx)}9<T@e^aN֐b>;CV-ppENXw'k&S7|e>GsYdM| K%;`A(H>7P 5UNQ)9YJJ]NغУ75ipS{FT.Νp^yb}J|b -Ѿӎۛšx_ăpXB>-72`Tt5n+2rԪ`at!m;(jJ&j)c{y΁cƅHgI.5-uݚGdE#T$D6Ix2NeUv6rBNkJjn:'a?_1c+!oA!Nz-O91fד,*W0 '^m%*ǽC+QK"^{Mѣ;9jvE" gRwd tM?yweקڬ7 |T.a»+5FB#uL?ͮDkKIP Uup#h̕F i>MV Yd,Nc%WlI P)2lv$|N ef(|r'<-lq rIdٮ K. F,ͫ¡c~ui8N)ĩ*<U]-`F|8"ĩs8Cݐ[R!--qטѩ}LƹvҸ5+YwtzgS(h-]y+[w_ݘ*ن+< {H;J~x S[`ԁjo݃( l`iN Ѓ3ph8k;e$]1˺m7v}F]А<Jo+BreB8>DZ8x8#q`8Ԝ7ӏͤMtI2p-rZyI 0d?Wf'[q 4P zȄ E[iwJGKF\ǂB#%TxϠ (.EI"k8>N̍+)f|]u[^:dJQ( 1c`\;-\; YjPBEO/R[b]S1 PHNJ>0 >8@=L*?<:n>eY<ci!] PN1TwjP.2Xzep}8X G(5[9Ae؏WRݢ&/&_OtPiuPg=+v;6oa wG r,Ogٚ,Xl)vtW Q| .%bvwͣƚX T7$xY*C~cD k9٥Gh(ǧ/wi|&?h 9Z|ݔIвx]CKn~A(H0F0s8v8ތ0uJCqf*+wpHЄ@<iA p™7-_ ;- NOfk(wֽ~T kʉg[miWU<Az!vi Igҍu~ZKCRM/UCuy!y^ƪ8l B+L3Lix|ImSWF-kКi~kF)G_` 6O :XN ъ~Mvm+~"p^ҡ2pjG*pztN}$-ELZǬYAclcB[?hl1Y[p\RbL>"kQƉ^?Q {}̪bUa2f&+x DЭ 2Kʸ1W4{yEٮ%aHQs?%{p-QYHx [y5I7Huu?h\hN/J[VF[[u|aqJk10\ҕDqW #!mZb0v\C3< :єгn0^a핺ߺ9Qff  ^[8p_~w.v]-]hƎIۙZ{3d`&g\:dpVW1vUS9^m@AsI=@cU\E!%nvyM-tfI+΁{_e9/ú`~FcWX]xh7M--0Gxےgcw0 r!F^,z|@_[pJ6W!`n-GH+I"s^ )(d銀ym&gE>bxc+q#F-Iו} r c N֩rRG9U륦~O[NAlٔVFc)-b I$3J6Ձr}+'έE+ L`SxZsЖ/NuZz  }s |Jf[<bYʰ*eokx3w'9D08\GA,.KߕhAt [>#s} ]ф=C<[Jg1v硑{,h.7 zosPk"AO||4$Lֵotu>)t1b%sTbuB&TG92ZRhM%Zn9ƘFk,DeM\`VɮA,rl%$1|IuYm,1 m]IҐL)Lv`r9yҙiWvɉ^_ƌqL> j~䊢4l+/q۩ӳ. V}iEa %'gVo9+G(U9זqPɳ%j~GiKT*vW iQBw*:JYElttKHZBZ?}cjH{ #,~fja;ķWZʼn 3踄5Ep> 5hɉ]]uߞ dq4MN%:swI`x)J*%o6 AʶbTnVBs~4|R|3.%816ҺEcgLe2yb^9*=qТb37l";rH_9 g4Pq}liX{j>~,5&=4_7+r8{!@xh!QS,K;0q}fڍC~ |R$v8D"qHFȲP[oTY"hWH'A+?;FEhzpƏ3 XӠ7A |y}D6H $w':5''LJidP .=/@_I#w7M6?/ N[((!¸قaQUq75hUvM 64zz\^%hφ&I؅f)Lbac& !H^򫞋1:Hzp"Σmlvt7j/Ҩڹ=0!|դє"~0r'?OAB0{]/k'VV^+3K~:w4^/umxoYzE]T/i{M>xt4s@oft_"h{uo6/}8s`eT۬trkip߷z}֌H` m#+ "`' \Κ.lQMd-BQSڨw#<8{]{OB5rg oMmo7KB *]V)=qr(RrcLҰ6=ĒB_Lw2Jt1wy9`7JWFI8͛V?m5<+hN)m=͕4 I`>IA,6I+T<5 3+ >|GՇ_"B Gg12CEzV,Dj©﯃j_>2Rt](7SM]D6&)̯o_8,\W6*HgT?3u1^@E6vl'D׀hDXĽ.૆a0kp/eMr.ցSS$0 T 4;-%OHjj]vhؒ 9'#]eZHuhG؝R_l;s`1`3'(~/9uQ]=5ZA 7/i,VpN|14R!z(cu~ni簰'؈1,%]oqH1yq Bt3M!!_TN136H0Osl3$CH8O e.%[<*#BX9Ra#l)M)$q/::WCND ̀tZЅ=ؔy,&M^ɮEm H;M/hǶcESb\ဌ2@=4#9FiF6D pG_ My!^mz<>NH:uHT{\XL_ot.!Y1$~ELBXCvk+f8*ǫOt@8p"@׼5C\fCL;W\ee;ϦY DWޒ{=-A<7NAs:i9:\A4Q-YAګ5E* d<] G{lz8/x "Ak%J6O9?7VqoJK:Z-vct>h4;lO!6Qt<001eI]$IPsB`}+H5"46 wao\~Rk͆ČV4p /ח+38x!K -́FW ˎS+V$eQNZ֨.Ǭ#EuIΚu V7"؜%0Yׁfz}E켴fA1pgE-_CM>Ҳ%֪0OB%pumᅐiO үaT'1x7FI loV7E¼Yx'yN95s 1RhO*&AJy*[w}ujcw5eޫ]F-wEF a$Qޮ[Rdר`=B+VB"SwG pX+|eu->E3o&ȹw:0Ɩh)^M=7{yt;NdVpI^2D(|MRpwZLQ?ww ,QCVJѨ?p\`8ZZIЏ;|s5cS}hST-?ý!@36J][Rozlq4qOfATpwjjIB4PZSk'mU>c'@>/0XJ?H)8%訓~hlނg0Յ׼Kd7Y)S"BF1<1k>0YŬo-{_)M,{Y@\tZ 1Κ2gy]Bt3}@WiwA뒿[qgi`Pŷha-~r 5wpai]$״dԙL`P?3ϧԴ;YL|?RV qC(9K٫4~0%Oi^k{qVݬ? Q)7| O&+P1u*QzxDqG3 R_= t,.&oOa3 @z؄.U%y{e o"yt?} Ns]BLs#jT2Xh`-ݼ}Pv8JFuvu-9I;WV3hJڷ+ADe{=Ր}0Vu#գ[\ӛ+huC*L2h.<=#OiV孻m 0؞{v o z@B  %1y2rqKxȾ2uM;kDm2aݫC_ԠoV- !f3颛4 s{יo 9q$:2ݧ/ }%Wmh,5vQ& /?G+ X"g$ 2WF#N,-AR+\0Ͳ QDt,5~ޑjȜYh$"&X] .*/264FBs>qR@ĕ2JfetтOV6τ؀3&#@?XKڽ6٩C,AS:ZheBiT(@fKg7X .yܫ%CE+xvi?/x~_H*m^BT:C~GÏ,EJ/Q~1o'( ~1,pyG846RjH coR@gJK8 QLE6}GPmÎ-L C?1{-mKjUis`_G"+p %E+X-1kw˲Hm)̚vN!E:A[ѸkYZIZeҴ{s! _XOB\kR>Ѷe&0:f? 1Lm\ >5(#Lxb>ILDEkj-" 4h~$i6l%u[ 0LkI&tL ˖q`0[l聟2c$á ߖɁR}0J8%g[v¨;ĭ$<쏕Pgo/c1@_i4HS͕~f񍌗4y3@[!k9wP9#A.F\ pݵtj1p'q:f*`XpuB+[-smm8uqو0exkƌvqP,񟑟.>{z 7)Y?xf?&D!~}cpOdZd,҃c56r ”^ &$艘w݈yIy('Xbt}We:RוcPQ|1e0* N584`Vȭ!^DA``B!l5 O>]lCLr<9G_P) Ii8|:MZ#\ҘQyqm紩ވ곿0oRteD^E: 7uhJpt4o?G\TLi |SB{$y+o"rv匨[|8-ev.FE2&n"%'FUcO%Zsח ve=<NF;K1BC5 Ify(oas֝Gy*>[1J?)%b+LK=.N!xI)8c 3įYxiXEgOǽ(@#!JSeov> _;: nG{[SfnS΁-06g_jYb>Ls 5 uBYtbT/W2bY.Q<d: ߻ڜvi_A|Av?_b u!*jkRD6R+@4?`ך*x`4= FN`_d{s`Av|i zPEcVt-= ʾ[<ڒ(}]RU 1F,Xs+®R?g Q3,+TPc]~XT/d7TBd"'-mI: I_$20~(,+Im\X˻|Dε"zӘQ5?+jU+\X×=L(+O`h>RގڀUByn|&B'c_@!&|u#~j.@!_wGG`O >"k:hFXԝƳ9T?6sC>'*=.U 3Qze͘0z&e\0x523=_UQ"fQ;a22Y4\Ԉe9OiWE'} Sj|롽lj&l{9sBǖX;1%%6RKxdT>݋; ?^J2D{lUrw}W>-䂇'<kz4R'm=,'liY~YtǍgO5{oʫijD{kKNޠeD哐I0ݶ$3wxyTN:?$tO,_GMhqvB[hBZ 2׿)—߃JHϻ ٸa6U6}_ͦk%mNzZIZrؕpe}){ËS(:A`Y˺b)F$'wkwUo -n`ś) xD542Sro!a -VgSnŕ|fªAsό G[τГ!$xs0"%1Od-g7 O7;<buS"&T%)Tz٧X2ϾABdZH;TcqIp=(dVa恌/3e-~&?+FuKO5#b*pc4d(įӦo&q+p—dX $1I=0V  MtZSQ!yF.ž=mO6JDsU;כy; 1~""DO%]2hZoH'8׃vF6c_ `: y}WN!ZćUTRq8vsJ-Ti d u/X&~|9[U $S9bd+Z;o".Qk1}r<Ѱ?45?@~mL5^7`h=A0<>!)CRM* Ư,$> +gd!q7^P_ n]kӅ2\yh}-ٳD#sbt4}qs>Ʋ MSDnƢԃ\;#ZAA>NV,7&(9Ob uE-a5:$`^{cp'QGECJ*s*ʔo9joH WLwYQ-yԘ]/E|sKWjtx$E'rFgCmgQu)A,N+uRuseک/`HETi Qʣ]DhUj}Ĭ~-f)hT ]Yra4^duglRu,hw$HPqldbHթ-]-[Z'bnb"luļBBG PXӍr8핵_'"?G(1҈B͖hLK !x$#$=oa#TA4wR-JaA \^mRQkLVv?Q,Ҭ!TwqM2&BZq*`Hѫ~/F7V}oqDshBy7Wio 8败݋ ADY>G%A|䋂tnm.$cDXkN2HJl"x7MdA_DeaD(j$MW-/Y}3Zy"%\wmO Oa8.E"_GIDA%.) W -Xg>cO}7)xRa蛃H`{ eV?{81p8@ӤNf& ^΄LaoYXz''GקgqqyP&u0LI = 3¨,E=CLx:;N$Fx\p)}hRH#B8 s|5F=KBHeGǻr ŋt>C}읳7|ZꍬSpN)A$趄3Z8{ň|>hPPހ8]Sbg˰źϾ*J`yV~|wygxFzډnՙ ,SJh~IlssSTNKjLX}JL%(<4_)Yefps_-^vG qyrlۤ !#=:{|`bt"٩Ӈ&UA2A׊i C >ئC'+bu /n٥#V:dKt6I0`&w͊{>8",1k294p;#WQ̤/f9)wdJ%(Ơsv]b_/29'o=^y-!]81.Xj[$~$d`; VyS/!<8*Na JoK=Z= abN˶]i4 ~_FMdel#tz7RMB?Jp˿5\5hqm2*Ɔ2h!W;FenM'{9N`qm?,ӟ?`T [p B864̿:ye&E,j o798^|:ܧu>W֞0a#[0iLG*2|赀@{ʞD DVg/s-[jq8`bwA')+F@yM:]*5Lr:k˪D5$[a/BXѮ* m >G=ŝZe+UhHVFmu~B-W|9s}7P$5+>oqrէc<\($]Xto'.^aL BdDQ=Y+gTґcb0I*%ӈ8Rqv(d;}-Ϲ4u3٣T:L18jxi/ 1iļ%M[pߟJx^x}}Er](^9& }r @FwLo[MJ>SA^&6 *JqWuXl¬̱<᭢ TX#WKsjc& \==N ն,PqQy v GP5ڽ#M-$RE»A~B|4׈5/WT%bQZ Б9)H ,DRpvUš{ ;DUzsj).P[F(<~>E3a7([ݖw*LU,usLl^"SH4vq.T3%i1 z"K!G{t`E|鴁'|82?eH]֡*9O#HHnw|r[{|BnQp-Iv(߯OЁqU3G?,1*x,VrK_@35H' hU{%E?y9 LEb=pt4ޢ0a&t9 u(AOXwQ4}XK h2y8X_\#-̹u]t^Pkն~%U}FmHgb;A"MA6A5JZUSI)Gl 'L Lj0F fӼx?C9aEi=dEV)v!y(DL9kQHo^lTlHlah9Bwn}uKy"m"1.Jg ?Ǐt2ifĴn0\hE󁆥/3bi]L5Q2wE&[[fUDa3nؘ ԊX0T_{-=cRt/s.5 VWn,5qfD[k2تĀC)܀c(}HN9'7jqP7oG6SاVHȨQjY6KM\eHqʊ=Eh]?*x Y:tznAerK?'H= Kb-gT<8<|ZV I8 1[v42׵awUnq >5yE>P5E!W+ƪ.@=j^ލ f B^Ӂ'-!x"AQ O|3*K։l:0`Su7G 'fWЎ_IHI:Y_n#+^ёv<>:Fsv3Pߍؽi)šaHQȧ="DrLo\{JhwN@р:q,Wo\ȟ!QMv5ћ Vkk8a-gtr=ha34P>Nhie 4%gY$|CøIE >$vDק)S ~4w!R%>v`57,y˶Z|bu| }GK- wKO#iGTi1#K{+uLƄC%LCVУ; Jo):dHZܕ_pO`MyM ɕ~xR ᒇ*Z}XRE*I .` .Gkw s﨩T=WIg`ڪ4KGOaOH|bO9zЩ=ΤA?n,\v>-|{,mJRVaŁPj F TaMux=}Lt5iAYGutߔkq: )>"26\EN'%=n֡paLKkRLXa=eqU׋?4k~(pn#GcB+w6"oSϼ. 9B jQbLk oaM?RS?aG K5 eE9(| g8@dcVe&_V;7eC7X I~]vaUxBC#Cb2ײ¯jחYd[Wh_믐SWn;ӧ,* 3}LT{2tZИI,K1&ϴT(_B8&T?};dȜGC6K$U""#𗰝PJcY5 *ؒ SOdϯS}pmihe^/_++Oq%L٭j@[mM[>a}k1E4r~Vo4̜t9w/oC)es,oF}~Wb(/hz6}~#'jr  gi>$G+3~p+~g0 u$ {&ƈzAu.j,la%&]_,>nN90á :hj2#Jb~_}˄jvϚPnKO} 6{aStdojuz.2 *W՚֍|eK uVD5 nPm]\t%&l=/CX\(烀\HSDRbg:)`ΔXo-WXU%lDz> g̟܉/V6|y0:.1 !w/his2P4qZea( vHCL[O˖lb,'H>v)ApKR<K卭uѻ'N7L ޼:D݉_%¦|l`5Ac4i7֋ ٍgfʉh~/M&eV~j>X GΣ7v# ȜyL(`g3-ܒʐV.v-v) ,O wQB܀Ow0l.vZ?!Mz@$&K9n!wױ'"S >iU4:ۂ?.9jq4{*,xyA3PbZ3 x@"(FzXXm 찈(+/kR[Y ȹcWipUCҢRTvSJQKaJP]Hf9cӞqU3!]n;䯕 l4^YUhy<v oCn~gEZmgHukגs^aNPbzXf#Ȝ %QLrURWryFR,}b,0az37@BZUJ\r4@tE:I}k(8e)zeml4zY&G &xLzSPW/t&Jwxkus6HQm? .e1N9wTNXo˨O׿FDڥQgq4 #zjNTG"w>/'8i!V,>u5&~y &0g|UꋤQgM/e #xpfEW-g;K)EAQwwS'T)ʻ;} սBl..&Aj rWY$"ժg&9&yYZ Sf7!Tkή-PjP)g:t9eO.=;O@@u>^p^Vk[^fJLmQ$!u$zfj"fJ%p%!V(܌qI؟R9oy y=ERYaU3=rҠ"YP0)'oY ͽ0 5*2 R˖w!iAzR]F[KHO%#O&xPOl*jZUxhmttlY)6LXz3$}? X_ASBag*V {檟ͦ+lb\{-$KUScQ Iы3WPiȆ>\cU-*J`)㨖 k .NJBRv>gA;m2`5#4{NL6@OްsDZi5sYlzWs=:V6YӈBi4Bs*i=s&f:߽x2<`a3P:LRʅ̋3ymk;-ٴܵs Ҙ6fy ˥*kVlLz[$\끜]NY^6ҵsy@~ >q{ԴYq&1 ^"@Xl*;W vۚ pڕ䬬o 7d΄YxP,.q.){?O}N6˭ 3#3|98}~nہ0&ów0aq#A"I@eCcCk0t,j׷KI\>^DaL߽Ufn| M9rZxaYj Kеh3kbHSQY2v3W.ZmLJWG ʵ}FBmO9,' Zd#j}~%֨ӗ5X́/KIlSr[=iL"):1Duy!7CpL4u HEh{I<<YaBdsX'm=)~g0w9;R(k"k p@5Q?"#ĈbF8'op47fSM_gjzflyo^ͣ@qD4儰h7=V5侞-{ybb.Uka,(FB/&Sa|KVW)돃T9DŽIlW;ݥ!}ׯjܠxOefJ| #ƖTB fz"JBA"ۀ>2z]]ގ`5zQp^D&4ftDoP8eVE}ɁłtAթ`nl.;ҮY].|%~F}  Wh#"'[`gO;*,h}ԅTPOoKJ噯؂׽ E(znr0+*u`AQ}3"o3'֪1u;be6)RM8R3d3Ya$TKrALv!khg|f4eAHA~Em7PezwCS(#@OOm6NLtr@u@]S2+>T|Qd(>}jS^[_m0RITTH_`pYrF %P O k Ь#tB3Ţr]3FHS%5&znjh?r,tfIÞccr|ziV >vzR4IPfHKWe8Lo&ixOmKJ6 _IH}Y81,p7!ݲkQԦbNh1q|T_x)vkHR=9Oh4tͩw H{;4( 溕 b RjDyML%f[}pD&fr7.J,]8 lTշ}ϓҎb%1GfpQp63M =(%/?ä*If4;dJ?Ah"yjVFT.o`6`o1 k!hB>Gؘ6bBP}}\mڮϬfd{tz'3_j>]o4TBLp[?ן0+ ؑ|rdACDm8وV0fV5vw~^P &6sK9i gS@4eP P6vel.Od^fD :q&q?0F#&Q_ZMV41YhgK{CJ{nZ^ =%˜hRx ԋdT?`H1QHqUR }ѭrl{ :rt4ml4LA(;sk/$^VpXG\t,I} \ WPt<W_!w%J!Fh\t oTl?3ܓM"zH˵F,;o?T&חP e^k\u = qOd4~ζl^c?¶_(}a\xD_ yM@[we S ubՕ2YeG} U=e*'HLI^(B]q ,) }+Pzc#zQ :֩`Ϳ|> \墧C] ںT-7`&t̤UJ>MD8tkOH>附} 'F4&rAQ6O`)zw58&82oXwe]29]%g]w( X#$B)ᨵ^db(u`D9eKe+)<^7,U#b.VD`lݽqSzGs)µ 5_;ahSWXJG &O -^*WmU&gT5|2u bPS*ʸ]}RE΢) Qn} QEz1UsV2Ӥz,a ;[#%EɑS~Ө҂~V6  )~)oڹ'Í. `YtPv\ 8@4<.PB@} c lvAG5ĝ-'Q%ŠB%+k+SssxDn`] ӹ 덹c6z>:dGkKDvO:A3)^(RZ?iopӉњǻۧ/|f0ё岡"h8&s!ܤ9ҒVU&PdVi,x3:Y>L:J9cLzl!VeC̈|76lVJ>H瓷EAlA@vmToYa_Z ;(oD` h}6++kցS}?zEWvT+Ip> pz!ߤx/@>6or8B$W,n,f␑2O;N}աWL,`^R-&Csoܿ308~wCm,KXHxgi_eJЗ.?d} B'8>f  aaծ*xzoyJ@T'A1Mb1m6+kbrf$E-D!j'K. f<UH{J5Ʊܽj]IQ *ӒG0oOvEjXʼ1Y@yX~i= &SYJdu +^.w =`G-ͻ |#n B}i{̔F3ں_.m:E/?TWSN/鿈7gZ>s!8ɒB3۪|wm !bT'"$!|ɬUlyv oHOkW}es* 3ӠI-c2]lGĆ/b˂ އb a<)}^H_n)$YY'G< Xѱ~ztU;(eBv~!zbȧ̏juRȠs8Njn*y4#"5$N藵.F}ڰ=jY݁Lݡ^tmb,h}}oJQ"VUs#cN[ۼw_ uK| -q8,i@G1`GХofU BbVOYhT=봖H4ypCEj"IJZc1􍩩PpLEf: zp,J{ N2p14wHnRu@k}QWgà%'3 0xK>_ў+ۓ ەf%˦z~@%IZ8+ Y}XP#®4z>ӤrArء@j}KCaȵ WuD'@{"WVeV d8 A1?Y}i;>TBwZNr얙vI#VP_#0x7~tx/ Ν[Rp:>|8Ynj(W9o$Pclbg4ӬҨUWTf5b͡S*HNF˒_9TZߨ $ !1Lf5xU.Hr¸҉ NcI: E~(q lMt2!O+rL=6k*{ :,2|:vL3g="KH#>6ZPB w9:t(L3] y;.Ҡۑ6R 7IrUMY_;`#"jvgK2;Yw>b7TYabo_xnjvkm-|DGg' 7I1 t*βJ7KuU* D:5vٙTtj,?KN]fPO_oJ|0{It+\dʨqy.CGB!{e`-X;/0RF3ge͝u-JNQnD@[-#2ɪ2#p^dfiE`}r0,iiK싸cZC5&k/S$ pN[P~u.Xt(J Ҡ2D`9Vy1 hw1X`TCCnQ~ &8o&@ajgolWFNЯoF\ƭQO؃=$guX}+Oy9eT^R^t.ՙ8 Ij|(%0"\Q7v +a`Qϧ[ @5lh k룖cdg./̒YH9f8 5}ZW21)?LGqf{3+ )+䈊ԚcPiH@Y.}YSO]:*S!OY+eѥq"H E-](٘9rzb Q+ɽUr6?E"U1M2p/4T##Mi _M㻢:S4.I][U]gSwx馸T)JE EGP$Jm_Eۺ'c*UqQ ips"nj2z@|8,m4\_]dU< }IZ6 FXOGBH:nƿ& uXXW3,@bF8sc(u4m ),%2bREtopx^YIb#S.9dDW=7)VzJL+7=%֐fE݋#a7K&x¿%r⌚xH>Cgx;9v4T@#=P8(gǁ/'j,EZH*ED>u9_66gtQ[0\T3[45ښ0vc2w`*%Mxtt4ˌ:`gz8}?I䔵Gq!V0#XqoxQw7lP8*Qph/E] QqSԽqF" iá5B,ya'FùnQ7d_ 9n(ąf²\C͖HCϋ@2lv6&=Do^&썸 %@~e悸݉/M Q:(8q@[SkiJzaGg `6/J5Ic T9/ ܤDaΙis[rϓ7o/ÁH$>CXơ&WaD DȒ22}YflJ0.G=/Dq£*z@] "Ao͎8󀂗TBY8>:~ɡ@2UQ;SoZ=VW>c/ϕ27!N*g%R &5X! ל9~5 XV˰bx]O"h=;#Xɮ%XOY i;~lk'C HߗƅnY ՙ=,νYhӗk3dѹpS~OjŚ>bOkU%]W ~~8,2U.<$0ͅR= mPC,w9ZV{QyX-5gaȁQ/h>nMHu؎&PL3( _;Vΰ6ZY zS;Ӥ2<(r=3Āѷ32!C"V_B:r_T,)]wB]+JT"ݶr#Ek͔?…t!6ngP ʗ:Dz O78rFXc臋g 3ZoT$o}6>r u`kH nP۱g:Gc3 {t6 P<܇s ~!tUl,$0K5>dEfM};eoh P (i<$ mXa g<YCNqGn08 {`Ҵ+)8[.zA<ȂKhF#(7Uhl`#@<1Z7𯊮 ōK4p99`7y =CqmFz%H>Q01f!9R&B-SN\_3a-;c; )<TLvn~a;efboWkID 6l9!64Oɴؼ _l I#!`T ./?QM :v)|I),YFFX=m&StC4WU#񆬫8#{aoAKaH6 mi߫sh PV>s! Uz H` !sHQVGWۃ]Z9tP!0~ԕM Sbty" a+=KaVy^q\vS'|t+nQwҦM*MG+P)/=Mm~][!~mUDL=Suʬdjjafn Ϲ9#ud"n:6v/`G"Gr7X"%@ o=}>LImfݥ&#DՓ`ɋ{ MuFIny܅ѽR2+YBo7Y4X,$ƛN]tPm ܳ(Ӹ{Jjc@v"& %F.vi#&i2ʍKucpT[Fl/6a Z&dd9/ HB7V|+?Sj}H-^n=8 OʥMS Tx'C\ # &e<0upw$C4ZA.F5#'S.'m+#wN+7^  `wW[sF0q=_{esIJ`錈kZ '^Bo"BZR+YB MƔGZ_E #JƕcUxO`*eU*;R)%(fXRۗBkyf-3H`ys~&"ŋZ,IO5PKKH?#4AZRA?ꙦNI[c6!?i^݊/&"ќ5U8!M!+_Ux5o'}{B>(B^@1u#~̈́c3߲DdQa!Yyb)㡭JFPI3Zkk7iWĕtwg$MaLג'udv&d6k=k=^?a0RrTxvlYrQ:nɆJ/4]IM$xL Q9Vrp+cή!D͇JP^7f yWW;9\ pIߌJc= wZ׼$'6 0:H?$pS\X,^.ˇ- v &Մ rPi7Zs.%!5w5jlrAI7SiyϤГ.W'\9>l?et_Q@w{W L--CGB7]:x6p^WLUڅ SΒ0j5V/Ƚk{Nhqd65p =L巢 4Ӗ?;GhS)KzG ]M O-s_jW(t&-&230= ," 6LN9B :K0oEI6'(?/6S}\.<9N 8p?i饦ʗeԅNO[ngW|@];y̫Fi`_a7tq9u+AMZ dy#8j6$J&pIEfyc< v?$F!ay Jb{S %5K^SR`!yn{B!>mCYFkX?TEe*+ٯ6tpB+ʆʊhD6zf_͍uW$y}jA!; *jʀ7y䟏tdޯD)MJk!^&߭G/! ? eXf"F6PN)F;T>mXPdm|S4$@GdpLkzh n(P>U<+5kyt/" Qy$`}c򗐉SoVX0Z(H P""BT Acy[mG,]N./|=JO <įLwh.?v)רaǚWZhq]>y+~rr8e02- kD={Wzw l#|<ڥh>w:97˿;]z>K7q4:\ SAB0^)O_FΎqE<_L/@;d'JӇƑn ׵ )Σ/"g( -i$*NoM.hޑJ>FWW:r4hA!ab.Lz9 g(DH4+6<4kӒGm,[QdBqZP+ov{m[%)2!ʲ{W\HTr^0XW8-ەmXʸ8 /*5u=Zrn2@1taRYGІƃgܟӿ*L<{c#xϩٿizd=,F ǞQ*;s/j/+?H-c ժxsٖ^QA7} Ig[eol*餝D3a9eԕw|#ExzjÔ*-jm03TB9pȻ go>&@{#xxS Ңv XC.j6fws~ )\y0 m \W$3[M<T̈i瞡R#U]!bJ}7ؕ?mo(Q##b*aG%\}|a !wru ,toTsd퇒;|_V )c?|v*?nVbia"b SGG%z=)l٘{g0~.񑤌úĉTd#%ݣ*pGr1ݲ0^>ͧuae?MpB4v/RPpG.,گ>-X$׊ećz~m(T#?|8>>Uw kP,)O̡6Ј^Vϣԭm~ƾep֙:/4a(LpG A MNKeTD˃HtTUA@:2^~钧^kq3L:KܜeӀ&lF +r# rIPHAMaQ\x 3[HF |BYXVLȼ%txԱ3n]s8ptvF^{ ^趆9=o^c#v곚z-FBd͚2fI=zmXǘXY2Xsb4gxˣz tgza9Z0 +2FTU 4-EL- &;Ta ik~u3?qge ZHח~8Mڒ,0>'w-BiRyR#Z7s_CY]@6z|,i~M>N$C9zoSXGR>k34 @_o=jŤ@3OdJ՞;M]v9H0tG]_spo`7W+sY=Hɩ%{:f6t⌥+鯕?廠Hj p<mM3.fk `K0yz%dMq3C)|hyzUFїcTuS_.\V 5xl氶}|o~;P4xw'ʀ+h[WI1ENwix &O >9vŜAgz"R5еFW aX\4]EzĚ wBOwٮ!law 0JyvxR;@4]AIE9T)4cWTQ{BؽҚMg7N25ŒmOr;Tzhvt:N)UjХWl< r*HY܌O5oN ۧ?Z-:7oY!e|֎?.)Ltױ#ȝxUWr;7ut]RK ^OϖDM *7/hp04^#KQxT۔z$[ґ*lyw]bdnN{MdfpG %WT齇됂> AbQ-Ԟow. |jK,.WOy4JKJhSTM a b1Z;|V7=ա|M[cnf'Gw&CbD1Q'4L亰$n,⥨< tG;yrmi}Z~B3nÒwlDIiz;DS]:[@м_(ᆏ1W"AA#9k@ 5ßkg0OJVK[,i ߇WD5mtKonBٕ?-ܭE%R s&k]^4Z`W}_Q(N̸$ "vrIW.6ѬAUiqte"ԓTLwH$B97K>JiӨ3$P(U?nig5cXfVMwN 7OW{Ԥwjiq;!2/uV~'2{1ʝ)I.vT<U+\#:uW=hw\;t.K* f':lE`o*73Zt mjfDouJqth<ʧ=JbHY0b+i]PF\.q8DG׬<~Y~,bv=;t^v;lJ06$vM%ozbiKò?.t6gUHŹ&9k5u:[ѳ0p:㩍!_}GNF)$SJ/6Z:1ъ+Z&Q <%ɋo-6lBCr f>R;s.'^U[/A2WYr9`(@yvw 7~E"R{7m1fh'n{;nw4X2a*zes^]Rs(9޾^ "2*ċr]<ظyֺ6,g- Y!wI> '|x~oh0h5̸)ԪaWl;R6F #3Rg`2I,^t`YP @:$36|aͽ=HW.LC-2%&ZJw3׿֑2<޶d0m[WJP,*EW5C$ Ip& qt=ts# 6oIht?OKzNāmEYhi[l/áT'8GcYm_( Ĥ 8v`ε˗8:0zʣn52@wP"-³ke &ݟ>R1&޵f%`]gyed<דb%59l99,h=~cl{OA"jȔ2 LŰ dtvoQ⥪]W*;G{vl,  RהIl{(d^Ot}'Bl6@rԑ b^:mL,3jf9{2+߽2xjU=X}Nnw`s 4u>kiWx>GIy t3rN/?+PFSb%"~keo{!pTd* lRfYNw;®]Ma !_ ϱtE eAYH%'uVaUQ\hO`y0flb+S3VyWo-ΠsJ8gvKÃA7?;Jl5Z)d,fIQiZH9[ 񄘴*\>Ea쌷1Ok~bI&=%XCsoZ4,a}i5VӜLdCPn%+7 ^ zl%tj(gXRx+K1y2/,"i}ȫzD.,0rFY9;2 G_lrD|F97w'K{o+t|swR&[cmnYO͜/V?5J u 9pu.%Ri~wP푠.ğ婛A6M-9=6P$n(wwB/w*ەf> <2}4YMs^^{Ce0#SR+s7ddc{%YE^h[bY|Й%nP-3{Վ*Ώ4 U 1r%ӲBl> 8IvoҏZWՎV^PwV|o9_*ݴO(cqXS?H>1v%܇O^U88~𓰎yW9m(~ky)oRz[YkC sJjB3˫x LV Gk2;ՎK:__7cؖ7e~C@j^(:HJPYofnL6}3G QI~C&VUiڳ6Ks~]y3t0A;Dc r&]Oҥd|e@4j#vtZ0ةf"=sUoKF |~c iDea!eo@[DZ;>-y$S@tdrHkE ͨ0/ n\L]|`S-Y|<2w"R`li[-k(U @ݘ «]"\($6YRyjMFm>g_B\C !LJ^z"X7|e\,y Nv" `wi*:[n! ;r.I14M氭LOc; [NcYQ)0w޳f x0Ya$ܚ (ѧ~dE-S1nU[5&S4Kiw<7?jkWj&9ZX/gWok7nUMU=VHMA @^dq #-Cn|*m.B:+B;;A]}gFSqAݘjb7riR]Oۂˤ{[/pf'^%G?6@9Y s@7:Ͳ'l^\L̘]q Y'!@xj\N ;H[Rnn;P֌bRORNcKDcB+F7+!^rxHpALM]J(Ne1w\`N5bejuQ[cin\X]>jyg<.ؕw 6K ^!aՖĕ]GKS__ J%LǸbuCQK.[N8,Ki04Y_d {ړEX.kn垦ޝ8pA1|c1B$s|:3@'F{p=Pڶ$_}gj]뙶H]G8 _KllOp& 0;$k==: ʪoⷌAlC[Ndp S/.6RxN#oӐN2N1I?t>̘&*LpW UhHP".4+KTJ}M<W ºZ|B?sh zz5ڶ0M17̷31&j3}81-oO_:A׉7_ Bc!`!p8YC bR2&OژLY ]6Wr5;9#V884jtTuVx5SRZ;:J09^\<˚9T,Zjc$ +N.oet1?ghx/\u6CHO mUJ?ъBWHs/ɛRռ/\BJiL)?P`4^0,kYCjbʺImhF=FK]PBvDV* VmP`0@%dzP(?j5KNM'#%ٴSƾ'"e#J 9F7i ?i%wZiLޓkuiiD/Cd".:|ʇ]d326~>oB8!㠘;bՃC=Zj) C*"g8bh %:$mV1̀ex2/j:Ը:3){F_wVC#4F\;zHW^́7n R.uYKӦOQIm#5r& gAݵ!vOH@pރ|G=+b-?!(#qшf_cL -rEg&#etݰ-lW E``?.RWz*P-HdW'q&13 ET1/|U>Oǧ J3u[R=,1#6bV-nͼ[jR]K"Ԡjh-4պ'ـUP ##{ jrxw%YZUGhBR(Ol_hM'ly>>f:pxe4J}IcYZ&r_:9ZI]ƿt󸪺3c]!pbU+>MMܛn70zKL.srIˊmoh53|` L} Q8[|r3~U }h?dta1$r;&U Mzת5C8FPA {Is.??݀;h*E<ʮ.lc{)f!u\ӊ 5ˣkW. ӀC3%-MlLb`&ͥ> q gbً64{ҷ=(tiđ~b(Mg (.^DOosG籲j@*JF|#q4I#18eXs~ŔY=ˬ#r:T'h]?ƱN ) q+KcG&*:!3MD{(X)k+3"|<@fnu#<%܁ &/pOx*:Hb21xEA@BZ\7CYx^ zpL=TȌm`Zt]eъ@3lhC#ckSoI MPa#lB2Dd%#xfN*&y(}7!Ę#JĜ/4&wyMf(ņX'+- qrO:q.2= {**8D4{\K#{l~oE\5=а/ vmcaS L*Avq1:MNIqUS^th4vfE2mεt-G wd+LBa/![eZGWWnA; 1AbVnq]oJQm ysKf]wvBp NR!W6/GF_ jfϻJ(B;=}#+u DÙ13T;qﲉ:ɊntN. bi6{&Nt{h5E*_T32G_JI.$yOZpoX!c2 17A!2P:`[Hu V+WϲA3v2\NWZ΅–XWwoˎ@AP |e F kNE'\vxg? }l `uue*!^m2l7xx~?4Wq\Q7ݦ#(7֛HI]y`W% 'w05!v_'}>McsIbPݍV+"3P U[tIB@t"9 V`~ibMiF.Yꖿ( 7 |'P{Jm/n?xٴytYvd0CR}Y L!کy%s'rX;zA9th:=zVg )lA6OxL}$@<1#>`ʊdb1FqJT((n L9r:NΚAt.43=\虣!YJ4+[<(3oKcԮwh*dI v.oo],Ntn ]yMVNQFO^pt|&v; 'u6&MTygte͖hO/<*_3= ~+5^+b<o&0FDL4 *r'8i/V ozTr D ]I!;bH8KHj>K\9cxNr­;}k Ah[.RW Kw#k>,ft(?b?蚒+F,8AېA!cUK5SӠŸ&odWo&LJ`"KmoK5; }>s7>c#;/v$GIUiFVQ9h ي7/+Qpa*ױ7@b)p\^G/7lP{50}7O#,Q ;cqL/!j6ш t?R^;GH \ݐ+f@+;1b,dhQEn R; F}&uVHToo*U~:uX /B{HNyh WzL!)ֶ55Rn mвѰ:S'[QE_Tit~3UѡT3KNzE]>Á vv\ebDǭg4-j"Lu6{K =g=6t(l)Y^<->ْw;cK/4-M eG;dK]*Qօ͎Qbڳ3 } $vB^lTTʝ yM^wBG_7QVƴH\g5!dǕ ҍ*0/I➣ճX, 0i;,Aj`}S[>dX;,nH]jUl̛:F*mX `p{,I(EN^+ c#2%lHc m% <Oӫ {oƂ L?fR.Q⦇VZ,Z8xI$I@,:BSeMf(Ca[\(_f`e$i3ӓCKa JS”* ADD3Ò, GIh(?-C<4lj7̿k^$Eg:iԊt5_0pYs! [ߪrXؠshإ%S~ 'ad `WYiWĀz{á{T1oRQdt0iqx$3yS9ڞںS*3W^4B\:W B5'HęX+\l#$R:=0b]MaƔ|뺾Vӕ=Ba[{W&ea&)g\%渒Qyy;;K'M^~vTr$K¸axܢra13KtcȨ\+ t[⮡**@7@keڭx`-xXqzaHY=O?a~2A`:]4em'f}΅V$px?dG5 ȈU_IԗbŋG :@ǘۤn` ȚY lTߘq?@N+B7Qv<bs ̍Q( ߬t7 n%걟͊}/}"6 ~9 .!ɻ FWx{`fehDt)(FivSi'ؖ4s!:lrܔ* I|GkqKBT=J3EÅ!|}{QJŔ]V~$T4 fSk_\۬H>b;ihCC=~~gL[hhw|+v0ȫ.G;Tia(ym/A6xLck)Hl}""}yDɁ6iy$Qzt5Fέ%VR\ QIFi%%o^?^75RTw'aRg#V|*8Le ?M@K zx#Q01 A?}}b&F'EcI v+pǝF~bP"(۽0>NGR׍[ٶM:C8nA}jNȆZ [O3B/{x69AycR--Ʉl"Abծˀn$c]ʞe7aˢ=wKwνls3Zb131WIl3(HRp2q\ֵ̘C^2, $SEAE&g|Z c<d]-Ms";t59 _ &xTVÕL]yuͻ*;B*J6Rv8Uu|TuLɰʤ0n'L1!i'~"7 `,"w,**<:K-@99ˌNIV eMR4#0^(" wXOU=&%džk]ʆtf]&lMqXY4j]9+Axރ/c#w2-{>EIO<DX[O BAe:q=>&bU1;,f/x2t#`F\UQºx  7'ϷKG֫ T{l^ˈ|mE9);lX(1[-ͮN Lo&&UBL70 vwUؿ?2\]F[_@a;\g1Xmq7 |"tHw8 ʛ)50C3ln1i -d u1y.in6tk&6ޣ[.cKU2Y`Q`g܄yzDSZM.Q.QÖ)Y,'$DCh>&,ŕeuFP` }ԬLOꯣ'Z=y6" l5C#LzoȔ^>%ؿg{^aX _x~Y9/l| mvJ]±o+6FK&98H]pڨIi{V7?{MNs/:2sD5>kKM ַBR+G1#Q=B0|Ճ8gA>[n$ 3E94U9ƔҊ*SƊ2e3z /7J_/jtlc),U%Y#O;FKzvFӁ9u+[SѦN.njr"U䟵So&tN[*ˏ/JG]J4h=+?[-ma2u.`!ΌanvAkͅv!Ƹ\%_؂x=AMl @Y<'kP<.ô.%>cdl}̒]S*T""W_3ϾC/Aj?,N_VE[d~L̏D}$s;ҀcAl[~[UʯQJ%ۙTMR[ hYwtyld5̈1E@ve8 ^%Nvuߝ&1ݱvͶ/)jO3_ff'^Q&/5^=q#!݂4rf; 3}sqjSPc~@ ^•8+C"{;@I%VEv\3,J@u0^$?tEWijn_ `Iݮ~a\M=B8l L')ѐ{)xm=* )}-I ٌُEiBq ijl14tzpcQ)zBfc5 |r?oB< t2--:71~-]ozȞ~ZLqeCP!C!(L *5IW/3 d~acE걪35P[ -jG>Wf ҄#(={t)'( suӴQVv(Q5vfqG'T"]K+ղ?U54Z)IڞlRi_k5dcgdFl}c#h|cmV]q^>9_Y*sgAZ|li8UT;B V1Z2}Rj8/`5+ Ix'4e BM*SmP(WB`)tpa*nj`&Y~?ҢBϬN5v`OO?P g:r'\p@ bq,ED]wɽmp;2kN̟G6&G|'g$\lug;!Gr/$ZZ֑Xxo?̢LJ.TYb10r\A*H,\o?<aU~O„VX>d xO/MO[Y^]_v,e["/ܨw1݁]{Xg>P:86 R5Gklqi\?BzUpߋnA?6> Jbx5Vb02j1n&b [V0_r'=3Ku}˚q@`9e=#0:uF/Ŧ7 VC[[$i&U+rsA(9|YhaLM-hLAa# xJX Xu#R_D;8q-9O^ga";8̲Gaτꬵ3 O!RB\ĉ܊`>B=IxҥQ$4¨ϖU ,ٙkQoxNLZ=&4;FZ0TU#6㔙s j|0~z/W\\q:[&TW^/$ڜ S4A7 ق/s",,.)$8yl;O\;HG܆Hdhc)$, BX5&0"Lǿ&Jyͼ8(y @v+ fz9m0[u>xO)fEH_@:!Ԋ^늖\uGSQ dڶctF.1 P/hf VքrsI$ NVH?@8m mQTN+PDþ/z6L<1P{<?ٮ~#JOvA^LdM%IϞVMW>"i:&p;O*z}ky<\ʍS5+x?l$=}"@49"pM8/^7;fpA/O[<$)MwajԱs Նnؓ)T[",:K BI?c89j)Y}CS"ec6@M s%t"߬X zlOm.4Ղ0pRQ&a@8I`F}TrfPBi\upk!UU=n fi|$q~^DU"jK>PB,_U~'Y<[)͸eH,NjD ϱ%qd$.)d54h_B-@0P*7z6PYwqlԝM_xŒOYnfEXGͭcOT鰥 GU _HHnC4qP|N:?e9u }.":eI4Kk~/Ǔ7m2~qR[AY C(\ 1)5%5EUݍCnc,Ccza_]GvTy,g 9! A_ݩ{^ dqP~\11q±i2& )F7~s^ na0cQu0F$g,f.'ޡ8Du7/sVX"`ϝBSVB\wCo{@,O*Gx "i/&KF/.Ɍ_3fܣsNpN> YKVyrᗋn\: -{<+zHxAZcmg- U TBg0 v9-CX_<=˧.!)ždpFA`EZnz EmhY@]٦dTx8[%SG@q" o ~JR6tO9nie71˰놽kIeO4)6CSeºJvD!brAP8Jld^TIl#53n]W>A4_GG,kLp6 n_p$3ZÈ^SMVe`_cM5#>*I.M}.PoBe ʪ'.]/goQDþmp W@*4c`- xVMnMپAڔ2wO"@RB|$Cȧ/]Qi[ t>\:GR#,324 R6i(%T1dƯz&7{'JmJ \^ f/T=8Uρ =Vx{@iN\;sj9ODžs ^ 8^li΋Lt)ft|HAcpo CZX0ȳ.d{rZWe%{ȟN K2(l֨>f^ΞÛÔY⾤^GN|-lxu&KQf82 ]I52Y*4qpkzxL^ ͨT̚\8#7$c2ܤJՑ*QeЉ PGƫ+2*㣛hy5&:EXD7c\|@/}Wk :f'3iGa]Fk\Vu_VzlM,NV]R!ç7軘ȭ~⹑(fw>ǥkIBĤ7cb+|84ߕ(0,`aOӸ!ŃF-HSM)$F4yHSZm$  #y 3geÛ]?,ӵ@G1/8e\.bɬCNqTd ؔ<inA&zz&HP˻WJ,}nf]3esbqMo-DIyC1u%VSMQjx9:NWqI'jBe?,xmtlySDۗnO焲M'rnM%wĔnȍ멯 f@ շ"[jf~8'@ZEDquM/mfL}6ImXCljqDvym{̮*ts84\{e92`A'[H3˺l:n µF#D&!PH&RhS]E8 Eogcſ{yܥu5B+B9&ײVik{>~ OHX6x`Dx-&gj&ϖӟ#/{bB|MmB(mHɧغ҇> ~X㼞j,ݣ㭃;2lko;Wi4Yz Sf1ɝĶNmsm蝷BUиe/`~Ml1ΊP-' ]0!DmImTY@ϕeAeu(_fBij8]CP5N̈2l1#({ x9#|u Ul#} ZzuFʅOt<10%΍D(_A / ڠΛ=kņb XzS uT,M*~[Rp>yC2Qi x=͖.,T@+ ᾒ9QFkBQvD/+P(` xsIV9'޻;ȚroZoU-ݴJ6BBmZ_+r6^ Mz'ߝGD[l;wQ-XfL^lTTOC*`"=m!\4jDQ9RT$|"oRPO֚bĘC?U Ҷ8S@SD˹ī%yA :)s8Xrq1+6wR1.R4 j~,N,>MU0^H>$V_.QkTϸ#{\C|HwǛ0z\͸dBrr ]SsS˚P~9k.VKls#"IR $d.-w˯8E^5HX4''1kGF(` B24t|9KPn/ꛕ4`pã]fҭA*me׻ CSHWrT3{%<}7c+@}htL0*G*( Jѐg<8﬷sq?$ HmJh&ЉQ-/V1ДwpyU;IB2cV)D0zh^'VDUZo }AtU^zd@1B2N?@.J2@!ӹ<a~S9}=E\"ߧᶂH1ᡏ/W m4KD*XWK;XRyV̿ m}qcK'BBy}`L B[_w Ԁ|H1:le'--@vy PbF!jb Fm_/f Bhq+GX66C6q_)a럇PT(Cy=\ p-J}$8ЄY.[l; ʉ-/OTrU-:iyT-h3zJ@5r `ʮvg _y}c1\:⃞햭 FZ@BSA5x| ޖ y-"A%C*9i_uv~{:Ӥb+7rXXjوVv;<1*G{5rnpT||^At |wnH?}/1]UXy۸{;EhNG쳑ZSigY^U/O,p-P1݋牃#XEcb`kWtָ.74(gS>ۖjͦk'>tɆaZ0K9ũ"=%(뭋~;U0pd6:Bۢ5?[f[`7>q _:5s *jEDH-rtk$&Ątb } 9z͒p4qs$-;䫠_6_Rtؐ0C=c踃Wڷ0C3Nv.P1/f4AW[X|56Xrپ` ëdb✇I-(#ݳY׶FdWPG{B aN38-;t@:MY/`'(eobHL+Ćī4 qM(vhI \<])zykmLa~i wpz_=IDf)*?ͮ7 wxg†}w VWA-ǜXvNjrL oYXj6J.X &f!iw8hTiʾͷRX;B.0fko ԬTLKT]Y2'W,9JaэGӕ!DXT 0.^6MuE(31`oI\]F7"CFs?El]9I ө}ڍKdtZ0P3Zl<<#m:4 ݠ.FlsdJ$Ȉόqc$f|le[(RmUsԣڂ1673za3 i⸽ DHifW'@Q3SAҝU|d"Dp p,vzbRׁ1اߞTBOi1QR4zf݀@/jI`+妯? ؂nݚЗޓ"(k&?U$! 3nZ12^ QJY`R(7ٝ+j*aV5vR2[TM&ˮ$v5!s&p>_EXoӸ`Lݛ'/Y$?ȅ#``KkB=Zr?{E)x;4PPKH-1(>vhhGywb!OFm={tϷտiml;$u߬O7 9 L8M~3OzQ11 vJa^2]-? #[ FAQ&y.-Kߕ>glnD~G QxmF0m.]%$+)qsvcAНHԸɌ9:<5'}{77TCĺE7\-ܾv5Im\[pɒ6 $"#܃w]TGwM+F(AjY?{ hF(!3: * 5p ܽtR緊_?'M撰[Ƨq pT\emPn-;[GHJbrOw(=\0RVh]꫺dtF å[o*moVMT_ դM&|ўQ1m>j CnKlhe9zMygBum#uc`nV@0wt'dݞc_s;~n)A1?%aev"S/>_ =L1dt7Ϝg3"NQ'd-+}c `aP5d!9vǩ>RNW87?A:6v56C-tDC ExYԥaK`;px>YO8ncͤ%;56hݖQ޶Proez,\&Ϛ~μ-A{fWwlln<gLs2ɬv&zWZh:T k4mI7h_x7w?._b_qåTY}%) Deeq@fcΚ+؏T`W 32ӟc;<Ƣ&ՁZ 4$Yv ⅄RUt r}kh7{Ia2h;N=3{ ~Jr0D (m辷*"z<1 A~2;o*ڹCc SjN%?O ?cOM47L'܋\Åzj\4ljj/FvOM~k>xzlsy@if Oy>^Oa)װW0뇢}^Y95v.œQN &!XpFUk~a3.zJ\s̰ WCdReq.!~}Ѿ+?37餩q <(E>?+5NLO=[}[2W|Mh^ƿGam}yh} %pdjpOc_(FuBjF%`zgxg)~r !86YP ph0w*΢ ]/bMk"NrþW)]rGč[だ- \7Kәiיh/5&ό;6+8w{l@r'} t|𯈄seaZt_D8s B݉:UY J29&#ruցɒ=UKI.2h0%sτTP\GO;,R0Lʚxw: ,͂8ؕɖ7CvժHY 01R!mC-",M>C_H+IVѥZmky ]k;駯]L2w Nz`%unaɖ ʸQI+4`\58KHzx?)emͧ Dﬕ= y{jpI*hD,WUz#)na!6 s>/<(3J@6nV&j%ԝ3uJ9?o3(Z~ ;XNju Gnʟ{춅 Y%m^L~f4/J)*ƕ&W\mpG'$[ჺD|0gǴ}'FZS M?,Cc y&ARfkCfj)@H|"k9,t>FD'PfXs.fC|~쏏1o L~"9`~'lԤUy!?{CfҸc Z@N京fb횥=a"0TJȽUxXI=S"-~NӍI* zU8էG斁p) a.ntW]xi='w=qA#RlƊ:byZS&?%zA .>r$MV )oF! Fhɂst(f3*͡ 5],v`uMDi)ŗꇓ9Mgv;s$fᖬn;(.ɞiڝg!cMl<<+J'"_Qa>jSdOBaXԂ3ysXjˈOR)TPodc4K*K4rK藄8#bQ?\ce6C 3_? 8Q6=U@F#Sv-W=E$>lL!Mƴo_ u;ňyO\E9BPB~}]M+y.c-jFRQȅŁ!;ϵ>u+1v-bqY n|閻d{x?$O*|B'QB/bZp~q5~`@<]a p4gfM`;'<}%'gb|$LnY}`Agu'\qe?Kr2#D>hBy;x!JblnNE|5YM g1`ݼ`Js\-H:jdO>QmAgX1WOQuĘ =,)s#@-WW_|Ob.wKh7jؘ\a74Sޔ.=#] KepMm=iHm|<-Jf7_|Nϫ eb*7M6o͠C4VƑaM<G])=MS,LR?пLO,ݪ#t9yj텺 \QcA&Xqv4 *?n⍦>8y>{Zb8I!-y{κ~2زEWh񵪋-];&ȊoP+Gq"W[սfiNF9s?V>E$VCid|=(<Z+F'C€0Nl)7햡CXnʰL7ų('8t8,_SQJe+7o3h*t s$-PW!9o\,7ÙzR@]<>vO?\ pyDq_(ChxSq[Uc<[-"0wp37hxb>tVvƔҳ J?YmַpzGAH\_G rq8|1ZU FC8+(? ;?ధ̰gV>Aͽ˸qt6QrG=J-z,w-cpUEQ$Oj2|o$|}UB-@ %j0 jfMLF j߾59NMFiX( 0p3T'܀HN@07ŗ{ Kծb{967=OmxV HE:7Z3?,osЍh쟜\'Wdo՞"wd q/)S]ĝo0< ky2@B 9͌3ih|X3[|IȠƁuCW6}b5a8N{8 }SW06_OM;#Qm]a/2ӝE ߫Ste^1I`Lzf g[USQu3weeiE@]Hm#[RaCq:yCءIg(yzkjOz^bRR=MXzA>5[Ŀ(Q윶va]hG.) Z M{,A6T-Z|4WDcEj@Ias"K)[`a"pMFzZ8_êW;<-5g>ޛ^bh!N(;xJA-` KB3̝]?ˏ􁴜TQ wb=ֈg80oisz5܉YKV!#{lĒJSH)V5$nOշ.;6{K(&2}00{Cub~0M]ѧx&-Kn] T(opk}N=P6FZ7aq+oiJ |/1E;M, &PW3ܮ -y̓ߴɚKPTG[0{ ,a$g)lFlLM}^\e_;U7CVFZx!棖e4tgmc`{OToSuqCr.CӅ•R>A`l(ncMLX?$AznSc&'2"eHMh!ຓsŶE/ܦjF{CBY ^ T(R(ySfGy  &s)WjN )+̆B07"[Xb!K L9c;dt.WG[ډQ83#9ڱSOpccaT|NGXzՙӃcjqO2\ACzZoQ ll WY2H<`"8qStmW% ~٭ E&\k>kT`W̝[QէEl UdGndi l)=@ ʲdl7sNaSiA"8{aC@:6ϳc(B we1۫94^p +@˺sl9m7OX.h2j⠏J3(=e]z\C$.Q{t'Ӏ|`}Br6]KL\yA3,3ddzbi K/b*Kn?$UY[w3'W7CKNڞI%/A5HygIuW-KD,W-3ߛ8.3ݲ\{.85Ab!Ks-뛿,V}I5nmEiYz̕(,]^9Vhe~>wX0ٗM+݉)އl]N/3U|;6M|pG*0A GU!g44"3&Rc(fv$9b'[\d dIg1WPF?F|OjCcqIt@;>ՄL74HĔ~7cbO]L9Yw·S?nS)cK(S%+:r'N fB\gnն ;ԙi؈kD5 DzA )5ٵ]%o|5K^\'<Ԛ8j+xUyWGThf]rAiC]fIzz,L}")ٖBMдh |!Y ]`0huam J8AYGk.b$ j0{`l|1D5ͺe !m&F0£S˟ܖ(I7MZ@M4KGfpɓgY,UjJI pr% ~ <-8-s QDtes+jC)N/WaaR%} UtC63}Ɖh]ƍG??Ӥ}PVL(GnP,-[o: [? IgD Q脔08/+j抃,zNە$ -'WBY*6@0yvпJ1?7nѬݬdaX B(0!]4Xra"dhUaYG?oHSaR<_ñ^SGl8kκάcZ[ * l3,TOnEAI~ Eh" sicҧgNmvf {/9`NdLgɋ 9l=;^`$b=7XTrU5ƢiF-o{ცfn|͔z%񦅀2Eplb$K"pPQњn葈@KT>!P^Kpb*%#jq<]ЕcI4҇:(|F[@%u7T(5.A|3 = YZ`̅eK âcX] bNBr}αHyi?~u(Z @\jg䣈6;_,72agC_IQ{aЄ+N#mO,'׭Gl ;xD^Br T߄BEK,: doOF*%QͤPNiIBa'oH>``U~ ,gq+ @c9.62~J}6fy"/ TiETnUO$%W_y9vƄ}[cqn?{adN WC+Q[ixl1BĿRvZW!kkCTrhCXp EFJ kk c6Zp| jQFlei%h>qN>V8l,rT]`jq72x$9Ų`3ٚV[?1 B|?&qzt.E)k8ۓT"^LGhj}hmUU8hy&h ו*];^.a(zYuXYFƫy ŝ%CB`ǖv_- /k1>*0lԧ-4^K?ͥ[\Y4 2O2F>AP4 FB澙594)U7տl}-0SxVkTڂ{HwTdbmo7IԠ#:d`G@JiT'Œzld[&tTnz/ѳl 5)4B\t~V2c+~VK d{En"WAE.6l^ĚK'"7dY+m41J7ǾpGy"{_\ _ s)W][vN`?sߴ[? 9ۊ-9zUlyMGfN*Pٱ7 a R;^:CLURq=UÓWnciuon(IQYCS|߆mJ<-;ZHlj]՘@=:{1‚d.Ȟ<$y[&c~AK^/f 6{>՚6 k&W K0~"L9yV%+{2|jgS&r҇f>)SS[}KZ`d4QB<ڵ5he۵\\}׼/zs9]~8s~;0X<{gwZj3řs-0'>Ar(\٪+/WG0LLҢ]AyYS`%]g^wb|=gVS/\N)QV5ڕlޘߘ'ie~$fV,{I"g{>T?@4xܸYxʸlX Vx'53vBD+7vb4 F3-cs'L'm-Ϟ>@/I/<&78(p?WEբ *aERKE\I:/f'Ǩq>4u=H.=| bSkyMd:t۬1dzIv};qn2\z |C5PW`?쌁6nH=Dx4~k >~lϵz@*dnS-_%B(?RlP"!$`!3jԆ#9jSY;#܍1K;K qobv5p?'I{@c)<;T*WԻK"q^.p0HʺKߦ{MyݕrZ'"Q dޑvy2T,Z~ǟ[L۸RANBZ;@qBr. l71­Ba9ܦ*,Ɉ#1O7jMaT{MR9t V^xۂĄKyuzzPPL7NE1WVI¦5{B}%jA|fa_pE4Is@}[$Y5/K>W &H-` &$_ U$U0@8\̕RЍW0_&a N[" ͊b*~$c]ܵB--#쵥 ,Y/D^2ɏg/NQ#uN*jȩ=dHaަJm1Cھr-'805B !c0͕[u1Hl)k,bE!;;c7|fL"HVP N>-ZKY!z\Ȇ!d/VpxfUV ݮM7SB_uP:U=J`>IB~YBhNcZZ(h % W[(RJ 3x)b$Cnֲm@OsC{0 ^]M%YmYyu͠ӤPVY7YOM38Ty둧stA_3=e6cײI Im״R oVx#ΰ7ٖQDdL9!hwueIivޣ^~vkz/!Us82nILM MT?]O5B7Q{-gXք0A䋵m's$b eY0٥ǿIJUKy1Q<qn/"<2A$9U3aF]h@m(NmV`oGz+YkP=?eOEȢc݆Y"94,f_Y:ʂs}4U7Jw/ 2mLNh@o\S? -3zZGI}Lyp"Djp^A_en3Q\C0=2Vs49}YWıɚ@Ze1`?}(ō@ݑ$!|{om?R ϯG0FB1t3pz׮X_{xk|.%*طҬϧTjAbAΖ}L}x!/4'cPtݺ,W;gN]T`h~'9p>$ѷmbDd}UBLh_wrRsȺg`@) w7.Jp@OQ8}gKY̛_ָ)oBn&g*w_zZ/# :svb 5M3 uMk:(dz/b݇iB$Ej}>}72h9a-(CԂG 5Biu[VXn& C+Gh0#uo 7Jl IxZQ[~U<ؽ;"/QKn6ς *Ĝ`рS4ų4T{~.dq4:3:M>, AK}ߏo@,:(;@@f"CrXX6q8:Ha 2#ǘ2B7_[)B[]Ajsq7lCwFx9O=(~ݫFwq雱Lb8pKQ LiĂL|o1Gu8u?ͺ? r8ԢZ*x]L{H0s2Z\Vg$q k1$b)[cv3ƫFi1:1:K%q,rȑGgu@Y> zNs% r^Tcaxv *bXTkEΆ=;rT( 3 a~"DkVaK 1BJE?)7$Wuz?jl0&Ԃ9P)v9_ZsV?K8N1g! D5 ݾ_%P22s:^COx쿏dŸQ gjÊ oP l VI,VE{Z{&pA's6V}Ź )Du9{nۄ brg^4őmx_:Zy/_b9PN_oIfw1.)`թN:`o^1#Z}SyWڥe>5=)c'l,l#,1.uh@2, OT%}F(JR_H}7uwBM$7@ =2 x\fCeǷ :%iHVOkk=4)x8}rC *ŁCpiزu]hscUU)ڔuA m`$79)wǾ#X]>`mFm sA \\fLWAn{mRـ!\ C!EJR1RwW 59@i ,-bQۻ/659Iz 'WH*$Ӗ (%mчh{>.{` cQ>W}x,q@YExLs)1m?F|veMFڐUͿVl1;? $BῊ073u xbnecWǕ[aպ<+ %8{<|ޡVL(qWh \fsҹ:%ϟh>ۯZf05Eld9Dbs ZKjo4`ߗ)h v/t A cb'S-:~0:g^iDn^:- ~U+Od`j-^x΋!c8}>=J]8k*$Ts7R;a;ϭ մζhZ YΖ t d3d])\{f@UJIrm"҈#FjyS wuKDe6 ]B. zWkR@?&UWCJ!LϘ5B}U/;ͥ~ULH,ܻX vv|fSB}T -b:J:7xClyGBM9~H2x u<-Mo97cQX^c,%_i`V32OH4RudDza@LU. jDLRmeNкٻMGfx-%Ԗ NW@4Q<#`~e=&H'u#!˙…&T$&u2F/DnêdWV|L]L.ﳳr2THu]r |^"-9ntBz`,^äB$+egbG?wA tyBNߒ,:[Mo3i{݄JruMEr>݄ח9Yׯ9rM%gGewgj_lyVjL{N ώ^gxy~a6z^-`&q iMkpdF1RXl-ts$Bz~ɦ8cL|\9+T!!@4 qjiSpܫ1Z?}Gis Yw _`kwrwdѿA,LAݏ -9Ya.+=5߁Q1N6Zl/ 0|#T;ALrG 9|_q0Ǘܙk6ĕ]xVů]$-!n>YJIۡP=,;5?*dbtRϳi 4 ܠocp~>>D+J르{,AzvZw |.Q2|\z |Dwiddl4BgҲeu:=ݾSҤ;uL#5]=`ީB#~r$zA &INK έN~كc!DC]:G-{)sg/HckK|k=b0BvϷ@MLu{oeYJZ 󛠋Fy?! TG}M QճeLۺBQP., =l2v? <_('F: KnV:F^״1N7˅D{0PRo9 QCvB-8/G:Ckc'̤b@x㔆q {FcЋND2O@WL Wo  <^و6cziB8ҽЊ4lOz_8z8\wmn51R6 ;8۵+~\(R ٚ9NƨJE3P=>xC@>2,QauXmoȺJmx(fY=kY5hߓgXߚtp>:q& 5.LXܠ= 1o%͚|{q{0רzSz f{ Jr*2x?VEU!co,Frj0bZbA{6b#%/D.CTbʘ,Gw9ed C>s#Op;ܥ@4tHO@䦥?+mN'.jZwuK,>2?:Je< ~zhyf$ |ljbP%U|/j2o ʰ 7eѮ5:>X]Sd2kf̖Ԗe}f5I{KoH/z詠c`IĞpќ7ѡ(/YYcic$nAZ2N8[2mt1]i*,ra`(@[g"2`"*ĐT0qEG1p)kX:{, |VIڬS`y_)񷤎϶C]ˈ1{=&L2@MU~G{l] #gu|b dIvl<U}?m4$ :C̮ʑ4pi}z qH+B(N/h^u:Qo= )mV+~PC&G p~ 9-RSxŀ,y^XQ4uBUt9#łT)VbJxX{';ު q <.­jH_ySlSqjp.dT%d ݶ̛Uhm|u#_S +VbzTSn!.H|&V(:CvHa.qb?ԥ( TF=3T|Y!+h\Фrk4DE:bIzКJ4b_tNJ~-E6asB% ›zP*gl'hӋ[p)`V}`45N6MCpoŐv mX-4CT;-8RS:pN%JP˯o$D,jDAX*R<! q;bD4@/YΫErq/zZ-\J\Wv'ER}5ӵ9* _dWTށP{q-J+{PGA\, Eұ*`^@HmNE /$6=v.1IR000FivPJa RC˪Nbĺ5GDO9>d :)1"4I/[@Yet>w@ڜ% BsP8w΂ǚG ֐ T Tc(|_(\"P䁖EvϦ.6mv6inґφV&1f`wgPIrʹ>W.p$Fpbj˔`9VJk (Ҹ0:n6.m s AHPuRdLt\A4-GYP?A&u:!ҟKKbΦC49k Vd Ur{noVF.5r2^ J_ɸW3m 6#t+~v&FEn垠ni ƭA896B͊y:*^}tc$x|{t%(2;a[˭¤$@`Ȑ^O"Or}EF MqJ=g$(~Aa7ըp סP: l} /&kwݳo:mdBT%ǝ \#o%3&>=& Hix~lawPê(GktxH/I\5SAY c&Gƙ-$bG2 z@C ?8. ޿% O⦷G+ aHg1o%$4Om]vg75u[\R%@x&X$wxl _>-{fycM/Y$qq!*GUYUZHWlȞ unUmANG#@RWDACq׬h^X/]zoŋR5y,2&hGfH_g1Xo0OJ/p/GETp Ƅ"FY&"Q6 !1qO)k ՇXXU>HAհ*,̘-s`]PauMq#O'{|oi,eėEvM4}hڥk66`vv)7_z3F(Dg@b#32TO%xvP cA#[/P}P/=h.]D[!aǸ}ξbhD\GX|]3ީ~4'ܑVËE/]qη=ڗ)SWYǀRh& _9>Fz'vrꎟ0@eG t|"eePڠpᆹnHE:;Y@]C,ڠўzug}m# xs\|!d2\qF 5»?|G{]d,,h 3zY6#›3x2kA#Y?(+&yڦ: :iҷV8cfINmZG9F{ VI!6Oy_< 7+)"HoTX4Q)}SMSgԫ'=g_[Ok4ZO`:9i6#[==@n]ƮbEx .O+&Ql`RϝY螗baԤfoɂ/MNȺ)Zs- 98;Z1}R]4(@'X†O#R{(+>'r6b ~} +r: 0 s߈atT0;]M0yfםF k`M>',V6>}<ΦϘlMy{ewUZZ&-l@=r~(8nxDsgd _QJY}Od?5BD+n^,6E.Yq.COm> ԗoG^J[^y2sQ[ :X'Mht9(F]g[E8w!#8$Tp]8>ó ܅(DΩjBJdOe.slaspEx,TKUQW:xaa+mJ5(QکwWoSNl|RЅD7c f%1v.!,~&vxǍS>(7UY_ ɴ׭C"VZG3~]=8,U@ %p1(0^"Wg21GN0*?}-'Y7F zY,!9Mc5\sY|;ؗG*>YK}j,U d;8ګt--6=ĒfAQD;D$2;"Naԡ1 5*~)falx3i;?!fUp5 {YxŧFd/jW#x8|e%1ypaƏ ln4=v@f+$A#U4 ePم'z<>U|BdEBz*\ickQeWҟ^|0]+RI+Xh~~I-TQ}42=DFs5gi|w9r0bt_ۂ eS꿓dB!3 {С55zL? }XQ"ωi(VܑY֣oz^-i9qD@\1Z7_YgM*OE汴\5]wguHtOl2IM_D0.&jj:X~vZ5*sNk w<-甃V)g^EsS_agOV׆rm^FN 3)M .!UW<+eS'MtIo0|~ Sԝb,rSiD>b&C(!0`_bBtjkoŹH )`"3BJ~0Hq}]d7 ]ٯb56!"Kw\QVC:Avq+:t2a oy7*4 ;8E@' /'L/% =`b"; 96{!$ip`y%(ɀd<BkH90鱸U VW'IzߚX܍Tp$ϓ";d쪣nl=S8XC@ȢlA,kx)5z2j }le-BFJԳō:lE=ӫNEC6nARJf4,X]N9:egG׈UK; =igv4RȊ=JogC-i{@:l*CJ6dV(T%\W'蚊rTn&?Ac8]d`n*ˁٕߔ{B(#L3WJᚚX@]t)7ۙ\(2Vߣ'ehfjTks_;ped5S){ O[˜B B"}pY'P5kV p#h@b&y\R5;)9J WK6qXq7]A[Sno1y-'F)ڋ$~vڱtDcb5eZ]U_(wu1e*t%RŞ0+!xk,Ldy)PliWN'(.OKOe'M0:M' @$y`Tu,>W2e??/Σ45%גJdU -K41,ѷZz)Wq1b=^0Tyͺ9׽B綻REv7N]IMDKs<<^V \Whm]m_z>5hp=GޅY&7_Fd2}6+y~N,>8eCg).Wqb`3Y嵗 ReR%&AAUhʼG9kyϗRq:id(jzޫôQ-Np˥Δ|̬7-g`[aV|~Un $_5TpyrYuwFRӞU&a^U]s;pV~1K^2kJ& P~c#j_2_;# !%4;W2TO"++2`zvQGsꯚYoKnMu;VUϱ~bi!.ґqt$_(#@%\JY`hlB( EJ#%kFp[tA*1J\ }>c.Z'Jhh Jf\=#FQձ׆*&4VY6g[Ljg4>'Q2&UROD$3p"&Ĩ]yN+$B/o7)lk[X` *<.n]Ɏp/Ů0%ir;,u!ѭ#.eTѵQyK?S歬޷"C+rYI׉R-N^w[|35~YŲ#~/e~$lmX[>9) ]H[]WyBEJ%̂ПTA( ".ĩXO̬GgG,.P8l[GH޷`jcAxj?k|:R(!4DY<ǿJyfgw]֦׌ Y9L6XEؚ_MEoi}5/%I^kelO<8@lxʦQ^#FTkN.*+W ({덵n+Np1NO!g\G" h?tSW/W7x} 7PJ-VQ]N|d *WpCВO&T)uH/8F} )jxI{#3I;b#zxks `)H ](2]2E*h٬^wI= j PF5.U4VYyL-+ =у⪦~-862}lcn&ӫ Ak3/LSjd}{7uNnOE̬cVY .oܲ>$Cq^DU0GE#GJv^{T;yAlNO\AT a3TR7llD 5Qx[?P@! H&OiC0DU;x}/ij\AT0‡"!ޞ aPbB<75kRQwʦK#}HJy7߳fL%n4"xCFg P^{4#,}\ZԊ'~MrOK|*lQ=7_/rRL&le\n}s0l3 {v@&bsxr>ޯ=7~^TUҪnp.Ë}@cLeehպ8z`%4WXz[U-s-$=~e*@vQ[dN153P/ OmPM]|k҇U0f =Sub Q}'7t6<"bLMܯ=蘻Br¯}Z9!I<'-Bob&Oy0â#B()9HcC3綍2Hs0kF룸D9%Q3eܜ}b eЃ*+k!-YDB#n6/2Q*Ky~[Pf,.]:.dSlaVi o:i{c<1_-K %:@|dFϚ&/;/SJ Q`B_2`?ywmi @"Cq| {4BN+iP~|+aPۼ8@lݳd\@1TZ_D5.]-a./L RfvleW^TeVD۸f;|3*dzI (k~s^[9b*TjdNMau~Orb29֔SGs멅! FБyhT pbڭtI!cmyflY; M5 (‚ =Lm?I9DO^Ho!IgKw)/^1EUT(0&Y}άUzs4:i(L;щގx."1h_~5K7URo(Eu*Wkr _)E`DF8]S7%5:QH%ńҵU)p%B:,Xlh*L;Ww@z=zs)*QlF#'@>2!?+P'CM|ow N-PB=_q)H8ӂՅˊDvcB\ġ\](4ہ6| T0#wV7!5ṁ=/V#rdf%֊tgц4P,YYlHhcz 46,Yђ1|m`C(ԉѢI﷕b|Ѣ~ջF|~ӎC 8_E7¦Ԡk͡PlJzygm:AK>)T$7򽨕iqE0a"E/9e͵)҉;3tQϔiKd[Ğ IÞ_Qp 8%:&xaȝPE{JW܏p^EF(_&Ѽ6'](4D(m=8W58{(ɯC?&;gֺ&˴5NN,5RS3?*Z8Al̏1LDҞٖ?h=h栧T(Sj'WVf ۗOOGwI +휋ũNzt@,)k},[M[W=.5t$dV}^DѦS<'z)LZ`_.ǖs Nt7boH,7=hE|މv i|ΠK aXaWLysg)XvJ v*!)W鍛,#1a?ߎ)ώj^rF_Dq") ڸNj~&ȘtqǠq&M%sq)7ґLe _R7vn WD3: p~7ɺ,KM % XNόftA4(i)X}iĚͶq+9kORthfyS  v% a`47D?#U&@?G5=eo#$wz" MB=K0 3J4p!!T2*<9xo)dGj"ۖ/b~V5"}YcY~diꮂLJTvs)e' % -1JkXՒ=:rWkvxtW!9+2FD av5kB8npZ/֩ɇȓA $l%W%<)K@Ѹ]dV6O © xNCS}Xb9y$`*E}Y`_t$["E(z%_/ۂ=AQNAWlxUƝZ_ӠH2O~ۿc7*^hͅ8viއ;$ԋ\t+̵mA4<<"s+UVk{{zs9T~%t X#D3흽[MSW%GW\UK韂k>MM!C8_;cͯ$oB^Ota)~{2[c?KP{iWA/>}iyOnT`C:\;^H8a78@CrZ )@k&jxHCԞMw!AHŻ}1k*6;/Y`mI9R&uEt#Zpj|L|ocv#Jf*HGڧBN GKL lr%ST JVUjМ g5T?lNCYE Wf*:kc+~VšsTϮ#P5eet/`2ɶ'ّ {ȣ跺+^n{r "z Aͱ-;<tۭrnErXZR ,L#.>#״!6dd<'>ӭ3Gp 'GHi%ZeƱn>"p{F~f1Lr<*0%0f@&zLV VE0! *혣6$8xb}(&E6Sc;S PGd4dOG+SĢT}9~5/`y1UW7^sgMa+k;/Fށ«5h*1 w9m33Ķ6ޱ"W}TYIhȐCټ7?Wbeʾ᭝bh"rFՆ #t-K*Nd{XVW3Amk0z[40Jl5+oo`"}~]8Z_Hwn]w*@]2<~d[`R-T:Sw'1?&ɍ'ceY 6ynS !l(pCZ9EB#qtu2A::6eqHKQZ[nDa +A}1x* dTO 20Pe_O3]$ 0`k7iP#t]FN.gT9L2kl倷(aV,q#'JFQ94% =YBxt1+X{f,iV̗1OnyBJu-}!R v''3 aC\bb#2OTfC9vT c$~p$ 6]:7?֟٭$V^Tr gK;9&CwOpR$98J8ƆrBml^?FI >|(mcr5Qg#k:{ ?ƐaỼ;} z2cqsQh%1$DOcI6ߵ9"LՆP^"<·q)t?iy_AwS3fy]>}0DaS/Q2Okv65h`j)p+x.{-|p:Eà'2uN0r;m [Yބٹ%2 {}Eb8P@ŏ&߭Mt4x<^AڠIoear^#zXquzp1 "k&[T w &" Ҹx>N}fDV""FSb,_. EI(zFۀgc"~ ;YZr[/!)2QY좐L=XJ)b5(x >nsl00@&pSzIo'^^76Z>]zNJʹ0E?oϭzUfs߲_0a>?# 9Ja>|_'!\}`27=5mVRS_ԕߏ"do4?U2{>}VB+^];1N\sy#]''B*6ݫ0FtlBOD{De/is ss+{hD( MR9 tru!Ʊ%IqD-KQENdC狉K xҒ] )H͇ͪp2^S+ \2LErdZ4~0qd*Zq 3#HZtbeRXu@/_s21;/Hjߔ2.:$idSH-eDe/K nR 2O͚ KCL}D'4s;i7DJ#IJ\'*tkQ5)kdHk4 i8/D 8KW+ )L Y|$8FQ.<3zK} A.^zV۳3H) 3V]r3g=dǾ}M+ >|7K#8% MَӒM6l}wC)Kʛnv .):dQrXFB%6E"l2bXD$bL5 =+?#JpeYӐuF"0صD|^T#ShJ2?E~òFA?d 5+Ϊvz`3 |R>bdx2u6lZ*!+{5UhNhWf`:Fm\d{$` } SũCMAj" lSي{T2y%kBh# dMډ)^*~ocv,dǹA:6(teI0P%m*+,1[w߸&tzƬj͸ğppxQlRТ5W5ՌK꘬.1(4(tֲ֪m9|QE!af=.%ɉuCF7{'-+=!nP'?-N>GdD /m݄Z@ёv=Q&t]2+h _!wz)F̈́ n&6Nn5f3QZ)3CNE4Ew>[|Iǘ;4g31cq]}R0 O57p*cBMY (p͛\Ѝf5b  iT !5+"-q/T܀+NvPyuC$ܢ얊 kf Kg@)R>qIގ]@ᱴ2eI̾,HK7Q [^{ t/MakXEs ][qX̂_ur(~ YB I$/|):)21¨ >s7㬡6R3ɳCg~t~"$ ߯wBcQbt# H.8,SϑE%ślkjP /<]A(~ct{Di>n0Mޥ4n 7o 򼼙գ #SiJ+]}m; '%XɍYFr+t1ZB>嫔r*ʸ㦛ȺX:l!O["RLa]ĝ5"3ml҇<{. RJiI~D=,säY{Y ~!d m;,En`QlKmɣS.7xi#Sqj׬ lTk6N;ld*?}¸zJi}H-~_#jypqG#g%żjf@? ,'(poH2ķn?1՝ VFq"W3bL"_l;PJ/}m #k%SVAc9X(Ecl2גNߏ;F W08v_=&^ ޣ*w3#Ds\cBY-s>-&hIu ?xp8o0oч?glf$Abr ]ﲈky%I_J6Z${$t4aIH? Y♨P_,&uÿSLU<)_Bh0a>Óh M,}/} hutaE `͈nHl TWkDY7d젙!S&eC伞j K}H춠:R^gC3ݲ^fA֘.x_.Ɉ|@~gh s8B*8·sLVpV38ʹ )ON,,HW;4xa҅da.O@\ݤ(=*0c^$TyMeCs6DB!xԔ_U0 ciP mܣ<3Ul2c6?o6 ,6.KQgL Ue0RBD 2\.+ Qe`v(ir+3| h<1 ȯwagxVv9rGxf*6 .sv.}[^h$+)8kl"qS*Tor,}}8udnNꬦiZjQ}J]ޭ O6R48rjw] >}_0~Jr. Tn~7XGY%djI8p>\aol&zה6 Exw38b'HҨ5aw:< I;s}][H~Т2;UKe}*9KO\ų;M]mOQ%:4@za]*b ެdb'|od4@ baO@2/ ,+׺|MMʂB֮"y1]D)]ˑMO{=FJq ܔ,ynKd6, DU{Ek*֮s~4meOlp=/o9l7 S`q3kv^L&eQw q.b}Kv;#3poyMUy?xBDHyB\O ?D\{S"؉}$*؞E/LT%Na*Q_UbCrZyniU9(;f)y"(w($6t"&átegQ?*YsǨmf g-d7J5qNayA`nTW`'调2D6ybAyF"L11΃7B-׳ڌһJ0- lÙ!NQfJc讓SuYr*eUK]rOry p}4W bj$2޼v<^<{NٜߕFN/S]ṳbڶ+}.6=y^>!Yhc[6<(4B*7a,՜ɷ k_ @b蟪}rsodj昞 -cלrU+tO1,8qPV6E}X䴌6<B* tt= izm i'1.D!vż5 @`]iЊϓb*4и?#ʱ୉R]RS|-;S#h.v; #LgsGF'xͯrgJbuG j).^0nchp >tZ=*3!uXT]x4UO׀D{]WvD.!=)8)ӞȴafU (7&b9lUܮ5߃yWySZX@c EףЭTȂGb{|,pP'q+]T;{@؇DDt8.[Bw_)S$h@ OUa5RE A w9s,Pe"á׻yKMC3Z32Tm *~GžNwމ>OaJkE JA]Zya\P 9@0]d~6c+՛Zaᮃ\j# nVFͮ^CI<蚁/.G בpSr:(M()gL[ژ߈4x?43lH Sl4xq|*MyT\愜YT?Â, /vh{e++D]z[q3SlmVPJzʿM[t#w1|J0Aȕ2/)#kOFvnP7DN7t(I/g< }u7^aߔ~8S!<009A*m_h2b S[waXlf4 |ҫ3ǝiCJ_%gI;'"Zc@:/ |yJ;ZSe7.'4L| ?t*@dٽ>[ǰ4> z 1?(rP_kC.3eL1#ק0zvu0cvH_7Z/|^a)b.OC!H\ȺЦO[/7Bˎ*)ӊC?_ܫ+"$nO(I[M_8{s9/ ^Z6O y/ѿ:xJ\cmbwT62+^Wl׸[:`_A~p6e۾pWkP6Qy]1<1/|wT$(Fbq+Q DQB?0\?DxLFB,5_}+aZFT 0\ jM|ѥEKpă gj&oMwf-7} t?L8*?3- Ygڰy!JM"8 ޗĠJvc#9^\oP+/ sq$pt:va6mܚbGS1KRjtLml2DerȟZV` +Tzf*avʁ_sNapY--K%Db9r-Hl2yi|xCw–+V7;z:xbs45CS7i}I%+gu*UE o4~CݙEsSZYpU-*$Qo??=aK$>[D7Ly/a["ɬs}I@,{n0+FhRTFB0-c3GtO.d]cJkԙaɄ ɑ5OQO&<ędo<\UwJ+>3BoӥV5q+eB*0(CkG!ydiwV܎!9` } "aV+ MS,7cO:` }4y# fjGJ#<` # .;5!S$Gi\u6ǀr۬z>f  VUωbqHx(ވ ,{:bS\K+Q7>J5"8B4PBhAp c_9@bjՠMEGSh)5Ȗ#NL"1# Ԧ>sFaWoنrun*}i)L3E+_P)a:+9EN#Ѐ9:URNCH8a/?1h|q,ʠ{A 9sO 2gJh%u_tia DS9b37FWd%RxHL[ ,O8u v \GLa-@G"PcTz1P*X\'ؗ%Bʰ% Lvv,bHFw5I'q2ES~O۴tzX3[r_B́z^ D8f_Q&? }Ǿ+ئF{pLe!mD #ħw/`O'@0+UڠB_z+䘲 0/g%O+ƓyG@[3ZV;Nϋ'k25vx%B'3SL!( o!=!ԡB}/A5 \Kٶ`HR6%{8o^ttNG+g)1V}@o ٯ1ǂtĝ-NL|Sl&q3a)ζ ̓x(fy @StrZ7 ~M\tIβq(F)+y!=]XHKObԽ?]MF]A;p'VzriW$` 6KiK4U1r _Q6Y [; )/Ʒ}4&u^VcNԡ'όNS#E7]P}I-+ ٧Ȼ@N$+nG"|P)ٜޔnFr@rdx.[p.Mxӯn`ihT+DCI6R@CJbنy?Lܵ}#zDK%v P7}6 l1X4gj98خī弚5=]3RSTpBPn>ƿd ZUtZ cN['8bV@MÏDw7ĦY#,Bxw \x~l C}$N WE޻ s6[tt)/(iPQ*Kv0uV.k;v˟0K8^V2zh^UԔsVXgD <Swo皵4IĶȋ?Exɓ(HnBShǖ0:6*B9Y[P /nuH>`V%=Z#)]ZaKiK`996ݝzu (qaU @3=X04e!>SZB^Ү%..ZlWR&QP:dW/б8;-JНa.Myd\vD3Ky!-cr,O@N#ᕩʍk˧A5 3׌R"pt"@L oܝkRӜqIϚd1ٜ`2F өs FfFڐ`yA:&B7OO¹%ɶTP P9Q[Ζrť6dJIegPü Kl][)Kxd8s:RN t*V,z fD:*YUz1 uC(nlhw~O/'T+Wۏ ?[ (rTo]CLW77&ayq V._%kz`R>A!ߣI湒Eͩ" zrUu+gQ:]@guQ0 (TNb9@<ќ}i9ܶ=m-M_0$RD%1+NjƉKҔ}9Vb-Uzbk3g!Svte׬۝"Qاz,15-q.zkiLRkM4+ B]j Thv K(I( 7 ;\Ϊ<^hm[n`mH K6Z?2l]GLfeo1 &) n4~5g̕$*&"֑\ aY`adžӋ9~Tfh#e/An-yt1f]<ѧBOp)zC ،éyI'<9HyrAݿ0ck5bn06W vzE^Wd$+UIp=|j\K#&pe`rzrr4E ^Ǟ}X]O䕑C$2o YDm 5cO%T9$,ʫp8':,c9rrnb .Qa|TH8l֝3C+1I8쪱fXkn6vY1 Eis<^UfifWb S'(_ a1EBL6c1(N4m5プT]ܘȊs>ʘi, _Y4Hߜ @~T @ѡM#FGuL P>zcГ5ҬJ렾Sl~'mkըZ3D vɡş"ZAv_l~M bv|8`V`7fM6:xQK0rYHya,m#fbTAH4h.$ -cOT 2dIGH_Ć>r\|VEv8TeSMZ_7lHx5{o$׋ J7Qf[-he)Q2x rKR0X_'ivk9n蜆q߀6; ';ܓ0IԵ:FC QO[ȯԶz6.P/暍XU:}AqbP+fuu=\~?~) <8@"7ORjhͺm].͆/nEH .f K c7m=Pչeˀ9.荺.*7 9TSeFxJ1ϵ_d0`J\\)rk t!2J˪BYHN##rXa$5X*oa%%ȟQHf>m%HQDb h>:nq,aRߗ,LO|))2Ň`k,|.9*U:p@;ځ-Z \|M{EObӁT~G<+:ذDq>5;4lԩ-P]=)v%w .?9j}!a4U5v|N^sm8KB! QnpǞyŒM|-.BW X6[*Sj6r}{}1Ṯ;mIaDn)a~+G89/{G~Ę}'8g L 3$b*B/>\+hs=)6}&kjSBhMYVQҍUZ> _4m[rX2Pǟ'Bֻ)ϙ Qm? ̻sDe}%h={sƜp0EiĒpTwJh'ٓwskxZ^cQ# Wr 3 ꜹLD z;6O+ijCt[w6 ^p0Ƙ_pZri2o GݞoD=4=0`T&`a?YuXfnu`:+_`qTeW9|a÷1\9'4h]cJgzy AmP]@zoedÎ:wdy*h!iuM͸/-{Qi3RdAUHVGan {,Jr sb®lOY eʬa M5j!fh&| 9Oզ?giK[PԔ>.d,)1<Bݰh~ҙkY,gyVy }L/$Gh 24_G>KKkl m& KI5t1rPzxbVᝐ5 mq/&t\H-FVmYF`cnսiWbJ 9:(J;GS)B]cG3ƧȰ MD=E=*6Yjɚ3&qR1[B~7vtc uqX׆/Gu׉#D<9KWbl 659G`č)o= "m{~?(v}F g&]gl}66Αk#t&zq#.==Do/ٳ`f\×P ^BCXAU*Zh#cDF'Tyz;^&A|J2yjD60p(wHanW"uأA}|kQ',"r~!1Wz2:o*8TN`[} ;0dR3\4 irSNT8X;g_O=۹~_1MY QR'[TqLXc"+KZCB?IFiI'oWYQuEWH}T5Wslɑ!JG"O%_aT|XX6 cL+\!xuN{cgHA7@ PWZ8U|-ŅP< +CQ={bv]`0Y&XV2a6@8:;1ƢMk)R}Ϥ(}yqNVIT$4\C.<{KuOXde#[_# HCT̋hd_Z͖cn4( @uR}-f ~NhJoR0/@9ʭ{^sz݁2:N\[$[ZSD*P   N}Msߙ_(@3Tee7ݥaؿV{(2A^xP+$K~v;4!K5QW.xZp^keşyfS=IP!14981lh`o^f9EjUn"c' KGrqW#*Efedw6zZ޵&I2ٯG0gަ.j:b=2 Զc5EA 2M ɠn%uNmfЛ'O?/ĶpV*Csgz"3ľzo/(X =ny*+V̚[1ږE.(3Њm gixKj@k>ezJ@l=}NmxASAr1az8N;hjO޽ϥm$iJwV<6?0Ke?.;86}c0 z}UI](┲O=!N-X7Yǟl<7;#~J@N8"ngE[4mIퟒBʛ|DіO臢P^Ca䮻' YЈt@ ] U__q gedb|:[(URq7n2ZD pOs8k$R-P]& sCTorP$j9)_D -TR4XGm7آ>t6HHt3fg8 z wD.?6$0ߢ]e~UqSL~Ρ”F(")i1OԢr4PL"uQ)!n6xL6M51G8=@t:J 3M׌.J8%}:0dFGX_ƶ"yμ(yɑ[yEtK$Ixv8-0X?p s+i71pҦf}&@g>dT@!Y]́x$xbf4qkqy ,O{;H3ҝ02~ ¤vPUen tiZ1V 2[Z gV`7J D~& 2EFGBw4x}r3(9Kq-!g4*D;i6P46t5uz0],rѺ:O>[·ڟ  eпCn;%an*,~ꄙ\CTnx'R+cwy0'A}6!6+NHv= S&((V+*V,Zݧ'΅%]aRēi@„$mu۔/B L78hd9J@:^R|y w3(E@ Th_~2aQ{A+$T!*F!40S5>]ߊf/4صuP>_sV哑"UI1w~½EH'ox5卯9zf:y_~N}"oʥdSuGJ= ?KGZu!.zEnwќ:0c=ˊ,8_dy<G|?z98f| ҽf~ RD[|)wYۇȝ57 TZOX0YtRsfGf5# aJ4ֿ2TͿa!$YcWPT~8@Gޠ?֩ MGizp$`̈m+R}wY2#[#Gؖ PGt0z;Êr!%Wc niG_z轗 |K;6)>#G@Kg6G+8toglbK$BJy;$^{z7kcīW;ᩴMCV@z;|LXhцjmءS >K1+Iantjs|C{y]' L:7K1+/fi]6Y>sBO+(kO$mtlvȒK,3+$[%WVpL/atEHD-aUdJT3{vy+^p4ʋ.A$7))oHyꥢR 1n6-zbO[0Sn($Sw?a`7 ɯmBso`++O#Ss #1h(Q8TL\GAy[S  e!Q'H{rb^ 9)- ( ٨= }FPԺ2Ԇs2)9%*g?t+I,X5L6ĭnݝ|<]CKlV=6zu2 3+*Fd@[ O9I6&*[u,vT v2#& y1cO׶'˚H^>Q;W@,և1yyUBw_!#mUFhRm3:wS6bP^͡TbBJ2ЀjT ?E <m֋R {kۋ~yw6PT9}Mue(Ii!€w]np|s6OM+>'cL R E^ %8aiI;(!X Kp ޞD6.Tv>S"G(AnVz 0SDyI<9VGo !=^ ->l*7cKKY,1ap*# 賲n"@6Wf tdýG>ö.=ˆFn}D>=QZ+g~S\+_x2A% ( ?S>mGIRp|&؛Qe\'=8Ӛ~c3ݠR0;Saгb঵ehvav!pXO¨@ɏJVa^~M ;Y+98pDrzҁa} ɐU~ّ {y[|eDAR"JK& iq@ڭosN(Udlp;6i'D&c;;R_]+ݡ ${-ߎrz4iޛ\qj&=l53nW@}S"~(,am[!G('5)"~SߞkPL}y R akztXJ[O\zOgN?N6GpY%kMHqsid}Y3L;xt/^mmqŀͨHup9&'mƁcN*!n0ŠYEetQ53\N-vT(쿤`,}rZGƙ(o<Xi&t#}^DjھI5Ddt K(.uJLr2+i<gi2!4'Qľ%+b9NN#ROGWw>׻4z=Rjqi6!s(XCzң^C ]C{DK; YQ ףut&jNCq˼, g@܇uƺv;GA%5obN+җE_}N~ 6z`O nݡZZ'cАDQt4|՘с{G5hYd"sP',aIS𙲊׿%-lQ.h'sOXnWNwraTB>o@cr6u;O=V7Z(ޗB~vSE(KYjIZNL[-ORFKq[(v.^pA֙,|b\zS5osX42Tv?,*G Ĺ1v"y j T'; D~ >H7sΛ(<JJ{@gl?5[\?j~^''$Ǽ-2mկ+'DbZt|N;W7r0Q)sHeF5K 4D,޹mINQ/~,(3b츙@P[d clCݯљǝ|EbM/ 唡DlONR孴񐬀yiLt3ݑZQG{ν@cIJ{k,ر}qDiY u%HS0)z+,9vi\ SQa$H1_m{l1/kr1aClŤ"ͫH,c_g^e)XMߢ."/| l"S@:1o ulg- P((>NY*Cq!V>BUmKv c$/~on%s5󖫏wOOhI}(e bߟX ̹*Y>"؜=᭕f~v`PyQy5bRqenY.Ju8&jh% on ZPŻG8% G^{@W%*,9SVu,,nz:6ez.yb{odMCs+6K{;v>mdz,ݥBvWC@GE*V}S.R8g:hXTPB3t._ZDH]ͥAc9E7n Io<̙K0x oYx-QSV%1]U cbT'74ْ3Ffq-d݅0=sIaΟ;oۻ}a5zJkQ'/7?=!> j.fPFfdX{YGtI.kZ+ik%4 sX|܉M?Q )_=π#S7 :M轰Ag#ϸcd iڎ*-@an*T b0zrPJRX. ؙrY4ա9=)vڑOGy#H)^;0[ƄZܓy f1_&ÑC/؏[CFZ4WHpy5(]9vvΗy9ǞUXN*&mа8" DF|Kۯ>+K&u|?yn+:`S\|T#N J7U%ils>ϯS/=X,0UvW$3,)&ͽ$W+ԛ%UçQWoV.Eb fh+-nJ}ic`~֔<ƊBwŁ A ^`%|;oC] az+wbx6GJN# 7p 8Ǧt-p~XpcΦok݁z]U4ccbqEK>) j̧eVfF7H}q3t=Mq-opIVm+0ȅAN @ѧ Ҵ4 x@ M}_nNU4=l(>?k{Enabxm?_OLO_gdTIWf \9bEbzmꕰ/]=\X_i=/h4]P͎|~qX}PKio@x K|`ȭӸP x/z14ͳt5w UPҢ~p'H#Ym}H5}0R(%Tx4`Ĵ\7nN')GY)Ylp" ]\){myTIGLQUP,<@wR?)IT p{Bʼn)>'}?H4MLFqԗ8s=Czб ryʃo\;xTzڍ%~#9DY1I#vf@'dE=lN(;w4σMPh;?1GԁkD8/>gF=҅pYF[d XkK/$mUJ (1@!*ޮM 4}d6^>>IgJ( ې+RT % QcmJïq\~V9OFs *F A;ЕX.n+̓xQ6_d׭tFM[Mu N=ɕJ/ap;rQ(pGH$pQ8YЎT'hҏj?ǻ0'EU2 '0^ѳv̰(:h N3/+|e!m*̮h5#!FhAaҼwH5ly/?0b5׆Ȗn9Ti֠Wz:L4>ѰRD-3ou&"+dJ競,_Zn61/\i>V/9"Ww@ 74uuw1 ;Қ|2p #Jcc/z!y-U? -%ˁJ>(1G(5ƻgT$ڴ8[q ޻YB%B>3/gbdpK ̏*7ߦ/zJ|rĺI 9O^<yρ>S qD> 107i-,yG Ng?'|r&VRV6 1xK2yJ\FsG.q*W@SCi'p(D;E+,1)jM$sלģjeCu:EiXLZ뒘:[#OMTgShJ:Ej$f;< is KN!47>,Tymaޠ$a1 M*:C6!n-1`XۃI#FzI@`'3+ kuHj_Bk:B9[2%rkwI@OF;ƃ# 7_AS2;~oS>ծ;svZKHu)Gby1eyR+cMEs h:3$k'߀]RGڧD`8_ ?lFtPԀ=6GF"N5傫5=$pA %۹nˆjsk;K#9X8خJ*A\Abds4w'b}'+ȴRqSpu-G{^neO#$zϠ!dS_ KӀM`KloľeBؒ]0_BgƘ@ZW"킳5wr6AQkT1 lt@,M*-)-EbeCC-L煲o&hEc #l2bc+*}yG(r$> +%L'X5S{wjOZs 2Ԟt0$y ^P_z]F1}vTsl23N<+yj&jvˏsJHX }!R7>ۓ8kⴄ EYTLܜTi+V0U$!}T!]E*ܟ.:}6%> Ki'C[3 !{ooo@m(MIS3iՇ32:r:[D"ѡ< J ldJ )WN"`(l3[.hi򃫦E^~4ޠ.$z3 njN՞9+$kUبX?P7N3"0 cU)~8: ,j0;(חOn/c>>L1ԩqG ៧v¢2TA4?M~/*,<䇉GND+{KpG8^)}.Akf!,rp(8R_D_EI, IqC5ҵ #_jQ6rӴ{>wӱЦ 5[uvBO!Q.%)S G:b 8 8p]{HsMܝ/h 3Hq&4ڲ (Bݫv &nT&s)W(tUzC]h|fωe960қ<RJY]V{o(Zo~SA2*Pa!"ڭXQ;~*/mϓ;1S*ziHUmzFS~]IlOA\PuO -{X1I_%IT5VPMLQܨ;IiJaV3?Kt֟*1ZTCʍTر\( Z93!գ)'*2K`u ꦨ4՚9+FkIBt_7%?L"ґq`c0pݥS:~fYmq yؒQ^n+(1 A3p,>[܈ːd"p%lS|"Xb|Jk־3bht*dZ$t]Gzj:+.:PMt-nB9na$uz89qsHhjdGf9^\T̏ :Z E][Z.=yL!Ϩ #v"D]9A+Qf7tFvI3j %m`>72A5B"l5w_̴weTx0uE7^4ܻ>ҬCg]al |Vz֨׃8Byq%eV ɏy^G%Us@HM֎z!l]|HW'|%qq_jjP]jLYdօvg \PcbIuVwW,Lw-R%j(,6r^[3_^O,DQ m{S#tnXdsGR-E<g>#CHI;g{/2ZiaC/!ljL23 >`62Ʌ#w_#rfNTm 096|fTBH*y+ AH"Ƌ)?ڒ@vܤE>sK]ٕ^-7Cs< wHbLNGLvl\h̎ڬu&ē&p -2PE|yl;\43Nv$ M2%sJ E|^>& :?9E`VU"xy\))`P6a2C5%"&NO L%MN LeʷrooCɆ)j@S]5͈ ijC^fTQ2XX\Qm?ӿ"BZG0e>d8\!+CXwSׯg:`:oOV٤4EE4qJ?)Hv;6Ι]M_,?=YP\Vg~+J@m3paDv-=;/x~_fhv)ǝ.c EP.qi,g672y7 г;眶~TæPu|LE=)"M<&R%ȰMq;Uk6CF :P)Oz(o|`m؂^x>of-eL1 KIlp˶:xIK=s/2XWHCz 6Yb'6 IE=% _‘=PepY'g \58ZY=nh7tpD6S Ls"K6xL&295\ H(Jgz>IhTu@5ԩ:#%8(̚tآ!]HZ VvN߰'/i%\Zjyĭ_JHrX! S#(9*  D8-+jڻ7ƺ&j齃*Siu +h󖖶s`H\[O5jX\Ne),K&jy /؂ǟ$tf'}'Аp'b/Cy KK08b}V]ω'a\|RY6d#9̡Ϣ0{T 2n jXɦahuzA=пc,YQ%nkS p}7j1EnL],رZ4Ɓ'y++a`G:_(ϑa,VL'&g ;Rq߳+IBI/g1N8Ƚ%چZޔ$aLåun_~>[<vm ; [yQgCda,.u{wɨz~[snіGqZ 9^ 0 |$0'TVS=|9ąw}$.љ < 2 3vBUuJXS%LkH!{:KAgƼ?2Ә\g hZq-3Ka?j}ǫ[n MwugO*`+0|ԘWsuǍ阩sԱ';xX+o 0$p0ćI; Ws?$~=_Tڕr7ruM3:`2~V9-(mkeGJZ r718F9#T^xr(Sa:>9oyYC5ש?!y~L(suD8U0U7o\J(ھ[,Uvd'qC \iث-xjI5RyyDqp F= vGG+#j9i; !dN,/}⠤"*y'Y/ӝ0-~ Α}F-9&vt5*q>1UМt69 [ʤR'MGǓ§7}2-Pz>k[io0ItYOQ` pa).'SJ0c@{v.pX]ɥ]x>CBǹSY*+ 4AMwvboǤV"-:ֶf3K?Av~OS;M*XLP`"=ꠞ%CD\0(i.[)K$>ytV'DN2*#wk8+;%H娻DWN{ Bhċ(L:fo qi}jءtQbkby]4ds?$F* M ޓ1'dHMA;()߂U ^g+ǯRFsbEzCoޚU-n3z6x+'qFzkgƩ3Y*19eUl:QJ0{ZRX/L h,g ][eUqbt?Sfy@.4"!BXX-k$@ݣnP{|b|iz"<]ji癉9z36&i2`q*rC\oΑ-w 6p^Vt&p4^ȥm^FxƩ g\|ʨߚ.[nxo{߷!Q>jaq.KH Kx֝Mf:NC6*a$ϫ>Oۦ2V%p"fm]BcTfd*' YR֐r70f^0SWLvN: 3;A/c:Q0ЫjfՒ*F}j[~*jAFiqV#rTxeBVl޲;\ni\5R7{K nXF\uXt0҆cp%Y2/5^q%,[snibuXR:Jھr/Yw? CW@kSz[!y>jL|=;RyA'hu]j:<#BAO)jK񄂷SK0(IhwDd(Z}һ"! <Ev$J>py|_N1?aVhE܎]' DZfghz/v=_r٨pnfݳ'&,Y\QL=.AVw]yՊQ @X3taj؞H-LtJ<:B5y^p6;sdžI%^-~+Y^L̺9O6zNVckAcT/WdMdE)x \W.-0ORj7Q>FPb!t{,  889o=*/πD{G{sOKn1W373VKEQS΂t~NuVԴGoR>yI};or͒HH1Ύ{Tإ`k xRE!)Ӧle%E2Ѳ_O@s~bHvP9uP=z)^,h{V xSc3$x< uO_ؗ"S9pޖ^ҝ,_RRVl3 =vy[!),n4d"jHZ4S.Xn"tW0f<"Þ2sY #PvOE~[ه5ė{zqh-JyzAQ0=#u×{1Qd 7yw(Rr#YW H:nUoYhw?" 2.CkZ.g5B=fI不nHϚ^M;)M=:qh <=SŁ~,M)<0l!9ezKy)QE—W+,r_G)5?V3ދJ^v߰y_@*k篿\';R0y(zmS~(X8Jtoa"w@}3t%D 2Ym+fr+2jZ"xA]j=];> K.knCxa Rk;h\t, λ^׸=̴T-\u eT#LT57D(SEYb'"')W~WτbP5r| n^´5p4 vvPHdҀӧ/2_lxl='`@Jo! _B=VO(d!1ov5cp{[F+ss3fi' *΄8sŽ/q*X~|m=ɰ_#aQj˃&7l,b-W|RCӣFx>c5X4o is ٷ]Ĥ=C$i{{oɥsˆvkQ9#GP$BwCޟfWS22lGd/ @(SR "i*UQJ;t{Q*47Jz)#xL)l-6sG(nv_{;l@ z9q}'|3!EAmҖd6f ~ )1_;FX#HSK$-bS#Anz/@؊:S}\9IC}OC!fN?e"b E<#0~xʊ *X5CRGfǂ"'i%q%)ЃHh&yj%zs46 G8X+ Ss Er4`J ↵DZ-5DQvF :l_ݏ#Lp}cRtI` xOZnj8ٌp} i @הPW9 NH+񮯅2edkKWgޗ/m>m84ݸ- 5gYxsz&?4nErk ȧF!oW(4oJ9=, K+g m l-} L- mFQ@wjJ&+Dfa 0RY9^~T'UFiJjiAPIR-=5bң =*w'a6Z"Sb=}-%ɌP]ODms% yE8XZ=_IݥjQ3 0imlӛäu?Xߕɸ QL!JU4VKEf)Y ~p}qs -sY%HL"xRna,wBn̾BržcZ/%}&hs{,, 7YQDR)-&7 SIhbDuQ-Q?^^t{Yaof6UKLnѼ|zQy7/W/mЋmI`DTQ' ;엳@ž]wR넪7R5gɜNǚޜm$Q[4r'tv=Bx'gxC05zo K7Rm)46 Ӗ0.܆0Js^-DȢfL*=ae Ϗ|{l25?n(!K?IXR9FP̀sXE ǥ0.WxWɣ5E12$Ҝn`JM/0WXp| 2 ~zrdxTz:r%I;6<9R{]C:mN$ ξ4E3[6viįI, ?M|.E鸯ZѺHQM"P*GdBN |%]ZovD.#w1L1q~ѰyĚq X>x9ݫd}\%6 |ɮuew5}5\ ҋUAhh*eL[1ot:,+pbC3̓ET?Sej% כ~GTbmrggTU[Ҽ,q^WW\6;9\軛S\>[KNVm^/˶XfnTk>A(Cb"zd<8i٥O@]iIAJUa%EJE;ɥO/ ^L n@PLwq‹YŹJ#+"?O!< =̰9'O餒Naڅnꉀ~*' ֡3\5N?>!3bf>)uŸHص/TC0yfJjsI ᙴ=7nx=΄8D9+McP9k mFVKo#C&&j|ZpA{5_)`ecƫO:Jq$0$˂q%[y.ݓJa!$B-/+OgQ, DYdOؑ="̰ W#x及$Q9ҰfYAsp>χ*a&$im_[(^="cz`\أ?N;q*dSnEm\zv8׌kЃt~D{@k3ٓm f)>i5ѕҒYaky xի5{-i#GqBAawte a22j~kd^5àPhtRG;JN֊*Ĥ},:ד߯ɯP}iڞ=G{].lzgAWB$~!! )rm?hd"6}Ҹ"GYv&Ua儌iewjgB']%GX!,vC%7^~m-KAN<ڧ13=[:{#drxY?4iEriJ1# naS7݄(_X7 'Rw8xc/mMȹ\Fp%N:|DJk*jC:I[򻢀6H+yodнԐ˧S| Fsb6-!YQ&UM֌I\T \js?K+PF3 22EAX|S0Ҟ?%"&SIPi[D>uDܓUߌŹp'hF b0Qᢣ=H> (~A-QLKg@,/{"'.5[k mMm"*9,n~bS\`VS@1'jV?>!TϷ0E$/JRe< A<-ޯbC";s};]gRQv&bbEh6=V;Pȑ%n9zBE }2IMͯZALA]Q!>`[Vr@,wr=f:6F@\^()3I7]V_ 9Y\'A-D56-26[2@GQnRL =_i/tQG,p`O,P3؃{$R0tL|_*^`RFN4wZ#ɚ(F9&UП=fFiűϤnG oup&_'wx @F\!%'xMM T@ܚŅ`\f!Mg>vz$9f&Anx94|w?Hp+Lj%r?#W!5u ̨yWR<ϏuopvB f'?m3 נg}Rsػ\ʔ$U_C׹鈏j5ڷWBh%m'][*X6{:1{KNi dg;mA0@D5xN:äP*デS#EIIKS[[P|R)aB MuD)̦?Nlg`&{ MoxbӰðI3M*s-Llr6^*4dveiP ]P|0{>k>Ӣcz,HpvT啢wAmO.X|u!zU BpB{HWV4w ^Ŀ|HXgmڥ7ͬ~Su-mBx|qyEe {6䪞=-8՛l\sۢx}mpRE_o#:2 GAȲtVB?|Rj^nIDvWY5)ǔj?3,0!QbFDzbRj{1"5462Ƿв1*̲ AzE`n ! ׺ !xg.0ʼ|w>5K .;.WHϹsJup=U) ->Œ'ƴ&Qx"UAB37NTD'uzڝ7ux\qh^?i0H\UV 5 :mkޏ8Iԟ;laf5@f/ cO(Y +SL, ]-R`ofZ'5}+`1p҂K|"+?,Z&GSruʞ:/ NZ\ۈ~A=i '`>_ݗQ `': ?r_Ay2 {wag^S9p#rT΀E:N6Ao֖9W9eI\ی=.lljж(_syL+V'3K +?&V$˸c:1'w{h E" sB4MGs|?N{tLuuIʧM|QxSH+Dryszk)?C<[NRH' z5P.,CVY(Yuʫ_c1")QG_k{r>.y3Wr(a|7dZKPT4(mYۋ,kbʝQԽԬOd|bpdȘ~ =d,qU}_RP:`o zT;'ns۹r)3{캎#.!R _.F8Scۖn/˱uZ%Ďkt1O+nmBl0é}yX$ҎϬ&!uqH@O_n/B9ۆop:yV4}sU{KпSrU zG/Q)Pbw_ulB sOlWߜ)z1?Rs bFxwƞ <-_n?DDirIpOVj@$;(N6v?l;=/L ?*(b_>@ӱ3P9@_r::up p`kM̙g3Mn츜0v˖ Qg+BFi@(mǬ RMj5BW M;^=/GFaJ,7'Ds{Xe}t&ﱲ]ď36v1.~C[?EQ,tG,|B%RbfyfV`U )c":q!"Jtc&+6\are&(ˠ[NŭneL;7681@G5gti ) *ROv7 1K}J{]k) r@0(HQU}P̰XB_,)6Q;1?%^r  J2e la(a :"ry,CT^;]s|2WU~pMz$Ա)gaKlbZVy4̝cůؿhz6tM?4 2)7Tʡ$TLP&)[EPd.MTÝǜH37owCfӍ\75gmEltpnîQ\w/];2PsM$ʧz+JBkwxjRDd4E.wuk|=ݡ'CjhUEFr]'2ܱLwԘ^BSPK4\H]%=Uwu)LV cD4F>g S(P uu6ݱ2߸?3,8̟q\L#.AޜYB cM+f6J;,dVn[ʫ!GGN~:_@Cr3rȬI'fj,⒲*OBE'iX[dʺdd2z }+[+MG4_;ƼxTDT+jXKbnZ0.CMxLAktّnZVGg걆K6SUj"stUd{=ϱ CvqT"&u[VS)Yз|m}8MR\'898R+\%궧E,Wa`^MX˒ Rۆo;Ppt3FР9 qTҾvMr#=o^e?^kޯzViyy7= 79Ӹ~g'oM P["XڽW5CoV*m sfF+A+ZUt̷_9W|^"#Y i*ߒKh7[f$_jLgTz 9]wHN> j&bNsֿ^֏iȯm5~Í]iH c!gMIh[Djnv 6c?o+P -`S~/Ћ;G;]ũR %I)16Rl'i{r# ÊX9?A&|lFUY7=l?P˟2_vk %FH"m GĀSfwq".VwkYݽ.B[ .sx<ʥyoO?l>/9lM Shlh3*{j cNI=Fk~ҤhT@1rUk.~(_e| ׯbk~n~Qҋ&53o;,!HQ30ϓD1h$"KPlZ2VN74 0ɋbk 4sҧ ֟m> >ôWB-Og1t:5`R^fbDN8St{fwpY#^2TK)RPB/K"!WQD=@4ͣ[ J%X)uΌk5z"wm6 xnK,K^)W{#n-6u էIkMG)_g+\CF@׌BVN{Ct3s7ߨY18ɹ; M r':y{ Uy 횊 Sox0_ aQyN5ZqC4JoݯuVq7uۤ8-J ceb7?a6r5@A2XGmkQڔkZqL@OD i\CRSS.@NzUZ/Q@pzeK DJQ4ҏѳ(:l/ g=|I|B MVuN s?&2͟e5dE:*DB 8~xY=Tԏ+P/ }KϛU{ V֭ᯤb锜GLm_9sۓOxnȇlwd7TzVkȰҼ69P(l&VS2<K䋇=h`z gB+97^Sp\V~ntQZqu\&xw,^’Xl<Ј 6G4"N`ǚ2:m[f_.M}6n[&vv5JuSelDJFbI71kJ=@ꐇ7R<-KZ)n^ sRK5Cn4<ƌADnKI),:&`*8v rm|_~d52:D{' E [ GOaì@D}澌CrU׹ U7#P\+%dnq }' 2?S 6!|￰i66A-)TL9=!ƓDh-~Y>*<*TGhƀ/V^ 0 d [ydF&PEҕ7sI$[H1N괩eO)EA[]n*۝K3fE]k躮F<{"EQ N=ATmUsޓC \1>rdq]d~vM9 Y#b'΃ ia>1`m:.}T /fֽ9(] <"rSF?h _,{3D}_ H3+58i|/q*{ȬD^^mT7s3/;tD `3̄Qy-*_$\?Ly>)Ǭ]G|rYǕ^)^oB+)̇E5r?@5s$|߆M:*R9jDj>[u,)"xBoKZ5: xW`I=t#Bt'xOІF/B u,P7ƨOع *os/roCB;2|w:iǁeh,s؁v<)'  sySfڍ~#N"w(`a}r4}Ocݖf ؛&+{\\zI8Ju˝f/e?g3+nx6*DN*9W0Fs$唧(nM!OƳF#i!!c:Sde\~Z446 QΡm=hHS`s@-x ùdЊ8C V*7AU|jx5TB9edb2R8~{uMO')*40 y<W,!˜aWx=h8PjA#$UqDf X`(ݏ]v(Zy:q|c]tv|O?SwQ$SOe3)´&dCqe b+,ljrkC }lL1I~ǁxdSҩA.]Dp3Y )NiYiY%WIYP(G'k,T $%n`im>p"ٕle3[`cql7"A p!'c0v;5t[LK!msû}e &D^q7Xn/K@!ljNđOP 8d)+Ta彾#fZY ʾ\]y#Y8X xnߵF[ a g4>c2>s8. PW}Po 6FyGyWgNmg+HWa:LF's"$0'>2G(<lq:.C.b+S`E"911 BNDr{zAϵt!X:̫:ٖ s<& ͼK'=UQ|RyTk7X#KD4M'q$1OS3,Mw,-Pwi"}9D`gfo2 7s[_o?J?8PT{SnblM) &.\qkNn1zۺ(9GͳYBΪP1`7]k l v !y;155G8kX,)G&p4MYLPD rڄwIHe*#${:7B%EZ&59ZO*]m`$Dfw'<9Tc XC51NJfBK_sbg{Vћ$TpSQ+n @?/+o;~),%,c,!L-דvϠ(_RSdz2uĘs?%[VGdld:1B%?ӑeˡPK3ߺ~2?~AO>0Q* )STh & |[;90V"۸=Yz X>z9'kJm3l刣 0Cy33m؆.&.G=~{͒>(dES3u̹W3'0IS2"I:>ѱ94(n폣r>̴xW͕iUO`oo*DԨ_œ79;Bɳfh:lB  X&)C^ZGP@ؽ| lWBWl]*[àWq^4~.3(cÖ'")e^峦=o] :~{[/Re6} p2P P0'|*,seM/ UabTĸMɌEf~2R |+3iOJC]ʕ!2O0 OM}/4LV0nL[w]H=D"=0?Bπ%,p-d#WPP~Ot̔WzB_vWhQ??4;iopi3JhPKPg = s@eÂَJg}qA[:RA q2 ){ llsxIZ)ֱ֑$J/Z4>)ޱK=#8#vpc֡}]֨ǪDNƄܕ.fDԈ>M"qQ?01e&@h; 鷈 _JP[ݨ1mx\_BrR[S73VNjZ Y@h}f7קvϏ'vN.'$\oIpbPx{\5;QC8~.CstbE},;lھ`wO2%Ĩ)%:|hG>q*DX*}aEfCwV4y39-CK\ijJ"O{}(uςO3Y8fhkX*3[ލR`an^!yvCڈ$?PQc` 4N{ Ydf-7q|5YSkf5ӺwjlL2 yuqn92bgJx9#q$̵|.!~+MAKkescE] -L{sRrIvdS\"><ָ3N!萐qXAbsr2eQ%XMdag9gѱA*O}wQB(+FLxxVlKMٷ\ZJrA NDҗk\b*2;OO0 A!qD%A]F˶tx(d жy"J󍢐8MVɍ`OQ9j!kǂɫY nЀ+8i¹HP;d7uZ#}DZT&%]8tn= l_/-~ Ό J T [TYKSNu sa J',}`AH윍)l `2;jξȁw !{.Т|ob[ oNN@YT2JTa3A"gkq*4mb=Uٛ{Ux Z7e{w"B6)1u+h\#$9/<0]u>QҺ<8N 0p^ U,5JCKR:NfY {è(g>.gA>x(= ,,gwUvHc|-Ojst~pGnfK[a/7cNgYD۴ES iW _]Md˖A˫}z )i/  PH&7קNqM5,p`6^1 X䱕e Syh]0R,R(y!PjS]JجyAcގ uEߚJ<]TJ:\E%[ZI坴NPK0A&$Zb^DitX@bbԊ2kuQ-L5X! 2< JB?w Y?`2X%N_WPv3R‍0dn1TDLyWePP>dg݅r: rU,+2y;;*" okN9SA_ܒPS15}[JBitI/Q @kJFYxUj'A %|FH]g]CˮU1(V O)y^ƑOlnP F,CT/XF^k}̀H3ِFo6NjB.'`P@E_V6 ғA jGburژUK]U\a>r̅!0XÜ̋ŜP~g{˛"^{ǂ>{g"- m|H-XƫOZ\ %CRsI>-ƿ;w ;DM.:Zps1]Ԅ=Xo5,0"w.nH=W,9NOKeIg׮.[=*QZwd!*ڝXuA}LtILt u{ %p@uG\: pobBVW=i.A%M6'hE'lm}D4f.EPڪA+-NI^0wפ2`B{t]%d_.#2G悓%57^#b110TL䓬pe{r[JL7k>bvQcΡ) vr|wWKVBi[Ѓ% v8#Yr+еaq =X57{8^D|Qc<[ls+PI_ n{]zb:P"CuuF8rNQ)l d\5hӊ8H.H_9{gyqn[pT2ac- fZEnM]Q[V:Ę˴=oOKOӿj-|^ 2eg۫L%vQEG|yv֎On[uɡ+/T\>^* wmZُئl%<:6kJ8A1 #zʝr)Y^\4~}`PS;+c-U BCmR(*hS 8խ੪ {=VHa%Ԙ{R?5H/FT_-}lGGֽ h2%TdW0!<·8tmV3g\7%r"?˵=f0C ׼^M:Rϴa3dIctbѶzRRjR_ҳ ԛp_5Ji3-7RY)Y}-lZ2t>k~uL:MY qUlO-ڬ(LeP룑wl&Z^?'Uir|RL.<*yl( tyWx2Gg6hd.4 걈a(O̷Ȑ,D .]\C5dC/BvTVQxvDSEuDjFU6DC㉁""VFGN-tEb_0f7  e)f=/@s Zhɛ_]=/'/kqS<3_j ~Sk!BnYgu$͌P_18P`8K+ҁ:Ae֥* nF6KЊo_߆'E) .[f $M<!J[=¹\6yYp9^;A{dp)Ny]&=K' Dȴ095GJ^Y9Ddi[zk*m.5]~|fnƉ3^+[D.o%6/$ll7]QEwkOݹhWU\/N3d爖Xg@0KPtNa 4#RH؁ ɶI܅tJj(dr.iIGZ53CKm,m7:jl,~YbP/Q06dO$(|5/IfaABЋy$kV DXVZɩD}`gi(R"`BJ$*Z&Hu:EKыկJ+-q/.I>TZæ7%Zfm fypa;Us_RA/T$aԡs)?cnd7d<1ĺ?rDj.OQB8:ϟMIv5;*JV$w&Z7+9}zQYa}-޾mkÎ(3O)?j@ IB3È뤖lM cU&YWCo޶4[dm)!p ZMu/;vAt%dPBL{lM|6~hITuOe3[ޤr0FJ&}%($][uV.{L a.ŐϜ(ڸMQS_"gJ̙p!r*:U(|ŀE,ο].fIiFwK] `s^^Nt /4ЬI$I7T@8"`C F8OKpn7/CL:.syn2(=}msybs|}PaĄaVJ\TBITg8NL^p#^${}M[ݨV(l}%$ay@=C I=_x- zm@C~Iv9̠XNCE[@ʞjvx P\]+7X L䄠g*)7bėi<uRNXQ_ڸ{ǁ`v &? 8!l3;LVEup;0b!o:~ۣjǞ?i,*NCv&*e9/aTN@+ȅ=Aِ7z֗cH|wxma ,[*L"5bdIiAM-M)k>m6|]QmC. |DȘsۮeD.p5}+t$3su NZ 7*h(H?R0uY`P v, DRٳt; -nc6k~C\-YxWwZN0*)Z6}~2^Uq@@PI'Ms0 nH,ad4BhPXdjr>ҡ(c9KU@_Ά ( `m22Y 8s.!׾lڌj&"{&]SjB{4w7Á]tn^ZR 2 knih;B1">OY0,7XŊr*.e6o5TR'ֺ5_{4KFDߜ0X?i&2GRk"o`cֈʋ?yvĦMj'0䒤:++cGS+|ɒ;z RbO"w{\|87DvQʫV<$%< ;DuFa!8.yְtȇk o.Nm4Rc;}gV|+Peޱ d/=X|xaMSgxb+*׬#W' x '^f#]hX'Ԇ'V |n{89'=?Q ~k.[\VVaSB@%.28wejI>|0ˁ5\-I{#h>Тa&?@ ON dhFDtreCwqƲ&9v /|N$ ( N6N 3AsA~x3RcpiIFIP屓 EË?OĈ- оz?T';+聍0@`35QZa+YpJQ*( (X,d4F`wΜR̥ءd1 ;^ຑ'wC! Ub ﹰN3'4}. ^Iܚ +#> +x @fn6![v]%|K5&=@pېaEZH=TVG4 e3< KX/,߀P"!R7% F X2`]@P`}8]0@짩3 {q۷S"Y;ӃV!BUmS= _w~]? iŌ|v(ʵ#CXw68w|gǰBsIj=5'8ܱ{(S]ڧ".+ʷ]Օno"8NZbgH5oZS/.<`(D XH6G"fϵX*/st7jrkH9J.Jho cxc `hֽ'|@8 (A4yNKϽd?dX:<v|eg+} b5-%Yh{/Ɩc*w<N~BL_[8B+ᦒp6gDEmתI8J^1JViV![0+rmE|mf2^=olMn ^ L:mcݱҁ Y?ݧcbiXӫI2bQ *1@NU3U:6;Xf4(7>)H)Q"M,/E` ~5I]lJŜ>Q.8'U )M 9W{w`ģ ВDgr[:js-D0lS POG{_Dm8E;Ֆxa{2{͜JA7F/7c}γuJi{i}@ Ihp=ܫI;{jZe^;{zK[OٟA"Y/6rg<}V*%q5-@B ]g2QTԄٛmΑ6YUg./X"뫲 JYС0>]J|t⵷ګ) =0ݚqLW <\Vs8R&FػǦ멡5

ŻE23ytP™MskVh.wajH@~ KV`lVjAb Gc{`O[ƪbIt#ұ@FZb$|;i46ð yP[_N(1۾_ߔ̬T\7gۂ82FO13$ՄT`i,c}xD:J=#=W%1bɧN8lKcO6`a?0\ U98_$yI w R8kcjj '2vᄃ,/LE8"n!h8jH<chm0B'Lƶt"r蓃CU!͙\ j{}e7kN6U#^ e\[n TY' h14\4ki upc %5Q%?fmK#5E) ͔l@ M2n62g'ab JkdT=x3|^Ŧ~zrsӤTJ!L"31O]~[/Eoh͋ BukW@aVggN bx|na^XP΍Y^_1<&mpl gdujq(F^_i,.`kn5I1 z*NX,8O1ZJOf晐3%hJC1ݛIr(~,i@!+MGCؑĵ:$u y|\#]d`"X}f{pO'OX+5FHشZ7)A?7Ka˱i*w#: ߌK-wS5((/;B9w:+|֌?=MАo$)+鱞#YyN8Q]kmtR6w@l}+{4TkBV`BBv9u5‰3X5n JS՞ufء?X#+ X7RTi5I*]~.@T3z-t>OCR&̖L4e,8;}*I 2uɶ̟};V+a=|DcM*tKK/ay+ϼ@l}8OEVVqupꤾMmZ(=PoEbdzI+>b$Cn6+B%o@~:D0TE:4UQ^ݓQFC䰃 ]{D7Wx0'jW%s7ܥ47'}QseZbѡFh:yc~B'h^jD Z 6m2h#=HgA}zИ²1nfj[WsU Ec節 n҆A?gUC&ʁuF1`ҿ,Iv.{/eqt`ks8`^"R~uRD\nQcEn.FŏN-6ޫ)qaMki)1SmKKDG>4é)ImDkpښ]H3%X~VKOfSV;>zCH7R5ZĪ@ӵqd>C0e8-UvdH搡ua9?Cz*|f( ĪbS20 ƌlHx7z58"#q 5˛뵊Jeƶ[n6ps[9V,bk)~- "¤g0YΚo $ zW X|byg}/ɋꞲ[Ŵf~"X0}-$AiHkո1Rѫ|NlCXry..| w"HqiČXsW4} _յq31+WmK@ivxAh-%&vvLSޔڂVZL148-oU Va1ӻ80cM:^ȓRL3+B[%Wc t:uXgl3O~a}4&Y]ԩO7yJTţÄ~X7_r~J[\뀅2q?:3%T8tPc ӏ N;0/f|)D-lLBcTg(MN},77 *pfRaip4O-y}Mz>;nlZbL9gp6Ӟ0dP# B3>T׸$ឪԣ%b`n q gjnCBe"yI  鵔B[tހ򽁢L{  __0mꭨ^ 4z 9ط|Er3-eaF>?0D8z~cZ6:W3;d+ZةDn춉jLu'YCM{HJ}ha?7K31'e |'N)R;N<9,Y"k6<rL]8nu# QQ'{N\F7n4~7DѶg0Jo>5Ƿc$ N<'Ru+XZ(8S͉Ѡ `Sl*ޑK+,^!T}+Z@U|U|0Cؒ5̹q3_ǥ쬮oU2{>w¾^)[8N2<GPWD\|8I~'ˠ(ʷ'dƹP*heSŗP≎H6-4r{Ʃ0?|hVd2jfTQAW&q|~XK!smGal=բ~JVQƉ0YPi l pXzmzkU^ YMf{3st 1S(Y9BR:jĎ8lU Uă\WeOy-*|/$V=r?$й_..AB \iMvi >x?Mtd#`;3lAVafJ&VvMuwiw$;P))[LO @S鋭ZھQ^Xv " ^H."hMߪhub 6YPc!8#UhGo/O|w kZ2s:=QVtOqb,R︔wj. oE|{ KiRHԎ$\cGg6iWt;0{li\EceK%|̑)̍ xezU V=myԀD72 zU3i&k&}p̉Wk˰AP/ה(&BXK.JۊJA*tW"פUimqַөcg܍{Hf3V3Ôr2%J1(ɆKMˣ̊<7؂.TJ*HvWY6z\8\s0&\_!FvM1ZUX8y ͅ4XSiqeOHUu=`|bO )_Wv18~N=4-5pvft~~Th,S"Gς/^4 N|m"=a$#^ѕ.>_pʛ䱑}ېÃh"p U30:gDX,6@~6sfԎ5SQ08~8\Z mL '38U0gʔD hu7] Btr#!BCb\ ݂mӌ\Hd[S3;@U}SMuCЧRd'L0G k-PwaB%::J Ҭzr,fI*=>2ېn=93eĦ @,xivfYpBI!؀!#!0#%BRCa/00g1Z9c6b0)Qs![ol2Z[E3piK#y}ݮ^ Ș~!8PmV5e"՗L2ܚ6kv~D{=SDC,=]jd5m;u!x@ 5a\-gK#u-6[?y\X"a%JcхlMNfNƚp'QI#BtʭvJ`Q6`}$걓M*yš/F}hT%erRW4x+~ T C u[M p%>p}$}}w*y'` 3h'&8;yZwc%X8\ 4qP KAֺ Nvfuk3NB? W~N}.L'tɯ";93頮z sI;B1SD#_e7a@"Ljn pnzTBI̚tN ^q oL?W+Q@]\e=?-wcVܟg S h+¬slo%_k\ J45P;sF6 ۑJ;kXҾyk;t`}DriP f-2eYW9p1(y41-Qr| ޫ4v\Dd=oկ^}K"@n%w:h<톮ukq"yhxbBR~T3"@K#JKsvuZ,A  퐡?3P69{M5OsĖO{ S}@Jb ЉXO [ N 47I/ /[ȞcÈ)j18$}4D ijud|1 5.FdR{;)Y-Kc|s˩8r&mm N~J]PD:^Ttܽ\KJŤTǖ(B|'ԏh(GfC +(rn",ɶJ/$DъIdD-Α\I]Vef?VVBNm%0_JT/41DdECr#I7pp*v T" En_?V@D5i ^mTNC QĽԳz@%zi$K9I)(K];:Et6F9Ǝ[Q%sH g?/# |MceusÛt!{_BTrj:Qԡ|oqkY#_qѡHI84R)onMi:{ɹ3`㞕Op{N*p1e bMz@IG(mUx.PlZ[/4ꅒ,r%}ixZAJiFmSbSs͆E]Ď*p-! mqKhƿdխԌj(EpXL{zvfTrg}ewi}ns&sMK;H00 '$PO, 7m#Ӎ~}hK ȱ:||ANEMA13'ݵjtO2ql~⌵-1O.cqm\Q72ҋn:'woK@ ܾw_C-,m|T493{~B{ݵn94BcԤmu f Kp 8>$ā{ } iC41yGdH y:`c\%s:"M<='&S`pJ\/;2X:񣠝I9D`Ep "ޟdV=[wW]UoeYn2=lym P0/5s aX-pq@庞20_nA5n;V^fe$ѯ,JZ DS>2lr+NJk+WCWL G; +kqH;$il@|bc"].JBg!H ppM^CCwd`L%ڟvV~ݤq*m@=SvW.@,qra!': ;ْ'jߙj~m kj~p5)Nj3{N0?*T.=)4ظ]p`2i杝n4YTc9~&.s/ b7wX A`\ >RgF:5Hi_o ,eQkm ?A|(Sh;} '#E >?g $Gw&;*vlQ.Twwජ~at1c@U,6Pay/9o վ*R8 3fI]"G@h0V3rU;oCh񙈟Uy5V.v+,T*I1*[r*ZGw nG.g=#Hғ_յۇVzFXg_~q:H0W3R) ڧY,~\R@cNOV&zO^%qMkTv6 QwL{070&b) ـLf=ؙҴ&/#AK/ꗕ&@#STR\; aToT.9#{ >1SmLNq2aaBw#'Jק.aZȀ-e\+ 3h6SȖzKqyZITD3ة.!hxq̓b&R3atDiWWH vށFAF lOV\e/27:F 2Xy#yqpx-0E!EB S-G<3&اZ#A2SPHُpt&JuV q:U =SDKQ?sEMY ֘B{֍u-$="FE[̼3! E*I< #~wRuM׀,jiB@ ,F/OhrϤϫ-(0ek׷n9|(ӣsqT(O4pJTPٹiR9^1yذ@&0WM^2p-Uzf4܉igN$ZxӞnuVQ TF6Mho\; t9VA݁G+sFL ͓ON]_(ER/u^*:‘clPs1&8fDa%ԓM="NfΐUeQɗ]Qܶn(4Mx'ӧހ(|MR_d͎Lif04ScOPd&.ٔiv.Ʀp8f{W$nƛ/ƺˬa`*vPe1Ӌ=@Vˡ ؇⸍’mjPے_tCtN^!V\9 & +s R»%řׯ<@u?p6mV"쒏:M #4HHU"z,ID&=XZZ$^ ӯ G9u!S߅\lpV"Q%f{͊,W`:hn9x7 pJ'77ʇUڿl1/3bT뇲q2co2vo^_Q 0Q8ຶg*1DӛzR31mnj)à"U9H%9 y] $50QhC \ ̢וDDJ:&(_gX } 19T_mOu'Qbz&Jཨ2E{E5؀YX&Rh31=s^Gו-rs6B0j=oYE_mnCjE3DD9TJ@l'FMHh>_5DѰLEǰ- Mb$a(q2民McRd\^U83Wm͘kٸZ$l [zf l}ɶx\\ȌFؐ0}1fG@9sEߌZ6pjh,ź$r>vȯ2[l˷ t]+.+ < `6\ 0 SXuQXePz^S W>#jw{I #Nrd2t.}7"8_xbq{ٕ]S'A8zs9WE 0oXu#n_~2q9Ƙ,@轍Uلrcpq,cmERte`9N8GkbB(Hߣ5w?-kH򽏹܁@׺oSűBmq=3vlIO u` j Vu,1 E@oIyִ%K8օ=W-e!m4C̈%MAO vxWG:a8HȄ;gHՋ3D0f:&^f<հK}!sgdžpRbv\a:QԉΏ4TѨ 64SԍG r&fSgdcgJ BsHS!1Jc'} mB{Pyt ƥ 4n=f+yLEHc|ރĚXSQl4uG՞ٔ}!*^Uwט YS10KTM 0D)Tá/q\QA#FoJk0 `̷c_&=4S}O/yG]1)$Cjh\ >a㵢"|$(7yAf܅'R-PV+@hJx~-Kf%Cr%[r OM#;O17:ʀG~[Rxez'ծ9W)S,\ve)g]i/}Rr1Ҕcxak4.N~|+gJRY^wcW"ƨ(!j=_5`(JSc֙}xy t"'O_:ƖRo Rƣ^բ*KH2iN k)k'4> k1Jܘavʙj*[&#`:\/3j;ּR }٨mq AOĖfZCsEaH.w_EQ3lDF9Yњl(c~[n7sssd-idp-2.9.4-1.el8 >  H  t x   (eQ9 U]XCۮ8}dM7E/Rf9(o{v7K]'~) IqbEGS -[s)  c8{]GPH/nxtW^PBg#gkL{AZhTşvp=gƍԄ$j p]&hk@B&PC>-|/N&*eaYub`+-㷄bdc$6 D<bdZO yM iǫZрCBzhI^1% :l"C/,}QQ)j!R9WnpDK_z[2&JE%:1ٯⓗ X^Qڒ$ ( %"k {#/ \NxEu&ÚXS2S/T4ŬbTIwKPLq^y-cUlNENn6@-LW4WaDPZUG>0nxAzc30da19b5722f017715775f2425214108f26a2b6870811b2a8f5428de1d4050cab95974e72b64850090b715b8c0bd4c0b3d15c210302047c435bb500673065023100aab451991de93cc4a4c0d01b3cb58b2ac71490fe307bc1bf71da366fb91c6f4a07376f9a5a89480b29b2dad7c1fb282602300c6f516d98f4b50d8a1bbaf94fd2efdbcdf79ed342a63109b78452f0ac8735c591dad9f590917e13e1859cf6eb72d9df0302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb5006730650230603acc44e6777664cc9c4ced0c0dd9b05435ab8364d780eebb7eb5bb1eea17056a372490747da55d2aeae4f2b863c4cb023100f97895a00814853d25958db92a7e78199c27584a5a08ea82182619e421d03aaa65410285f4cb798db2d80e6a4594ef6d0302047c435bb500673065023100e9b1cb9b111e5e43711442b19bb83a17b84f4ba6faa607b5106c0d300b017b6495c21544ae5b8187d58abd521680117002300ec0d9aedb3c1b3e07cf8524a3712df6953a2426c460b918a281905461e7dc4fdfbd78716aef80e12429c5154db57faf0302047c435bb500673065023100aab451991de93cc4a4c0d01b3cb58b2ac71490fe307bc1bf71da366fb91c6f4a07376f9a5a89480b29b2dad7c1fb282602300c6f516d98f4b50d8a1bbaf94fd2efdbcdf79ed342a63109b78452f0ac8735c591dad9f590917e13e1859cf6eb72d9df<eQ9 U]jtcYz*ȓS8ɗr~>|иY_-.kI #61@Γ\<$VeNvk*Lє9oGX_bd6EquI`<,?d   Y04TX_fm        ,  5     8 \$(q8x9D:bG H I4 X@YL\p ] ^5bd.e3f6l8tP ut vw x, yPCsssd-idp2.9.41.el8Kerberos plugins and OIDC helper for external identity providers.This package provides Kerberos plugins that are required to enable authentication against external identity providers. Additionally a helper program to handle the OAuth 2.0 Device Authorization Grant is provided.ex86-04.stream.rdu2.redhat.com'CentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxx86_64y':q8yAAA큤e_eeeeeeaeae[e0898a66f9f24c57f0ec5f2f97348b430cc0a1246bbd89d3ce03f3dbfbdd4274f9032b502369e4a69366715ab48e775db0c4b899626f39ea69973ea58b86895bbce85c0d64da80a186b1c4dd665a43c130c4c26d9d37dd0cb0a688d9b9638f33e0898a66f9f24c57f0ec5f2f97348b430cc0a1246bbd89d3ce03f3dbfbdd4274../../../../usr/libexec/sssd/oidc_child../../../../usr/lib64/sssd/modules/sssd_krb5_idp_plugin.sorootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.4-1.el8.src.rpmconfig(sssd-idp)sssd-idpsssd-idp(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@    @config(sssd-idp)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.25)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcom_err.so.2()(64bit)libcurl.so.4()(64bit)libjansson.so.4()(64bit)libjansson.so.4(libjansson.so.4)(64bit)libjose.so.0()(64bit)libjose.so.0(LIBJOSE_1.0)(64bit)libk5crypto.so.3()(64bit)libkrad.so.0()(64bit)libkrad.so.0(krad_0_MIT)(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libsss_debug.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-common2.9.4-1.el83.0.4-14.6.0-14.0-15.2-12.9.4-1.el84.14.3e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code) 2.9.4-1.el82.9.4-1.el82.9.4-1.el8sssd_enable_idp.build-id1fe5121fe566db73ddfb302fb13f05112c1e4f36d63011433e41107913e4c7143c43426c4d0948b5sssd_krb5_idp_plugin.sooidc_childsssd_enable_idp/etc/krb5.conf.d//usr/lib//usr/lib/.build-id//usr/lib/.build-id/1f//usr/lib/.build-id/d6//usr/lib64/sssd/modules//usr/libexec/sssd//usr/share/sssd/krb5-snippets/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnuASCII textdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d63011433e41107913e4c7143c43426c4d0948b5, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=1fe5121fe566db73ddfb302fb13f05112c1e4f36, strippedR RRRRRRRRRRR RRR RR RRRRRRRRRR R R RRutf-8696f16eb5bd32a747d612c5aac189c50d39b9b32631a2b96ff662a133010ddf2?@7zXZ !#,.d] b2u Q{LXһ0:8IxքFFw\,rqQFNI>e&GXPW^u5xoV'AxLBn< trC()?}gq>b?w盩kqI4o*mt6k^\!/*h5 O4lS; ĸLmd@|}QKԻ!+u b6zm(k1y~())M9t̤9FS"] _vx)Q2ofeo[Lun[:A@"#WpRδj[~WT%·'.95腾V%vI($_cϨ?n%*Qd(SsPhRJ 03pP|wD-A(] ,!"L,Mt'DSx$㇅ڂI_}%elxZC;`0D_W\ݝB.mZ )m$:ȺL$/5.(B+-٦-/@ph@ :Lv Pֈ.Cg:7"4X$>h fy;Q̅bfl? v<^80ѤC#]IrO%8U{I?IgΙ;nulJXHi,B3? `,<i"C"̃ BRԡ!S\5Z\;/js㜳e_~]y!H"FB#{Űߋ?xg)uU V!ԍQe[Ꮮ$ip4FIʮZ/g$#Ȝ*,}SbAnZQ}N08 fjg2އ:T:ap{GCTǪ}sebkle =pe@j\a eS kI JiVIEY*4cͽ{τJNGD ̻u %x3)iE0n8x(v0MʡK [j_DNލ6J5x "Dqp:EYneOTi@k~̻26X]ZDŬ+=v欔<QapEk=#sʸH[}) M71pG5L—Uz/ر@m*rY{/SqdHe99e$nUۍQW7:ShZf۬ j "/}k% KhlGKoz[)z!Vy^9bc|,+}n?I&t;m g\[G5UR1`c*0|2a2P{fmAQL ă;!v;ڛC1&n'udŮ^~Յ˜9p' -nU+ <=/{KVL3@X_e7|L,SMw5;Ւa9zz`ʷ&ۙUZʭ,6BKqx]+]p`.-&CRx>P'e4 لT[("9ģÓ% VX\ڬ_ض\u Yw97yu_;.>& Q#>QM,cj$ázDXBFԂ^z`;Ė'=`xRhWZ!z體4[2yF ;xo[c笚i@?KىpTqkry11!kLt%'EhtDnW"\}NNy>SJT)6ל4AI߬zK3sS0˜ѭ.{^Oƪ0. ڼ^ +TfB=ZdP{1EKȌ*fMk 'IܮK:8E",1( \ˆ܄]eRkҪa,xT;ltpN8PBS |r4)Jp?5;o:!::!-D/('&ot Yn*"ƌ1ӵƽOG-jn#pv=44}5_;Yjj?d - Fie&G /[(3 ]\"^^+>6ߓZJُpyN#g2ƷM_lHI{;Ǵw|9>M`d|1ߤVHv9("뗟S'6WdL]"Ԍf됦4cNHO0 ss5oBU&pI=cipKFG{g9T58@:`YSn:aw*T%J팞h 0 .k uܡ.iQ ,0Ì026dϟ4O r>Kα ޱLtzpwõ袅hakKqщBd< MVLpAd9G WodE: ƠiUm͹1fw1ǣ3r[IgpԒ%rdG;{y횅Eo3< e5I8FM4 :M$l'-4]W"(r<^%EA>R$έQf^;+VңfXΤSw ΏSiSljXW GJ%u_"Ӽriؕ+L[3>"IYWQXbIż/pOLT(&u)12M m[B 9ŀD'WMq/y܌Dg7W s߁mC?"`fhB/)c;4M@ijui_a?f"R#Y_L!I~> 5X+_ : -ƿk#1vQS˅s)rE-GAlj(4GpXFѣeK| Z*c*8f?YVysȥGw ږxm9 pNmlGB3Qێܫ y!? _ mxl;bom"V ` cdѤ@wAyE}~{ӚW󁈝x=YaEX}cm'x%#'n46{6v'iSEn~ ݟ~|\ #Yb@x`z TbHeP4NF ԀIQ!p50oO8񍩏#z eo}>*M]#hD%] &5M!98 Ә.U}UU;Mm/b)LKQrf4>;vvPA]Fޱ_,3%LiE-YVf*H̜])DA?GY؀>v5{^m &O V9@^s'8(}$ɏLg{q uL+/J؆l7yT`=b'= x{(ʋa.yp@CǀpgwKڌWEU߅ў'gLb4A$[(qtH" q)&'te25du{K兠J*Z7-2d簹BB l wLPgZ /pb-(,ʪ y5-JiU^Dy Q?NT!5D-s‹kWȾ|$3Y(c,H0g̷E&= fkrsg~PR;9ktjf$9Zp,Ex8^NSʷ6帣 .U$\E^L1a{7^mI`>hwC*Ց;#]3hjl{Ӹ3 ll$-Ex*yrҶ\*" S]&szWݰ`͢]!D +:KYTC*=>qH9 X,HAh)4v<%a1<;nVBp&!Ix.V.T,b ;8^O.Ű>v;N\a90ZJ0gi&;r1 FW=C nJ [e&(Xzĥ'~ r[ U"G YmYUUBe840{r7+=aU@)bW]RU*>|$^OW )ۄ{ơ;Ы7~nr ւ;`eͳW#ЍA')Ji-+{;=`4]f!s$2#@PY;s8Nv+"eH|KbF7ZD.d,OisG˲6/`=c`Q݁m>_5=Y}ys)8*W|A H.p@4,B̀<*ʏ"[qOmv6^81< LJi; -f Lj}q4DU !0-s¥2`?C?@AXI0i~Qo?N91^0VEvIn\3!`ɪh'C͸l걽bKs ae=Y>1D%9 yJ sP)$'h<{3kM1xi qG3ݺXPM<~-wJ{* Ğ4k&kqoT5D xWIk'ZɩX\3d&K3-Ն6qQ\_5S#v%4 tғ4+!48RFkK|P>U-@g8S$r@탬?/@nbxbP<<3Z(FII(@IJ:F*tϷ>ZM.PHL~20ڧڄU@or/%l}'SRR7&T`@ R%꺚i|TjE;uѧq+bB[g*SÕѺduPHB̺*˗SUK2:W3022e_͙BhRE QTR"_so^T5k[k@8_&7i*-C2>ր숗HS_¸o"%̍/A_bL0 !(S1 )@hC.ӡ`!Ya׷@#iɩ3rV?S_Z@H Qnͼ;m'TnfMW#@-X܊PV@lW2QJ$8)~pEj1*6"u<)2>:1|A-eGxD.5ٽ252 .0*9F-lxR ":+'[ 3[hͱ dL氟gBfh)чC!FS[ K>)j]O9A)N i5H8h&GOP0Cn"H*F2+ޚALY?f<d'u@&B ,G`btL; uk}wr8lH]VqRңz4{W\bعL ?#dG~_/ =!QwBdTO}UaV5aoNCTf%M~&͟ ͼֹk.oFN4J0fޤݩpiYZJBOv5]>A)2H8㛯qW3S%>j34uFGK>~vHYrg3cc|h g%4S R)0i MĒ"PKH*HB 8A &2llՔKP[u#~I Z]q(2Wb۴Q~3BJ&K'0GӯY'q+xbQ _p wь?(qzan7,z 9#}[@(l]rz;Cb-'4MtOϩ񎉄s`s%C^*:(=ATzf6&;3S2h+ooLD.sFpc, =<ҔIdu-^97|gK_1*M/G9/ێo`䎢W 1:k/'׬L5z ~jRɇYA$ S%ڷ"a+#LyCd^Ҝ2qh)[ptSw;Vy)(*=qut*.b9P5)(m /O\\E].( }: VVEi#ǑgF5H:aa^s9=4 >_d>d.cuKb\C=:+Nkk]+=Լ ZFḎ ׌>& 4tPF*# 0r&Ϭ 38$5rh/`uq-u2AϩjBz3Ӧx_ G[3ILa`_}Ęy6g!ε CA -u0L"2b\W IRoDv9O jpۋG8B6k@ $9Sy1ٛtkl1&*ԟfm{BbIY&WF `R*UTe<1Gۀ2nL'V M`uUͫMm-^,)n&xEϴԿߖ m"s]q(]qoWN`i"FQtgt=v-,z`( $.{kc-mwJd %+]+ %K'od^RO11#b["v6HG=4EzENψp! tUn=L.°Qe)ڹRx/s3V2x`ᨉ!5pz<\:Tlfewl=]iSH Pd@RZ "W_wCw[ͷ?8aZlJw¹}_ěش1VIU.=Xû| Wt22g̯9W#u+]c.)wyS#j]3̲S,IjZ~6DQ2B|u>8wv܈ v! T4;n 0[Esa*{{)5?=ywW 0S?I bi##@, >qYbF:5&-Tz/-y7Fg4 GKMAkzg&˜m}6[+z\7ߵ!_Zhc$?*s}Mh[iH,Br+K]}XOls#Q_4@_3տϤS'?7!ɐ5ŁZCWcMI#X)|塈bT6*ׂf8fOUЯƑlM03 #;f v\tSyUO i mlf#?Vg OܢU$ V8fbĨ-(f?;nZb9JM'A*r{a /z_HҾ;3 MNQmP^LI'䝘vIpGJ*DmIxnxX~2:'.t 'W=N+c c%+p$`ՅW=(&Ko/-n BfNS]dbf, @jdl76DgHI_\LцkmGv^ R.Nn%t i^uHEU'`]ޅ]:ZKzT9 &:Wܞ Ǩ,e3<6SόnFT(dYnB(DEpXz,їqcvRn}}+IUyV&Q̀iDw|HTe ՞4ngWţĥ<0TmfgCv.29opMmr3%spՒƁ,: x c8~)Όc=:+;27*E8LŰɐ@#25K<*0K<"#gKYDc {ل VTo8ь-#/w cƔO% ϸ$kP騡 {o-G~>B %4(hd ]R'}WJy$THn$ߔEŃnѺUA6b>tx>Lͅl9Ō_"S2`짥dGNauIxܖW0 W{8\_@>ЩXoC5*i 8l?ĸإn$skaN`C&$\Z tlik r[l&O3Xy$dm4\=+qx=,q 5đ3wɠE?1j~#E3g7SCub沰Z_ ̯D2mڶ V]dü:/D(aHxl') w'ҧi.:/t#4A< _k"pF!Z d|_` 8?#Žˆg&3ك3'<7|UsApaf j(j2F!⌲{B˟rH  D8MNzxۭUd$Q>^][ğ">j/C*6 p;qf@nx;rQq[a&Aq"ң̵uQ3=9}2\ʄ<(%eJ-Yޭ |x{SӴю?kdgߦÕ]to}JҰ~,d9_JaDj-Z4tSMEP5%u,[+n?G&֊}>;xs+~[ R(%3 9DGC 2@#+sݶ e[n ˺ﵙ!& jr3c$5|tJ9XDaµ@7!3/~,WŒH9i-&߹h$p_HB !@GnHNVi'N1pHR؎2Rͪ{e&UX{u<`)2A:W:(dN-d (#w hs"zkpY$PRЏv6b^ݑ~6[OXg܎#ara!|i{gt?J'=8wpH0-ƳU K@s4 rz}~̈z`iAy}(:Tb#2ty|b]}KRO`30QS`F| t{9nU:uEBf] XwI[]X VW5nFD"kH iYH'AG:A,OÃr۫"+ msj aGQ LPSy*Q=qB|ծD0yBqW_cVXd9} ZNoGsdqZJ|G#˫(d}&y|_ꃇ(!(Ky ^L=GwĶIkUT1u{h[v4w|b=-wl})J*a[1!yuvq?KvS(&cJȆ/0^1r߰9#QiY=0S2vN$C BPVR3\3]yAG Z S !t\BfAʅѩ+)݈28r~u&ydi~Vӊu$G?e3Țp&ZAbUNeUVO+`3>8O0x:/a24 >ɍXRDRȸW_\PLq·xgs%rN<{X2kr-gӬ^EQ餴xjypbǣ{u&~uBnO7XWi-HnoҺ{&Mǯ!5Ob"e4gkB׌=Z]QȵA\\T)眀jtH[{=)b)`,"UO:ZD kwg>Ɂ0]n&P4XYI'vs j3.WȐB$ ]Oֻh)T_5rP~;V*nVHV V&8DL a;S_l(],֒X8aޱV*'#kCq).vZJׁo.Au+treAުɇ$+/%o@\c/ /'N/6Ov{m= !b&@f>)u,g\{ZAό]? m'/c.(iI\{d! 2R]y*q,^TS|v o42e2cʢw[viz=DG7voFCNQ?T֟zp6*g>3˫ni0Z ;;6s@Х;>: _ [ޯvPY#-ze١܃=mւl7eX;PL~9^qȲ/Q^6mbnR<$%Aǩn=cЉ4~[3CupY#P `ƭu!^Z8P \z=k%b!޾m:1ހrX6?%cyw)?zR.0Onڕ~㌖)O e.0S YQ9 &C-ZAp?sat02zL@U?ϑ /46`~nn4F}7%BTr4툅|FkW*^\+N %JnKxp-8*D4-+ d GtE(H񻟣︧m'ӣ/xE9ň0қNyEhV$_T)愌;ejòA_}:_旙#ݱTykW ݄m6oIجf6{tQ SG7|4%6 Dbg68*\ChARw8Arm?,7v$gE*kw)P#Lݷ_Vc$˜uҐB~}5p/@PQ,@*YXPBg  H |$u{U2z t(4Z- It7CB dEebv /8Wשc`О i̢,̶On4iuל[eg ^lb Y,e.I?W 9}<|O}++_:ں^e%K|AԠ R=Q, {XMYR9,FN),=O$P، V\[}lhl!CLϯEo'մXj(1LeЪyJ 2kCi>Fjϖj.<ɌHΛ0N!m/)fBrx]* "-y"BYpZqOA )ZQ"y8f\T6ᅍvd}kR`OP+c !4uH*y S1 9ZC$J7Q tEv(J}=un97b䍁lݘ%4K >X#TRt;nX.|̊nZ9Ә"qĨ "Lx\I9NUxظD[^'o5GÞnew,sP7 9r745.3_mF{<1D*L"CsӃ&f\ yX7b(Ҳ9ht;;7#A7 E`/1xTݕ<-{'dD+?%Z^M_`gHχʎK@WO` tg];k.G4i 0{SO\5r?+c U= Rٍ@v^k.TF2qZd()ӵ5V]:7HݺUCAkd8_HYs#ōo=?yS7uz4 , q4*ޫVX_CFkwqՅ.>/  ӑ_"3+ ʀW]O,jmT3ܵ\n-N8H.٪E.SX6F{~Ykb)pSmB$â'`"<Dܬ$RFV [;3kdВOCw@W#iS,=)#0``!k<$>eJ( b- J. w48/`&lFNqBPdz:,L+sGwPN#3T!*3ϙBűJj ]Q95aJ񎆆bBǾ~.yM-/) JfS"E֓a3ܫ}B__aY3(LWyI]ƇHa8"5ELS &SFEt"BbJsz~˽::l A]cNx8@c5R-fp29:a T uVm(xGag^~iUPmuV5 bfy|=ShKD 7 ?vbOj؇ K/'[&眕U8LO}ʻ8p{@.FF ZwȑoJu0֩;gz[Ugo5-N͆*gKp2V[]4 /d!"}w'j7eR5F-LgwOy]g ǼAˌ|&m6=$Ls颷rBʄK*n:_CCr*—)&8י b7%l`#8s\ z%Ctdİ1-pi5B5K8+WQx|!h&Ex}q{Bj1=4◼~xMaH7 S61Rc~h?W}چ4;-w6{33i{"It ѰPh!ob}ڼd|'TaG*aOGDnMZhG%G'/Ğ`KN/Xc2B_=w GRPd}T6ӜMr_EIfГc 筎]\6Շ%`q;5rWzkX_~BWs-E5j⍫*^Rz=+ *(zQw=iYhaMم/JHh ]G1Qx<2EY#5Ĥ6:rRw5K<\ >_O+wA̋$;uPw^. kTR9WuN/ܜAݖp(݃ny$م/z)Z>gCG8Sy$HӆN{CӶ5k,2 D,)G; m1?=omUqDeV7?s8{00 6SUýl” (w4d{\gyc0bG#NK񁠄ME'A~twu`3ʳ`sY.MJ;ɺ[w+`#ۻOfZ,/xя= (/o奄عbN^e{2 `oJ YnLD /jD\x`d t;(h $uS6<(|tw^$Sen/w]i)‹%ζmG^45`:pi '*^~t{_BOʑ Nпi KDO*TL"<ÎI9LHG?|Yx`.@"Ep-fhT+7037uX{7~e|Y:6+ =#l(ۉdd {:}[qgH24sW55aI_+{h,7-sU jŅ@PX\)(Yv#;o^}P+MZ7ۙo?P@zչIvo1?TR:RZ7>Wm_֤(YVѻx *dwv,S0f }q\)i RN*QeJQ=L y8"$zv-{Eh;IlCK ܭCfIfMLCxZI&0%1h |{}rFen Xm~46L&BښWd!T#.0z.5$ g_8`e-Ak"}hf쭡4}2лB<, `:HFqE k A&jUHI޶t=vͿz燗|ƙ:)vBlng` J2Bw{~]ʇk OIQ?bBZ >~Ӭ3AInU5iMfx=%܍'`<L>Z[je_"OYo R {ʆBRF~W} R?O;'QBXNXr?鲴`i$o.m5i1e'6U2_ya~FvL>G<4tvPΏFPdyU!.p*lzXr0GxCu2-?:l(nJ>&:n)OM[LRߑD?֩Tݡf1,eu`҃0S %o_؂W(;WX')_UUjeK3h^brs.M.Jx["I/] -zrapX@&kex*Uў98=?bM,*ٿ<^U5 n?U:#,sL>vU@rČM 6gev;( J\ZΗc{ I/l9e'xW2O3WyTa=8?m˞&u7>L6Ƶ|XYLL ?ĮO_gbEw DxԺl5 )x$h׈OOv2o &}|3">w.3"+LYUY_?klߕ(";jݘZ#pFv7xe ;U7ca7)K?ə;d?(=emBk6lt(|C$'e.,Xus[v}ʹg,#ˮ LswQAAy&eVX FX_5`IPS R*QVLL.1otRݮo69sX-[e ߊ+p=z3G#9VƬyP ^k:=9 ~9ə>G| vDۺ8-?,θkvHlmB? 8*Y"m|{—D+).?ÄNOxSzXmy/Opv?@隉DQ-">]w}`gF]w=\ NNks>lm}*.Y%Y5x`FETMࢱL`uҞ-X.hZc[Y5olGS3mHPXEÀr14a)/4bnEV=#DgMvާh:I%/s{'>Ьٮ.+J/;Ӳy5%A(wV> g n_F {距vyI.ڤ6 O=jÒB{"zh[f|f;SϣUgcd=(HmG vޥ+ fǓ7=zWJgA 3 %LO}Rw+g qɂf r~pzԔ>:ҍ R;>+E14Yk;X|;Zb2wA"v[L._uRirf3ã^<\*#8ལ98z|2u-EHijG:g2:Dɰ35ܵb\E-ed. ?o%V,eѮ*iǥ</벑եtFs_2/J?5T` 6Xr#PnVNAxv1r(CT~o-wXI egM`*Rs9a|LњC9zg4|c4ۮ7G|C.Ϩz@ dO!h?;{t&!A0v`mQ:5BJ?deMQJl}Ս ._o@hljh@ 2Q0uv3sT]F^wM4Q ߍ[/5dC)ؙ/[މ`~G"Sz S8(ƒ?Tݫ!kg|4x:n[MS_Id3|/6$J¥m7f18@!#_q1yۃr嵲v555a%8^|JlnOn%:UM!ĈOph jlGؿJl=b]*Ѵ#[j5je&*`fvn~xQ_tKv.|كa5! [ZaiDנ b1C/ka3 whDU;L^_So7@.W)&G]og&w0b"5ZM4ThԸi=0^zx;~jWPod(\hK׭-f"W$k5cdaKB 9Yv792c' 壅H75$Qe|`'-{h*`L+_3!*ލ_a @@-Qp? u,q~n&g( ];.,>%mj*NwWU]\)RHӕ#:3+0FǏHNe) YZnss-softokn-freebl-devel-3.90.0-6.el8 >  H   e{l U]8vG;p8.S!x*zi "w \/lz,I)6 %:.n)T᤼cdc/m%|fh&zj<^~b,𐺎2#9V'kc #+tŲ+@6lvZؚs; 꺝2QCoU-7-7-e?KH RB: #p,r,sbD5JFòyĚ&cE:и*F620dbd9938e3b2d2b776fb1633d3f542240efd206cdc03e8e7b5a6c2c0c481b10d9fecd55d6585ad76d465ef41e97003a41f14520302047c435bb500673065023100f3f155a0936242e67f90cf5e8127e460fc2ae1e3957ea17eb2bc1d773d0a5580871e9a4675a05874e6dd574c796958c30230556a8f7a5559c5e92f6cf2139f93334bdbb291ec8e38067ffabbf12a5e67a39c3cd4f3e1f1dcfeb5d8585a50357216ac0302047c435bb50067306502305555a0e8809bade209087158f2dcefc74fa43b94b7de20ddadc5d3cad42c97043e5c7f1638a07c025ca5a176d7950d83023100f3cf30dbf0581a42c558096f6d5208f49f55c90327bb640ecf0dac9a4107af096b9e133d07c22967eaab6594de0390790302047c435bb50067306502310099f46887c12ef24fa765fbb8b7698026eea203826bd81cea032881a878dc2bff206ea9bd558b1646c148719c8f703904023000cc82e07e4b4351c90c5dae4d1bc817d011949fde8a51f49011714c230bb824fb882e6eff1c2e1149fe0a6c59cd029b0302047c435bb50067306502304f4dcb084c390d9c6e78b0a8519712bf435e3578998adbf26b5fe2db948f8ca8a04416c110ffec46139cad346de7decb023100a1b40ef092ee066450c63bce5256d0c0374227448ba0e301ec9bc92eb86d1417dc01f2936e4f0ea629c7f72a660bbc0c0302047c435bb50067306502307bda5fe287baa423fe3d3795a60dd80a3cab5530db374e4642abc2d1d36033bf610c5260d3b470de3f4f64f5462bc6f0023100bcf29a775cbe21a5085383ad92a4fb3cde87c023eef2f0101c6b76b137f55b3efa204f0f44f60e79aead91330f58eea70302047c435bb50067306502303788186169f063fc1c03f470c90d07fa2aece8880f34a93423417842813fcdef613062622a09880181c1c18088d1e835023100c01569a5b20ed3fe0ec610a37f58f3cbbc2ec8d8728807cb1f86a321dd04fc86beb7b9165a54b1a84892d413be76eb350302047c435bb500663064023026c3886be0df3cd3a776f360f4c1be42de29103f0cb996c830d053abfbb0d826d75ad0fa8655a6e3e749996f0dd6c2650230558fdc8287debcd7ae2b158beaf1ae4a1dec11a00c39937c307572d06f15cd09bb8ab4f0a3d054e88546f1c4c3df3dd8̉e{l U]P(SӔ!p@rdSW=~XCS^>>W) bUX1~㡞2N $fm :g6mTBtu;LT9Fez(4^Um>54_"r! 'fϓzq#򇥳) $ A Թsyb|!'22bewƕe+PO>{#:ri/o&7K5U嶷O]JK|ۏ䅕%[Q\ŻZ_E}7ƔRr ;9M S **vmu8Xr_|%}oH#U "Eգ$o#} M+3r2JҡgR!z`p|[oǯLS^H"x::(Eu&"pKy2ۼO17}T*|>`9?|d" ( w & 9Ew}      $@&(O8X9 D:^'G@H\IxXY\]^b0defltuv,06xCnss-softokn-freebl-devel3.90.06.el8Header and Library files for doing development with the Freebl library for NSSNSS Softoken Cryptographic Module Freebl Library Development Tools This package supports special needs of some PKCS #11 module developers and is otherwise considered private to NSS. As such, the programming interfaces may change and the usual NSS binary compatibility commitments do not apply. Developers should rely only on the officially supported NSS public API.eux86-03.stream.rdu2.redhat.com&/CentOSCentOSMPLv2.0builder@centos.orgUnspecifiedhttp://www.mozilla.org/projects/security/pki/nss/linuxi686 7i2  Ojd|Ne=e=d|Nd|Nd|NeA#790184d9a90b8a3994aba4aad22b0ea752a3796f2d7bd0e7f32aba78478fb2d6c422c72e07fb13bef14e03a15ceeb540f6f6c1c96fdf85ea351762fb4b351aa71006175232868704637725f6e887f63a5427b682a45e6ffd946ec6ea43c12dfe826ed56865726f7a45ccc3695d324d2022c783440c915c5c277a738316e0c7ac5c01a374f357412f29c2a584ca9fb2c884d61b7f76126486b5fd22399d3fa8b19323ad25f2dead60960cbd421dd55a450c096c5d878e811061c0994f0df9333567d3da9aa307315e50693a36984851c0d8bd81df74d29ba3ad6e5d2f03f676d7rootrootrootrootrootrootrootrootrootrootrootrootrootrootnss-3.90.0-6.el8.src.rpmnss-softokn-freebl-develnss-softokn-freebl-devel(x86-32)nss-softokn-freebl-static    nss-softokn-freebl(x86-32)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.90.0-6.el83.0.4-14.6.0-14.0-15.2-14.14.3e@e@epb@e\d˖d\@d\@dxb@b@bγby@bba@blbbb@a@@`E`ݮ@` @`ٹ`̊`9@`Ȗ@`D`r_@_^@___@__"@_"@_"@_!d_@_ L_ _@^^@@^@^ۅ@^4]N@]]߶]e@]M@]µ]L]]^@\F@\Q\\\\\\@\I\I\U@\ `\l@[[[u[#@[[W[O+[M@[ZZw@Z|;Zo Zo Zg#Z ZZZ@Y+@Y{YY@Yn@YV@Y@YyYm@Yg`YJ_Y1S@XX@XX @XXYX@X@XX~@Xx@XoX>@X*X@WW@Wt@W~Wv[@WrfWoWm WbWQq@WPWJWDB@W4p@W@Wo@W@VV޾V޾V@VяVIVɦV@V@V=@V@V@VO @VHsVEV3[V UYU@UU@U@U>Ua@Ug@U[%UUU @T@Ts@TTء@T@TÉ@TT@T@T?@T:m@T"@S@S<@S@S@S @SSSSpShS(5@S@SRy@RJ@R@RR@RSRR@Rm@Rg@RD!R@RRR|Q@Q*@QQ@QKQ@QQW@Qw@Q]k@QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.90.0-6Bob Relyea - 3.90.0-5Bob Relyea - 3.90.0-4Bob Relyea - 3.90.0-3.1Bob Relyea - 3.90.0-3Bob Relyea - 3.90.0-2Bob Relyea - 3.90.0-1Bob Relyea - 3.79.0-11Bob Relyea - 3.79.0-10Bob Relyea - 3.79.0-9Bob Relyea - 3.79.0-8Bob Relyea - 3.79.0-7Bob Relyea - 3.79.0-6Bob Relyea - 3.79.0-5Bob Relyea - 3.79.0-4Bob Relyea - 3.79.0-3Bob Relyea - 3.79.0-2Bob Relyea - 3.79.0-1Bob Relyea - 3.67.0-7Bob Relyea - 3.67.0-6Bob Relyea - 3.67.0-5Bob Relyea - 3.67.0-4Bob Relyea - 3.67.0-3Bob Relyea - 3.67.0-2Bob Relyea - 3.67.0-1Bob Relyea - 3.66.0-2Bob Relyea - 3.66.0-1.1Bob Relyea - 3.66.0-1Bob Relyea - 3.53.1-17Bob Relyea - 3.53.1-16Bob Relyea - 3.53.1-15Bob Relyea - 3.53.1-14Bob Relyea - 3.53.1-13Bob Relyea - 3.53.1-12Bob Relyea - 3.53.1-11Bob Relyea - 3.53.1-10Daiki Ueno - 3.53.1-9Daiki Ueno - 3.53.1-8Bob Relyea - 3.53.1-7Daiki Ueno - 3.53.1-6Bob Relyea - 3.53.1-5Bob Relyea - 3.53.1-4Daiki Ueno - 3.53.1-3Daiki Ueno - 3.53.1-2Daiki Ueno - 3.53.1-1Daiki Ueno - 3.53.0-1Bob Relyea - 3.44.0-15Bob Relyea - 3.44.0-14Bob Relyea - 3.44.0-13Daiki Ueno - 3.44.0-12Bob Relyea - 3.44.0-11Daiki Ueno - 3.44.0-10Bob Relyea - 3.44.0-9Bob Relyea - 3.44.0-8Daiki Ueno - 3.44.0-7Daiki Ueno - 3.44.0-6Daiki Ueno - 3.44.0-5Bob Relyea - 3.44.0-4.1Bob Relyea - 3.44.0-4Daiki Ueno - 3.44.0-3Bob Relyea - 3.44.0-2Daiki Ueno - 3.44.0-1Daiki Ueno - 3.41.0-5Bob Relyea - 3.41.0-4Daiki Ueno - 3.41.0-3Daiki Ueno - 3.41.0-2Daiki Ueno - 3.41.0-1Daiki Ueno - 3.39.0-1.5Bob Relyea - 3.39.0-1.4Daiki Ueno - 3.39.0-1.3Daiki Ueno - 3.39.0-1.2Daiki Ueno - 3.39.0-1.1Daiki Ueno - 3.39.0-1.0Daiki Ueno - 3.38.0-1.2Daiki Ueno - 3.38.0-1.1Daiki Ueno - 3.38.0-1.0Kai Engert - 3.36.1-1.2Daiki Ueno - 3.36.1-1.1Daiki Ueno - 3.36.1-1.0Daiki Ueno - 3.36.0-1.0Fedora Release Engineering - 3.35.0-5Kai Engert - 3.35.0-4Kai Engert - 3.35.0-3Daiki Ueno - 3.35.0-2Daiki Ueno - 3.34.0-2Daiki Ueno - 3.33.0-6Kai Engert - 3.33.0-5Kai Engert - 3.33.0-4Kai Engert - 3.33.0-3Daiki Ueno - 3.33.0-2Daiki Ueno - 3.32.1-2Daiki Ueno - 3.32.0-4Kai Engert - 3.32.0-3Daiki Ueno - 3.32.0-2Fedora Release Engineering - 3.31.0-6Fedora Release Engineering - 3.31.0-5Daiki Ueno - 3.31.0-4Daiki Ueno - 3.31.0-3Daiki Ueno - 3.31.0-2Daiki Ueno - 3.30.2-3Daiki Ueno - 3.30.2-2Kai Engert - 3.30.0-3Daiki Ueno - 3.30.0-2Kai Engert - 3.29.1-3Daiki Ueno - 3.29.1-2Daiki Ueno - 3.29.0-3Daiki Ueno - 3.29.0-2Daiki Ueno - 3.28.1-6Daiki Ueno - 3.28.1-5Daiki Ueno - 3.28.1-4Daiki Ueno - 3.28.1-3Daiki Ueno - 3.28.1-2Daiki Ueno - 3.27.2-2Daiki Ueno - 3.27.0-5Kai Engert - 3.27.0-4Daiki Ueno - 3.27.0-3Daiki Ueno - 3.27.0-2Daiki Ueno - 3.26.0-2Elio Maldonado - 3.25.0-6Elio Maldonado - 3.25.0-5Elio Maldonado - 3.25.0-4Elio Maldonado - 3.25.0-3Elio Maldonado - 3.25.0-2Kamil Dudka - 3.24.0-3Elio Maldonado - 3.24.0-2.3Elio Maldonado - 3.24.0-2.2Elio Maldonado - 3.24.0-2.1Elio Maldonado - 3.24.0-2.0Elio Maldonado - 3.23.0-9Elio Maldonado - 3.23.0-8Elio Maldonado - 3.23.0-7Elio Maldonado - 3.23.0-6Elio Maldonado - 3.23.0-5Elio Maldonado - 3.23.0-4Elio Maldonado - 3.23.0-3Elio Maldonado - 3.23.0-2Elio Maldonado - 3.22.2-2Elio Maldonado - 3.22.1-3Elio Maldonado - 3.22.1-1Elio Maldonado - 3.22.0-3Elio Maldonado - 3.22.0-2Fedora Release Engineering - 3.21.0-7Elio Maldonado - 3.21.0-6Michal Toman - 3.21.0-5Elio Maldonado - 3.21.0-4Elio Maldonado - 3.21.0-3Elio Maldonado Batiz - 3.21.1-2Elio Maldonado - 3.20.1-2Elio Maldonado - 3.20.0-6Elio Maldonado - 3.20.0-5Elio Maldonado - 3.20.0-4Elio Maldonado - 3.20.0-3Elio Maldonado - 3.20.0-2Elio Maldonado - 3.19.3-2Elio Maldonado - 3.19.2-3Kai Engert - 3.19.2-2Kai Engert - 3.19.1-2Kai Engert - 3.19.0-2Kai Engert - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.17.4-5Till Maas - 3.17.4-4Elio Maldonado - 3.17.4-3Elio Maldonado - 3.17.4-2Elio Maldonado - 3.17.4-1Ville Skyttä - 3.17.3-4Elio Maldonado - 3.17.3-3Elio Maldonado - 3.17.3-2Elio Maldonado - 3.17.3-1Elio Maldonado - 3.17.2-2Elio Maldonado - 3.17.2-1Kai Engert - 3.17.1-1Kevin Fenzi - 3.17.0-2Elio Maldonado - 3.17.0-1Fedora Release Engineering - 3.16.2-4Elio Maldonado - 3.16.2-3Tom Callaway - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.16.1-4Fedora Release Engineering - 3.16.1-3Jaromir Capik - 3.16.1-2Elio Maldonado - 3.16.1-1Elio Maldonado - 3.16.0-1Elio Maldonado - 3.15.5-2Elio Maldonado - 3.15.5-1Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Peter Robinson 3.15.4-2Elio Maldonado - 3.15.4-1Elio Maldonado - 3.15.3.1-1Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-7Elio Maldonado - 3.15.1-6Elio Maldonado - 3.15.1-5Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-1Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.15-0.1.beta1.2Elio Maldonado - 3.15-0.1.beta1.1Kai Engert - 3.14.3-12Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- Fix ecc DER wrapping.- Pick up validated constant time implementations of p256, p384, and p521 from upsream - More Fips indicator changes- FIPS review changes - add PORT_SafeZero to avoid compiler optimizing a way zeroing memory. - update the indicators for this release - allow hashing of longer than int32 values in a single PKCS #11 call.- Fix expired certs in tests - Fix CVE-2023-5388- add indicators for pbkdf2 - add camellia to pkcs12 doc files - fix ems policy bug - disable ech- fix the change log- rebase to NSS 3.90- Fix CVE-2023-0767- Fix QA found failures: - remove extra '+' from sslpolicy.txt file causing test error values - only use GRND_RANDOM if the kernel is in FIPS mode.- FIPS 140-3 changes- Update fips default for pk12util to AES rather than TDES - Fix bug in pkcs12 files with null passwords- Better fix for test regressions- fix nss.spec so it works in a rhel-8.1.0 buildroot- FIPS 140-3 changes - Reject Small RSA keys, 1024 bit keys are marked as FIP OK when verifying, reject signature keys by policy - Allow applications to retrigger selftests on demand.- Fix pkgconfig output- NSR Coverity fix changed selfserv from passive to active, change it back- Fix regressions found in test suites.- Rebase to NSS 3.79 - Set FIPS Module ID - skip attribute verification on attributes with default values - don't export trust objects if they are default trust objects from dbm - add dbtool to nss-tools- Fix CVE 2021 43527- Fix ssl alert issue- Fix issue with reading databases that were updated using unpatched versions of nss- Better fix for the sdb timeout. The issue wasn't a race, it was the sqlite timeout waiting to begin a transaction under heavy thread usage.- Fix sdb race condition- Fix coverity issues- Rebase to NSS 3.67- Restore old pkcs12 defaults.- build nss for older nspr so we can pass gating with the new nspr in the build root- Rebase to NSS 3.66- Fix various corner cases with ike v1 app b support.- Fix the following CVE - CVE-2020-12403 chacha-poly issues - CVE-2020-12400 constant time ECC. - CVE-2020-6829 constant time ECC.- Revert some policy changes the generate ABI runtime issues.- Add support for enable/disable in policy. Now if your policy file has disallow=x enable=y it will act just like our other libraries.- Add OAEP interface so applications can wrap keys with RSA-OAEP rather than RSA-PKCS-1.- fips need to reject small primes even if they are approved - code to autodetect whether or not to use the cache needs to do so in a way that doesn't mess with filesystem negative file caching. - add kdf selftests- Fix issue with upgradedb where upgradedb expects standard to generate dbm databases, not sql databases (default in RHEL8)- Disable dh timing test because it's unreliable on s390- Explicitly enable upgradedb/sharedb test cycles- Disable Delegated Credentials for TLS- Fix attribute decryption issue where the private key components integrity check on private attributes where not being checked.- Update nss-rsa-pkcs1-sigalgs.patch to the upstream version- Include required checks for dh and ecdh key generation in FIPS mode.- Add better checks for dh derive operations in FIPS mode.- Disable NSS_HASH_ALG_SUPPORT as well for MD5 (#1849938) - Adjust for update-crypto-policies packaging change (#1848649) - Fix compilation with -Werror=strict-prototypes (#1843417)- Fix regression in MD5 disablement (#1849938) - Include rsa_pkcs1_* in signature_algorithms extension (#1847945)- Update to NSS 3.53.1- Update to NSS 3.53- Fix swapped CMAC PKCS #11 values. - Fix data alignment crash in CMAC.- Fix coverify scan issue- Fix endian problem in SP-800 108 code.- Install cmac.h required by blapi.h (#1764513) - Fix out-of-bounds write in NSC_EncryptUpdate (#1775913)- Add SP-800 108 Generalized kdf- Check policy against hash algorithms used for ServerKeyExchange (#1730039)- Add CMAC- CKM_NSS_IKE1_APP_B_PRF_DERIVE was missing from the mechanism list, preventing PK11_Derive*() from using it. Add gtests for the PK11_Derive interface for all the CKM_NSS_IKE*_DERIVE mechanism.- Backport fixes from 3.44.1- Add continuous RNG test required by FIPS - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor specific mechanism- Rebuild with the correct build target- rebuild to try to retrigger CI tests- Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa- Disable TLS 1.3 under FIPS mode - Disable RSASSA-PKCS1-v1_5 in TLS 1.3 - Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set - Revert the change to use XDG basedirs (mozilla#818686)- Add ike mechanisms in softokn - Add FIPS checks in softoken- Update to NSS 3.44 - Define NSS_SEED_ONLY_DEV_URANDOM=1 to exclusively use getentropy - Use %autosetup - Clean up manual pages generation - Clean up %check - Remove prelink dependency, which is not available in RHEL-8 - Remove upstreamed patches- Update manual pages to reflect recent changes in commands- Make sure corresponding public keys are created when importing private keys.- Fix the last change - Add --no-reload option to update-crypto-policies to avoid unnecessary restart of daemons- Restore LDFLAGS injection when linking DSO- Update to NSS 3.41 - Consolidate nss-util, nss-softokn, and nss into a single source package- Fix the last commit- Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU- Backport upstream fixes for rhbz#1649026, rhbz#1608895, rhbz#1644854 - Document PKCS #11 URI - Add warning when adding module with modutil while p11-kit is enabled- Update nss-dsa.patch to not advertise DSA signature algorithm - Update PayPal test certs for testing- Backport "DSA" keyword in crypto-policies- Update to NSS 3.39- Fix LDFLAGS injection when linking DSO- Install crypto-policies configuration file for https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules - Port enable-fips-when-system-is-in-fips-mode.patch from RHEL-7 - Use %ldconfig_scriptlets - Remove needless use of %defattr, by Jason Tibbitts- Update to NSS 3.38- Backport upstream addition of nss-policy-check utility, rhbz#1428746, includes required fixes for mozbz#1296263 and mozbz#1474875- Switch the default DB type to SQL - Enable SSLKEYLOGFILE- Update to NSS 3.36.1 - Remove nss-3.14.0.0-disble-ocsp-test.patch - Fix partial injection of LDFLAGS - Remove NSS_NO_PKCS11_BYPASS, which is no-op in upstream- Update to NSS 3.36.0 - Add gcc-c++ to BuildRequires (C++ is needed for gtests) - Make test failure detection robuster- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild- Fix a compiler error with gcc 8, mozbz#1434070 - Set NSS_FORCE_FIPS=1 at %build time, and remove from %check.- Stop pulling in nss-pem automatically, packages that need it should depend on it, rhbz#1539401- Update to NSS 3.35.0- Update to NSS 3.34.0- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka- Fix test script- Update tests to be compatible with default NSS DB changed to sql (the default was changed in the nss-util package).- rhbz#1505487, backport upstream fixes required for rhbz#1496560- Update to NSS 3.33.0- Update to NSS 3.32.1- Update iquote.patch to really prefer in-tree headers over system headers- NSS libnssckbi.so has already been obsoleted by p11-kit-trust, rhbz#1484449- Update to NSS 3.32.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- Backport mozbz#1381784 to avoid deadlock in dnf- Move signtool to %_libdir/nss/unsupported-tools, for: https://fedoraproject.org/wiki/Changes/NSSSigntoolDeprecation- Rebase to NSS 3.31.0- Enable gtests- Rebase to NSS 3.30.2 - Enable TLS 1.3- Backport upstream mozbz#1328318 to support crypto policy FUTURE.- Rebase to NSS 3.30.0 - Remove upstreamed patches- Backport mozbz#1334976 and mozbz#1336487.- Rebase to NSS 3.29.1- Disable TLS 1.3, following the upstream change- Rebase to NSS 3.29.0 - Suppress -Werror=int-in-bool-context warnings with GCC7- Work around pkgconfig -> pkgconf transition issue (releng#6597)- Disable TLS 1.3 - Add "Conflicts" with packages using older Mozilla codebase, which is not compatible with NSS 3.28.1 - Remove NSS_ECC_MORE_THAN_SUITE_B setting, as it was removed in upstream- Add "Conflicts" with older firefox packages which don't have support for smaller curves added in NSS 3.28.1- Fix incorrect version specification in %nss_{util,softokn}_version, pointed by Elio Maldonado- Rebase to NSS 3.28.1 - Remove upstreamed patch for disabling RSA-PSS - Re-enable TLS 1.3- Rebase to NSS 3.27.2- Revert the previous fix for RSA-PSS and use the upstream fix instead- Disable the use of RSA-PSS with SSL/TLS. #1383809- Disable TLS 1.3 for now, to avoid reported regression with TLS to version intolerant servers- Rebase to NSS 3.27.0 - Remove upstreamed ectest patch- Rebase to NSS 3.26.0 - Update check policy file patch to better match what was upstreamed - Remove conditionally ignore system policy patch as it has been upstreamed - Skip ectest as well as ecperf, which are built as part of nss-softokn - Fix rpmlint error regarding %define usage- Incorporate some changes requested in upstream review and commited upstream (#1157720)- Add support for conditionally ignoring the system policy (#1157720) - Remove unneeded test scripts patches in order to run more tests - Remove unneeded test data modifications from the spec file- Remove obsolete patch and spurious lines from the spec file (#1347336)- Cleanup spec file and patches and add references to bugs filed upstream- Rebase to nss 3.25- decouple nss-pem from the nss package (#1347336)- Apply the patch that was last introduced - Renumber and reorder some of the patches - Resolves: Bug 1342158- Allow application requests to disable SSL v2 to succeed - Resolves: Bug 1342158 - nss-3.24 does no longer support ssl V2, installation of IPA fails because nss init fails- Rebase to NSS 3.24.0 - Restore setting the policy file location - Make ssl tests scripts aware of policy - Ajust tests data expected result for policy- Bootstrap build to rebase to NSS 3.24.0 - Temporarily not setting the policy file location- Change POLICY_FILE to "nss.config"- Change POLICY_FILE to "nss.cfg"- Change the POLICY_PATH to "/etc/crypto-policies/back-ends" - Regenerate the check policy patch with hg to provide more context- Fix typo in the last %changelog entry- Load policy file if /etc/pki/nssdb/policy.cfg exists - Resolves: Bug 1157720 - NSS should enforce the system-wide crypto policy- Remove unused patch rendered obsolete by pem update- Update pem sources to latest from nss-pem upstream - Resolves: Bug 1300652 - [PEM] insufficient input validity checking while loading a private key- Rebase to NSS 3.23- Rebase to NSS 3.22.2- Fix ssl2/exp test disabling to run all the required tests- Rebase to NSS 3.22.1- Update .gitignore as part of updating to nss 3.22- Update to NSS 3.22- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Resolves: Bug 1299040 - Enable ssl_gtests upstream test suite - Remove 'export NSS_DISABLE_GTESTS=1' go ssl_gtests are built - Use %define when specifying the nss_tests to run- Add 64-bit MIPS to multilib arches- Update %{nss_util_version} and %{nss_softokn_version} to 3.21.0 - Resolves: Bug 1284095 - all https fails with sec_error_no_token- Add references to bugs filed upstream- Update to NSS 3.21 - Package listsuites as part of the unsupported tools set - Resolves: Bug 1279912 - nss-3.21 is available - Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit - Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set- Update to NSS 3.20.1- Enable ECC cipher-suites by default [hrbz#1185708] - Split the enabling patch in two for easier maintenance - Remove unused patches rendered obsolete by prior rebase- Enable ECC cipher-suites by default [hrbz#1185708] - Implement corrections requested in code review- Enable ECC cipher-suites by default [hrbz#1185708]- Fix patches that disable ssl2 and export cipher suites support - Fix libssl patch that disable ssl2 & export cipher suites to not disable RSA_WITH_NULL ciphers - Fix syntax errors in patch to skip ssl2 and export cipher suite tests - Turn ssl2 off by default in the tstclnt tool - Disable ssl stress tests containing TLS RC4 128 with MD5- Update to NSS 3.20- Update to NSS 3.19.3- Create on the fly versions of sslcov.txt and sslstress.txt that disable tests for SSL2 and EXPORT ciphers- Update to NSS 3.19.2- Update to NSS 3.19.1- Update to NSS 3.19- Replace expired test certificates, upstream bug 1151037- Update to nss-3.18.0 - Resolves: Bug 1203689 - nss-3.18 is available- Disable export suites and SSL2 support at build time - Fix syntax errors in various shell scripts - Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites- Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code- Commented out the export NSS_NO_SSL2=1 line to not disable ssl2 - Backing out from disabling ssl2 until the patches are fixed- Disable SSL2 support at build time - Fix syntax errors in various shell scripts - Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites- Update to nss-3.17.4- Own the %{_datadir}/doc/nss-tools dir- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer - Install pp man page in %{_datadir}/doc/nss-tools/pp.1 - Use %{_mandir} instead of /usr/share/man as more generic- Install pp man page in alternative location - Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer- Update to nss-3.17.3 - Resolves: Bug 1171012 - nss-3.17.3 is available- Resolves: Bug 994599 - Enable TLS 1.2 by default- Update to nss-3.17.2- Update to nss-3.17.1 - Add a mechanism to skip test suite execution during development work- Rebuild for rpm bug 1131960- Update to nss-3.17.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Replace expired PayPal test cert with current one to prevent build failure- fix license handling- Update to nss-3.16.2- Remove unwanted source directories at end of %prep so it truly does it - Skip the cipher suite already run as part of the nss-softokn build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Replacing ppc64 and ppc64le with the power64 macro - Related: Bug 1052545 - Trivial change for ppc64le in nss spec- Update to nss-3.16.1 - Update the iquote patch on account of the rebase - Improve error detection in the %section - Resolves: Bug 1094702 - nss-3.16.1 is available- Update to nss-3.16.0 - Cleanup the copying of the tools man pages - Update the iquote.patch on account of the rebase- Restore requiring nss_softokn_version >= 3.15.5- Update to nss-3.15.5 - Temporarily requiring only nss_softokn_version >= 3.15.4 - Fix location of sharedb files and their manpages - Move cert9.db, key4.db, and pkcs11.txt to the main package - Move nss-sysinit manpages tar archives to the main package - Resolves: Bug 1066877 - nss-3.15.5 is available - Resolves: Bug 1067091 - Move sharedb files to the %files section- Revert previous change that moved some sysinit manpages - Restore nss-sysinit manpages tar archives to %files sysinit - Removing spurious wildcard entry was the only change needed- Add explanatory comments for iquote.patch as was done on f20- Update pem sources to latest from nss-pem upstream - Pick up pem fixes verified on RHEL and applied upstream - Fix a problem where same files in two rpms created rpm conflict - Move some nss-sysinit manpages tar archives to the %files the - All man pages are listed by name so there shouldn't be wildcard inclusion - Add support for ppc64le, Resolves: Bug 1052545- ARM tests pass so remove ARM conditional- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM) - Resolves: Bug 1049229 - nss-3.15.4 is available - Update pem sources to latest from the interim upstream for pem - Remove no longer needed patches - Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken - Update iquote.patch on account of upstream changes- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM) - Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) - Resolves: Bug 1040192 - nss-3.15.3.1 is available- Bump the release tag- Update to NSS_3_15_3_RTM - Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws - Fix option descriptions for setup-nsssysinit manpage - Fix man page of nss-sysinit wrong path and other flaws - Document email option for certutil manpage - Remove unused patches- Revert one change from last commit to preserve full nss pluggable ecc supprt [1019245]- Use the full sources from upstream - Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird- Update to NSS_3_15_2_RTM - Update iquote.patch on account of modified prototype on cert.h installed by nss-devel- Update pem sources to pick up a patch applied upstream which a faulty merge had missed - The pem module should not require unique file basenames- Update pem sources to the latest from interim upstream- Resolves: rhbz#996639 - Minor bugs in nss man pages - Fix some typos and improve description and see also sections- Cleanup spec file to address most rpmlint errors and warnings - Using double percent symbols to fix macro-in-comment warnings - Ignore unversioned-explicit-provides nss-system-init per spec comments - Ignore invalid-url Source0 as it comes from the git lookaside cache - Ignore invalid-url Source12 as it comes from the git lookaside cache- Add man page for pkcs11.txt configuration file and cert and key databases - Resolves: rhbz#985114 - Provide man pages for the nss configuration files- Fix errors in the man pages - Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util - Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit- Update to NSS_3_15_1_RTM - Enable the iquote.patch to access newly introduced types- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Fix incorrect path that hid failed test from view - Add ocsp to the test suites to run but ... - Temporarily disable the ocsp stapling tests - Do not treat failed attempts at ssl pkcs11 bypass as fatal errors- Update to NSS_3_15_BETA1 - Update spec file, patches, and helper scripts on account of a shallower source tree- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build3.90.0-6.el83.90.0-6.el83.90.0-6.el8alghmac.hblapi.hblapit.hcmac.hlowkeyi.hlowkeyti.hlibfreebl.a/usr/include/nss3//usr/lib/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2i686-redhat-linux-gnuC source, ASCII textcurrent ar archiveutf-8020cd66233d5d5348f752b461e3afbbae8b45e0dd1b4f26a9d6c8823a8e2b73a?p7zXZ !#,*{H] b2u Q{LVQ;8*s @킲;TvwPВf !-~Mx;CLnm=}5V_: +ax2N"FA}ѡdsh#d]: S{*ـՔt%Ֆ8 cs3 V8ZoZu2dB2F8KON;8d̒ w,`/y#T+X;uR]HjuzG_OBwz˽vO6Mz!xwJ*a؝@^l%3,BEi 2k%]u Mw-Cú8VZBKtUciKpT(ʫdy:+w`rb;uڍQR׸e zRmut"znvٗЀNUOagw1/aƿd}! fdpd?U="[ 5QR8u=90m<ިA`s=%6?ڃn6Kevi1`Z Q) ń^RjuOnY*}za+fwvrQi& 1[lvh y!(&څ7 |c m;rKcIؼːwNЊ e\xWQvWmiWܿzf9OnrnV8ҔwRo8l-YzBL9>Yejmfއ?WdJolbd4!vt~BqmohT9'ӎQ Ak!C)@%@*?¤t,e^VP5w ؟N6v%NHMAPK6 &z)Y=*ٺ+>"qLز:#Onɸ訡lfe癠m<*Ӥ'z%oF ؑ( )هo֭ i⁑K&L~,`Q{Qg5N?%8Н$wiUD5ړX?Jt:T]i:YQY&_ z VlT3[=;|t*غ5QL"7ltCJv,lX}hxϪF}4ohޒH_@YJ!fVӷIRrq1pʌg #I^d a~ʹ~r7 dlD@O ~R煈́z-&782ZoDV,bR ՒJ=y:b0#o^tԫa7Lr+vXYNKӻq?(imL5p!:}bI}%Q2vk9TY=eL uxYVkJ?&0ܳgi>qe!j2/}zlG0zQB W)Y 5gCexz\[yLFc_&y<Z0Y"LGί9g !:7{T'Y_aF<QN3vtSPJϚBsQtˌ/qJCʯFG~á)()оۓ^jœ64_Rm=@y_C8n@-:8IfVmG$m!ȕ愤f][,F;[D7}I2p72|5V=NGx{P+:2la6_X0' CXz %zhQ֚h'ڿ_vF8.2}E/"RN~|G+Ml+SQl:} [6{ Ns`[7}g,L\nYfBEKú% ZA[]IZEyG}lf(0Ejna nϫ9w.b/{Va (?<d3q$<#x%mMvŜ)CBU%!"I%pp17? hӇmC>ɡ5XD7bT,ck5\;qz]^цc(4L" OZJ^ cNj1_Ť"Ǎ@e&hT+dh{!<*.@悧A;uEoEiIbLHha ,)x#꼖+D$k(GNn͕NCm* y[>ݱqW(Φ"_ʱJVTfx Cv Y190,ƨdYPܘ'`z6րLvyTx%K֖"|S*x]^0.5"dtQ8( (iV#P7]Hf-rmW7YY^vPo_QYR# bʅBI;5kVT2nk:%yqt%ANk <;W2\cvK!yP;vM_QR|9يz Hp ?ua(fWMdڋ&*n@*ms vpQVJDzx/_⽃ڵxp+" cjy!{sb/pOz]lC <.,#S6F{92&5Q &@mԍلWr~xj|Ń%H>MoHv[8ОQN+GGDA8R"h}e\ 9|M/`RU\_։3_ ^a!OFaHہ;T펄J $^6ȇͣ4Gl>|lYؗ S6b82\ky`yv= hr > P}eH{`yg`N?X*q̴rk_4A-Fn|>h(/ G&.m_p%B{C'ۡ64fNZ(a=?xD#Z"Bk@eb%i$cVM3at)hxc9i כTv)Hsu hig|((wSx0RYJsubI![-2w:l Mw22G0 q2SړߛS@>֬w&8K "UEU e]qWZUQ'}~/t!ԁ[NN8*a1pAPn̞vFqa zl\('ǝҙ5vBi BGM=M$lhPq \1HՍDŽ#uۉe^nT1==q8qv\pֱ^|NVa(iF_A82.x"k5ȹ!լg ŮwF)\v #]tbc&(g=8Bus{Y+b34dL)6eA&&OIZ*0/Gz[BXe15ooׇqƲy悺)/gQ1EON2 ~W;ɴc=QfF }.S4*J}}d`;A`WU myCy{g~הF{2mlItTj#7 O?ɖ1>3B%Wv=xI>]3Vܼ3O~GhU,o6Gʞ4Ym󜲣SL #2Ctd5a7B#r+lk8҉?h盦#KJ8!oIAF9Q:Ѥgg(B=wF'Rmr1lb;)v^HF|LNrD\6PbV# DSRP|EODQa6T6btZ1NF] MawK<9{}+ G㬇lg誠؇'Gdܞ[HY״hfQd"wt, ȁ'Cw\/ŽQAliVЮt;~xBƐ3J_}2+e(1{؂XS6o7lID65K%{d)?Obc޷΢KQX$ .ׇY t*-/W(!Sb%hJun+i-Y8n_klѱd gT#KEOnr:DC/'@,qPVC݈N`9>w_9I.%i.$󸺦DAr9<OD":L(]p,qOM\!ψ'aU:jtV @ev(3 &:-]zL0_wHgl wj[R()Eņ8؆8'M.v:Ng*.Q΢S)39iPiEa,1!n/']f!6ױٗ$SL$Ye A~8!2BP!.0Gq<{?IY|(%Sclhcw:F)Z#/s,Zy;M |4eJX}1%if|1M1[;y[,;HFNZ _D翞*9>O<$=F%/m=ͱy冖Ă:gpuu"_]O:w+W޲9U n (U ]FYϡ.}Z<·x7;0X+K7%Fuo&cST;*yEV=qd7,0[e6KK#uq*`Nq{E6 !׵k@f=i+=Csa}Ēa+h2C=) ߎX..swHل%$@5Xe$",2~ 8 GRRP!lfOL\Өu 5We|fS'sV>p㮀xӋ pd$A({磺6 KߔD`n^1 -|Yů)fޮ$(1Lȕ l"z439m-&F-<. '*/垆黖XA N :wBU숑 $50lɂ}60?05>2s${ c7r@e mH^k{j dsIpn:kwظdb!Ѓ2,z|焪|PJTD`Clu)wh>'}eͅo1B%#G1Ş&#My.h*Y`: $ y]v%J%}*Us"s^'M> 聾Yh"ҖEZQ' jyLzd]3H.)Bkfp{/ʹ"0Αۏ^i1:z,4z|bR?ᖭG Wm&M-[RCi!$CMG+?uj!yp}v@KaͻD?K{AUՃ hծ`%%Bd [وQE$ 9+b;Lzn2&Յs0+_Gwq^ߺad*cz/̹$lDGQdy ` 9`qH7w=) :MZE~j ev򴢪׆š[b<+(KҞ{@Qv oJ6x^nC')@D]|?) J1{<->ލ"-6&8#Bv0i%N2 Y`/d!Om(2*لЪ誇nJveXpPހq]:ZE 8+ cFMIrwޒCC#Ll),C~x-]s Jb~Lϯe(?ɭӮY}{dU4撍8Ex@2a!r:DӎX*] ~%0V05[5m hS(A7{`oKY: \{An6Ɇf6,WjąyhY8A-0WSiòYͳ ]6USlxR,J$UR.(6"L{ǺWLc#&>@UέD.Of^ jEnYi; i;#-\/(M]h; )Q`>AzG/[ipԎ^avoT\mwE'?}icK/8(YH<б瓎/2Fr8Od{rGEA=`d#,uw2\Nz= *:ucʶA W+?YZ)o@d8>G88&mYW]hxXHS7OC/\z 䰷F{VIDS.J1q+ Ppu7-K`hR;?y{|>t?XLd>UBg_jQ^KÆcs<~}Z~,cKKG'KCopI`?NTr64d)e e;.Td6â߂-~nx3u ?'zomQB%T} ڤ7/&PSJ`5r{-Ng-<@}ZOoflqi*QՏQfOH,u jVw}jBݒRfKbvƌOev^Huxt@Px\!w@?=Aj9?KB 2EJ\ӯo8"j._S[ݎ ro -'?g~KA$FGhsv_|*{. RΛ|sj"\MRQ֩HKֵk)SS&}?S]ŝ?Oxt)Mu!L>1ac Ie?zq_>tzd䊫1FSOlӱ ?J#\!Gܴ^v'ZV ȃבv  6 ; }.2++.Nddq34LGeDKpb=LJr#<@:K*/BrG9wRN퍂+5K2BPGh!bT#(c8lC!O'X10Ѽӏ#78|F6ZłVOûUIN$"߿76lagO0 ?@sqVijMP"ܜ_[)VG Ve"tj`ߎ8ˆ愂ӘLGV1yn:pCyh ^$HT(٨]Ml 45!D6gb;7m?%okt\S_q-B<-Q*k˂mn@˫} :C Rmf։ฅ̥9( ΣwEO4.`fr2paYLPZ(ϓhN(Wۥe&di^%.xSdڮ?}`%4&cI8&4Z Ѯ1̝B*@ah)|! ŷojp+֖mӹF13di BL Tʌ*T[yz~> ; k7ʾ3eOc"R'Ͷc#t঒6 "&9Ω+14Z`ln)}o!ΎH%GhD-&I5mO[hƈK[Ks7wI$&Cu 棓J:oƺY|7Bjyhšں:xrw"N H-k(]L1VR#/Kl@socB60CϘ ?;,@Y7hc#2MNWkv%=0J~ccld<؆ t][>Ķ9xY+^es ZN3oNbMu˜̄MSķԿ]TG dd(Gēד!ܴPg4K3ζJkŽ%w`{ygQR$/N{MWťɌqHLbF/$ܔ͐K=yK5Ol-W_Z m(?Ҝ=`#9,I[RthebAGطIetGo: X#TK.)IUli]i̐lbOlcSY7c==$iz /c.g_tli` SK引r4v.?y(z, qvEj6oW8@ne^}{ =D(~ '~j82[9;F9{jRIwQtP7$aڷ`y0E[o,7؛ZXY_|(2\1'QbDdƤIT D AFr '4Ł^҃'.SPi]𴔵bQB+X(Xq2E Y@w}1_t lFd VJ"L/ vFel{ab(1+f g%iX|3hr.HK0^ASFF8ju͍-(/IkOa deꜿ(Ί#\4}jA%6%4p*^ZAzgy{hX b-~>!~`6w[MRm z`ƪ|1z9KvjI6zPUQs}ʗ#rϐB 1<8J쀖1ޣ#ssYD±b>4O7[ |Tpt3|*Q|f|$Y OxM1,$ I>2j.,#c&bxdy,7Xusy0XK BzTaN\Vpߨ*PM^TIq@GoN锠=U^<є|٘F yw2b%t 5-C-`n ~oJ<-#j@>ڧ/yTLt2x7-oz[)!X`BŴ=^e3垔.o"s-G ߟynd;{SLuz鿣}~Mr ǢRbp6[[mՅ׬OxtW&^W!w|x-(~huğZFp nLr;m4^2S{5jiCOOg2WaϽmWv*|[]'nЂҿP?.-&RC./Ũ1ׅptt7"|陳-N@>g}[٤&'R31 U1 JoEo3ZDAt#?_EE\=HRQzg. +ʧ9}wIGvy,=QY%mx󥛵n3eD|/TwBƸ܉/,40[ZUu?wydx%L,?\8>sQ>{t֓\m)B<șiq٬uq " %(}w!u3D]%f (%~Wص-O%&؇63PBPhF Dr c]wDf#\6OtQ/ SV`> vD @iuåtg_]Qwd_js)Ox4mtw{ڹ- @Hu#phN !wr&98=_#MF é;/nM?brw[Ƌ4_'#Ƈ1I{e;#ދ̆k-ђv YqQrGawp?AP0ѨhR pw](08qCSaQEO[=wޓLgRTY97qCq 5qGG`x,;c[M9CA)~pJIpoэ @hYpDbe1Pf\Gny)P*Sҿ]g+HP4>=nG)ԡ[hcMLD.("B5 \ 0[BxQ޻pD${U#P Shȿ5]('坊_5p-C~!,ъuw* nnʪ,[)4ުJ) ]V]UWUK,@{(coۑR̀:1uQQ_uMZ r # !k(MeaW]c&v;uҖ]}/.^Hv)dtzo DKV97vAo ${T-w wM;6<n6Ѷɺ) H/0\JseZc(|J#m'hz6XCSǿ(*(jISsUCyeUNH7{KA`C ®p ۗF(9R4~M%yT0 ЮV8G(a PWQ4k{D+Ql®p&*KXT$P7@.Ƽ@w?E"8ǶJ,UQW^Eq0$\,paasiͪux8B)ry:9G L#QfJuS1q\*xwn~SޢKZR&4_G{~0c_ˌ{ :?>ׁa U[_2Vw ż, D-c@#E2zwkb\' G jrL _vQ\"LFŽ9W D̠qe+vsB#Ϭ%2< 6FܴRT5^ y[)6Gh &~7^s.ft%:ίNy\#+I6>jFwo~tZ7+e2 Q> Xqs;+Ȉow8zNGY9&I)l໱d5't_ݱD]ԇ% eW1C\;v9^imY-6b/̷(MM^1•e1>MEӂ|ؐ=<"a7/S#L1fN^55̄cw&>' &wNQv >:,˝Os hvHlȠItKY+47.%6hQuiZ#Y1!kGkQGU|wiiT{kOjҳ&g 2Fʃ܁;kDDWG =DAo9y4j҉(zxaŀI|flż6[tiu糃gT'D2߾+!AfICY,q LmҬ*ΟbrN0|&yN .;/yB=w6w SK\]sGcɡdPK-d*[e(]Vb% ^H{"q&pit*nJ@GU*^]"y hu*vh1%n,Lzk9.|})#kۥ!zK~Z5)/Sk|/ eyѡT`չ]+.Nwxٰzl]w2չqm(oűʎT{c 7+ׄB^*r>xë0+gR"DzNFÏE=b79s1Vyk=]?M79J:$Gg]80@6;9HU)*Y85,Ϟשy[)l>? hR - ?S4;;`g2);Q* |luX뵖>&Dg8) y>y= U4 qeΞ bǪ V_#: LyQخWD[Nevej|Q*DZFpS. G d,WE;Jw#ɖ;u͖Tሁ_jy,!fe>P "ݖ,$S8RޙDL:ˀg[v(y/\m,[yCjH@ 2{#qw8Ԑ,ԬMg-#]x$; |F=w~3G@V9MR."ćR@b/n ;@}67>io[oP۠pf(!#\|Jt& c5] N5n. FdI03S]UM,c#| BJh?հ+)Ľl(hvS]Ct'R  a5ԻgsG=}[UaKgFf=_P_?;$ pT;StppL b;SŝFw.X?Ϡ"IXXcBOoTzHt:#N?{)`*  |E}P5dV =VPCҙu`e C-Ƙ# GnSd3rdu\> 42~R 2:-=oyn}kY*F"'<#4/vߟlFe^4D?At"wTʀI~N$AYo6ǼmWܛ*R\>x!gkPڈ̈\49'ёŪwڌ}\2S d$˳ڵ1ҷL'qC!'D ڂpNћ1PyUeTB3wXs;ΫmjNXxK'gkkc%em&2k?4o4=! G=p#shquR wB?aN<ǎ]SA8ueuARŚ~(yv u<A2b(?vlX_&VYCoUNޝBvyG>j dքGG52-B"HX b[dRr vTf{jڢǭ8fCВO"5]A&p$#Hg޾)7*%x^ۭVI7o@b>J*c0J]9r'qgk8&H~vP;[J~wQQSGƨ y. C :ka#k8D!@N%s_>ϵYBEc4_bFyM%Д'Jn̫z)90?RAܐ8,* :DoGЇO4..R2p}sE=a<MnxV-8]I1 ;SPLS_>zm\Cc,sAilx]lvRqp؊r.%-%44X\>~>W1q4F((M+^FwJz}ԕ. ,?ŅٓՃNpñg3NEC#`e}KoGQվuW,Cz#Vhc2! 7ȱhQا*0_Z6BkaE/~.w=J6z(2|=[k0Iy1F$>?YQNri;@aKb=NwoN"\9aa ^_jv؛R:m$H璹VSJ.1y£>u V#:rH _fM_'+' HCV<J['#:, }{#CgǔdZUGV#7ƧX*ח:7ȯإd?*NO_0?\F,C߭~q]lTB\Lޅ` qb[pP / ;h Z.~Kb(͙ AƢ g -MηL2Ph=Ρ㧦}:åi, !9s:uQ'/Uijӣa:г}Td\ZfVA٦eU 34״FKJM?ab!<bMuјxgB7;7^UY~jkW9'\pxLd,`&w+o3x+ AMjdUx9w,xDp yh M8q9l$\W2^֭R}B>0ͿvyymV#p~ dHWfJO 9 %fyCi9Ř}>`-R2DǖMS^1\~axhfE:L48}sQ' Uߴո„MlJzG9”p▿ Y2?>Bp} ma/qvpC]Q"ާj1H7zTxSK+Xgl&5ӛe(0k4@:Z<éiQ,o.Ւ#2LAcTxil6>RTȭe1md|Jf:r[8O$랄5KEk?VdO6a/'/1" {QavխevA"vό7Q+SJsIo^*S\p*NK`8+!RJxgNo<>hjmLl:Vj4t?sm]&|5\v!;i 3v)oMol-B ڦW ^#EOH |>$#h&d; <~wfe+PB_ʹp;xt6GdZUYY#%"]~lFŦ.K&hc{4dAxӣa>0hx8u&҉b6_lqRΙQ*Xl&#_79I4BpH:lB}di}u%](MXsX zo2֣;WAqo}C''Tϝ<QeLX2@mvgc45 BCĬ9QZ8Zm/1Rט \C)ew ӁAV//,,bo XL7U[YFV\|Yo Rqw쀦J$Ɂ}Te@g6qAn#Oi]8ӿppwp@eB|Ȓ'㪽^ suқ%khY5u&`,xPK ׿p]S9qTݬwiF™0/gR3$-ڌ%ݵ6 H?:=C;OKYQ'ݐ 5H'ܡYԕa7w a sl>QЙ*xGT@@EH7n<{In叧{P!TTdT r(BS/=Vؔ=@9s[ oZI|.RMÓzm͕@?:C1R|y֥+yduځjs a*gNey{':-Rݛ'^{;?\~q\]*Ħ&LZ{kyaS~p)z(?-ODqPtҕ馜PħSv摌k7o0^8P/b}wMx\-"2bR(S4f^4Fg\HӚTOv;NphlP!(SU=ɄddU黷qi2l-.}Rj\I+)s uӾ<<\ne"^m9wiO{fke,) -&F%.柢j&@LT(*xE4ۺ!|C``m.sHQdp>!qx\YD:XT 3ZIT1Sj`$K9 в|.1{jUr=krF~ZB[-}n+:D૪+&}G|u `2lct ڒQi%Sc`X^S[΢aPg6v"-< );f.^l ^O296bx;;"Rs1"ϴ,/ *&0$P,{ÄQma;Wz]J6Sx"=$)`, f-{ ɇܹ [|eb^#Eà6NE(jmMCS]qoԍ¸nB|g7Ս=[O:ʼn",.-C#|:`P{IQ"t7 qhvD=|Y֙05gځs*? ,e(i~#!.^NR=yEa'p#K߉VB/B:5A5ښV?Lq4"~+)iO]L!FWE"FW &>~,Chz:k RqO1؞*z1T,xR##0sT.m3-q]&M1sejFzRiq7I;؀v&y4ơe/1X(*Ud91UZ#a4)eu|},b_BM9 b'4Q_C ]|FQ223 ]%H*BnhNp#J%mޱlS 5y?G Oj{r7'sZyX<7FK co18_ HqF9t?C]+Y98.;9G+%n.T%XQkA.aS #qdб]^[\UiMjZrƯp`0oN7SH!aΕGv<$F$M)|쐆$wHS.ۍz?98M c{覧oo1>3fE6PNӊk%}$Әج%}i(SCR˸9^ZIhw8@p~&.~zQi/.iqr,IѸukԏzG:A-4[+x7^]ɨl/n 9%;Olhj|NqŃydw%`aEދ~IuJ@h?V{Fw @hԻp%{TKH*U-MzE)MOאUCfs X$2]]VB%p3E%⮻Ce- Dma~/AoU eK_T^;O 7Ȩ}TR1L##],/`R0\k `0Eͫ K$ݩ(p mѣM4"G3&OF]9%@�;L%lJ~uxB&DnX|volL>c¾ ij,ko0P3woȆJ|7y w <usj2*%>}Ja > r]G}+fq,$N=UjP\SW*,z]YCjS䮈G8&c0ƠmYCsП_|Ilv&Toe1*wDtr\-K'"EIi'lr ME?h=iZ(i\лb~7ŊmA@,YF?E= l<gKcԄssn9dMQ^#h!6s7ǻ̭~Y'ϸ1~&gVWk^̸ڌ 7BBIH}k+j?RIqt 5"GLr5q) %$o̘ϨBߍ|U)%cGWkъP--20IXrz%·8䭑B ʕ-X#жk4JY2j^Uˣ5܁0kLjʘ$.yM*g6Ois[Cz!*;NX}\+9#VԀ]-"frX fC]OeS.Cj'ݶ'*T嗊*&DAӕWx>.ʎ e>gD}-aH~)UM ²p}b]3Vۡ3XSʇkL)<PCGh| dUA/7;iC% ÌQzz\6`<-p [ ^|Cy/[N8 rSor3}é+k+ZӺAt@n[LEXn+@z-і<Él egI߃'9 4aycٺex9a r_pV;ᇑTT+^ xJMt}@ t6aNiHqOtAx˘yhY?H/%f] 43ۘHꕥ#s# $Y_|XG萨4'7U ;dǃPdِKgϖ.}IFI\6zOv;c| { LoV3Xۂ§ SO%0LZe==#wrp-8N~ɟ!>z%6Rlt "^@dyrj-Hh 4U_y3Ҹ_=}bp%]^mH&U^*^ޡw1ZP:=vz  PܑKֹߕ6.,G;~b# .1zFM^T,f\^OpOҟo`rW$fȝ:?YW_v dbGB3}-~ k4ȶ-mT/ʏgPʾZ%l`|JEP^JaU`>`1:*F'G-0uUTnfZ+d5⟴n6+4np>AFt\paxj'5M1WX]eLRڧ^ι|^ERšNCK=23b * u3\^*[k=t]e^X</j~sN];=CRY^ƆM!HH( Ƈ*w݇wK%A`&VSSDj*)JrqZ!A2ek-ѕ9syzrAׁ_:dvFLqS?t6R|ԩl@V^bCG0pkMҦaebZOжjkdne54(x,ņobO`/WfIfN9'[һ=5a, x1x99k~wʂq؂yi A*2UMAp2Y: ێMڐ|Y Sr&)wJz c2i (u6,6xPFMV&TarCڬ2ze|T:}aao~L2sZQZl{"J꒪<qfTAT˒*[`pZA9]?j@ZAR!s֪V~4 !Gqbǿ"x?j*[%!LxO s8jm SմIꮶH`+ĩ(qߌhΙ:;m`fFm9=9bb\WbAeRQ:kX|+]ӢsOTAP{Dfmbܞ'^${Ujxh쎽xjUz&Lg!ri՜lP~Ad;R#S @k[mX[/ֵk*yZmэe"/g l #BfA(Tغ)|\7 A)K~܌{y8DU(tk#(Zf6_ eͳXLOy)jBߛMМ^wE,㧜O d.YgPC{TI~ps/vJ8!0xofRL"w8_&[ 8Jआ[%@IPRD(#%փ)3s\P_h&XSW",(YayuyNmBK$➠Q/oLdc0=45a0OA\LysPy*R#tY3z7lGHF/kU SfhÌe-J^tj] #J 5.*Tv/6Y33AI5fmZg*RLUZv!cTM4sBrrq !qZi 9#d !]#I =ϖuMl: ʉub5ZkTS#HJY|N"ԟ l$8):8Z:-9_'|їqKQQ`!*sWCm[g R8#+ JWxo)Sd9>90jigpyX\2XiMZh.h=Jx -0hgmѽ;Kh,-N 8X|ݛS'jhU+wzPPqg2)' ؄o?PNM嬅V4[UIEt[BvqcSD㈁nH[ITV .q~je6/w lOGU*jDuZ(kNkG * (wLD IݣOh.xoE$ߜs Ԝly,"5hO}|퍓m}]Z9"fk{ܻGط޹$THJ,N{Q1TBa'Ab ׅP>I3K&oR"?-=ږ^ث XC*6R܌4" ;|=iY,m;俊eWUcϮ`j^P=Ъ:,ah[<(ݿeԊoLL#EccWي-߅{hQ -q$:^ma12T0keB`L#, %ieC8sZ#$U*˸ PH,"DrVNӗtg pw hNE?Ly"À= 3Q&gAa?.d^q%4s!3B2{+Oԫk/j$~u-z h^NK_5OZi(ȓ`y29`4# Z@ˀeŎ<0w)6O-*H!t=!.Q'֍tI]Z}3ً9 qR_0 m]94gP7K Oi +a)_a: ⟕iW vG>U=oձVeib}ifV;~Q?X5c,3Ns&OCDlY:w OJ_`"Hj A0^!קyrHbo)7OCݏziA U̯xfMr$Շ%eg{! X0Vd赯,eЏ|@Eɔ5XjJ. t:ѭԝHu:؅"{# ё 8;1E-ƾa,5>dZ*={:^\q}cFyyӞ]-&1r +7R_d˨v*CH@:Du}kNn2]jߊ2V.cyL9BaV>'vdsj]AҾ y3B-8\O^ZVS=PG1=DaC?6QF/CݞfU>0o->V6ޒ01G2<\7Obġ="*ht5v' 6t՘&>;/+i+ɣy x%uwA4P_eo`VoR\Xwe1)r{zrvh盗",`{ ^ ϞMԯ"sŁVߤ=j+@5x_5}0p',r&oxj5ÊCfU<|W&X;u5{ ȲI?777J٣T?M>3} ڑ:,rntiBP:iz 3b=D 79bȩGW2g|2DQ4䠬le)T\ RGHX>}BzdiL;f#u[gBhOkPI~[gFk A8M:\ rUdpBD0o3J{3wP'{P/aYle"(UE nLUt̅4 zjِ(WhC2@4Oܪ-M.YpDj,6<ı^㌐ _y@.8MJk/~ӑȈ,G_vٱDܱqr!ArB6YSe@vT) x[ضJ50cxӁޥ[(`d<|{ךIo[mh_A 寵rR 򃅦-~BO)`1FT{V῟8 8yP`|6 OWmR %Ƅ7*š'F_و'Q[Mzzkq9GrIx)巋$6vn@r{v,B7>ȾHzvH骑ΪJIa1j/\7$-.'Z:{%)€ݞJKX 9Zlȴm5=tŽLq;r+8cnŌ՘\$h{f2>Kr Ʋ.sOqfN)Rԝ$1 EqD= ǿHł'E PSl8Ã;'u7MO^Q uA>Z"cT͂#nl FK˃@_{!Nܫ.!y*a}2 &VC>Z^:v<~|cMڊSt#ډ ~gtfOj[mGExlŽqakXtkN%° CJBt`ITj2",Sی a6( GrTL+$:@yK Pne+uIy((rCV4qVbpTPY2ِz9߂ Șs1ֈ&j 4]_5Xd+'1wG9(ouPl%3)L;+ `jh8" lm5urڨh[N;u,Rմ(sFߎ|X8[Wv7Uɔrl1gE凁rM=߬"O0t ’ #*iJO@f) g4<$va !i Xg'P3A8p'~K*~EM/4erMXAYE e s ~~J٠mD~xo1Ar7۝2pKfeFaF{"(D #h M nsv/]m>iMъ#ܯLIZ^S7tVmL5w$Ku?⹸%%@Ynj Զ%f'Vd /`=.>T}ޕP;ˎ/_) %`Gݑn95ʯ~ \蔫 tȕEMk3Q Ųm/ >zY#Sf#R\71zktu-ZN j.1Io*Op+PC]! `f8 LyՌP k q PƼB{7QT&a.>qK_Rcl0+`,ӻy,Nf`,ҎV|B. /E'!@k}!VZ3ݿ_;4s#V)!ZC(EuY& Asƶ?^ڇꮐ f'Q()Nԙ{ʘ0ωr̤'t(OIvs'R7kyO3ev}X^&@,sdL7Z 7MMfbjVզ'(g.y4L o+CewbS \*vDt^-iW% 02+ziWI,4ASH0B$T'&prf;1$Ds_7VuSM5ӵDa):Xvktڪh3 TcH~\O Pber1Jr.)U`u[`l$A{SWF#xqӁ0<kUS)4%w*SA=ٸȎa9[Nuv[m2Df΅W =mi";xO)W0YRVvaF(y0 7Ov"*mv Mi*Z IYWh_Br:,qGtV I$J$sf! . 5>D)&Y86$."I'vֲzBB5Sz6E;ct?͇l.,1%#?0՞~9<A0ՄNR]9 :TC_l9ƢbbsQyL[_=n%_&' LȰ^+Was]SZ'1$BIFf3~HWe{E<^ĭ"yorJQ*\}4fGpć~Jz5N %a=\^>Idrj9Kܦ$2i3v. JNrU9z  ]S wb8'bwmx@iŞ"^+P&I\}#\<=J"ɓ& ǬAoXÎ aHЧkY?<EV%ilcٱa/O>0ݭt]@` .Hؔ J-P\Mc<a)X)%7KsVHT>[%BiIu1>$8Q&.=BXT,!>MW PtnT+ $6{UL :_lgfƤɜ`@F] KoWy ช6X*wҤƼ\{w#7$'-vB zmoզ̇Dr9_0Nn-y# $ #~gWƲ%S ï=W3UXl1P`/C cFx$riînMtGa4[nNGoo3d +opHd8/O;QHۨ6W|}zmn绣(i+ۆ$-Yb71P~Wa7mEצЇ=N xx_EE@',B˦#UkPFFx~hpq$18R0ERʼn|:m~uo57@c_ߙ'3>NP 5fāx.oXN.hwNUFT{=N{CI}͹UQD&< tC]#Xt8v~Qۜ!v1aifzuI8@O c71Ԝ(WMG_~h{<$I1Xa,Z'+ , H bտh>>%}R_!L2:L9QQWƒp;wz]K˱:5d]MNZ81ӝAx}gbgU|ɘoRrwUR(yC 3"OU/T~k~{?":߄6ֻ*%'O\=*q>ɞw -;4ⱷQ tWi [zoYs4̉!4[]N(>gUQ0ow"Mo5\M<jNHݶ8BGxgV^\wA~wX6'5{|SkC]@f`;DϜguX7⛋EVp\N4%.J4 JUOwH'/eBkVom2FBye zZ,adv 1njaғjmf`uN y +n)S[em]pjJߕC8ű3PʎFDVۗs vn0Nܶ S? _KhYGusRm7F5{=fHo"-Lh3{ Yz >K3ST4J[vzBOB<l(Q-.';|Z;O>`13vA*\/7Fn!1)h ׂ{"޽HEoL{CцӷGzͺj HLڄߎGL@F?6(eu`T/?%fZTi:*cS:aTN9f/_c!59M3ݪ bO» ޜ= ]Z˧-ul 8 /xp1Xڞb;6vi?4Tx.2-dtQlrgBU~'X(M_]J P2_(wG[M_LVMK`1 \W-=E4P*R똯UE]J-I+[J2?L'3e٪ Т8a%0.T?,MnN(.+mPT:n9?;.eXѓ^j*ߡШ/ e];֫8Oa-MI|dwtsp!&$b4n~u}+OVXHwG}$J^^A cL'F"KMĢUr%H5<Ȅf-+zVe]彗K~kzAI^*Rp[ު~ҕA1LBA i3Ѭ:mR>5weS̽ ~8[nwp`?|4xu'{z2vcBe:=k.)pfzvm*ߖ8d梛/v!?B [N͌QARW{ -뵮NXЉt&WGk g WXWxsmeO{ĽC9n֝UR'YcgrX!\Kfœ͐DGgihh 9DEbe"PV!_5Gar^ANXWZ/z\ŐAsW7+3ߜH4]/R0%pgiBuFm(woV}B0KH@<=ysRr sZy4FV3) ݅.=Τmĸ6.|žᷟ" S 2#!oElrD!SȮfg'pnSfo$ ٗޟsdT؁mNE鿓e 5lq. % gj.ȟ|ŮsQcb߁T#: }1Q־bB`,g9"C(Ü[ZL +{/J|#9*۔x5ٚ~70 M}}YAk@̹/%_psmJ@f{ ¦A譒]dz1 AvO)]?x{w EOl #ȑZŞCV_fT<.o;+St CJ#ر'Piw!zeL)̚=R=`3&Nqq@NOq\C|$eZ/H @ FCɒLodnCܤlf1~_w.G]@ڝZ0:7\z;gҝS>9˳Kj5ULcQ=;MlN &4tGh-' tT:Sd| Vúza'B\pDD:\mKT.D/f mՙq<[HbܐD`ꇞص4RNK1eqsQ軑%A/YX'.r_ X‹"S& U~J/ h S=f|ec^/挤"Xx Ӌfǚ_vNTT7* an"SCN\rAdcM/%0Bd}G!?sPC%abHNMՓ.OBUۼ2ךH.q7GZguc1#^KR8wqM+M-^oؗ;=B_wR7䕦]!f{tl9ZsxAhE6w3&!:#n1@t*J^_ {bvXYUw0j^qEC})׽R8hlyﹽ }MQ'_x ^7- Mll?w;& ,SĜe#F\ vߵ[q4Yݞ q/;PI?z/牁)9!G\ƔaVs{ ~z[]|dkw/5{\ٖeOE uzL#&'W>}G-F^*˷Vc?6ef,d*c'M mYEY,dV7cVnk)~Fd;kwn%( V4EG3 ֧IVyؽtAO &'Acqlg, 2WGn3l#ޙ,ҚBBGSybNg4yWc\q( G. WsA@i fWGr ܹ[oPÏ@D6%C U- vjTb+巍T/~1ёcq uK*aȴw+H] ;Wyj,vw}=y* wX#/$i0ofJ0AĕfUHh{""+>'-8Gh5]'`X6Ҧϊr,":P , wQ73F޻Yx8n[}AcDEY-@4LgQ.γXlR-ē^r+H=Af4RJ)QXtf1^}+Zz߅&z`lo<3^? q^q%e*@1.-ީ;[zZPr3Tl2pj%&@Lm2>!0az'yR"R}lUo\Y(PܩH&jF)pϐaX8ߜS&j"$`J\\F ?}L1 EB>9ۓ01V cR3ak &:'ODf*m] 7W^O *G|]@5n;Ra\zy%[4Ě֡5ճcr 9Q-R2Ğ[L; @Nag&r?)+e3Z5#SZ=3FIy6dwpKGL0VzAW{N) @g #MLJ6ϞO|ڝrn`8}|c n`*tcN﷯!-έ  t+czFYyyFT08C5p扥%^2<ږ@*2bdQ5>aa@@^#yQ:䮄9@tRsE؜ p8]_DlԪku2 HZn@Ċε | ^Zb-Ј><@ GIIB S $-5 R5$>7փPrtdO(&ƭi$4ScCG4Ѵ!RA"~dYy D(Tsׯ(/uNBI&isEDqB P%w;Mv^k곢%H"D8HtTI#~Q,| ˉV':80V(㵓O:Nᰄ B%J}5F7`f%2 u{zAqø+ Mu"͇tIj_fm)YrO8<y.mPpFXr{<#֨3#`ܝyK \ȷ*L0tMF0(5͈q홰QFO6T5P|dZvlz+FX=N|~T<]w"cd_}t[^wkýTzxR)⋧\qt׊-\WmOP"Av[æ<_-85*f$F |Tuo H[h5`,;C测Dة__ԽW'Tth@+)1=ڧ#5cFFA%3rֹ%e?i%\~ _9Nªc$ T5B$TMv# UBPbwj9*C\:ȑe_zr Lc6\`;r:. ='2zU %tS+SC.Rt֘g 7RJֶ(U8 E1jCw= >gmycA뤍B3[b78ѾK}F}( F3yL}4ju;e03 ײcJ𰼻;W5h&/z"?_K&vDaYCEP5x6zY|vo>$YZ%VF v`R7Zo^IXǤ68x4agr'";3y=kT}nb&3m;zA /Z!_u]wƅI2їF_)zg+IyS թwbnrF=K=QCxR1҄fu[:1CM[5_5>XtKBJ"B7שR O[޷R ;,n4K|≽E<;#ߛëTl7…c XN5;}en˅ [6Bh.0$Y&l}u?3*e2OJ['a"o[@&pPGOo|{Yn0B" N/(F/"?%KD^"XFپʘ:5 lyqQbiOj NRB Iײ1-LiܬWK9++A~pj|Q' ˮY$&.xh6bL nsI% G\fFWdޓ]_ؾjqI3[/@+_*+43XO*aD项BU=@Pp{641"`.Hb WLcc4 }O?9~,O=s7'Xd\惊w 11>K4^YB&q JPRXϙ3=3UnuFn Gqזve+2ߐvm:l")Q>ƾm.pEw.+%@v,爿@8N9{d[qfpt F)J+FfO_nl+Kg\/ UĖfD Wr1TצZ 4W@F}Kzpnth8qcr Щ{ Trw5v3 xX(a#4dnl \Hm ]ʹV1SaUIF‚oABG *Q4<]Jg`"=IyGӚNvP.'-|#z?\>$)2Lzb W`B}6 4Lu1=f˃kXU+naJhn6#H!N ԯ$q!|sQJ]'B #:%sT .=cTqYUL"7ՄOaD>34>S2ϼ>]1['fisr'bC6O;RBjžuqlx9U{.?,zu+3^31d&{ kP _CS"ŒVD}Tɾ @VF9Ѥ61e2$3\o1p]h.^b~yr텡 .[r?@g F* !w "y~ $9r5gvq~ ޅQhE)%`zFXLO o-trz>EWވ!T//ce!da d}5v,6!fGh ~~Ũnlgxw@@})krKQV-(rp34:`=mqʙ9C |Ƹ,C5 \^7M0w?$A 듧sRYV|'eѣr'hW;@s샓XoaaQ*-T>%/_A= (sR2XbP'Se5A ~S۽l﮴9eo |.Deo6=AE! :WC%B?y ҨkMdPjUQdL/_ICDbEƐt2›f}!iدu|yLhV7[c箴yr!@G%8Yy@6?RrLS\ŝS d|߉4s::@yCmơ_>&G?.hH2M VΞwL,وN@~ yT |J@թcd )ws# NjR0Sk=!j\'Uy~}q~r%Kt[” ǦOS'|$eV,%1j=6Rhu3jtSԙec,{k<דƒvx 4ƞjfDQY[6mHCc׷BSi^t?qF{[::Yl~$qF-Z0_;)^vo0<|xwVfIw{XKZi H,en"3})ft8[o- M'TʡtE ؜{7D#KN 65:WV42 BPf֍&Dg0C3ɭ2 y"5FƣA惽0:"Ƶ⨍?QT`7s; J!-\ߝiWĂl/>VP6.ڜj%CkK"{(v>dTnv ݧe, C kiDl|>\IϷZs A'߀  3A7zu@iK 07qM :=]֗FV*0Ը>dڝwV)\D$xu3&Jwm} ys%<й kfٯ %ٴ"T"PWq(JyZFBfrt Ɲ >#ƠHDW[Jm6\/S];7I~nR#nUtf$S}ۉ!0A8sE*OEհMg'm^*X:X>/;?j]:#xݜg߮(`*.[5.VǜoV{  + 5EW$KLf͓Kk]4!T[uhGf`FN$n~H밝Im'Y q 8G2daλ@Gj%}mup/? zN=`A7G\YF%Ft9nԥL&HY# zRKb3WOp;ᓊ|߉6Y!7bmgߌ)ﱬaF@Z'K P ¢ltcLiVY0CN :X*q8KV*2y*z\x.cvWmgbxMʌD鐃"u!pPry|b` W4sFUïJʗZ%?NخOa@˻[t7[g J,&܈'n"_9Gĩ.2w Ż  4@<ץ^\hPB`Fז_KUӮ7;{00ta[8dR誸W$ .ptl8-s(cb` ~XIZ^ dm&f9 f׷?TBoH$ݯG|BXlT 8Eerg8I7:68q/ JnfGG&+fTܻ6E|>v̔zڒ^n$hE.ޓ^0cF&̀f.'m(LlfY"yk/{c {αhm`p#ly;^ CQu"B4!ޣLY4mJJ:6xnq5u̼d!Cb5z 2Ȁ犢M"9tQJچ<D!gq4Oͯe@bjфcQnU>32H`H%S`K^'@}9q=܍yJn;w1І c7XQƶ~^m~8p-KeCS`@]]#_.& a+FjjpDoM9(?bOe/cQHhbb,Z AhG[ 3WQ;E-XBGLP}Iw~ֲANoARekO>j ?ɺee'LsavA?jސGȠHRHQV%!Ys )Dj"B2P>(wO D8$s\jW| R3Ʉ*)0]MNy fX/d@9߻.cȦ6͑vRCj XmVEVKZkaK+yU-eM#^P|&)F_ؔbRw+X޷{{33&qǸY ;=8qkh ֮W|]'AnA:׏yM6=č]!t -|\t>$Kqߙ}ŤtY&7˨wƌ-ڸR! F&0;.۬8ۑEbpT1]-%>L|/ǝħ4%;/07Sb.wtQ #>HV0_S)C!CCl]V'n5Z;C|{~ Q4)N%箰gS͡X}MAF*Už3&R nl[ YZUG q`|E7%UA0)/7NwY^+rg.x6<\D7.f4=,F7 {RТT͐ӥ0M*:Mxyh& 0wP·ߔ Yny|@fW&P@bnR]•ҽPn`?_J9Ñë 'uoeiķz7iR | j 39J>Mx/zɊZ\7 ܝYeU>!`8ڰ zT&V \ЛX !1GX0XN@YqB7EYlU𩠚>KZr=KbZJ| @k[5ԏ(\UA3eY¯\O\׺8SQ_7*8h.%K ÖLbd +3ʣ ΞG >xmMf{CQ'&4LhYN)(t UA[ԋwێ^K @lm{[l憌{8Q鎅e*^y ȍe>çϕn3znܼGI40 ǡ{7%JC&4T3D6CtH:_m$c1f,޿{9g)CtiD$*m{)EzjGnޠŢd3W+A* u@>ڕ@F |,6EK̼-}2Yr3 8ը{؊8I~L@o@coJxF #ׂ7V(ZZad+`J,eZo62CcϛhNr*0OfctV25}8c$X6z Y̼exq@Z j; Rqj$,s%2x[smxC=iŐ%^5pG$&'ED ,zt 9~I+!< ܠ_-AT6gm7%$KT?(s"v 2/V4N,325Ip y W쒞 iQ!r1F0qd[a4Ū=Hl-.tvS 7RaX-yKq| K JAEACa(s S;s_QN]w,Emvy#ۿ#;:E?%*qm͗{&qhxblyP+aVLކIߔ²,4W#9fqK GL[%UV"lyw@XMN_[&!#U!6@Mc XiPa+o *l,~Gs{oI;q9 C^$<=7chӢ[wZqa;]?7@?{^8_{f`~^R|wUڰE~hv .ݪv`:qvy$p`Y6ˁA2|LJLk|{OMWm"R&á pO4 $ ?Xx/0HM|+1?ZK/`k!'\Ƽ2'"0J,nيT D7Pk-"ʗNo"ӒK-&Ii(8/[i۩0>2^<猍${5B4 GYϨ@zA1 ZO@gdw3ʋmR|Z5[.u"F#XNQx~NVd3at[aOn5iJ|IG !7(l!c]u=Duļf*i8zʠJ;yOl]0oQ=չ3Bs37۬'r>Zh!Rm(Xz1&c’T/wOBRu:y\#+hsIx[ja7ԻQts@\/(s:CYvZz}Iy` X/RCM>BsTAU/ P -e$k+`n 뗐ݚf7 X_\pY;:J:%b,܏-9@{l CJq@筮**8l×K. ij {<2ueo\ -0S :ElM7;ej֕W+prm JW7k!{( n ~8P` &Zi yJ-GnWZtk[ʫ[Ml Yɇi~RW*O,}$%Xo.o}bk%3TrĿM1b#7xh; ?lގHz>{Qڑwoѓu$HD6>O࠷:.5#-WٙR j?},0ۣىo K>-P^HL}z|WBbخbd%C]\Eiʹo.%j$ůrN8b?^/uk7rlsd#/6,eMguSWѹfBWTUȠh| eAVq|]!nðB;E^.ϊqNȠ1`yYBIdQv;96BL,N[ȍ04ĕXC Od&qW_LI+-(_gCغ>CpMj]?&dUV\v _wn` Ou /<(hrnX^'.vv6{ K7alKWëri d M@Z7l0s8J7[msN֗|b(vDR*┈f"<:JrȜQX- Sʢ<`eH\+f$DU$_/"|[62Yމ-_yJ BqH/0]/T^FGPcʣA]N.d~M1LMZL̄8El'n+#C*)7O pk%L r `BBf#ʴlt)w.sxaۑ- T۪5eO~'hyb;@<\8Ya[-=?&ս4y_#ц@NbD; CLȜ7E qHhXB4qj\r@YvvsC.RC[VDT;?hyo bFrwRysmGj+ݧFk@Ka_1m$~%f >hŔs[wNs{sU8ff3z~"m?=N]J4oFN8`0_I+" ]5Kv=ӈJ]vUD=8mp1eC臙~lK7}4hlR /6|[YpO㕹/;`N1ݚ5+3^I%5_m*m4b, -)UZFb?)TE/߻uƱڦjK.Y1G˔&{{=!Ol G4T1KQwLu8.4`!kުav4~ǐʯ Qb;u(_YEr6`!@Ӷk|\yT/B;54#R] Bw뽇Bz5^adp% V<i+:;907k?^EА-Y3xF*YN^#Wن(UI[I$SZm©Bp-|Ks 6ΩjG\IA?t.hcAy^íQ\ |5k1k) Rc,8ҨC}Aߩnk-VXmDQskdF3ӭg'Dj~؟+·HxTBR>#jOy 'sryPoT%evlsO[RMu^xsC=9} %Yo6R*˺)1*T.`*$œC? L9PҠ'eXo[>[BƆb~ cUH`T.y:H.n LT-{=&A~VG zz(s(W'%[Ir26A%b؁akƪãZvNv/vR'Ь)7t0`p7A=_:;蚄8\Q6iD^Q1$4/2$\MP+D@ֶ ѐ23o\ Fy*sě> . ĉ6yrJ3(nH Y`- +Gr8D'}%) Ұx|Yt'65?`p"f XKsa 9I9(~&%ŗ!; 6ДWN?DEuVeY`2ER'iFtic%WՍ7zlkBO`+b2rIc~EO4y=F~bQ!Ncĵ_(QhiN ܄㥛_8(Z%\ʾ{@-@Gh@Q ȘRzO͈O%PzXJeX0{>e*7*kd^bXP@GG`a,MhT'FK%ΰ (0Y"55.;R Crii{Q#rolibjr80h攠q5f=?̝@CcAb5s9d@\/~Sҁ~. i"Yv?O %ҋ?U@,yvyY`uziӉy.OXO4Z}~c`)\CZ?7lbu'dw]JlMm1wC.j 2l=lhTXU~x7o7fngDNqeb5hm&3sK[b:KեJFlǤx,4yr"+͘g~(c[:6ͪD9-䒗RԼW.BUx< MKWW O ;O=iB:n'cu[pH/a,|cQŬSꟺԎvo7#nFI;ZXr0xym ”R'vdh5Rxmj>M2Dll#H6R6⳨e׈@MO&CyX##lp|2tq#8'$r-Dtl3uz)+"p`Ŷ[8V=7Rc )A%K/>'IDպ(-8Y~V zGo/U <p,-kF?{LiP³xn?y')SI9qTW0!0R;>@8LVwix1-'@޶~12wl_`{U_t1g38zbRpIҊ(ȄVV|OZ'n3"[Qڴ"DB'Jơ!'`.)(TkJڤ$|`vdRje:yMY 4qai?"{SHf<5K֥`]M)[eJv!kJIOO?n`bi += o')We_+u []rxk-8@,֥ViA KQ䭸Ǥ2K)x{g3  Ƥð#]^"(wyJ8oJM[G̀3DVƠ&R7xĥL oEi% ڰWka/QPL P,0WCQG s)Bu?x}OHu)'p;__F/4]ܖ̏0V*DJJ pa],:Ǐ\odP1 .v9e#`Li~^ zDSᆽDV)Ӵqw=(}%$1]'y׭EsH@Űck+t_} ~Kb?LZAV~fO/5/qA^'eVz&@?V-aA;1tk{wbSK HIIVȗexգ{dv+lHm(ž"SG!asm9] P^\#xem59d U }B*oeRQÇtr<;dVиX*+j{R遻n.-¿WTDI(M%TkZ2-ְG(c=b` RLΙzڠhF_dbb`7LTqOL3'7O,4w]]G6Z  u;+G%9n`#М}C!%W TG)(*LfW&ӾUuKۙ{oGҒ6*ˆ ȆYA&LshW𻪣/U#! 7U&Śu Nõg7LЍ~,%UE)7oBT!6ptpUgV?c"u# Rg|\k9"an;*Qs3jn!ReS#;v?vu fEaTWU^q F8D8؂IM24f'MvlDX>8@P5T1+Ywi8/l癆&mBL?FAӴmַܣEO:ݬՄ*O$^-k:VEÁnHK _7=oNrb>*]*+% A6QUf[߭ &5~yF!K^-01BUE?y,#gR&BG1.Iװѽwз=P"b4Th(7xhّgA6xW5 ?U׿;L20X FF}+k['%!ytn@ 1v&L<#Ǭ-[3"up]c3j^1GzC Co&l)@ܜ ZشRW2%8!vP-Ytia;ɾ$4dXVڟbB'Z B{-4{xj]g@3Ya B(cjL lnhvӓ+P~9\j>/C_=w曠#:cJfA8kvJBbL*:p(\0Cx0?iݑ@Qɔ}`Io[lqqdJ1Opz?x+SzMT\u Ghakmf8&1ߡ2XJyb̢EVj.b#x킾NQcǞI({4mo!ZK{X.3q`j}DaQh"JEJJ1hs@=p(ey8qw~(E[Ӓ`₲䝘VpZn\$BH[.Z.PFon^nb&5Q I2)vH]J#fpgUxҙ oY Z)VLqaRiGRSV}DefYxU$wg$=堔lDͶ!䊕tE5gD; zl =92b?~=*Uj!'`Jp u$MY韋{ÐZPĘ KH苇3w3Ɔs P*|ޙd%(]|79Шn7OBG1YQ/-:ծٳaB&U B _HhF)[&SB@ؗ?'*CJ 2 J*Mq~Yl}/'p6:R.mPodT6E"v+<:%ZK!ƦT.:ķ`Lƀ^cfq^H+*xpR?p=%]\Ef:{hr!gx[ ,$/awCcձ_;b;iߴg7T:[^o(-[х-8<߫7;RhճBrﶪ.c!gkLxV>ڵw1; ֊=E?/U`16GdZ0>!Iia/ 85,/Zfꊗ[ئn3_;Y?+mk(#=[݊NJ?8ӈ5'%1jĜh~.>J@흂FMyj* UUi쉓E+qKaH  2M~4Z_z.<&Kĺv(("ȩ ;.s4m>R!\8±`r9Aֿ0˟Rc)!D7i82rq螠zIJ%=7a QjpNp)ҒbAK| BhRbދxTvB_>VU^BMBDJp]tLhVf BFBautORp4n)`vk u>LdRC|dL_䄼o[ w*d&(Ds=Ekěquæ:6fS|;9+>PPad櫢T51&얰djd2^/'S(mt,/Gqu,+ӱ{j(r]΢p"y>U5]r_r PN0HyŌtoAbO1/-yv}&-[pj l{]\C? Sb t{eFR}0e <*0w%vh>]=Y}=g濷0ևdL3eUwx肎"}>qcHk %MMIH&Q%?y^xѪO6r@s="Z4=:=#{yR;Zv_HNsIeF?]nxb$`QEo)A h1[\i_Ҝ.W5xíg4eT=l(Vw\g?E8bZ6U}9(tJ #Aq|nckA͐|(:6I1 /-U^g̬ `$. $)*`AH'$P)Y5_z@nVV=?aD"G/\s J\ԅzb eI +lcgXbhD*GI|SsƻΗ%%*U; jڿF1]dM?\aBSÍ &tGB@^"Mׄ)AvG:%K)k̼E>``Y Vƻ}mdv8+Mh Qv >Ouܞtq0ŭZ8A !;UYI3! x&4ܤ&~cxűRΕ0C}ehFoe$j_~Ž7 ICf[KAEq3 E6 pR5b?>yvՙsOϫkԤ6Bӽ@@ 0XF 5[j*VD!T>7FQ-:E IvhrٴEQݔ Eq/= +U,!/c#%?|V?_҂ʠ݈P6oC3qt.y4[-G"sFW"_ o Z Σ8!qticպ0:#We@XՑc'膮S^ؒ+a@2,k"j$TC9f߀kJJL]cOϞAi6XJz~֞V.E!+L7O (lHixB ։q[ձ bD@>Aykp|gQK ]ƞ]Z:)"qk3TVw*I9* Dro]2m}*< % >ڕL.DtVJ|]Ff#6RPXx)ruF#@ggqj}M $+ќ#_gY;i7B?%xc[bxyY ЅdTYNJ#0aҨY=LMAF?>w6xQĵ!JnԜ|>\HBP$ZVƜgZ:bɅ]J_IoڔWtfGus8'lf3N $^{;-][b8hSِC 5&}ƻ-eϡ[ #BO9ƫǢ2pʗQsF]ыjO( Ƿ7-ڔ:Ajmq.3@v%ś +fLU29M0&R| CC֫)c˒||I_ޡ R_]߲Cu orpD7Q%XyVnԇ+}S+]Scz(dȹUfs 9*E W;hLgR+ZhĀIVpUڪ_1#64N ^_ <bp ;6#.=9ASE^)|s ?qT~"(?DHѭEvsTYԱlE5 <ϛ2>:/aQJ:] @LH ,GUsX-с>CgP%y\Eu6|> poȇUHuka %vS')6{ {NۯhÓaA ו}RAKxo x#{%b'@}yUT-SjƋk|~.uP(̀ ΥnNZ8ULlCbܹY *o<؎ȓ\X霉 6#ׇ5b ~ݼ VݐG ~m#p GMĕ G.w<{e;=}8[>pKiѝ09ajWšL - Us=?V* C6G.!35N50dǑD4Ȼwd⟋o&/:qnٽhqm*;_l!ސ=:r`ܘUP_,FXHm$,$rY&0sfoFf|g ̇-'ERA^7L8v{6X FB\2հ?4p"s/afXf* x^áicQ:[:E߽0*`|On )MB)m\5̆y+ny1us)"Ry/'X?ގ8z;iOi_7vbXfFc_'Ųᅔ Gh4򅱡?f0f#\AAajpf*-MNjKM>\8ZeVij%4JG$<{grQhhsʴK5LќV:ŹKځ);:qU.`+ō߀Apk$a@vɆی.{h |ؼ,3Cǔ2Xn|R76#F!\=9 >wCl9/e*!(qH\g42k,%uYDK7ܳ3}/9۽|{!YXSԕyu8P8{4 "C?g5* (ïأXh&7! AEl5F 9<5{9F,9-rgPDv]Eƹ _ȥ>h;mgb(5Bk},;ԿRgcPسH:q}L=i.(׵2O ېpP?َϾ>2DG鶝J 2aW8!vj)ҧuຄSgdбfCD,P]CM u8h̻X(hMƇ#@cJ_"JjfE[K;İq@(2oxU6Jo\ ySMNSվs*H2' {*W.FQnYSnHgNk 8zKQPe%&_םv̱4a.~P(`Z,Y ڒ!to*W(fU1 ?ҡ|OM5]D7mfWbƴ.o/:Υ!sl/ 2Kx4i]`a@g]-5a(Ղ.xos6{=4!nN|d|b Hk[F-nu4r|-AdPխ",IK01/2bb \{rIrkՄCAYG ߶ve%w,Ci\DY+魓;mDl1G? `tx>v>Usᴘ)1F rdMV~}TV^w97*lhBYǁY-N\A(%{QbWj%ɷW ~iSJ-)'aSgFM[/TgjSS[\2lʕ9LSFtS!ӎ}ڈkOɠ6G)F Ltdű:K#21PʗxCH{lCa=Y%υOfY*| Ʉnd:(՘-cP[pXT ajNSMC$ݳ` QUTV /!rHB+? _gz]R4*-?A]Xǜq22R4${ЄiãOhl]]4>[Xb9SԓdQF,Eؽ>غL{E(ɸK=˻ {H䮲jb1pL^``s'/t.g5LXӈŹ$δ;S @=P=[tJ-D\ @UЖs!0aQ n=ę^#}UMYdэZo3lz25IzQ(uU`AKSzseRI"`Q#fuNCO܁ŽSj %kylLVOY9^XR_:>Vz\F1XDK\@*Q|.8nVIewJvV VǼ 3I@|R8 zgUbQj#N:a ~uB'ZwraמQhLz\jgqEl t|PrPt[Wt<,C ve#e4ɫ-D ༺5(!DE4ܜa0M7aH^9Fd0(zFp9j)l[[M ebCoBc!e[Q2,ǞteO ^[#cXxPzRk4uiA{bQo7mZPYSmOk6CB3].B$i!'$RFK1ǟ`Vz.MShѓUS^vBL!+[EϷڜ͝V&?.|>J klc(̈L$] b(ld"'>vK(^ʹZ^v{;:G6,je~:8.+Q{v/(X|&Rtg^7Կj YYU%h\6 ${JB@vY:J҇%NLzI ?@T b_-ŠY1nZ$(&(L1BX.We5L-SaG}("P ߽bduqcPkh}i!N.kxh)Ss4t!a Rڋ6iFfcOhѥNnR %~Lf{N7qrê+ypywbKrOyar_btG'6oM/K_@$-Qo5|3@XB7xIfdAoP9j?1 ߾ ^-r@T+?ƛ": ׀D˒ke?F7-3OqQ@YZlibsss_nss_idmap-2.9.4-1.el8 >  H     eQg U]+$IbdeFCz}HY=EN'cʮHWE)nrfpLor&U- JI j;XK+y :/C}m߻Էʰ;+&6q#*Ex@5Um\i'7.eeHV{3q׬2:`SuX@i̴T߷ Wy zuN*vx̀T`.iTӟFR r7W"h!#)|^vyPEw]Eo_qfck[63F݋yIʺR]>vD(g>9-]f.ϩ0؊Uꔮpü_?EThJ7+k 쁋Sͱ!`&^Kaŋ*{L IXc9cI|VwEj=aw"&w8UDOesORa ̓NYFE) H>=kfHp@P傤W)cd&cA6Њ&B;R8Y t_JWSKj-ٝFabg'q]1C8@TIo طƒluq,GNyI;GgY_ZiҲPC+N=JHlX;֘NiS3r{ X < :Z˜*Rο>1 b!;+qIL|O7q6BSĖ(>`>?d  M  < L \ | D  @ \(8 9 :a>}@GHIX Y \4]T^b\defltuvwxy48>Clibsss_nss_idmap2.9.41.el8Library for SID and certificate based lookupsUtility library for SID and certificate based lookupseBaarch64-01.stream.rdu2.redhat.comCentOSCentOSLGPLv3+builder@centos.orgDevelopment/Librarieshttps://github.com/SSSD/sssdlinuxaarch64/KAAA큤e+e+e+eee+e+e+b1c5fceff3f3ec8c15a9d4508272b850853fce86b4ea0737b8d5a60a23ce84508ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc58../../../../usr/lib64/libsss_nss_idmap.so.0.6.0libsss_nss_idmap.so.0.6.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.4-1.el8.src.rpmlibsss_nss_idmaplibsss_nss_idmap(aarch-64)libsss_nss_idmap.so.0()(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.1.0)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.2.0)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.3.0)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.4.0)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.6.0)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.7.0)(64bit)@@@@@@@    @/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/sbin/ldconfigld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.17)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)3.0.4-14.6.0-14.0-15.2-14.14.3e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/sbin/ldconfig/sbin/ldconfig2.9.4-1.el82.9.4-1.el8.build-id479b72b9e21b913aae20963ef7dc87a407442063libsss_nss_idmap.so.0libsss_nss_idmap.so.0.6.0libsss_nss_idmapCOPYINGCOPYING.LESSER/usr/lib//usr/lib/.build-id//usr/lib/.build-id/47//usr/lib64//usr/share/licenses//usr/share/licenses/libsss_nss_idmap/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=479b72b9e21b913aae20963ef7dc87a407442063, strippedASCII textPPPPPPPPPPPP P P P PRR RRR RRRutf-8c75d38181eb7a0f728b9887f2f0093054668b379f0d737903787b3bfa38c2d8a? 7zXZ !#,'~~] b2u jӫ`(y//cz֍~"DeDi^J64^0@趔T 02)!zɉbbf7tǤ";a0/B~q'^)}ٕVPyx"b%-l%KogC@=[b%cWD6A0c᫇AfGovV;ȵϚ,3@)*ߴ[jr'(E;.-N2޻Xx+g_ˬ+NA\L]E'J)GJxOkV};bOv.*R?quDKgs.S8Vܵ-Q`rG1Ϸp'7ׇ3eT !} cR+a= ~wB 鏎$޼IY|Bifn3,LXi4L; I6EcwHs_ cs4UHh-F6 b=+ ' K .PNӍReĦ?w8/NOujWX:()L&6M> P9"#,yAH@lq*G7_$b>ptXzׇ~یGk4?VRa`^m ˏV' îwdh`` ׍l\6EiLHn:sWʟUËN9!uVQ0h@tЇmʵ-T>hrx,!hC+.hZ DK] .pSky-7&@sUxDQ/Wb TKB!<lan#.^0b%YSyq6@;tAT\'0PTM/J jQބ̜wؚ\Xp<fiռ`R+16RI./ߞ+Z:1n-s`AʹHz˴WɶML56")SّC_Ǚb=-Kr)7j T/{)ٳbTJ9J#YKRyAC;e:R&GOV]=h\uʕitU (TCGr?o/ƫUQ/.:C+ĭdOX>v|!jioxk1qXgw B3s=BA|it/*8&=of|ŲsNĿm) bEf& Ô{t߬ԷMYXPxа5u9=ZVEFN8#U]%Doe}gBYyi#L"X'E4eqXw)kU SrZj9eg#7T%Y&Fk~(t ʼzXv(h 4|f[@&ԳRwХ`ҊLl6Q=_y&B>q5'FK 3@D|yfwIi(PX(($\I54gTڙ OJOYF1Ia:ҽԼ] *?Suir3GXZ;oqqlkv[왢S<{|oR1ʼn@pA/k*9 )P 'zNXW+EXO?(@7Ȓ-1%QW,2]߃*Xj5UJ6bsP=43𚫧,P׭%#{k~L2%1KPcMjXWrcwU䴪#A3,YejoAWm}tzIm:CJߚs6ޛZ4RL[7JS.@ !փӨ%aFlR "Od0Q149pwͿE-58ː[~sEMuuWFG x`햆j; ˯‰>k{ |8\@(&Q%)mtIULlbk_F;Ih %m1hn xʱcH4=zgha?Xll3>Jo;jˈ_ A3ےeK`7%j y?ȆMjCz[=6RZB(ᛔ,#)/|T}!!h5@-4DpMovV1$3Zr=[(}9ի*xJ"Wq'9ˡ)`d)"N i)r}زwiEYH]ߜB?E/AJ%R7w9!3(:$Zaù&.Ȳpr1FŤj9 #yl,4F$%ߡ{Σqy;jy@lno̭VaIДd̎T5b? ljYG(BC(+ !N+hw#, Y,%\dr2.馺d]#Nذ* 9?<P =Ń5# 7A`_y4aL| F@f{ ӕrFt "}R8 vɦ_)o΀*6qH3FJ;L1x-Yik弝H5*wԿKT>5iinxDKHy c)WZv0p"FvenEoPx?@U0c}# F=V { ݣLcB 1WnbHybZXP]nyn GMcǞ {VE?"$Xp1ā|kn:]#UYwF4,Olڄ ~ʾG?Ks[8XNR%9܄Yz\a٥29Rg2%\ϒUklt:r{].]a c v) )B&2H7sH v詧87l;@a;[CA"jghh5'Zv3?[m(&ӟ>@71[tH!fZoeyUk ڋ3xTl2#a,#9 U$IV=-}ALoc K\Xe.جɚdbkEPtc*Gy}MzX^>j_G):\8IͮL OV6I2pS9r<%ljjnYgZ21 ǃ+r@5AB2MRBB^6L;N9ugbi'0ƭ{i66_3:#u+&G"-f(HzMӲ>@(g/H?moq \!{s>(b-^G nQA%o4xo:Y[WUKI[/̢ "#5If}8/{C|.W(DeYiF4Ս/|B<Ƽ;d pЊbDh>1tcJogH`B=^+@ OfǞ0蛿HF`X}݉ J.q//iT\45 џ*.ՄpSB WS-a^@#'0PZQb\EHgntdDG*_4k 7~;>mUr|!Ygon<tԸ,]9aKL#a~kʗRTୀ)4Ʊ땾‹`*% BE͟1RUgc:cf{BMBLPY.M_Z>ɒF7[Տ7z'X>-<>sM6hL p/# :_!߹o_6TE2?k:qe ka i?œ PگDo W bvh1#I؃׵1jX18M:ye Փ W<^Z(`xcv*ŧ,rgO7n2dN7j*3d͕7Vp-q~\~RKegm0(BW bY0vН~J8-yʳw}"]O*&-[Qg{3<0fVZ2UM`ytK]ֳ؛f%sz%NQ-ހ2ҙʼnt[ @?nq{^0 ʘǞ1F(>wD0҈lD$mxϦ@>a"YX+N>!St߇Nd*J\>bdѺT1NL7f֦$Nu(KYG%g>Mc0]!ƀ,Sp JJGg_VQ LJ mn瘩s[jV;xTH ľh,fDS(x\\sU; QGf%8 -C(O%гQxnE5mɥ?EhKԪ-<UM8XT0W&gF:Jul!rSϯS8jD=T lC:ٴKst(َ =ZrRgZt:iy t|GIjZH(yj#Si"i:4 ߻־.89(%3),O`MwKnʰcәj9zP[)t1wp yawƶ=|·R£QbWIpʪ= n;] gUIoLƊ.<1,G?+=p".R"w4!у/gMiK s<[LFnY 1EVs[mQBWǷ34= =.!'TWe$xiw8D4>25A&kJM' Q S9~te>rKiy;/JY҄'fj-G锑lThGj`a>=Le,Hu2*mEaքDy.[MU uhrZ4O&y%,V^9oan%HG/ܤݫ636^g?'(!eŌUѵ`fWmqO۶ߞMl @HJYOxOܿ[ X(]+H0qb? [<ɯ r+z ݟf;"P|?A~pskJ,HPH@!O^@[ OCnȴCv`;p2&?FBىK dF\:3|}lUip*)0EG- 2?)0_mN3\I`so錠4H$TW{躩%|pIźA&8+~b3}[8|iwE[GO!}&}e+I~IApX|?'}š{a%:=vk;@75 KAa>\j;يXB-(l84DC߭rA`6@tn|CXYD d*ӕC  Cn+Yѯ57sc _km 'CvCzͿ}յϖ9s&p`+txo|(^HpHC^!eRP?5BM[DWG2 Τ/[

vL\k]D1&7CaPؗЄ|?6Y(!!o(]#ln ${ElUN~ f"W)GVj yNMW|wlz` "XC;SfxT<ֈ<׊G ir& ?4fk*Zs,+X` 6ŝm.lIJ'hTP[.4Y$͜M 9ɵdnjw,-R*?u@D[A 䩌+E:(xR]6W\ EX˧; <{ vTMdۮo /d 6?\BhȵWtgwԺ\,VH !FY(<ɒy AGLvXp|[igأ C}YM>t_tuG=PYn,7@n`aW`j)G{nyxi҆# ^? <&3J 6-YɀG4){A&T5)l-Lי1@a2omPj`uP|-#v\:^.ПcxIa6.s#`$σwWNo([7O嬻RV!t u)!:%?a=(^eNQ6kFћ堀%3r±ȜtYzJ**GJ@Ĉxg1uӸEsQ? YVi hTsz@ꯀ2qeG+{d̨( y}WAՔ[NJa6EI #ƜsȽJwؗi\O$Ƞا*ٹ3}^-a1Pt6pzs3·bn0@]xU.j` \v(xe}!ک avu):S6^, ^gIOB?۱@G]{4W B"cxka-A`~dN6X`+= t/Ted Lњq$\̌zjž)=CĝB㘶s)OJty;J{4UYтi0;րBTȦֱJ/BD~ i4Ճf=U_KIڑ8m|P@Ԗ擗-U{\{qGK9G}?\)R?תίHVxewι><ƣ:ReLgcң <ḿ-SՁ좬 Q?"Im˻FaXn6aFPdY֚s6 30,h,m{6zVY u:NI3M(Yfy'n]1ϪVOq^۴¤{dV' |R( ձ}|gp 'I^}' bFE9]U.qv{ @$=R1vBY1~O7үXwKge1|f)O0C ;1ayxRR?̼ + v6 uEJ Z3 v;eUj<}D'hj-8MUF&cYB=_mߨ`U))#P~[Yn>O 3R۵t^\(^];eTXT=یsݶ) BTV|C.(H. dTwaM? 4͖aYcDĄCJB@d; ?˵4ۣuн=Q:4k+Wӑ(xm#־+b&!J*hX::\4Q5!팕ye-7y$9J.'"5554h?)TmS2ݎR:_0/m> ;b@bqTΞ\)eh5Ba.k"6T!-; 5hv^0J%I*݀c]]7bz[`tx͜g-*=ػ2eZ xm@f4\)PJRSi0Z"Սy[Jkщ,.5n5 AV̫l.'(BgS] 2;5&+9}rݷ;!AW3ykr3i3Uh_@Tߎ#]Skk"XE -MD:G)ɞXc(Hlњ @Wy!&l8]nYq{< ,x*pʝhR۷]f{ 5`gPe(V:5݉DHCTx?EU5K!  ȴU\7H2ohd/[xSyE "=$NnǏcL)䅪F;a9.( 5 Sj/ @#!N=$6 X7pc"Oò?}B &K5SF[S.Bp4OG_VŌ*TRIb@|K} JbwdJo) M9s@(,1y;K) KHyю;ɯJy^w$^+@*@5jg\\6Azl [3("P^_`ا/.48ȅ,4o9yճrWF(v]Jǭ$FӟrJtÍ?v$kFbV_G[2T!Oo63% RKlՍ@|.2WS}EhElTABf7c6Ye-cLhQ+U(vӐZ-b)= ʪ^hzOS%XXN}cOS XrW(R*5-n8~'wh9zd=ѻCճGxkI ԟ  4λm.;B(QIcjwo]p%l}-*yBjJۘdG˳"Ptq^ԑ/ KGץfj p7 ?MNAL h1E1pFJy.`cդ<̈󂌋^@a*M/GǠSb- ݉MbT=/V&WL#W p Ƀ_rn8)?v{qÌ!~+D^ 8s:J 5Khbt'y_j{^Y4zVQ|ZTfT?crP*c)u~LXm#]*E$L'y!K70Dl')1jj^!9EZkbڥ%nrO1!>F۔, ns lV-sZ3[AXOw8FZ1y9=9UR bѾ0ui,XX~<4**"im/oBtGckȱ!!f>,o2hh dc,bOT,pMra(Hlr3lcYl@WՕ1&F-#V;r㌯b"cpM]r3!}ρ:s +qnJE2ɯKca]S i{,lq?h.ʟvR|)w` ;?2#S Z RK( M,uO8 F']!`w$2p_V}ɕ􅠨@^ө٬d ۹7UmP,FC1oJ:7uYuȨ~ݓՅrQILž *ވ+6ݳU }|CcT(*E7khgxbXv ʹhTS:v}y!. j̶sz|\\oAnzx)=LXwQPSHW[;+.~+B~{4Oy.m6=eXxʀQt1QDdp[קRR 7K:d a 2ZKoI,}(mV {=h.}9<[K:mqB?ә\pqRd%Zv r5͜~jQ e.D.S_h#mo͙BsQܠJaHH$ VՠuZg՞/tK%yv(5ٰ~y:!k+V9<Ub~ͽזeB$Ò2@l(ҔNB(&jomWRA:0}+R757l1,IӲJP@Q Y_* β. G:OHi9.)q32]S<\-/٧Nm{3|S;!ȍbMs*u&mKUhv,pҽ5LnzDҾsͅ6ڲX[9F4|lB] dfpP۬p-d&g:ܢ8( ot6`it{3*ϔyB!);VML0.s1@5Bp;Q1X[*3]S 耠NHYZL;г% ݤ .#:_w虿gЩs2q_1:7|L%ZưIh)o,Y@3h4Ǒ> E$TJ,9Ҕ, 6&oE|D1=ţUߠg0zEKL[_wz\_G|I!>o:]^KzbX*N{I)^vje&@7Zg΍(,rZ`Ep?:I}iDc!y$fXHBQ[.ǽ7m:+<ˈ ʋxVvD-oU^ ֻ"V2 ֢ |R73S|5ftdvG3=Sj'}|9-'l㫎QߌSS6hChP`r$\ܳr؝M/d!Y]t<3Ǽp_y ЄWyMHĖF+h-1!vC8lF|\%h^?l%)Gh7W7$:6hyo8ȔFH LAPj͌h_C=Lےd;?L8ʕ2$Y}ȱad)>v|6&}iTnĽBSAp/SJCpT+*ߢFHgs`NXvO<{-{Zכy_<렓,}Dx=| 0O|qu"w$4 \DR%|ȔOxقN^BʄP&$722n>K0HD,<jf_shMmB\.(tatI퓣(E5V?vM(n{ m"Wދ5mN.WiK\q˱a)<;c2(.7Zu&qU2N =57z`@t煷BT ӎQL K##VI?) UkJW5:'f1ΦZd г[,. gkԴ]տC#вȐ)6 eۋC|Tܖ$/R-^`8k"_YX~Hzǂl5g, aJs&-Csp7ٚύ;Lg-qy eh?Uݤc k9~ PoAZ="ir~u^U1Pg̰&}-|xu7W~tj>(1ZZp :rrJ/JM#Pr4M2~C9&F8Vvw޴]{ XFҔ _Rl]h5͈A{m?q}ڻ6")3:s+ ѐLFaHc/&3Ye4\;ٍt)8ٚ-ż$R(ܲl:=M6'X y _;zۆ)+1i{*_L)}7HdѺGvmu= 59 M8mk7Ө4x aU<ʣXK61!WweoǢEXRX8y0-+|ӎFA}+wXW&:N X9m]Nԏ8uuP3ynz쀃bj.QBeL5F9l<7[l)Ԡ\ K%WsxJ.!JBf@M%CS8gXU]tчk6Ӫ؁l]ٱ>wY3v=.;ݓ 90}/?!i=QF-Y̔!(=4{=KgMp I|]TSa,TdUwOI&&2m Nɤ_/Ȗj*7Y& Nj6Ҹ#lZS.\p=-0 iys]3c|.TA"Eqq9B,6Ck 2 A$n`h/?55dAj€PGg|өq ]MK7ĽKh($Ak2!\N Qyg~a$BrxQ m7#tVcDVE v:%a#9j]ug:ЇBX+}GaT"hSzETϏNq|,N4YU p2UYT31څyDcY*6jP~Gp.yZH/|(p*:C$u-|RP4b~9ʇ8'< sYbj.';(! aw7yxLVÈ.BEz$Noy9O?%pI Y̔_}3 8:&u[ߞ;y'UX( [ p5Kl=C- K_ $#e`^D46H 1 \}q6ꢗlײ ܴJ2O U$v:˳ <͖Nhk$UB?X :6[«H :~9rʩ: V(D&2ߞ\7l,ܶoZΣ% ciqAs{Ry鑙|Vy訄Yo]dO[B $t\j->)y.1%:&w^3NJ$Ymd:+ۦ1'vOt9ej5y׎;)|'{Qġ\ho(lawr|XvtpD~rՔp3@)lX7Ai;sg۾\X9,$…Osn0|\"]mclnZ;nrWa`&2EeXx/hcySXyN ӟ}lSk%_0;ϑֿףI4jM,DKL\$L, s oPsTPA@W]߁%|fy͝"]MȔɀ]MJ76>+T`=sr^1^*,2JSJƥ;<+ o"ԉq(!G8OMP_cMX dRÑ\40Dώ0y-<{w ±8ntjXGz[(=乕.5WJ 5E 'tQ= ks;XgέݖӜv=[ [#^Ș-5L ~"Z~L1 4+];7<?؁/xO \ =衆К׆{pvo.x8Q=)[ՈE=J08(I4~Sr&t''R6𴐅;Ni]â5 zr7*x<~.|̑M6{Vک=[)B`;R%=wv8QC B(Bݣr!02Xda{ۦ#p3Ȑ yfEW'6XN*]<˥"N=TC-i ?jGu`V-B/ CX f43ȷo`͕'4#w8"Wχe.8GóMa?XӾqֈ;L0'{>a_ 3Z y,M)`sj=/nz, ™*W DRN:]qh,:hUx(y_%6ΜJ(=FMWz"(5bR]}R0"Q&]l *S\[@|F9)tu Cuwň$``Y)Z0f2uOE1&}7c)*+ v{*~ hmue@y1y*^"v7fQWRƆvY^_X{PL:a)ZX&lA"H@ٴ;bdW]̑のYl<Ȼ88GĽRr َM$fO*lѝDKiYOH RkhejÝtʉB)] 7mH}[& H*A0cpVgMi@i)r} {ռ/RE6=TUkE츀9(LrlRC eXHԂ*5*ڌ"sF窺\o,V^q'ZAA~$kBnALɢ8u"BXx7 ]}aԼ̙ d? un!D7Ţ">JN$L$4÷BNWikf'Ԩ }`ڨ bKCȶl,U}P‰efs9|$wRK>@w7 is/ z }~R"g_`"dFxYvH:c?5`yRnJ=̇ ۬W6e/L9h}ǙPtֳ)d,NJ'a8JM",W󳔮 ˎ?ƒ>^C*%_k);{|o5̎c$&i0Ċ42))PI{4r\ hIю=@f