sssd-ipa-1.13.3-56.el6$>H4fOBi'>5?d   6  <BHd r    +NlJJ 3J   ( 8 9:dGHIXY\ ](^b deflCsssd-ipa1.13.356.el6The IPA back end of the SSSDProvides the IPA back end that the SSSD can utilize to fetch identity data from and authenticate against an IPA server.Xҿc1bm.rdu2.centos.orgCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686KA큤AXҿXҿXҿVpnXҿXҿXҿ0320eb32e3e72bc4bc69afd1a010199a1c9b2176bf88ceff8ea56bc0b348fe73c1aed92a7c88b149fd3a955697f81efc195e82ae90fd7e3db91f9d81a3659d428ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903ff38b7e34d3b9ba462874bb7046122ce5fa8727b398213f7a8851779e749b02ff118723639c2d6a96917f174add580bf133e4c24dbd15a792ba1b1c4fd6f1293rootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-56.el6.src.rpmlibsss_ipa.sosssd-ipasssd-ipa(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonsssd-krb5-commonlibipa_hbac(x86-32)bind-utilssssd-common-pacrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libcom_err.so.2libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.8)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5libipa_hbac.so.0libipa_hbac.so.0(IPA_HBAC_0.0.1)libk5crypto.so.3libkeyutils.so.1libkrb5.so.3liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libndr-nbt.so.0libndr-nbt.so.0(NDR_NBT_0.0.1)libndr.so.0libndr.so.0(NDR_0.0.1)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libsamba-util.so.0libselinux.so.1libsemanage.so.1libsemanage.so.1(LIBSEMANAGE_1.0)libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_idmap.so.0libsss_idmap.so.0(SSS_IDMAP_0.4)libsss_krb5_common.solibsss_ldap_common.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0libtevent.so.0(TEVENT_0.9.9)rtld(GNU_HASH)rpmlib(PayloadIsXz)1.13.3-56.el61.13.3-56.el61.13.3-56.el61.13.3-56.el64.6.0-14.0-13.0.4-15.2-1sssd1.10.0-8.beta24.8.0X6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.13.3-56.el61.13.3-56.el6libsss_ipa.soselinux_childsssd-ipa-1.13.3COPYINGsssd-ipa.5.gzsssd-ipa.5.gzkeytabs/usr/lib/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ipa-1.13.3//usr/share/man/man5//usr/share/man/uk/man5//var/lib/sss/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH6p.]"k%w+p}|,p35BR^Ƈ?9̖ 5!GU3E~WFz ڭLs^Rw-hQV9$bXAYr>#^meD=Y.abx 6FwplC<]beH"דwk/VBb$[3y60,Jik&1 4gIG-b?6akljMTrAfQ|=6Єuw~A ߭JqzK| o-dBBʭy|C6g=նyVh4&cc%P%Ü0ŪIx,&i)pr 7SK]Wz6OfaPZzlT<ګ+MUޢ 5s` ÉRˡQ\|m/!;{"Irf,L^uoڬRm]#YBFX G4ָL)<^:YtR*-ԎLynj%H~DY-Xul~i$<Kft5 2̠,^,k{ DmQ9Ǻ` E#ἰ(o)HB=7-rp_!1#?[2Lq/gą /F"\EIXsgPǴs̃Vۉt{?wDZ:OgL٩c`D֮>7nRe7(\(! wZ$lcި?0mxO+9;^#qN)x 8AT@^v,פkF&, .&('=KVRmATXVatb#YܒP%VbרJq>ƟN!Ȟoq~՟KIkLb,b#5"pu&V6zU6ۓ]8g_LPYDP#oceI[*iYzjۚVxM;ihB@ktAg؄Sd˻׼1 I-esTЊG:IJԬl.T{{VWS!!1Ki|$Y0Fʻߨ#CrծGfj0bؐ!/- Ձ3ZHMMU L9±L 3z!Ӟ_` a&ե2hEp5MtE8r &#ϤEx]_$Vh?N uQ'@? \cd}iYrB*=Ǽ&MwE\o|hSs]C@8ES@nlֽتCP_eT,#YTp}Mtڳuvܯ2'(6_|/;'yad 1ܹeWOn tGq3m!%G[j񠮾Uvo^=FÓ9A'je/w okvH !Argړ _r/˱%_vT9C/&;4QVRmœE)1) C&ןQO*?IA_܏^$įIOR&@ȓ_?96'`>ԉWḄ2:\qlBar1 )K e-&՗-\!kEw44Sw 9Rmq aY(h2a#jNG3+q73J6&u =9p=Etl3%+U37AkTHQ9VQ ʫ4P!&pzMykY/{ݢI W6"{L#tUKߟe8Q]sniD3\K-R训v A4D|5owj"猀/ lc9(ei5}s\n7&A~Vk$>» ,oS 2e7zztjwul%`^he e?9i$x`CLݳ{u%DŽXk jz(Bߤ D5@v5SP9R[ ߴT6j3y?bʼn4a?J+]PU/ T>hh֮=7Ӌ}Ǖ%l;H6^K'y=Gzy"ZnGJjU ba?̃'q%%I RG l,BIJw}l1V 4К4wH}yKW@m$Pym/66Jcj*s3ahV2fA[TU6X/s 6PS(˺]9N'תn+el+|ߊ kt өВLL?>0u6Ơn1w}\M^.*s^־H9eQ zBҤH{43/Xi0#5;y:M{őU$ [)X#Ov“"Yu*??JXK*8dRӍ{2&mH}0H?W2q7]m?!cs3br# Ta^o PRU#*ݼW]M6!Gb@Ƃ2`Th>XI]m!}\jRQg! \bHw^^`&˝ {gD+偈Fy5gG.B^D e\U|Y3xRn)2-ٞ݅:+s7HZkFU2ҒHFW&ܐ_,ӷ[\D(=f<r%st[n,DF|AvU"{wJu[.N-D^( 5AHͽ֒mK|[L7ŵp r pj2JѢھi=pe?\ M5ekӦ+1z0S5Sgcr{baXݨtKs6>b /䮬ŴOw,tJf o.ՑǮSyJ^biও"G*{KP[$qR!@EI5xcjDPhYk9Gi,1VrkߔCט̤T"yjᾓS<4e8zZ&9ŞJ"ߢz>ϙAY}JzLSO9&Ų>d"s"%ʮaVbq7XIK}Txhr':77Dj$E$2p'.RTeϛnA 5(e¢?v Lp=6_Jp')2>0tR)9(8)@YBd 8l선EčoRm W(kd8l{W4K΀8bguhԄ%&C J0[iA&RTq)K|Zlkx+4eRѾg\s݄#+v XD4M`⬊(}FƲ鸞M$ WlM|<|7㿩bi;\Ha{,Lbiq]6C[2j+}#ZppXsS]K}?uꈆ("@Qa2ʥHPXkYOL|nBQe8on 1<(raPeQ&$S_*띊yz“̴PܪA3 mwn{GSZ\XA]y$2D]<5H%eux7sg!9 o zgJ:mL3T^ю¦c%-旆¥?FYϨeƨƢhDet#Ns [DYn⣙?˴³Q~@eqHemOP݌.P2Z\5'ɛ߬j(h6 Dp2i+c+gT|ΖEˉ:1E_@fgܩkCڑwk|q O+ji'KRۃ`hd ;Dtjͨ]g&Fנ|8[6T/I8[e8H>Q"m|sلx8/s~ꎙ~I?HωSjJb( S5!Q"BhY"RI*Vjd 3D%f6@_h92ΗJzD< T: U {˭.RQ L%ҥ3ZFSUĎESߒ:B=o֓H)b)T*WfhI og |1[׿a'?r98շM7[p˘xH<2w2;;6jF9Ae,V'/A{70(\ƿ4Mhj3;Pr? # w5rF2HFM̴=i1`ذU5 <1pd`WE:Fc垆WۯC/_*ˬE!97ܼ d=Y2mzQDÊF*kC)Ε6ܥwK#j,BOX3u!h#; 6|LV;*;,ģ 1o*Тl=ːt,&[,K~cY E"Y~1 63CəO. Wt0&e8ׄCDFxєd#1"cV,z0T G@.u}6xmZ8j& ݍlAqXdOƑRn[ƺt˺Kn{Oi$Rfa9pX ae"?8:_iiX8Qg<4~GFB&1 dK}KG(}dp?鄎:]h FPJGrNi&=G[HmN{>۠[\4GŨђeC,zT̪ʴ(u0 8dPEA.,ptYjM\Z1m@J^m;drꚲ)e&1{2JShЂPpraY' (7]s\qOq2lK#]t򻏊#x/|IF!1i\f76nB>%5VᇰY98G-1$8?(CSRݯ>exͮ}t+b âQq@ zQt٘)k9,04Z,3`AUP%i k.=CjLo*vw;ꥰv2hFm+P9Rmə[-Ugu#¢wwOb^9Y@qIp.LWIǔŃ\ KFD/E1'8j}ʄ{B $aVEBna|;ŎVd|f_Z!5߈2 vNcqZ|x\CoG i;oT'qŧ22*g :*FO%ݡ07 (1%ֹilYnx EOFn]I2*n-z<1[v|ͣ0?Sn58JU JMτl2 [+s(:7i^QrׁT=m%#6T7[#Pht(]9N05߀eOKRe%cJ)-(=aćfуS`[h\ff|B;{2Y}#K(`Q* qR_iWZ4/&z{ [$D-vnx06Ё^~KZ4R*QiB偏nODs,g?/'p}OR5#mه ᵄ.=c"-mSޤK3)%[|J2 %𩳫evF*'ƩH]c>}zAa tWoyK'⨘ r#EVYDs6bM+PUkJ6|╪>I }@T>1'S+*z\IEgJHƕߵ ({$ lE"}ddҊ0O,qQر60GW_=eN:uKo"IDt}ĥ:G }*QKOZ*z Ҵd✊tqiK(A*U[)]tܾw驦"BGԐcEq"+O:c$BBѫWL7`ɡ 7w#KݵAeFnBujXczU,~{4\ÄqvLjѧI-iUE1=pl:)xʱ*v{å~ w <2 ssDCVg?p@˜Ѥr41aP/ts˪Ro&#|XfV*{¤j r7}.OvtSHH_0gZ#Miw9f#(b+`Ilt.UD[><)J2إb>qh`Ce>~MmGJ֐|MFv\TeQJ 8!}O5Mp}R=X^~^ 7r3,al9k 4ϓyA(4fU }`3c#6nr9+(ҋ^O)cQ˦I,%f0}8M,\X>aZx2RɤBkg,qXrEX kaXנߐkRp@Q/= ۶SIv] 2b< $aDЎ9@i .:1p$ԣpR4ܯ .:c4':%sK?xPT_Q2|Qj G i՞_hCMl?si+'  \E s2ri6!u2rD_-8v3gH[QC!n 6S#_d(<Q/"م _$"L{ d/26ȑčx%&MDgX˗T1FF*c~v# 9n\ֽTWOD6 `8& ]ڧ7}X9MR3Qq&p8]R:hcbHu(/@Ƨ LKnɁ.tb># 5t@}]OCVL2?ǐlcuy/ȉ̂-JgR6^ȵ`)ZjJ1A=~nB>x -ilEY÷~$r ^{V^ 2&7H| mYm)@sR5f Ш)kǽD=}lvz~ۨ+pz7X1q}Bo׸8& uE)5;RjMq@A 4{O P~`wl4Sc]] /:-JetU_on=HxٴT }([ro>7>TŢJ_veٿo /wRıi -QP_O[Botl񩌼]t(6tc!f,5GQ )76+`.I; ƭ!gzT>DxDOֵ7Qb5F(;dK_ <}:r\O**1-WHgrXރeOfdݥma wՕyi o;iş_||_N4"N!z iu` <R'}6{#q9ccIz̍/d#P`TℯeʙAVY[C*3`VE /V l l)Cu H.G-k{>_K@%!Otڤeџ|3”RJh\K+hX`^8,^:bIjued˨6Sk U6AS2zЗ܋˔N/']f*6àyK*يc%NRPO#=f)~C`K|Pfnql Xl~'9^#U~YY!os iX5DC] {&(uk+R x,eObbTzQpvu#i>%c b|/O_|!0XӄrߨێYƇ#]0ػlb/IRR|T}`57Բ͚tL?tnTE##j8㓌r|(Ŵ1R X`p C;]堃޳6L!0GjۈɶͫjEǔvQ)4-ZLFcnRS 7o(BI ,'y3vw,(璎{-1Ŏ7 dM9|-'b H1u2jvJj&z%{GC̉4_XɏPVΛJevDe:!ꃹF8=>n'`VlE1L +]D~{\"ރLNJB Bʼn1uRKnFG*gu%JTD9m6!v^57zP 7$ҽчHIplH9 pϱ z*I82d~Z۫k[IܝTzrøM?JqOMV,61 ]̚8gp]|[nmx9EttY}^oOr& U_Q)bDDKSl3J1b.[剻a.X ;#*gҕywGb 9'g]N1ˠ#3SuʜN۳ ',>;CHg2X*KiHR~|Cc~e2Ͻ CvO`!ͶMa0ڔl-MnCY@:$Fx֐8|Y-*o"?.:ũ0zݫ>YAqv=G ஒF &eVAg[ۈYWS{P(D0}QLq$PfA=旣=y$Nz2j*R/C41C$ ]y.siUo#eV|Tnja{:c;UF< r@/D'eT//v7/h|,=.~ T5]i B3$.ID$w ea9|!}r y&cO1 ַ)(+ozYf,ϧ%Y'DYMHe@7<yH[~J'0״Hjst Î2q7&@|TZ<[MjԑuRRAҧЙB툡=ll(0K]Uk: /hV? eOUji~M^]_MC St%o#(Qrnz~&I+UMMsjX͊ܧ%5|Į,KUo~ȺMigrfT%qoxUJu ~M=Ӽqi$aA«FɂMI練f p$OuOt6:lfO?g:=A ޸ӧtNOnZm*a]sa9lLu.tkY5hF`&e'odzh..p,g]}krtSh% \6| 1soLj+1<">8rձɽ#5Bawz")&ם׽$ wS0YQ:>H&KYR죲O/\Fx3qjB,0;Ԟ3KmX'LO;!^3`8 Wȃ}]roCD#H@27^gHzlDh?@Fh?q-ڨ Qi)g'RNGkIhP5үx: G.9[wD*@ޡk>cvVjst-' l'C,O*WʖhȎ4FEF(a 'w'`n)4a,Za8ޙJ贴79~12HQ#̛ưfفQʻyH2%1 wtnA0`>՞Y~^%=u_[b菹r#aNSOȩv $3\HԒbz8^DlrƠO:?@uXf`P"@6.XvY Z3U~u8+`)ߧֶe%J@>^<[:7l ".Ԝg@-,é3zQP=?Z-~L̈`hyd}d,g5jk&]aY͐?i`I~G\cmF; q/\R)&V2OF0gM N[0͛A)tQEJOcg[ڨ^^g}F#CrBBR "RJ}Ct)X[ҫoCvfybMOdTd!ʤ"m5*LO^WtX [8$67t<$;hֵptG7Lz Գx=մ]5umM44}`M(#1dV1`ft.20xz-l3z㭟+<4QU_=l?2<@އRI=(+J/;"kDas$~mXmdP` Z&#t~*WPs G@@@}*` ZT0м;Wqylg5z vLPpk FÜoR;Eֱܑ%IMP9"MW:tF^>c-S;WTV$ joAE@QR+vztV[aY"d)y N;Lюs.J_Eu͆uɾ%k3;"!jHy|&*pVoy >QDҁԿujڤwQS$xm>36V{06i'}ּ 0Sa=x˻t&4)4ΓܘU׃T좔ɞ;74Ѽ:(`ыwJfLRlUl7LN KxR~Ve.SHRZ'-I220>w`(Ju6z.rAZy푀%A[d0@WLF9ll b~2?怙]@ S,; G,%nO).gO XdEH7ƃBt~ (JOt^"ctm'p,=Iͣ7I!G',no~pʂg.$]쐘bBXLs$צ-`j3=R*[!!N (F1QZXИ-νWBqTcf$G](W‚%?moұw;]0W6m^32~]T(ʻWfq:p`}*/>H5z* gccdƀ oُKil`7%>`2 ;crWVKE&1Rz-Ll[P$E3 P V,ۄ"I+ϰy%>1#2ejOLgWØ{-aoERry!;KC/0e?M<4e]:o*O+DNjU1&P(Яk.TL@ϲ? °'U|ݵmPIʿwl_c(> 2׵*Dgh= qr ilyˬz+9_#ܠ48UojM 8wdHh tEW̬\{s'Q{^0ߝRAQ~)/CjzeqI&B!9rgwZ@^l9sh&0imZLnO*mlD7ZF^רv={>56)\k9[4eG:7P5:#́$g(Ѝ[ 97d kCgu?=+6i. LP0NYh-k^&9}guGss8wa.m)E"3"@"0[KxcjÐZЀ.+T|+QikcЌE 3 N6w$lIv>s i)zHR# >kg\G[ȧE7Vɹq h(3w)g*R?&@ _dpGrE=y[64џ};l+iZU>ݎa }Udv;SbJDoI'y>>R<~"8pK Tk҉9ے]خy$l8--ss#0!X֔ :/:Lįr7(P0Ce&yH oao`XRtc~ n }J9#N~㞋׀UB9$q+r/(}ܣnm9*UҜ,/KͶ^qS /tnW湱OҽGY'!DZA0hl(GЍ&˳v0~`yO[k],o"--oqog.RXh;슴 LP]۲!+T 7o E)}F" n_۫y71"2ɤ>V2s /Z>\?(@$ O ih5 ɡ`_j)]")ނ|ld4T,vgwPCmbLr]5&rXB d c0"[D!b_T>qZ^&,bxW]tD{(Z)["g/ۉuHrx?W@]%`e.40k|r'wy$oR(\1h7oJ;pJ!LTGuxgex?Eqξr'"ςq} M-WM0D]+ ͢ e 4˴J7œKwpD(bwh .b>$ vdt1~u}O@R-#I+Q"^uz#v[Vo@LQ* Re6/uf+z?= U^ $j יO"ZɓĒ-ʚUmBIAZB׉FToiNph\Ce&7Ni"M^CZSZCՁwTԃ ŪьI_V]ތϵ}%W CZ̧HC&!8'z/~5 e魎lt0UI+i~4T,?[!gn[!,ݓXpw:dUGeX"6 _|6M&׃QcO!mO({bA\[-o2z.v Kb{ԝRņP?L6E&fӮmH d4'tG䟉lP. HXxˆ:7-wfg`BԌA*AE5 yx?d& u wP&3KZv7? nq'~xU |?; }q < A#ʵ#KUJ(9YR(\zeKUb>+,h=B loX Y~cNh  IAo /&a(b٨u n{j9wAԺХol.64R0Flr滚)[ݓzWud,!iC..4+0B!{-%3 8'I-&[@=lTFJҒQ̵ QwS lS\ZY/*lg!X3 :5 `ԉJۦ+B!zA*2 pn\,t7?:ޓu† 2Xé70ѐbtAHVc/lagpr 2J\+sRC5D/Y+soe*zR&S\O\/ }AAA#褞VUbT nIMV=R9KvKLcĄDzc>tgTTZ퉲Yz|67 ˈoU8HR+7=do[I^ZnT-3l`صSa3/)岫ul@Kr~Ս+V$)_Wդ_DXb2ܓ/h~ `&RӘ%xŏz,σ]I\+-T\  \?2x5=$ IEG9Ljr`jƁ [w"^anp ujB9/ZM[V 8vl<M1dUo|3¼ž?ظr_>X\ll&"}g:x$5^|'{A焜Z`k sBhQ:0w0WĽ 2/G},6l,gt]S@p"=m~z֖$0]^{ XkgkY>~q>c;%&AjЍqlB5cU=Mlj q$}0'ں"+XnlOL|ώl?fԔ" F_e,rN՜ok ~|dQ  E C%Q6\A1<0 ]le`u>+ - :bG v9XnzocļYc>Ն}HnPbwgUz=4p! },r>:pT~_ nd[eLɕ Ʈ^PXYcC.,x0hWw5е-fQ4U>~Oo.;B[ɗ)̼qejb& hWLΌ{,| lK'ɫ1 m(S]> #1uQgWJՎEDS4`~E~5\ynLcA볅j2W`r"@[ HyYz”Kȩ|{qAzR= @T~ɴѓ3$8x4ӹ,H8]m,ܯ=WϊhH'dpvao pkF"d9U(5Cs$~TU`ѵ1+c'LybhdeJ5c *Z_JdT8 tt$ӥ!:l5XX!`ڴYo8~]-z,k,Mt?wzGC^MX)Q@ 7# {XgR.[ SGuWJxR`lx/xOtCxvU2E0BKyîLyzR M.UD= zM/VZ՛#{+SL~KLSbA_D;!z:_"RiX)In;S&)R˟\!(^؜P7᥽М$S9z0 QH(QaAmD oͅ'H}!PCk-ٱl6qx,]~CR#6rq2U0CUAq yW?'zC s(7Sz\r1:!n?gh>v mfx<[G˪ r/z32_{XD seV`q;O՚Cɮ@JZm|'] 0DPb'As(vj"HݚbwpHblF%%+}'y i)Fv:_s$!LiW2MmOjɯ}#)Lu&e,]Y8~X!c q̒ B"ǜk}U@׬gѳ_Y;1vgXx o7͗ zѡLȍ<q~Wş؆V) +>v70 D?֮j`0}XDw#& 1(qZw!|v>&oo\?b4;QnH)$Tu~}uϝsS8˗N*Q;ʰ椁K KrT0rU9h5 {+\Y2: ZI'$fK6=jY Fh|bq-3 K0n DUƍ?KΙn puIxjǭ&Ѹvܑ=xWfD4/47XrF*5l9ο%_w+^&^> pi͉y)$7=(ҠBRhê>?8w6k&WXUq=%7Sd%, 8Mu~ e:Acx~G8Ca~,anH ]"*s^NF``[2;4z^!E/ $~W hFMI *P8Mٟ!tL~T-ͽQvkg.Y08VUAEjYlF֠`pK!FUEDLWvyRyg K5=}jMpam/n0X/.,o.ȳE!B ЙEШ؋&UE$XBȄ 0x{7XfO9RR->KCf0Xk v5NpCԢL# f|,eU4!zKBܻQ:P~wu%Pct{wgm#d8=-ˬE\V؆.]!..0ߞ1 ӏ[DJΝ}& [X3deK<8Ss \MҫŞYXE/:@ws8C7-g#VCz'*ʶ'L_O*x|}ȃW@NG%Nw(/~Mz +i4cѽ( QCH*m։hHǙivЩ\1-ixtfozmZ_%iSWg}J>=HV ;gDܰA߇Urj_"cکw f}A Q@7fOJgգfژ+MӱmtM5oܔk$c5GN$m!hin, xNS_ sITF<1b4cn5@a$=X(Gd=u ޙ1Q7&1LM5qגbJ f`K(H㽛WxTyIO?Y`QdXopO"HEЉDUwfz8&YrÊdyqӢYbNW oZWW%:l<9kA- dI ; fڟ1*?]w2-t e84Lf&Ù'+ֶ4ϰ.rm 9ʳ_6r9@403@;N{^֩;^kG@ yAhouEՇ`!a+N4@e<8]\Y[DK', '6g5зa5n_CcjjBi5ݮMD xb Q 9X]ko8qSb5o}3҉:R|uOBA !e[z LqڟH !.ƈVp$|L ܊Ra#WV*xTraO=FH1?yYq^_+,vxBf@(ɆA|Wtj(nji`o A۪@]D$lPLǜZ  bEűH:y;Xj8F L.-X H]&vIFkU^LX [mPKJNn;k)`<ٟկZ[Kje%\(( гb~KWjSζkF1kנYu0X`j"[5EAF: f8A#6B-D%ިp՘>[ӖOAn#(¹Dchn˨k{ǂ[<D$)iR2\[I;%@ytͧfپџA+^J" V'[eF=s$rWX_}|zR qk|hwm7=cEI'.\$6p=Z4%-8LNC6:XK/Vy2.\8kR|1˭j#{N #G5I!CD&-acXɗ{EnV0zRm0ނ2s?]ܸQuj@NQw)NZ`o|H68^4O1#V $Ȼ#%K[&r>n*leuI1*eQcRL 3+xyĄr.]Cx4}RaQcwt&EzP[G;Jb /M<7K?'fRR3d>控I6i%HĽBCzΙJWzyNnCm%dCE)˻K]wl>ZeJgOM8h,.8k2QTb(~.G6Xkr7҅m h NMп%95ݔt"1FI!C5/B@ԦB>줈BfCES:j ۍM.(W!ng.g(T#!YHy[YИTĤiW%2 GR}m0#oI-}ghQ:#nMjDCtٌcp_2~q"&ȑiDA&|,* ӴO]:vLu?oLp;P|?q BcFߔ%)đGPzYݶiv0%dNV,^˜76vk$8;ΘWsђsq<7K ׊Z_r |J YT7bO =s 8Yf7MEA#7#a kxNCfD8ЌOx>Q˙ cX%.>K~vJ))"]&z^ȪPNy仂d,~ ~- 1dXIyh1mJ؏v-hn|CҰѩ5o>N⽱!V(rigp*xƢC8C&H>G<`^?y;-`Y"v4|yR$DtzJReFPY_j"V{QG%gђ}o?_9YpQÅJ,o 8(h֥2QW_<:Ec_Ke<8MA-(xM3ԠC&(H{mCX2h0 k|w [݋NrټLy y<ƬU98Wn_&O&r AbjsX\(ncjsQ\+u/#dR 5}9FmA:)MU,W?{;jqhqYl-7pӪ1WemT򐐄G=@6`R$E}xS"'7qlRXFmf@V |RKhctj1Cq,|%:!V|X( (&%a %PS󳈉D;:"V*yuŪu\s6~vgA3M쟂*vq4;A``js9/bNf^B9%\HPH5_unL0et*A:ϰD)ӨBOcb# *gkZ,s( B(o@:ek焔Ư殿:)eXzN&C]փHlA1[g `Rz̽uoR;\W1ni8߬wznD.ԤZqhnZ 6Y5'{G4u" MbzVuɊӲ[= ' z-]1oKͪ?e rmy4.%ÜNVAHt,|Af)GءwDGeo0N6=R/,jwC"ՓˈI>O ^9caƔ!d:2k*fV.k(uB#="9Ukrejdӿar?>պ 53ZV#pC$ԲtaNhcCЩA| ,! sR-)RՖI廩r0%tE}';jEHmieE b)\XU(@spF@Խ[dR!wBA坭 !ؑ}(b1 JdZrpz\ng({Vz5FNaam<qۺ`C )lC66b2ӯ%͐]1L&N&94rO)x S#Ո&?T.YP .k#t c{EVOaTJTFhQ`6ʷ#(#Dj¶4FWc`CGn=0ۻ^Aى#5̤GG3q;2]vM?~@9c ~HAoJH0 {km^:-;hUI`'Y^ ]gat%v #Ǻ0oXq́ 86 9 ,y%"=eK Eow $r)[ȧtX8o8ڍ5  Qt ,R9Bb(A5!P]#ޅ; .#ϵIZKO|R8vHύP4ص]CV͢./pZ9(!"g1 `lKy;[$8`[D_>M}[)0fqJh " GaEȥ:P` vG^mɳ(Q6ə'|c7<92 ȝ0@@Z3Eģ7*dqq߸s;!)?QҸ+p+GVj"6^'Qȸ/9a߃WKږ?z^[l閷XKO^QԻXcf &;z 0GyTiF6 * _5ųvE߼B=,ӂx[j6p{{C[T ^m&PS/d45X`7zoYEPsV*Ӈ*szY)pl:HdDRI:})T )SFJ0/+ J1g4ʅ{;'- P痍HtbUy6m}b#9ScgzKo7 ͼ__1˾P5GSk&BM6Da N/䎅gcݠƝP/dXFT#d'x *m Tr(/} 3$$1@Q0njY!kW 6AW3jQV qMup,~B5Ǧj`D9 m!KJ{y9Y<&)<a8P9gl'*Pb-\Z(j]r=AKZU'}ff3(bɂsٞS:Ok㍍#@)=:n8N@yF橂f^x6*]`xqlcϭKG$AN_nG˔G_p qޥ̣ײ9هKFF%:@By6Ӳk>G *a O5mEX*t"Rw!>NF Y8I ᫔Պ7\D.1.Bz0[76)Vaegg1H{9I)K'n8Ô!aTK )/Ҋ]7l㈎{O<ʴb-U3!tԭ`oYMO pkYm3zwT\]M:0 1>BezV]Z v4jw0c#tkOwMR {%c\L+6qХVCڍYd;R@vՂ)xV/DZ[vSUlȨ'2ƟXָij qDG.4tagʢq#Wk͠7}#Vܘƞ/7sŸlz.k](xV JD-*6ݪZ7^ے=Ǩ# lFP ЍG;NF*v/*誳m|36((K92vJ lv=l#Ks5 l̋ w^VM{!]b;L#)ݪnp-B)IK3t~7kyLIb*%IΦs7f枣B݁<26m8u2s$$5Llr;I{i8k5rE):\/=b~=-N)AC]S&{VFGt8ƙh9@hkle À? M< 2ER8l;I‘9dBݮe(OxA=8D^oPBNѲk뷖Q Ȍmw6m!*&u@'yke`&)v𕈃 kSvun'#߳3yu]]$`<:Y9꺗Q@?WP࢚A |9l;lYJ)ɹm[GΈRq0_BtyOFQN: T Y_f j'MMbXi\e 1cy|40pzekzT{Hk34'gAgUBuꝏbM2 JֹrF,3 )YV~.F,4 =LҮVl4Xnhe+:<}e@Q@(ݴ9$:CEiIlg}Ha$!SMV}I9DdѬYhp5i1+[v,1)#/O!YEl XG ߋ *fmIj I,}3R )D<bj 6/++H3ť ]3YJ (/g,f'ldq=2ï9 O3^ZBA]Ŗ"+V7Hiw a7u06$ eiypt{6 $F c]nF:: :x.J<&S{+`KD沄vz*ecuTyG2|_ܡ=Rţ߻kN dJ)󗮟Kr;ױDZj0Q s| [̏ U_S-0ߤ-tUjJ_ƶzeC<˿vGySgNn{`jtMGޏx:+#WmR5u8o @wq`V+ɏ3 c96c@m94{a&(6% 2sx }jaf%VJu(8/AN}g WQ ?EX m 7w@혴 5Y`^DKJd)2|4pj]'9j~D ̎|cR`VȐKj%#M懶CBQL3vBis%~*_IM/Hנʲq_ShH1UTI`|jaI6S&jqAaPt^]SdLOPEgE ]">%eٸpПnbFj'" Ӽ"<.@N;¯3l|9@ZqG>N!@ePM=X|7FH@0==X'Zgb79I5,+g;KB묞Gq|/h33׊,?TQ!y2__bgJ]e&0 w= cqSoue@T+,ZͰ-ǢQQ)]$ VZx%DHy0}*G$ߘPׯVAkL+0=Mԇv ֜W*iWkX({zϹF`%&1RrR-M|*)Og2+fzN_a#Yl?ѢY$5c@Ċ B S3PNհ=va#]ن LwA6X׎!܈mg[“Aa'-345kʥ1k:G [W좗<=Q#xjXyB4є :*ǭ.m&/msLɅj"]$[%v=jnACIB߸Ǽ.-|":M??>$9cg:OȞ/^urmb<%hP; _S밈'ƤY6ۙ=|V%8'ъV4/,d˽ukC r&! yO`SpVu`$yT 6xZm jYQu)3/&Վ" Dxӝb"Zö%I7`WyYlv\D}>n⾳l)ƚZ VLt&B*Cp?:v5cꂽiE,=%3vܫy۟*'bT %m8YrLNt?e!P`:)\ "2Jt%Yl8+H7Z x+eDZ64׀gНo)0*[޷;<>9 0'Ecq}gAܘ{!RC/!\j5zSE?7:j".YԇZ*C,ԣnV:D<: P}ʱ,1cJۣ]~ЀeTWͩ[i-4b{!(BsA%d) HW2r&y+7͓4]Yoŭt1GB'-pڌugÞޖm`6MÔY{ޞQ`bPv"%Kbtc{)dmN8{́T3NtU3W쪣f5*0(bF`Քe2ՠ"X\nܹ /`t䖽t =LQߎԂ?Rl'̃Sg)[K~EEH gx;#U%IB( 5ʀO{kF44rѸޱ]0Aǒa':Vv[iYc!rx,R܉I-`|KXD6J1+OKyڿN%pv bP|!%6tZDGUV'q +ymMN%GV5Z{Xͤi=NǙ%9.lumNh Xwt;vbޮB7/k]9x@8hIzҳ@9 8qׯ33r*V8V=gt$y/-5%tC)@Z(66waj>cB^`{5#>1t"zNe A #5=P]$k 7 X&rbZ 1:zB5(3Jl^0"J5DJ2tUWJ}B} zw.TpBx~"Yhf22^|J 43Z>j{ kd٧G/ K]$ PJKց[qP ݋hn* sb'Ʋ.A 8 `ώ%wJxᑴJp&SaEqavBYX9OpmKv6\72T[a?ܕ?왑@m/6{ٽ#&`?zO1y%y-CPӭs莨t~,C4g`tIG)n$P#`Ӿ^i͠'OA8ʯ˓$j#eˬ ?Lk&l.4Ɋ4ͻ Xyk d/tps7"glNyS(gI{/u=r9$0L#]1(e" u\Z^XWsQzٟJM^⇬QlF]xi\g$q^]qoT-7! ,LˣsSHTɐrPs E.5k7ÌSH%5C}Rz ]ډ鬢lY bQ0^<@2zڱ{x򾣽8'=rAF@i79?H% tw+Ylf O=eS[ o+q=82-0?Tё){n=^r:KA'9;JŅszei+kn?|c{JTF@đ fǹh_̄ sR)fTB OCB9Nj#^Q2E#'? bYԛnYmCݏ{NB$Lu,uNJlܞ"::o"v25QѾ+Jk#F3kaƆc wJxs= c oOk&G?'ŒBPo`\Q/8-] sp4v[f3|eвMJH~Os$SY' 0f^fcYTwRvuGGq./}zFRU4\r4 /f*/ R{BUoZ\@'<쭤˳f,+H4əd]&H}7cZaS< Y0E`dKus\Yj>u畩q*(¤%|nah-֤dN> @@cڻe/Vf'I{xyGL=KВF )0]fAGu*|fH(B&@utu'% 0v+tk=lN72MR LvB*mT ;5Q| _:X~Eb>T*ymgv0nlX[vgxi,8Il:v&5CR?4>g咊,KTNQ2]l3b`g|qwWD;TC+Ӿ3ț`J`6*S*/*3n_NhM/T2x `zsY9pΫ/,x;}VsWp] (mBEAuL ì,ʄA ʨP3VyW0 {> zW`5e8#"|.-'CI[ӓSx܉ ^JKZ"FrLؓ &Ia /2xGpBՑ$xWp$ ( #,FPnVIv?"-IQHiP=B62%nD':%؋uea:4 *LW==bB6aD.@BOί1&Jؗmz U[ӳZf]6-i xNCpcψ V=bv#l[@.9H]'nw3*k Գ„uHhYNa Q b4A#si96ośWd;^=h8 h<+8<@X']܀2B2ME=a9#f Ct #ܐ*j wA9}7`=wsGVF=- ҜUn{$>|9 3XP& ~QzsX!\tuYON "Oi K=Vx`Q gŐ䙦E1B84GWM(x>Ύ|bl^c[#*CF(G6il{[DiUs5xtf .;08czϮ3lQ` h36RC{ a0ģֺ߀c߽Cynk'*Tk!qpV}T"ݿb:%t6Ƨ.9l߳(+ƻ&{J9"s:Yû"iy¸GIBܷwمC4ɉ/Ai&lyq9zW5l%ﬨ(>S䁰p@-#&R|~scVb]JzJN%v/aŹToY*ӏ.L ++ gl֟J[3|N* ( ?M:-}SFI̦0cW(cߥ"Oq0Vn4yB}o"Y̧TC%g<}=NKAQ~mR /ƐRQs2]Ps]-3"Sk?Y9.WFl=g' )XXG`:J> ~ G'm$Yvsє?Np~iWNg LykYr`t_{J^q̼G ԞI"yMc(&ղ ~"]移!Үt= +tUI`V# +w %tY|m]dާC sc`v;a{ wӷ$_$fPA^=IGS^[ùUch ሶY)S5x)3#)Pd7`NWȌGfR-?z,c+5SujI5 Sh!fqpI*xPX>G *&{%&i >VVy6sw%yr "`ATD!fwvR]Kgvixwb% E P/#"rc|Uȴ9F`rk hIW7]}J"ˍR),,cxH] ! mi{<&9MppSDuؼ!J/Nf\d䙻{gI &-MZ^lnޏ^[ClFRQl!@C_-vsx(/fFKX)Nb}M8"E٭)RKT8hyNm4w1A&ee-L"*"Or.W1 ݑj(;r'}$h`unEZ"T;?J^)6%7('zʼn{WVs$T&4_ Ӥ;ji#0?Ra&qgcSgӬڽFOYhaPS{Ŷ.uvYp}U`H,s;ߓJGv}uDռ[DCwY% YF2n1w6V[˪{WD7jMYo? nS[Vtnf-}M hCbzG,h+JńԵv LAUƪ!9swKlz p P,i~\F)9<ׯ#2r{ ]ͤ i&HT_]+B2 e*K[bϺ!,{| }nKi×}!n}Tg1^uVFRL=&낙ayWMa5p' RLPFɷ5r'g?k LǷ(#?cbPL9=w)L{ q Ave첱֝"hqE;JlN_r`SՋlۅQZƾ٤PV\:Z-uy6k]ik^gigWrMˁO>YS~VC+3콖XSq4NkMÖyGIpPh&Z&Iﺤm.aU(X"`JBSв(x:sgcH!ˏI}L ˨ģy Q}k$;(- -6|vBL;gTBhWYom^6r Y%̕r2% 8 -`r!Բ̐ٻ/Wc349p\>eKC(L;Ñj4i! D~מO*N+ș􉃮!vuF z'-m}ЭQ~xS-J3}^Ȫx$!ZB7 wD^|5 'Mm:hf2D:uO/q{ ?֛eQ J-/=o_ lҪ^Yc%ӑJ?Zr$ApqŐ"c.[22J-Myu#vڼ^[~{sL[ ;z 7 >2Kl(LDh$1Gj uf6yK;b.4wO!s}t=$I2 ( XAs5[͖A"ƶs #KgMp)NcegܕS2HK\o1jR{sbdB4`!nyڱ |tvEk0v6ػ6M1j1 8U@4jVҵT%'Imq^ 384+$&>٢rOXt~iZ+BOݩ󨣐pYs0S͚n'nVie733UeEwT_] wb=kY/UdvEY栩pF&yb3mwz$+Lp#?F44 6e.ـ1{!#_)sNY nSd7'G?1dڷ">N )tƗB3jnh @-ȍ_?S}SGc5x1Jؽs-9-z8Cb3ZNwv?9AJ;@F3`xg"][adpS&h^\U@."*YԏOq`s-@Y& j r&ߙ҇j)]rѹ %ZrLOGՃ{p\KW>6Nu۲lP3fѸCHlCu}Ps,kR,1uk>ZSNF $m2rS\!#"ky?>="JԌ2[8wt64U646Al3J uhP"/1}:=:Ƭ=z ]]ˏ -0$؂ХDKGט~VܵeI|/QdC(?qRAgg}2^y*W v4F{!&1䤹<{`Jtްoh?;t)`d V !r%D^6CX0]^khj6 cJu' )*eQ~0ݙ"Aڜn"#l+. lYQ9ma>aLnA{0QeH{Vsi3#gT9k'2 B1uW&\Dz6}Z 06B^ M|j{Xl˚|'{]ACf l(2y]2RtJ(Je#׺hLelli$D.]\" e]pF*fhQ3sBe;I=v͔fom6MUr2JaC=[ޔ8! ;S]Ek\[n*~aetY m߻[z8-@'x2'.ݖn,ήt9z;gU:8?;g ʫ$JRdÀ"wW-i_RN'4)v}zOFlgͺE*ؘo\WSvy[eD&)\-_z0'%r8yYXg.D*I"1SF(W_ )IU(X,9Ǎ~H󿖗ʬe+sԝɳf&4؆"8L@Ch yV7|@wPP!" eW`iB:Aë4"!e&ʼn%]g!#[|e5զ`|A>]2v)T>bVvxKܰe|d"|d5 Wuȉ Wz:h*ܟPl~\[ Tn0o"rE6q yJe26|T?«Mg G 'zR[DV\[y%-L0|ðz)ס6Y[m Ү qt$C #^VDN`/1yIZjOSi"2n̘ :h]? >Atbx#=S̊"1aϸmoN<n5.kT;Ve"i)nSN"-3^ p=wL^yP!+(qXNm{<,DbIVawz?{}̂#xؓ?kA G!Hpn&B j`ՅkJf**Pm5ZC}^nߪ]"q+Ie\#FRG^:-(i+Li;,ʮ}U2X7#!M{݇^Z!6TUK Y74/XrkWĖHmeס^hJ(d=񵎍0ȥf?ӀΥ2:$*LCט ai\H#PAdV߱y ,)nGp(%MECO1?o֯_ kP&6ˋIC2hkDfTm^(C2〱E~gTx@$Dp_ݥ!3bϔByP|>:c@`8<}Ap rY;6Xs$b<&n5_ (CFm42= m+a~B:*_;ցy:D;`^ >.&ZN˻-1\L#y:&zDK`-JЪ:i|UoxC<_k6ON@pF%\T19+S9% 'J}~ .< 'G:qn~0I!]=aA(1@g2XHܙ+-2:5eZv%k-&,XxYd,n|?zP_0ĵ>FbpF٦=)[p7wⅿmPyU0KG k/b{Y8(Y*4[I#0ϯF:Qcv '\&BFbR&h u/>_sNQo[] 뙁XdJ~_ (aGhs3L$fX6<@p,]d] xA`\kjSH.m9TQC@,Sz"qr?Brq|j.J [}' /uݎ慢T>bāk^SG[eY= T]3tV4k!Zzh}H IvUy H9@U({2 3utg1˙]@UcvV; xJ֏_FGS)x5hРf9l 冪~2Ŵbڠr u=7/u;鄚Mͦa/ɨB@E!5_dqI cky4< n|xf-Ԡʹ;LJ.zCZw齍09Oj21L{\ad*WTPz'6a 7V$ OxNWAD`e= V0)o.unn:lzk5f8S϶BPƨ|.5i^`\%˺rz jk肚|f ˨ޟZn[MJ^XAuu<+Θhg% t؛e *ÓB2 `Яڅeh?u0Ojё %5)h _O˼6_!/c|ܶy`waBߋtB $K8ov(PɤX8kє2}y&M~J.*ǃ!bc FʰMh\U#}T= ܱek4r$)'u3-RuY%@/P{՚b+t ڀSy>VlLċ E9RƮ'//UC4EAuY/wks-A CQ)ke|~{E7F)m Z }]>*'ǘ?;+w sEm|f%$]}]؉OAB efߏۗ}_)/@#Fd nΥ^9(|hCfW$k!VEbOA"=Q6;M#_Nn f}샧ő}T-[<-){6SZn(7`xq9KhccQ Z@w /A{r&8d\;ζcep1+4d!%zfwܢ% ޫHwSg{b#$Uqz PHQhI`;R{fV 揺Ɂet0'gZ7K1!s9`z,7 p\a!w~ADŔS!z)DsƵ-"01áYi;稩>ߴSw2"*g Dqhw!)vq0gd<\E <{\'DN9WЄ}lIqZ'<f< !Nwx^<^&H: [×< C GSt"9_/$5)#+{9F⥿_g0nB x+dS1'̆ 4: '`#;wн=$]v٪ Qt#eХ8,?V9:tNՌ9JEueG%[b;Ǻj%&bWLeYyf]Ę0 G9ZNg`X@duL_{"M  ɽ>Zyd3qQu(o_tjic+i5RaIvz" (oAZpgCU÷J#NjV$.0șAf#"CaYBR˦<H#tuͤ%Y Z\ Og\ƴ-[OmwE"TrMlgm$\uM~ ȕ=:"v?ˆמt𾔑fx'a3 o+!%~Ce{rr˘(v/.e{s`e9+3_JyN2Ri,MDȩ;;#~Ԓ%\ @!nI3?|,Sy (RYX$6ub 65RkOae-h*Ufj;gNv\c}`ap<@  McUZBq*U]EclKH2L#o*OOPw[hi~*` m(ޘT gg^'91i@$2FJ1}'Ҝ~<"wS>7H{r`[(-Dz-:MrfԛN5}N Zp5bɅ5ZԬkMi›60 dyP fŭ6!d5(v6=~3F'?ن1[뫼^C?6:. <[]Ħ `nhXνةq A,?2SzZ[AVg*1[ə^8Gqpؿ51h6XxL$[K=%ģvIC`Q8FL]i-9b/vĄ룃в.džo#-IpDƃXDk]ld˼b^/IG& {;JLP!ܕ'luyx$`Z6upҊ09ˤ~ -~* \Yu}i"+Ob(rǶXx_v0P$aER{ JqCO5LfSTs,+^mNeٻf2~t̽\JK#r`P2iJ9&t.|U5 Ig<Dz_DnV~{y/Z4 2c=Bn[~EF7Q{_J⭹Z'4ˇH]:{G"tsK<_xF_Q#+;!% k,sH͠[VkkTttPe^2EC.>f`Ĉ zI7FOd~Q&M{,z1rg`,2`@Jq,sYR}Si,k zFޏH V KSy̑mhS?_d*s?a1Rq#ƊvaU:ί1<zܚ+xS~@56淰1Q;F`vW%_krǞVR3ٙQX MK$aeϦ?݃hcd3Ke0GǴM)ldKmJU{ao:kh ǎ2)ˣkI_Z[Ͼ^/;g)!=WiXL!Q> ,>L93 H+&C}&$ $E&!>&Hn75\}џ$)һTv6t+][C9gD4׳TkC_WܺF-YĠSdASa Pˏ(sՕ["UIt>),w^yS[+36!肮^+(v;1;2S)b_32eM4ZrF,p]u_T.؈`QۼdTlFe4uĀU+ݟeO/ ;k8,"xTC8 4k;J{y^WNƝ=1%S%"K@1^l $4EUw}nEGVWS$y衍(Yh!'wMp」,Ʈ_iNZ |u m_)Aѽ`Zj9)xpa6zRlCemD—<)KKtyuTgg/Z^=}yg.')-?E_ o|" j=OC\VBb*<:3δvPp.`exgG8 ki¼z#ZIjSsN3V$:A{J`>!}NKi6w.j2Γ@\C׎Qi' F rv[~lzFh&l_ ,'fhd$zϢߴsAJIc5fh̴l-OA"R7Hq\ޜ-Ŕ@򧇋f6Z -oGw5Yqau0Ys^r^zrR!; 6W?^ԝ+K踲5%һZ?q0ݏz.@?G8CC9O Jtu|V5iy Y|٤76z킹"FL~"^7Ja'֌pE+PuQ[P04Q>Zgb׊Omhc&T= *=$ц؄>1Ymg&)u4Ufyv+2y#9VpM%|{a, R»5(&lm)@lSF)뙮/LOlD_gyt~!S0.{j)*^5`K K'\6 Ջ6_+m-B_4oBlw!Ώ9ukXn ^bl$.AX*/7O|2^ZងO/#Lr2vP;_ w;D&tmәl>% u}:j1dW0ONf(7%G Yc^8-H{A[q()etW+>yz.B C}~4 o5fZl6"͢L}*xupń[G?nYUuVdFHh`0⫴lcDaprի[KsCY;N5(y[Z\ցS+z/.Pv~k*? ndt8}(6b,"݆T 8FU*k{*f?J 6Kn͌) +m"T7$+gBU }weo01Pju(1oYFiHȬQ#6KGOMCB7(̭^ۯT$KK $ȫ2ЩH=Z旉wC{@P,Jy(/ڭ 11YH.T)b3-9[Z̫rHMӀ|bB,-4.[HFԼau0`7(Cka>ÖE?-Tڞd1-vuŧ6Z-e9m%Qh, R!Q \#bE+Ke߀ P;컙Ght"6ҾLpߒ;^\5e=xШ[zҌtMQj(ĊA0Ƿp=dhL{wƱixl*pB6ҨM/+۴ILTk@yT1dnda w41OO|o_N &0TC=p ĦOd]f9ȍF=cxXf;SRotm0OkScd8UiC U)6SS ﱸ@0D8caDW3uyf]I!(<"$ <^'s@Yns}^10_*~`bIۻ=AC<{TP q  hI@]<RRm荔kHto;$y̔6䰚y`w\{PgW9ՂptysCR@PeF:6JIS 2Jp7FH}@ WkԿYMC YѨӏBvjTPamEzX۷ #WeJ⊣UTyta@ϱ^wUmH!*v,^ȶf5/@/i/2Vk%&,@H#C۶;$rlfGbXTȴW2G4Vx:R@swc*]l-UJAJmm TRuMrSi9jW =-CX1Q[{,1zI0Jn@]# '`9 Qf~Ia _s" "|M*)^l4X؎!264)6uf/')[a&EmK L#_:Uz.E7W=r.& $1<9ATW@ ZL V/XV*t|.WOf{UPpNc o(^3%V`C@fZL450U CpGzpzݹpQt>/ qak* $#BRr-!2 @KQ1W(t@"93Ѷw7ѣG&d߲j-,wE,n0y/-Y%_ENyln!&w$h9_}lW4sj va:RVaR?ثb//Ї~k W +W'^>{~aT\]#o:s^V.`GU'z[g;4I\l180oY"|),[XD8?YiB;ن%x0#fH*aDWPH/ 'R8xʵQ\tkgD(hSZ/4ʮm݋*WL<_3}m< ";@g2UA+mPa"I^Я!5< -rSQHke.0:FeBܹݵy{ WTPdYTX!eJ?U, YCȧ=hhp>"ZRNƋegK2^ ɰ'8?8 RLPuX? Ӵ1z'mWk>5j7W˅;:7x2V@ 22naS4 ,XI?&{6C9ZTQ]ʖa jA$; Ցp7Zf/X!؋t_y[ nƽ}UPDjJ ;jޝd$Y ax$w+N1 1=rbyːGQKll,Jx.{0y/US\ -?Tc-~8>X_T$s5پ^sl=n\m'< ҟ@ΗmEO:,?1jkyofIe$ɬ;-pcw5~+5zcZ Q~Q`^bn"RbAQF hD< TE&EHD7$w]w:5 >c[J:,}R4hT1j1UIM~U-/2S9d.V]]K$K!2m2`6pҿ@M{}g[մziަέ6'T]cBC5ŋW&lc-쪴T%oji$Z?[́)K5P@1f֧F;FB0pQbu#͇t pl3ӣ1L0(KCB\&b B5cZ "0/▟ ((6DGv)5/ =&-=F^+C\{S"զA.?F8 [ElkQnZ9,a*](6o9~^g4jiPp8 =Vp ɇ="t"Yen"MNw㏁瘵+t; UT0PX`#z+8v.❑0:ﵗ*G Y aeiaϲH Y}px`5Q&Y7;(cnmQ_3OEAte0, p>RzY#[| IG)`'s R"hy:TJ쏧&.&ie2Ɋ?_ykϰ.[|p^Ũ.'[ws*{h(ؾd D.Ki(WJV55 ׯJXT,i3koε0O xUݵ8hw^Z; Vm5]mdg:E> 0Y(Z°YkgyJve,^Ou?l?P^ft`L1jCN͛eQ=-ʕ2sxן|JʾXeOue/K)jSG#f_E7.~6ɶr,uZt@ 4iLIJ-Ԇ~ Űٳ%9evƏ#< W-[\!˲ᢔ;\ci!8s‘7ܥ͆x UyqPet_/_D`LYlfy1'ΪwK82i~}Eg yj۫Y3F 6װ>q rQ´&%eth%"9bU J 近 *rlGDΙ_>]袠HnX9pqƒZ? `sa ̠j5mmn$f4s"}]fPAĽk BD\%GO&yO=*; !7bua B/HBg0$t'ROv Hv <[`kj]<6 9uf` Dгpr5Zw-̍2!ʎCY@2bB>ٹ(.=Wr2V?Oe5w:h i"LG)//fER[.5c/9X6x lU;xgY߁MmW8r >AĪ>­%BTkaqQI8} JTsDz䱾3v[ +T?ч wu䣹d'O vwPQ_^f[pEה,n]<;nF<BdixYi97zRQahB& q%<ڹPD@K؊kV&թrY#7"857)GP!Hj8_ rcWeU+ޗ)g(#\QG͋#REݹף7q늕55Ye~?iDiha^f?p3ްvK qo!4f/QVUR9j=yAb{-ogO3!K@Q^ڹr}0NXj*[ZVr̸fdƛ.=^Zѕp_hzzӒis_呣/@.TAyT=-} >=OR]H^oRLHGB@ЅpA*T8 ߿#%dA\{NlA*'P aߑ!rxNO77恻%?< 16?+d٬|"!,~:.f4*^X0uG^muLJj(oG`;,j%bˆ )/(aZO@F2 WRESnoމ:yᦇKf:Z `\:)?/:8l anibҬ(M~Ow(;g|D/)Q8%Xd 0]|fJ kV?,1]Z^w~uC!e,{[VM5=JZ?K u@;_bSѮp3ZZ 1 U+=x?|.2D`viiySf4BŘ]zǟbMDC}nC8>i'3ߣ+?^Pb}aэKkoEv* \$/1 GhΝJww;>.Dщ|:@ڪ\v;77=»uV0zѴqʢ31 X(!WԳ{jܾ@,)A20Qf=WU% F[?bizAm" ɶ@?ggUrzy؁LЭ1T1Xvd%$g,jo>AfX~ KnOލlneiLaVA]G* _`z] r(|SInI^^[z=޷ofRy:ɩ@2yY ND4D$5^J.qAݢֱJjzŶtf1t`+ݾv U^|K92qA 3 ]NLZ RŹ&=@0h5^:N,@93lI(^Y򇻇7 f@i #|GE$j3 akRMeiK?8t<`ԓNd+-TM5x(үR KPvfJ+iwD']F W.qoméD06f77;y5rԣ^aqSeJog(U96r5QEE,O1u*-t)34$CaDɍw<\i#):}w/jN1&lL,<' Ŭm G֐0->|vCGE?y9R"0 +rtNfmX _ {ߑӡ&2L7U)`̩aQR,+?ӗ&LZ08*Dוv`pbķ10eK TX - Ņԅt(1MmBSuaa8M%e+ر?Y+*&?dڳpFFZ`񠤩[q+r=tQۈa&6(F7!`v P "حՃp1t= Y:WH EWn$;cęJFE J;Ai#GX'0?t,2KSsl1x,yATA!tjhZv/h!X#$EJ!8)۶ҩF[2R9?ykPTO;O>ޜ:U9^5]VpsIЄ-i,שic"<+sIu$[ꈋํ)'-@S\>s{pggyp=óp6YF1L\n@H&?د@RZc⿶-2d&w׀Q`!9-3\B$b(ТǟhW[ PugMF8Y8S$)c,^]x#zeXQhׂLHM/4Srx"8;|? S*5wSJ\40J6O{fkG5R m  u4/lb5\I)EpjA:ҹy٩\l773ŔGHU+uv|E31Tƿtt}F`*r>9S4cC ,UΣ_'YxИ9PΆ-psBC`T"C[® {xE=?F̂B!gWzTñg{WSM]XK^(ancH%H|22i#s&Q[k@BV?кDQ#X XpE=|1IHKgYJ! \'X,)\`m_nz)ֳW3VpK+t"[gr.rRKA򎦝~ـc01@1b~X QhQ " 㕼}2R S%n ׄVL簚?,}GN${uvgw6IE /yADLT7_HY~,K%+"jnk=3BC8bO_㏷-21r HLݐBg_&;[v;'ل4#V4;Ck:,]D;-}I;ufC,dV_|40ơn5Yo"xUs^ƻ#xT[jVҪYWrS?āԐ)5<\swR͍) *Tn)[.{vPAsG}g;U!ܑ]1Hrٟw@K2]Ӽ-QJX+B:.;Tʳ P m Ҽ'3Z{qa[fy?⤶᜿`3  MtUif fEq~7Rת^O Cr\s4ul{D' ՝Xҋu"҉SEGU@E @T8jҹ~|¥W2&n1[T^셇:oZSȫ[T //A{ 䯦#U5jk-Om}YwssjZ3 냧'rʔbFf2! U ѝ . :nf>GVO&( l(WYDƆ3yzuis.M\ҝ/X4\׀[ 8~}_ h5kF6Ϭi}q }gibqG |FviL05$g+($j^9=(=ix(T^N"5.f)+N*[=¦Ņ$T-@?+AJ:s(6@s"hT>#%鯗31LJk03,Top9B!l]òYwyHmwR٥5F&1sڜ ZMy4M0ߖȿ&k8\1[ ;1& hZq g1NYU+Gq3PcuwZHp ($4 iAGb7m3aP]*C-ty^pæsG@T>:+$?͒%;B<i++*k]sTZ< +7WS2>$wң32e4ݧpQ "i'gWzPFN J1+\]VIO2g"SD`"sSO0/'|]d3(32B%۳,Re-;alI,19N]cDm J&+]3`4]vV-d.z<+|7f۱#.TԮ:m0P#QqqY)CG!oE+D./PS-Bc"'#-8e[^̓"uatѠbXHQ.TfqB]EtW?>MNT#liv7'KeF`/~-N]iĘ^x~L`v bgM'aA iRP %|d>b1j/([;vw\Jt t@pR|lڒVJӥ49=*&9j?+,UgRB|9<98 0$T\'d,Gaw> %Hs1麎,sנFX둂^+trXj7a*Z$[Qf(muO1EkS"fs+N9֢9:O@~ۺZIwb:3" lT`MԘ= Ƒ5 óNOɐb4#EbGǂZV)@N53;{@Rᙎq] jO'ˁy[C]םnǦ\vZR Q?͓cF81VZdk1*?(ӆjI={ +}$C(p"Nz/! ]c -@`e}?V_xepHt{2yF`N3II)BK51^..iYaVe_xܽģ* ɵ6>-Ba_a:.VנNm bH$)N[:qA!;PbZ{sX+Z樵xm {&;hj\OtQMɝ59$QL9WY~GVl&R9̡qgԎ;Te+UmG|»\̺ߡ=q9:D!βx`g?47R(@uheDyP֫_6]j kөTJC(0ΒnF> ܲ_6 ys8@4Wc:Zb4`|oYMBxV(# 8V.ۥ7j~hȪKBe&a|T #"wYW>>C{17 sSI7rAva߮E4Y#iuAgלXz6!XSV&h=aPSU&@MʢZhaʈ0 9GZ'&eA^}9ѿZU6"\9J DsuKՔ-$1ok܇%&Yc/ybAơ ]&;G*cҐI\957N Dpow*Y#Dd.@>Z[XڒEɶwX@ )7Ǥhzdxp}2i3 ʍ{#k;ۍ\Ge\NH\8 UݻؤX\HlOQҔ&xwIwxQ1~'F4Y w^ ql&o_x2q`mr\i^:/hUKL"+aEu*ШB [|)rf-I *O-|Bj||Bny@x,e/ 7m sςW0]]Q&e+t!S?Э+@]"c/"NLִNܮ3i/;='a!1EI@ˠ:D݂;c4%L=# _"d}p˧z=0A`5/ob?kW[0SS0jQUl]o YS ` / fGS+R)y6WhCXD]+Վ (Iytv`+%s5O~?F۬Kts þe!c-K_#,?v܃х&G;e 9斀NљUaS!YN ¨*gCV*`ћxZ@lԓU~U,DAת Hbrv iwܪZg)*.2!*`45ȣK~N`e-/` °FU^g0Wn&B!Ɋn¹H %n%yw m]T4Sߵmm1~|s.HOXIN@On-ʁ=ɥq0 Q"뭀L}X^Pwg+ }|FuG\.<׹itRvј{e Ǝ`4P_T*+]vN"聻ʜ2QWއm ~Q;e [YYpv3۟hxTuZ9^Լ"%/Va9XN/.F8!#*NG+$ĞWuNdF>ed`.CC|:P#<8ΚѸ *N1Ch$|mq"SZ3q@p [( Zˀ-q6ZF"+6B#꼤ԙ <4fa ߮Y v*ݹ@Dž( \2,b<.H]"9m_ 3*61y ,Hn [v$LNX@/Cs3lڟ#GjwCzrR'JUδ hbkwt;{F*CVGYhK7&;.ȆDk-֯:CGd1<e O:ynfXLFYq t 8H(XɆQJM(\|4*p& ~(Up2k~1XW$xn/>[bSI vd˫$RA8sӛpup|L0i 0^^yDPﭜ~~8HڱWO#EϾI!;} Qf?jv6IWe0)0R:81zƲjM`9ڸ.$`3QfGc7BYT)J /Ov̺35OZ4–Di;)Q@20.ٻ!z-,׹>dW6/Ap, VJ|!@xHD*! Ö'Oڦ4ˆa䅉{H^Rvv—CnpVbg}] Qu=k\C"6GU,mbK);r=jk4HTbmvAt:QʈiOcNRm/K{`Kc]qˡѤً̝SS'+7[e1 {ps RfE E3NkE2FKNMD$sJMj98 #_ =1I\GBfNBtcZnyC?  `A;Ę9Чtf oj ]lz& C#G } ]|719Hxfqq: 2l[ [V"KQPjAXi"qƯ!cJX֔,lr>ϑu"Ee(NLԿVN\9T.% 5Rݶ8z豍k2[ތ"CGm3e7l5?+d+CeڂF` K/`C }eu^x#+_D܋h\@Nݢx4KnmD",7eYo33J;w\{Y쉠D\7"庈)^9 聚wiMN?%d@`~YIϕę9"'!#dnխcf>~1`:=7a7wq[t1[1U?֋];*`xɚؐd!^!}pxK,uPxz"o-zӊlͪڔ>w@FΈ;F: `xlUYNLy9!(.ƕ7$`\ gUX2>bSn,-&|) j/Am =P+Csgaaj0"VUم|y7MxqzrAdD pc;x|W?4 L]s =ɊwsxO9Yqy ?GXێ%Zalh"yؘvtC~5"mmGOW?g$d=83DjrR3rܿ$HOenl)ښ^PϢݩeҠեzbTLQ\YhYП%yϯA;$7IKCpH|uE֜/J+u;.ΕJEԠtV s/j;y.aHCV+Uz;aÈ)YA]r/8\h&"+BcɡYtUb ҟ.8_Gzƚb,n쯍Cx:x=hHί8S"9NwtW~j#*l>mCYըiE>u%4@DUPe:YMZ/ň7;P ـZԕ ; iȿ);^:7uqWH~2,hZcL Sפ&oޠvuqy{RwUΔǝ#UVdKa GYesָ&Yi_rkIKR-B8c/!nwNS/1v]bXP{hcEY>T"~i:? N,z^Y5{)< f)5wsl"ZBtv6U`:\{H{4<> B,PԷuVjt^tS+`iH دɓ!r|0*hJ>(*clzP1e!aTd ,͡9Bɟ|KTc<}T?]R\TsZ$L w,s+r _n?XlXC2ItkɊY &J2~q&']Hͤ,C#EeC-@̗Ac]};#ە:֜  ,O@9ck%|ȘR[dpFFzCnKM9@ JM]ow fiMWѧ՗cOs&Qd &fF~IjP4Zm>Km~ߐ+>=;Y=X-B/ij&^M,7n2x6ֵ1}'LOf@‹wjy~WJ&ȏzʦe[L_# Ϟ5a/q8@`L-DOfIį}usʌݺJF*[呤T,? +1 1 ^I׀ze`⪊N&ڋ6용Psgѕc> a"_L`cIV+K}xE4+u~T?VR!%3ҨDK_`4ߘUSx=.tt,N u8J; ,*>bF md"{"9fƥ!E?}rrܠd;un7 =09d9f+pÎ*{2Tj'rkO,XNpH*/s| Y"%540Pp_gj~z0q]X@ tAABF.Z}jwpZ^_%(뫜bQ o~#:b.QdTؘ xl2]r[;wK@گEяϣ) qR&Zz.{VjI#UCzN,ΠOtLGR[Q&;kKDVN:/gTtVR ɠ)~XFggg+m4щ{7Eee4 L8l#-g\9[)p[B_טeezVC8IK[(R\ L`獋0T ~ȁE[7͊KHQW*UADJE $X͔l2~e0x|Rw11'*a )D1PM5x܌ 7<bM3_5h r*3cZ֜_Cz]D3 f/)ʻvf6\РuknQٗ@SV/E'TNvnFAбlD"A8׮oA3H@JcCogty89m8 :x000麏yg&4 y}]AUX=TxKu\.>SL-ܚL`@Mn(D@wGH'ۻw i5 M†u/ PQ=NEu(dns46V`Xʬ#D-Em cPPF}Kt@N'4aQ?#AK[2UScf# FzW`1 ZR=idDHh ǝ!ȱiYU 9`64[B=UfX̗ԆrМ+"!SĠ,~0 %o闡 dmXJ:I>'b0"zL8,dBg<8tf$!r8~R]K&7 oՃ^c0!JI't4i 8b׸7 ԏřj8_JT]eM$m'X=Mt/@g'o_S{lRN&,V!,d'TBY%CRVbV?wRX6b|QW4OV$czq|pX8˖B:"_b =׺g[MD=&XR:>US~~ YQs,*_h N±!O/b)s{,! ϤB$zݜ<*ƒP^r׮)xl[Q8{,>CyeSQ+Qp:Eʜ;7 ;O[U?VEnݿ24;d5Xy_JdIv;e8/LviՕ Mq{F583J W*knvα~撷=v%v{bPX-XcGU6Wf.uN {Ke0E2#jbHmtPF^&Y?mfnJ~1.EJ%I%xc+ m.AZUsqZ-q;={wh| ٯ⌛`uKܹVفؘU(0x q#I y&Vd R pJva?ZD?cx~ZrG#^mU2-I*5fFA+A *vfnqþP']ȕæѼN8CBz4u1zkOTB?2vU.E!2oz5?S",(& [UQWֿ@kLe+d N`RjOtg 7%q&´ 1' q/GVLs{pDw|۷[?g!KxlZB^[2kɛ"CYs䞃ڑ$ں@1iU,F`P yk]vs&#fCAC5[1g-N%E>.|uҶ3Vܵ2;a񇼩sjl)"^6n hh$U+R?%DiYeq,G JUKV)"J{$.| & 2G9-9Iq`Hg_4mD`1*$\0-8=LCi`8*/Fz% ]aAeDR!{t~9S$Xv?}UoR)7~؅;  Y`pG,tSjui$lO  ]Z!rΏs˵um,^LՍTv >t,>5 9ӜҽHNRh1Cv]lqSr?WP VdBx 뛧cl`;w$m8[_9>9SxO $Ql@/GKWN d>",(~9AQ} V{iQGّ%-?-6ElɊ fEOi@]ʪ *$HMѤf!IMߜN8={?WP#RK$%5@}DOZy QHrۢӎ_SFI|OWh=1 +e xBFǪ;N)3E2F;f]֔ $wH'ܸsc;Z7X).uZao%mkMviDq _, y_7FSo-h/yOV ܣ NNV2M~X>}}|@ob:V`\vs" rqfVʊ3`lrj-}cn)!??GY#y4sӶSXt=TChHbX8UhnW UP/ӛ!riOZxzޓl7]ݪFx\E1[FaYqZeʞk]}=L`_RINaB+%H[\% :"%I9+~r[C5h"dvXI%%q:?2R)OꂗKYxl,au2}v FNʕ'tIWUT"=dOf` iբYL-x {}ZcGeɄ]ߛ橎VE|@ , 8?-D1ޯ-`:~. WEE7Pق?=,;Teqǐ " J%* s!QrȯN)FzBJo*aH,x'B%Om7~5ÂtWƚ#-+$8w^ZSWhzBtWlVTgaHV ۽T0#A#*gu# e}ZN&v,ˊ)EZS!ɳĂW):HRhOljt7B6 ѶKTtwY˨$ 1A}Jl661iY8A'ɸ UKMF&2Q*Hp6P &M]v3=I_C[U\mvFS>ATmtd \;)ni%K!EL^ Lġ+RrE`mkyg.gd\ӛT䨻>55nj {^k?%6IET]hu,Q;kvEc$$)> v'ݯ4Vڊ(Ex{;-T d)hM"C|# `U촠50ѯ-|o}PxEvKOnLn8V3@M≁{ƤZp(~sm3ŰU++RT>[:n*O =Tj4CY1A2W'5ʈtv]r_/|Rx=ǏX7V,&OR#'t@ȥ2Ql>?/tbSQJ$9`NTaAp`Y+ X'N}/T=[tf9ʼn`P7fz:8{+jas9mr[h)Ws9!Q!Q(ӷH #)ù[X\MRmZcpMРfjA¹6sFF.\( Ƥc1UUQV@Q]V.AnX$ra:CAa'WUZ; 5Wnv0>x"{@$),vZYkίadڃ>=4ԅޯT+ ORs9qKTЈ2h y=v`x3"wĵ*>:d Uۡ:+LJ&Ddo DQG!]ќcb0B;#(,Id" 47 6j)G֠2HCS yV]6iHšժ:3MkROQoh@ tγUݰKsJyx#8UpPd/++彩T]vjK<(H1g>Y!a36 ̗ZfiƑ}D˴M7dt+-pMdK}UGP: MFya)}}6S#^ʽк} '^}vI$5xgj:pk@I*"bf-V 0<6}2 .n9bB^?t۱7k 芏ymf`"#5D9 W` 0Ar gZ5߂Uƿv)-*#Czd\_E~9_arm تSAlˁjH 3Qb/>l0!*.ug*mdlT ?&&\m;ȮrSM-U]>>«wA$8zĔ.핯)z{-,uz?L=?.D";Y!ErX,ԭM1 C4G=1f'A z 4H sSN"[oGAVLW~KN3sAgk>rA ŰEXPfKȜLDCܑ$MJ<$(8|5@Ygǩ`L.:FQr!Kiئ yt9'Ml-@. _ݵb?>+Z%9&P+L.qNq¹i-C?o|I(KLb6KjkuK( 7 "C%ķ8heO~`gN\~>ww:fi &0igqyɱ4>m85dUf7 |\Գ̜m\ẕ6Xۮ|MY8g+-Vo|kڪsL 6E»Ae&:KeUK׵Pr1:/$O4R?> ȭ'='-A9:׺NOb:&i?;JenB;Sz-Z!jAPtE .!<bJbܶ Py_nqf+/HǞAQ$Pl`qGaHpJI?ϺwM̢RFAG%Cl`}2%>=u 64[]T7| ?Sߏ}hW-'j6stV>rVi'E6q}:d1˳eҵvxb{$9.*,fr5F0)*LȤyop-tVj ]>Ucb#܋,QuHꆆH_oCSw(GEoҴ_~}R!_ ?.%M &gO(L" K@V'h0wi}NFfc%JnUR]~WAuAaypr}k}+؏?S S:9\COM=]Kښ j ]'R04l1=zY8q l1󲣕OQ*膸;% TZ ` w㪔:7EfwK7Hq &V m_mXH-S$0|JD2ytC[`\<%Ӣɏ!\4\WlUۤ)c w{tĞ~_>O)i hri"n O WAbŀOI9z#-![oWA!hRyFM;rzү3O(islqc F1@/to)Y*Bdd)2$} -M5Ze#k-je߷0Ҡ$HX6j0p7{qBn%6?Ɓ|(<s17G̅e+IOUCP4K$j]ѹOW{ Wbِu'p F,`pjѨC/Rjk[s)AXe@hm&F.ۼ<4QwԬ9]k^K4+ #S:#v cQ1]aI砧lX^P` 8_3<*+{ʏ([F@=l`=aXmG;F%bLRhXG]J K_|;V+n<Ok؂u ax^wƻD`S/rb jQq$CgrDs(Ű"vz$xk (AQv cS$M̯6ٻKIpIѹuUCx:kpL`[,uJwSe :껨MAjf3҄Ы)\x M653b-Z!bjjƀ$% ʶw2_<-& 36MM9" gs2mn}I6#G-d ;B;J{ز5.2IeS-Hq 8Bƻ'iH#* DDi *PR~_}$ʋLw‘T48 l2F=j2N (]{WA\l]cB M*+CJ{'"xI7گ(g`KdntUlB(Or ۨ.E X'_ '1|ss[5 vսHfH omV%2U끰Z|CNsILYQ;jQ3b J0-&G沃eO,\]z{y*89/JˇbM0bD+*70N7aӗ.ল1R'K*^tW$k`B_=5:7ۯoDj?+S`&W{y͍4!g@6e=ec(;$oG XXG$r]4חh3r7.,/+*ܚדU-eHbhMZXقX@Y_BN~_;jJ4~LnJw9H|{,sq\pHbڒ?GŴT EVEI^tw3+m*먅4Pi}cmEYA_|o#E d)]W7wJ"d@ieC ?w j4Fё OU1:k0&m6U9O.enB\΃D $*?*S\eV},;Rr!"OgY}0jY2Ԓ&+@ac0U)5fGW%4^\AE$6Mthtm/ԠWfrK0eqcd~-ouJ&oi2\ aL86G[]Q\YYzTڹvVUte^W4`x2 *Ww3-֖Nޝ=URm8(._eZnr&ʹ+Mf̯?`.0x@PU,I)DqC,NIK{'Ib hA,U(D9q\B'CdT]KhfYzjxv ri3I7"Su67!_kBSQQ0Y3e7.:b`M]Vїl1yDYg`ܴ)X7*< ^I1۬Q?-J,Xp&~Z,4@.9}%1"r8e\@,ᛜEYҼC`[=)b9 0 CnՠZF]D~|WH bL_c% Ly!yNti4鴒+TXT!xۄuZ]*!Lop_*32^Mv/>)ptw!J[AO2k$|S1ciA1P٫6l$`=Z:OTF@[Uo/-˖:!/ O:9۸_PNhX(R/%aU ▨8L|L(7+kB* c)wX Nl04l}3NA4 )HjhcS $pbd$4Zџ7QԄpoD<nzIr_)6D3ݴ(.H ?9ZeߌQw*=$dms  MC3E=n:f÷1Ƒq(ɿuJmߺ Dn79/G?m:ߓiRb'D/idJkdg:$pbkہpp}ѫ+|g~: via%nKe6-M.岰tPRN3i2^T=`ɻCưbƒ=]?N[ןGIoqJL:!q~[6FdM PXu}'ܼOn\_prKH?_I!,GUkz8X(^y ǃyxcKf-Y]@`zYROPa[E֘e(|'C#GK?w5oj Axq1װ1(;aTL6vv SkYוu~@FL(xl"Gd[/A>dmr?DKsʉUF}֩JC\:Q-CA9qN6A4>ei~",;qs2lK3IYͪz$KkpHS<$̕Y[_XBwv k^:C`;/6k9P˅WAlky0J2SW`GK8G$Rz OvImKh*Qsx=YU#W =3hy2#ۺkIWFM#0, e]'+sCNjIgR?f[G7ve Ґl1b(xB-LK `,} bb l:O(hp~-{PU]D4̭RԲx)(T~dkwKF~,'81M*t띀$۳E\}㷺uK m|ˆJ,3_aq ;8kGZC< (bYFAn9 s? R#+qZ'\j0{J&p=I [-)WZkɃ=hL굯K( (>GL*vieӔFape">J="a奈SMS\a8H1U1f5>q6` U*/!yb.yGNW6f+'SpFEI~(vd݀2 .+3-af;xV!J,,%6aOjVŎP"ƻ R`G4 dd7 ͖Hq?#٣G|S9hPJjF c" h&9^~P)6xÚ5([,.; 8}һC{R)fe|'+T3ۇhM#bϼLiO]n^і UlmYͣa(oHFAH69 „u˛7xT ~CQ=Wx?L*nª8P&-@e/CtGs_?8%8˞ !J(fX'4"ySFĒ"aY;])Ƌ]|V\ilJ Qri$KtPK<)β_೟޿~~{k]$ن)6$`2FC,qIW3 qpRbtk + |nނhE")D@-uW|::*&*켱 b.eR· Vi*?I̾tՎFOk8"L" 5;J0 GYbjk&BcnV2TnB@MfX bJǬ Iܦ{.Ukڌf[ O8U[7^щ&sbu޵ M$ɀqC0q!J^$G:[34 4܄̈́CjǙpyiF; |,O) Ж '6,A mpCB(lʂE m֬o7Ȱ&ط~_t)]Y?Z]Wl=e~@8.c|Sӝ -f'LTld#x'GO'ocLWڮ$(xCvYRcC_ "NeFK83̅(W00%GfaTt8dk&P_ՆkG!O~[;ʹrOלtY0i ^)?N­.~{ 5i|vӒ~~I:(bmN8y饐aQpA|ɥDAɖ^X36! @3,w(ai $H E3,o%cL@:m&b*o Pwvqp)->O>ʹm&im>?BOʃ:wJLe.|Q>`$[G0 |ƺ8"4 qCtƧS$&\t}U欷M+qiVմMtI{S?NLǐ9ᡴ:\ {p?UgB}MA>#ۭ5Z|]AB^V,Yz© W & I91۟OdYFA$mjӔn..,L_EQԶJ᧲LIA:_r`JïeXWm !Mrcf0_~ʽi3s{/#>sc"~j(+Ξؖ$"uİ[:*:pv8bKw|(=yW2s,m5yhq#x/NN":a繋GSG12܋e mi fm3wpVDb/x=TꔗEγ2ܤe›t:$qmAW+o{6gu?m~Mb8$|a٣0o,gTW-8Q3?(q^;z&c+5ʺ39o}J۰G9=+"ݵe-޵xi;Wڀ#f&rQ\oX=~Ho SG{_hv<.5w/9@iHv[Vpu'-^Ϡoh;*7yw `:VZ9u aVUW`\Oa( t|Ȩ4: 'bS+E;7F~gy $MDw^yclϔ 4$]+_5|۵mD@qûywؙ4 EvCwr?H?m|^_yC ޑtVN5;3=VN\W$;oIWWrRB''N勋dΞ{`.0}0!6?ɩ~xX&|l'׉`PQinW(R56HYnS۶x6q'<ZAыt؋sfZ۟d R#< sn|W$-w #!ky^f;VAPiyL\_8u/~4%Mp'q)+nB eRU֣KXHX}7'T2ےW&}fPq64St{mGfoNw + dۿZ%ӾW~F0Q)h faEvZv.GJ o:a/#jPoV̿֙[h>:Q&(NȔ39f&dE9-6)JKP̌HnZ+!}8}f®\h߷SXZ?x;wD39}CH|/tL#=iU //v0t,N`\!ZؙvOGޫ@I ֖٫?iW'g/Ԋנ;j܄ZW-js]W]>%yj?+`/|OePJɖMԿ&p>K9e#MTE0oo9#jffUK3zq=.z%B\!J;Ys4 *>6).$qz`;:VͺKL %^UK%sfIঅV-(@>Q2}] cnԛ u/&z7H._LL3_kCCZ{@M.g+yAC4c@aBׄY]Җ kF!uQ_R[z(ए2K[(mge}^D^w$|M?XAщj7@c@Q쒇tTl~kѭk~ %.[2BtLM쟚 #96n欖u~若(}L'gs tnW955,Cn̈U _>,Mew`(pPw@lT`&H5㳘 l:}C! z7n(? IED\x*3XYAl$T} œPM,R%,AwۘP4:&KpT LGO xt;4p`Xq_i5f|[mb?s#n6z[tgĹǯ3w 36/'3y-!tGq KLY`e.]UJĕ\)auz/V ؙ&xX+N2;[ 9XM]h2雋 #Ωۿ&5u?ϒLJVS*ߕ48,,X8H5l!Ku[W53hH"]<#̓$|Ғw#fՙ?É8IoM Wh KZz(@Vi;p!?v:olmsDzw54`l; s-U SGtu"ݒmFp  ɗ"oݚ$B xT75.H>_b[WR_FQuTk""8eUup *煂̀mbh*+ ܝf'0Wltɐɼ]}C,OUrRחkxA^ue> ͦ4׾[}*Xp r`ǀ7/M F< һvH7@`#%ԍd}.ڳ?NJضHW@`o^ w^n؇H0D,k[.9egK!Z$}jB DUl靣~$ʁn=wN=EF5@fUNe ?$SƹV|O0fA:1NZ75`N]]b"ll+{/DCD} 8LUD9uz[J6ʈʩuW0p@I~Lr'C)RV4fă9g0~nU!{~`]d<ȹh/SF\b.Ӹ05 wK6G_ay $N V2ˏZ"_V։wEaZcv%6S{:Η|gJ*ã|35ͧ1HIr% 1랓)+{kxKHxK`$B`pW\)edne/Ҕ5,tw{k3"*Q Xux\܄(m?au!ϭVaaN 9T5tz.9رbR#I$=s ڼ g7㩴bZ &qr]響z3ɓsqk|{f8F|mw~ݳn}i|T~ [D+*ZGD`:-qv64V3o.K>Ikk{HSAC^>aUʆH%.+'ük,Wޞ`=G;qNmzaH%M,xfTvTA8MYRo~yL>~rsA)Ͷ/ 2tAF4QM^jOW]c,ǕǨocӬi/[ҹgtQPxDE1bJEA Fүx cxx+dkmDtό'<07eg+A2C# 蚪紲.^z.ӌѸaKM?r]G N(RJ효Q+p#}2 @_o89x萨 --Ŧtʛ=LFxՠEx"$ š^(Pذj W ,=1D/v@ḯҤ<Ϋp4pa!dxF7'x2nBT6XB8 Tl+"xv=:>RwKDHuM_;;@Еge穇;n#An2Jw2\py' TR; 9bM\=`΁5VH3@`Ith٦JZ EaIE@/BBCbw#۾h&#{/q4fo?ɥʄY?i Hoڷ qISwBS$1D W ?ZgڔBnoVp4|à dž%jDYkRD-(u;{M޷(#BR~mؙJ*ze@1 @mDrb]> } |==FeY.[R4t- |3MC:_7Ajձ }B^~54hSqi 9+2m;DeNJɢ@&jc+pn5/ ?bX^6m'epagxp -* Po6c OQ`Y?gc,D$SW+eBn GM6Ol L ZɥR3n@F}nD7}dl@pvjs͐R\1U$xTڜkw\VC'RgxSjߪ/1By{OxץZtf@E{0Seݵ*(AlxaʲOa^H£n ~\AkY([рIwjHTEH~gE9.wjW7%gǹ7OV"=ts\8ם݂<} w&d,yngnAF2ombAD1W\RA;]:v5{i+#ʘOE (ҰO˽8 _f6*\6?B']291tH7`Op`_ &ASvg-3`rzOo)}7z_ j Cx&*ilp~ZL*Hݚp!SF]M=z#bPŬkMOh-P,ʇXQ/ѦAsz.AiBȹԒƹao=B>O[]!SK?)`(O2/[%Q;HW7}"yNuS^ @p:hi(/B^Udᩝ5{=C;ы&[x´ud O8O3ggSm cG:^ԟq"R;'Š& !Q7c\b)HRpa(\R_/V kmvur0sQ$pbr<"flCqarzZVmU52NzdsT)H]XS( j6Zm܎0$؊d}c"%TLP`Q]_Wbږn] 6C:Z% B镔\7t{ǍtAmN;0GUq'-H1eQN*41vmX]N<1*z70F(F~ >-'&.P;םWg~]x{E&˲"2\P9m\{r ` іOg2Ml^@LVM0樽Ϣ '5c%B9ȃnH9OJ81ⰇfXΒmToш*!J?~;;Z;+]+v"`rG1~)iT_nfD:$[p.Vm+v/EMqҙ6+L\bV\#e/% S%2@׮*$O3bmAZt:a6 [A, /a3ڎi֧߅V 3,}Sp"g7} ٟ<؝0sު*IMzq[)]LJ<#QA_8ϣJa>Cr=G4=)ܮcE^n:}}nV=~{EW"pȋs*um$X9;[Ujii+p`fV3kkt^5u eIw:vsp|vTYP"CCJaeJH#Mޓb"@yj$Od0L.[ige(VN߃L(VoY%~Q-a'=ևSS]w{&k5e H 9)5j& K5F &>ZI` 6}@{o;R2/EîiF9TZB0=X5RƂmhJZVPAĦt3T-}``84N˶ \BQ $qX^z*G̩{6Z{c*>`&s")ۍcZb8w&˃TyR^ifx[/ .qx)%렓S< % no\u  Vt@N1<Ԣ Ľ`oibSVyg,VxĒSM"Q%C%UnUq_WyIqYVDȈS񃆃bz՛hbhva֨ nچB2V`-Y=> y,*%llbր4WP)wcՄX*ҢEK\KlTE/8+˲v~0hYj*  hklj.VQ`w8P _),gE.b-Ü Zwc0׫1z2+ZuޙΈF=P;?n-N"qIG(n?oe?Xe!2 F!KOeg?|,#Yg;>D, %sICno9'g.Q#Y|aeޞ}%jingt3FF:V 8kw+8q«ZK|LY7 C6B򜎡ji4ڋƐN?':bz/j{CV*BTum/Pꩽ+eWWlD:-VxbEaڎ `7r܉`Y?:X҅\g/L"8lp(*?tlٓ0?ũNDPtk\(`Gm$_Q$!$J^^W)_i9A=؀y0X3gLUYq~n / O=74jS{v!6UeK՝ReTx܇?.^cxZHn_}k)ޥbP2=-G5B7& хvdLq$aU( p528rU39 ]?Px%UWd.e} W5-+pjt,[y ‘VK/d>(Hڔ6o(JEِdNjj9+w~:rh2$AS4TC[BU]?f=#֘%t!i]*jxZ)_lX!–Cggʼ. _I^l5 hCWť8[2 JkPJOcZjE|Խ&WOŚvŭ ARLRP*N]@ 6o]mZK/ bIO+<@0Ф?uHr)=+;M5#iFՅL2l))vt sMX_իu-8,1Z rkτ۞R&3yƀ{|%E*tah[&rG6DY=0*{ԪĶ|(hh*jv<.FփvF0L|?k|2 ߣxIr/aREH[cCLz”9+2fxۈDyXe<${k $ڊ y"i4 M#8E:mh!g!əO\`@[OhN܋8ɒq p/!O8KDp6Z^vumINWJ΁+׮͉sU]+RR#fFH N^Ms}BcmfDBL@k)qIBw+4ijwv[n$,:Q_{|:ERkfn|kѤQ t!vh66%ptiWIۏK?eZ03|^K+P *%|'HȬ{dt06Sjj 0V3]ns ndshgnlIpv2/؂4!7zCr:0Ǭ 6q]owt)oIo,C1xY/lRVksw/e~xjMM*Fh&w)v~o0fFdR7Av}TO֧ĹK!uNKP=C˂ʛx`O3Wr5/SjX%SƾQFWLQ/f 16V:r$ AFkGE=gϼߡc2d&C9e] sjWTB0dȵ3ke1MZnF DwZ?y_>Ž]B'Car**i<)}yh vqRLKFK‡zYxsgBc p9"Ky_C>Dj/ToA`[\Z=L+x41 rJ\EA†I.A9ypgMIG4 e?2!LME?5:D G EYAUO7Yn jB\^F~ |M{{1#鸃ӕ۲Y;%~gݿH-'-%Y K!nb<e3|)W,/cBR)2&$̱.m{ܚGEl0SMx$w& e4\ ٬B`Z.~bOLxb7׈#'ɾyuՌ3q)\#bóVFw t Aܕ8w'_qn|f,P^fĔa= Gܘp!d)l*hpKb`ti 45&Гe`]դ'yP݆NJ*|S*~aunk՞K d"OeF>B^г~.K| $tbKol^~ҫBDe}b[ۅe.Q:h8 {d 䯻m/jkźq_-9u .U& ܁`Sf̬_\S"%oe]?zJc="/9t8oLP/l#mҤET /R- TFnr^+phפ@P~hv#e3$Uhо!3^ƕQŪr4dc9f C*lg2TEH ߏuQR|qOmI%~DG̳Դmss#R2DL~V2j[껂`eZ#sX"40̏l K *Ѡη9M+Q2[OS@+j;N|^"Dש#5p: 74K{8rUm. =4 %sSH4=q l8i@9gCI%h{srj= e睈ttLyuI~"bV2󿬣Uk?G,azNAWWCIE~\[bDҚ@yܶ=IIS(|F헊c(ś/k p4挂K\P! U3RecwbfN˄N@@e \h!#3ZA;bUzrڦU)y X$$h,4 >03r[.q!PtPF*C6DZ8 ҶFs7c*>UREfuGxK^8)rݒtũ^a|5}S/\oeóșZy)Bՠfqe P6dųJvV??& Ⱦ#mqȸo/\..d8)+FA  XDK$kj ydwóA4AYPoNV>@9H@e9pf<@20zL#/'vV_TiWXn%tg)] RȽ.8L {)$,飭Rci=;ɳ]f? m jf>-޼ړ5 Y7,dYk>nK‡1>])NJa A~`3d8cI+ uh{f⊠&U'dI e D{aku5&iy.?MT`+=j[KYWm$$ yų[Z@UC`8(*~hOsr3B]mUA^tISm0I.x3 trZJ[6ē|d%%``pl;;&LmY[pv>d}3xB}h"Hy t$(ܲŏЦ`{3n !n]b`QnRy^tלuxՌǓn`8fM]kKd2g¯e<2aG߻n;{ Cq<3Fh4gOj켒к|u:Y.dzR_c0 $y}́'wzFp?bQ f{fՂ~0[a3p$*2iAgvuXgfP9h)][ThY إW!QV\ka4͊קg.pKzצAz>Ppʔ07b!+fjYa1X.!gMeUoĘCư{48Ҙ7E%fIß2y2[TU->-Mԑeo4[/!Qs)?m#"U8fe 3_7&?[by̖".d`)DD&-uf{7K/vBaQB3 OXM|x)\0k:IR8V~lȸ'|Y;=U7hL`52NӜd?M(]Ʋ]: *8rԻr \2WY$R y5SƼ~ys1S'0g>G9+RBT)Ø>*qEda9aX1ϻip4glP(ܣ2SKMo8 U d *p%~VI;=l7Wra2 c-h{2/Ӝ;VN>hX1qG8'x mgy60r7ϡ#s1^i@n2e_P ~(.3V-Q7[-) Z3%h6X瑄7Cq!qF:K< zs$B,oLrXqf*O>.+~ɪUOV*w@=ZU*|0[}/ImLjv:tgZ$\;q7\ 7 UL63bOE/{(罒V9Hu(Ō*45Q "sۃ:&t(}gۋ%vv|(ʧ Q.J]3Ζ<L8dUt/uD x0)h<²ܮyL}idqL)5;%Ym/ք*褉Lc \T(Ee|mԝU#KpꆦX8c$6 II/BBq ![cŜNF]A%rB !ҋA:\ZKXSQM>WPTX>o1&=.P+v9s[.&:-ޗYjգ lE%ۊ%:KNX:nնGV?w5_w'73x ۠X \f--E G^. tYJt F *f D2Xu˂@Nd4JˡFquu2k"E SNO#X>7lwyG(kY*JnsQ[~`<'d<ćsi Wz s06QC^1?հ訤 xIۙx0RwO8mz1"T=gA!H]- F]_Tl.#ĺdժs^պ6; `}wN9J!:}wWuro/&5*t*62; N=g8 G~4U:aЇ;Ax#mdjʮLaٴghrs3(}xZ/u4Y3XGGy2( S]0"foc+Ӛ12o jQ?$ϫB6W]xRz>R:ct;jSgR"!4+0aޥZM _,֨þohCK 0fow$~ fsG<<#sLq aonҬ$d󘘌 $Q, #&U`$,{%P X("7˟u bУNI֢M!L3u]$)(Zpkq ,aSÄ5{okяO*{B}ɧ߯пIEIf [70m|IHηNeX~f v >TRUصQ ?Gu?+,`c9~h81Pyzu=3 Ƶs;ϛ_~[ઈ/镮HʢV_|x7܊_Not fQE+WVt[_=/66?@5ztω?az[I& ÍW Q0 pn`C >("D T1 Qf a~ +#BX<@ BK["wppo8ˍכi{2M:R< 8u|O _Ab;meb_!0:}d `ο+ |yeIglp -(H):pS-wZ9@ #ꤝ::Dnа_XS8ܴK0=Rνe g rF P7# YZ