sssd-ipa-1.13.3-56.el6$>J\;$Ͳs;>5?d   6  <BHd r    +NlJJ 3J   ( 8 9:dGHIXY\ ](^b deflCsssd-ipa1.13.356.el6The IPA back end of the SSSDProvides the IPA back end that the SSSD can utilize to fetch identity data from and authenticate against an IPA server.Xҿc1bm.rdu2.centos.orgCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686KA큤AXҿXҿXҿVpnXҿXҿXҿ0320eb32e3e72bc4bc69afd1a010199a1c9b2176bf88ceff8ea56bc0b348fe73c1aed92a7c88b149fd3a955697f81efc195e82ae90fd7e3db91f9d81a3659d428ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903ff38b7e34d3b9ba462874bb7046122ce5fa8727b398213f7a8851779e749b02ff118723639c2d6a96917f174add580bf133e4c24dbd15a792ba1b1c4fd6f1293rootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-56.el6.src.rpmlibsss_ipa.sosssd-ipasssd-ipa(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonsssd-krb5-commonlibipa_hbac(x86-32)bind-utilssssd-common-pacrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libcom_err.so.2libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.8)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5libipa_hbac.so.0libipa_hbac.so.0(IPA_HBAC_0.0.1)libk5crypto.so.3libkeyutils.so.1libkrb5.so.3liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libndr-nbt.so.0libndr-nbt.so.0(NDR_NBT_0.0.1)libndr.so.0libndr.so.0(NDR_0.0.1)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libsamba-util.so.0libselinux.so.1libsemanage.so.1libsemanage.so.1(LIBSEMANAGE_1.0)libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_idmap.so.0libsss_idmap.so.0(SSS_IDMAP_0.4)libsss_krb5_common.solibsss_ldap_common.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0libtevent.so.0(TEVENT_0.9.9)rtld(GNU_HASH)rpmlib(PayloadIsXz)1.13.3-56.el61.13.3-56.el61.13.3-56.el61.13.3-56.el64.6.0-14.0-13.0.4-15.2-1sssd1.10.0-8.beta24.8.0X6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.13.3-56.el61.13.3-56.el6libsss_ipa.soselinux_childsssd-ipa-1.13.3COPYINGsssd-ipa.5.gzsssd-ipa.5.gzkeytabs/usr/lib/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ipa-1.13.3//usr/share/man/man5//usr/share/man/uk/man5//var/lib/sss/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH6f]"k%w+p}|,p35B)]/c*[R8O$+yX=V)uqŰT ɵCcͨy \%/#+ ȁ|A쭑%1uXU2>s0uaҁ~,ZE#>M0 i,7;{b"a1,5R/+hqEA DZ*g=Yg$r%d^1ݥxeE`:&o\(9AEIo9S#&G {+h+P3R&ە/q:}Qb7-1-n` \'۵t액\vn5yP C9M{Qz"m}-;t֑ q=VoGnd Dyŏ&wE=3b sYe2 E]2C .ߣfb}N^ԔPlҥGednC(^q-TXg  BFW\ct98bj?usS5*`g> hE$ꝿ\gkNٯLT=|㼿wGO@pԹ\,1ruҬ&1uRq$ 0,4/%Mv'`S}|tYR΃=JT5t0`W4\鿷9rI/upp2/ |;U2GJKߌ"2XTVﷲmq+/& 8p^G$2|)pN\D\bi-s+We?,a"=)D9` ljuAx7TY(~=6m,]% D=HfeĊEn'}WTjV^'Bb4[wD,У#M>_᝚l ALCVEB;_0z ax\l*p$3TIJx@$X4FP%Ol{xvRw'4(N?`஋Ja6?qȋ@4j D/ Sq#S`A },z lepNn jV_FφO ae#[͘:ٳV.JqL>LlRQ4w*ۼ= LCӊ$Y(|r#:lrPZU?a舾{ H#&[ A*6^Bn[FwtBz#awPJd}ݻV7<0uf (J4/޺@ p(w -h7,J}eT H3mW`$QЏ-T -D?S?Hʖb}x&|@\kijt3 ٦k[w1+\Sy0#٭K&TYg z߷`"s" 5Wfv;llR{ӓS<G1^W(\f #)we'/JmhHɍҊnoZ_6 E 0iuCVúeJuWЉ2?%qdW7 )$ń;nIڕۚe>txs P83+m{Y&'Nz2?SM˰b !*pQ@%WߨLt87Mo ] =>~A{ㅾjndz~>he9 pmME1@ٌyW'"EȿsRVwW>>5;4o|@|G݌g~ٵ Ɖqɗ9k9B N:SJ8ͺްF vĹq %.#BC|o5>5G_Ԍ-:@\z@2 Ë ! !i3K((Lv^n9ތb汊 {ؗ6.43ќƑ(V\н= >)s4`F.!Y^mc DaP,,OzM7pcz{0\M]i:F`f7Tƒ5 kiY@@L5z |^*-?cBPa7jm߳ƈq?{d?&`/\{_56z's4[690o'l*,ӥP[ꧪ\W#ķ/kr՟M5sX3މd`budK_ +ڐ%ylƠ|*S \:i!cEk-:K7d)i&?}.Ă-?., !!9ot`t!x4Ap-?q _Ÿ*_b;t;3x |zYj&6Vh+i-JSF'j}\T{.F_ B{gпpQQ:pWZ:?r}F!6y|snP)cbr3gпI/Ф?jFst'-͉< cZ3`f:͓Vk#+$t/A[6vP^TVB va#뻹e1hPx;­ꓰ";}dEiSML5k%(U:cCs;}{w\N^n7kͺa&)Ff.0:-&mUb9(l_P$ur05J4b =gnR})K͐fu$@* -- ,ԡVp A x!БTբ6?`ΝBQygU)ULh9b>rjC USZhk[~$6tI䰊w`7,1/zZVF˸CcZ;-UwB hD1bq2NAxkӌ(C߆ƀI. !sv0 t%hȗ~;Z3pTڨv<)!TliՌ!PSy:4SN|)l6Njn D 5s o:imt$|(ꚤF »vm8eL ㏪TeNe.S+ d,cO=UÛ g`b 8r^ Ƭ_9N}ẋ]6J%D;PHn(xi64c#4]1@fAI=ŵQÚ6ޤvufLPj l_[~(s(O=zZm lhPg@g6uhi. X/b *l>:GHGZ- bQ ]bnntVzb_b' K{AJ`M*I7>,y\X|+<d1f?Fx߼\߁vC 1M7t"N#׶AǰXL(ϖx|{ = H)b/ᅽYWP()^qFop!񎦾.]P]dIbBscxeȏ#F38>ryx>O}w-\8Tzߴj2ͼx̏} t=ꆭ]ԅh`wUG]Mz,QB[c¨-E&Orb2S=^⫬U-9]EFz:]nba["]>p$q Y7@_7pRYf/o3 ZEa N$^bg.~^G27Sǿ0)r\bs?w Sy@>do Y_m: Oo@b'3ZJLиg"ݥmU}4VWI{HtO, l 'F 7ZPqJA]$i1 ~q LHdoՐ%1*reDi~wV0l9>v:#'1ܥLudߘLjXc: ݋ nY$.2"j^ŰʀtWN]6qG|:*L6e7۞6,}%Vh,dV=A[`NvXVymrG'hO h)gԼi7>SЬ<1>gZM׃Z0%]l//;*eK~[׵>c84x?"bxk_+Ux0FE^Rp&u_[#aC]u  r&Zq`k6eaD=2rIQO} ʄd?BŇifs]8hڥs_Ω8u9BdM'O͕M>DEfb3KBYTOHdQ~Ҥ2{;SLO7@%AǓ3*XjbBLZ YZ)`DHSR0 îq^ұ*)Y1{/i0I7ukEoxX&`;Lp> "R$o}KI;ǂ\oX& l)R]ޕ9/ 쬏4[& ! (iI[^;P7*}uw 7CD8@[NApUB#Dur9Il#?d۹<. zxu췷_]T?LPHؓZ8ߦ(Tu m -Tn8t)͡y*[j*l `xdM /fN'l5,23@<* % ic ~ۀcp-wi߉ 0Yl&#eݗ#H~) *;RUƦSs ?IiCJ D8;bڼV(MbL" hd~dyvpJ&be'*Y: W;HŢzeKUZ.jzN. ,÷^$NW^S!u6cuBХ5+EVPSCGl&yM!o3wʯ#y*_ϬOc6}܀( C{HdA! M# ݟXL*->:=f8<5Rl? /T|Z1J|XosccO{}s=3BVz 85TK]30r0w30+\>u2B:N.B(BgC9-!N׾"Ǖ|zA[ (ӲJ.^! 79j7s = ``4Y}5NL ^%>fՆRFM:4 3PNv7]LtaL=Hm ρP3E81vn (A^Sd:;pʞ)~+D"|Tu-iInP :0 !2dl$)N܁$ٓla:DggLx FU)[1(ȽYzdOuҫyFH{+e"Ed ;.z2 McޖDvXJlHwo`|'>d5KӇz ێNN@P0>9d[ ʼNyMquދWs9ܴ*%O5 ppxfzl<3>OE u:4y9hdQa:o0Lw&^uo'Xh4ZJqs^[@­2‰ ɭhwmuU@$ <Tݰl~i2Ke:-7Y c>y( #G٨#.V,IpHt* bjWp5$>^@IJca;j=qs&Vc4oeuʰԠIYʕX rƶOTg{sXgcꙉVߺPaUV*+SB.o LVu]~BYt&!-Hihp¯Ve!Yyq>L@) H0/ݻ2C ч)XAPtQX-;k 50b. 7f-_C j{MƖ[H:TLeQIKݮ3&0ͷ9lނ1:B!L&|hZq1R7~ʧȚ'fr\ةT]p$I$1Lf@-wiq%̽ _PZURk(pG'(I^K5?0oNǦ`^4os3צ 0示}d9lY 3r*u24sܒt@p:يLCckl\PA^T]g@=ؚ"1k ReuCTdSQ?ٱT2/HUW=@{*Gz[žς+[E9-#֦IvoPVXe`xS`++gl[Wy5w O!u+5ϳƘ}mt,cPA<̮=6- P[[A{RyDӿ9rO#437M1jF}P Iz%F0tϹIa_i )L+g n)VYf1\9wS(slv&9EL*& LJ9B6&U?ئ8H yMt#Ukg*d<[UqCԠIT ƺ8x ;왤$4kdj})Mz@$ajW3J2O;hMtsH*j>Z^y8LSpV<$0PTC"],IF1ռ >V4JQ{AQ :[ZkrSC[AӤ!@?WoUp⧐NMS'>Wc;vRIPs~hl [T^PA%*L(6V1lt̀h  ݋DH-. a=cM ~I?O&Q,Ex7AyedȉEѮŊje:â`\Uö"T%VbѴM3*U-\xo&V {mh5㪨! _r54c"Z?zfed:*ʫj*SK e-Kbٱ<,1笱TN"!B`?_6ЙOƼYeP^fv6"؈ ^~5xÉ'D6M5jL?*|(kyybx)h5f&NJGj<`xqC^qp2);$)ݴ@﷘`AԵZH$ڼ?`9I,va9O7D$s6̲UF) @MQzӦVOí)MITi67qꪚH7ǚ/C,=+?IyDcӝU1 ի٫f5 }gA3`A È͖v<,@I g3-™o>mhK`Gs<w\w8Ic}Iњjg% eGM.VFQ/mӥ%/є.E79`! 0}ǂjVCilw7eЯ] Jk(u`Y\P(2Uz[5i3 '5?#jP#O~;hxyzv:3MVGPޣ6X~%6@eAk@<'Ӟ<MÇc  4;C/2H@4H'/)~pffR 2¶E3-YeѪY^%I̼SAs>m+,gUeI.z S="2hNFsblyO^\vy I]sI23@iaO ZKݾ9#o@Il8y1:O3jOc}8-k5(# 'Wn\V BN"LgLWAxW2Qq)ŠbrW\ߖMnZk\P/ɫidڤcrѕԯiP#j@3A&<˘*L=O#]v?F {UTRw AFeOgqV)_o_GZ r4߮lb` ɎPlͤmmŠ}J(;8 ct ,X/Cc,ω@rS'?N҄N 5r+ Bz>lrjss9B7罇>&4quZ$^7L%rO:y4I''HoకcBչQ(r]Ki?sI#km1$wޮm*]ޑ^;F0AQ$ΰ LؘKS3NhʙL7}հ*^3OSltEWZa"鐒YU9` gto)ϮFKw|Gt;k8Q~.Ҫ}9B~ώyT]G'̗S`~֐P#&W UI~)ĝ CRMa L@JRߏ:VLC Qڭ9Ǿ ?47k#o Ex)h<+= _y &PNbRu>W";l>mڔ:$X;) RO"IYł )F߉i s :#/%^ZeBL_.`&M%2U+()xĽ|GFŸX,ퟷ.& $t:q.×P?}^@].g&0 ~>=k*A,󒀙L~8窛9:7c e\:b!׺[R(FZwS|56`5+TIQpis 1)xw*c>U3(5\"O+J?2 8,Z E+8I1/.yY(]rfYU#'pÏiwwqjN G3evrcQ.<;w&,#( @N4p 0H.N*Zv*I{;bc7BZ '9uߝ {Iv2 ]#obeZ'ڶOB+L sfC:jQV(g}>2p2U5}lLe(#v/8s2-k!x29teK)7TMKV_NtpF0Ug%w.P#QY^i^S4*q V]?9خ>+1TUMrLN'OƳifVS{ԐJ3J9.K9dw)gbq+6]1I@e ;=Č0x9 C];%y} Akn+f S0c%4XL_.d~rF.}#bDٖ`o0[<{Tڱ-aLzLϱkέ7SeE=F~/1 Ouf(g'XFc8M$zm)Xy)N~jJi ߧ={״jNt!UjYzwyrhÍ"sՈGu5FNɏΘ׫ߕPmŐv2 P-v$']n>*'uTm:GRolmX -Kܺ87f‚y-iU;ؔ5qΊK?A_:H9=u9'{`m:)x)mzYXKՅA-a8XTGW$ 8=MmM[+/v%Q03\ױ凔ԆAb6^t4&b?G" 9,fYWI3ן5:UYepvwnDBo7<#x7${n?Xf͵PBK"jkY^~%22H(&3$<-4tD;8ᛌTxy 1 Y@xT>)U@gg²\i[l{=P5s+ww09/,>_9 erwIֲb[Q["OהDT&;~d{Bz1:ʟXL=Y a=k%5D23˅-3νmuJ V(iJ kwȎ 90I[õ|=y"6zN k7a ]iTkf׍}f}>O2K>ѽW}F T kihBE~6M]>u!3#NeP0pOP+!8 }_vU쫫ޡj$HkOilU<1CKэZumf Vic]@5Tҧ&+>}ݽ aK!$D_#<>uuc`T) Tql*Hu}V_-g'+Fj͟c*vɨp}>vsC|G8*;qWCH"ϺY`vnD ڒ:,kh`}Gsp2o. 5ǧBȈIfa"n)w0{.؆ Z MJiFNUI3%G MӺ6;S:X[9^QV h U>:N rb5=t@w@ӜpJ$Yb<|@.Q* F@':W ۏk2c.6>{$3Q9*Ӕtj?Z^A:lE :&MP.}J40p}7tԽ@w)=pfH㝿$՞\ SN\2e'p3$}ka(/eq՜恠KɳUoװ+WU-<ȒX) a'kg]8\>b;*kUrGB9"3MXԩgAC@؁.N$"VR2}eM>) ~ʞ>eRҦ46d3,b*uS63̂D3DTy({JYP/ ~"75SUg)-3I|_@SkArtvlmD7J.Q+fq*NDYwc LANOU~iOL[0$u'm7_]:lat/U+ #m'U;U& -tǁ@ߚDNc AW[ Wmz0J~!uJWzfQ֔.^dE;l ` n{O",y )2 'Hiz~$4֞*;fɖ֭IQ;Hԇ<^+6@uIA-ܲQV ^c͚Y (@zCȎ+0UR(O wэW!1`b]a52 )]8ǻ ՔRe9?UDCrV@.yYѩBL/_E<*\Kkdkӽa z=K!tY8t\:r7uU`; ٲu'zp*e'&D-@/m>0PWLj#əU\K9E%Ç}O;{ԍւchKE8ƮiV~v)*) B:Ğlhf8 +H ~635<;W|:Cbid $9({`#%5S2ӹM?.yvK&-?/1~.ц }$ehz x79l=k{sM>]?A9huⵕ[+!q ͱ{k0=|]ϱROO\g=S c\ؾE)I*s)|ƛ.i&H%\TeVRЬ^+\֐@bl%{;"*3R=nwz`B!0>L hk j3NLfTR0i ) 团^s3:t8;K{klp/Fld4}c;jC)k?4rj)k$LQ> 6$3&v'.Et4GF bˆ9v kCD̀cz=e}~N`ON]{'(\֞Y>` }``/ߩ#Wt[<O 3c"aPυ:L'2_qe;Qkػe4hz?! T5l9֪hRGN)YE$nvɣ9e,mi¤0e(}[܋38S'F4Ė͸E1$|dd(s^iBqyR Kp$?{deVYfe/;2 [߿Dݐ2_]#ՓmGpfJX+(+s2+=[WR`YZc5 `w3@5F9;nNHJ0;lq13Brk&D9 ^14xQ)fZle e[W0 J@ #.E BL 3^n)x2siGc%l#"!lJ4:ʼ0OParafr i|ުz ,V.Y\)ȋ~L#&zKQGyGFYFܷ oZRyք^09ލZ}olH0]ݜ~BGQe@y݅8}[ J9'#W>YGJIxٟ#LMוP 9{lBK0*k_sRzt)v40WZ;sBvXfnٖ AUX\һPx¤U1n?+;9RZLv(-)86xFc- -ք>s/$z)ݮHdNXP~!lىaW+5HF`" P s¦=06qSӈ<*EY!|B\%-36-sN.2,8}5\O,nb}"'jOCo47ȹX.?'ڰ8IK0:v[^vbүL.—iÊ$5lH =OW?(n,o u! & mIqɗ[ 2>E) &3'iK]9H]P aڱkD5\Ev|VE_ط`nX{We3{OrHϲ@̯E/hS5QdR:EȨ 2*5DcLѕ+x ADg"ΛNN.oX A_ |,X +XQyODgQ#YSe*tB$-~jPTUz6c s㑗.;]Pp̾:<3ØWt^hSPQC;+zT !Zӻ+SL3mTښZ6̴$AUh>#FIt!}i׋1QCHѯ=5m%12eH M?Յҙ@;F֔&(JtySqI d e:}ov}p :Д=1h^ɠQwsu&LA>m񠢜iB3g+1n*!f`D|/nZ{oI2uƟ :seZ`8:$G%Z DMI_dW^T(ܩ!6M|j=ED^SS{4eq*\-ܠ  ;IgVxZ'9d6t#E8b%!9uMb}gKPa!=n{?v\c >[T鞥e 7Yi'`|HϱI A"n6$s)10^|$ds hL|2^|gF 䕞 Ԇ,t{$ho<9^~f"lDaB`Ҝ;Lf~}QyY>f똈QD̊"~ >ƹ/"4Hx7Dzÿ휡gq|dLI/7J͋lXM&*VCRǜ1 z̩&wj-S:+;Üq8cK!?n7ΖȳSkǥP0۸_ϕ1eVc 9k;igEtb;o]q&Ň[IZ_ɰ{9W,Лg]&;q.5  zp]J\"{wv'KZ{WMkhFDIhv^ ++t>z,X=M]HnG;zB |4Ӳ6$L&ZB?ssZqSUM2ަdm]Ư9o)vb_VrI)J!vԓICPr > r,! hcq6Vuc^q.t#ؤ>#{8$ Ik' 7D؊ oRKRn|Oah`ng-aQYY1)!c٫(V~=& ^:'gM80j G\|xwZ*|T7-=BOg{ci8]DPo_db]Ҳt%K<%n19Ѿ(YSd+q#gMԖo<+z 08`0eOt\5y8y BDQlG D\#⌐l'2KK/l;MQ>Oj/^ Q:tD<솽Ҥb0QD@bA項O2^g+v )xIVz Qptn+ Tln̻'%.u'vs$Bx[AK:IYƢb%ȇPFº-Z͂6+oh0N=Ye_]٭I삻puBDJ8EȥtZar9Ŝi=kMuTH^(޾g.c.Yq~M9LVnjd)Uք~/),a}gh>&ڸfHz*ٝFlͣ6סf?āiuj2ס(Z,Xm|Qr0*SK^=qbQ@ xƈ@Q5'th_M4R d(CD4{yWC^!_-’2:6ÙnyVuur{£ӌVwGx+֕NM$h\}/~%,C{4; ˼ZPj_Jp?oV穐ׅå? wWE%s5 &S)\X%U6h/c{_C8Ƶq;8 ,m@P[9IШ9A-wmO5l9$s!xqIYu\|i,$+j­EY_NÆ#7fĈwO'8q$1D.6@ϟtܦۦ~ Qu2":|8Vm!^T},I{p-],|X!fgZ"5S۱d# {y_kSKd8u3qezJ(,( w)x0Ϗ&)|̸y9, q4"עaCULڸqhNb&u kBF>vSܦRQ4TiJƍjUΟd0kgk lifZKt(&u[ɠScxrcD<^P6Lda..|r.19myDߚ6@hW~>зh%̉2ou:8,-4yKZ"@\Y;9t&].<2sWEY-I:(hו"ZCƊ *tFPn&}|N(c;|5y*tfh.po >"ʸ-DX(w^Y;p@aư{@.vנk|`P*R= hQqDh2sbsД(U8I|Ⱥ4kynŐքLDE"LC1T_g2=q-w)\c݋5׿C !),!D|lv!Dy)Q;cqqT:9~3Mn5zv]5m4irdRr%ĤKJ :{hd XȀ"Y|218=g\#k4/ Km!b4jlXkZnG-&؎nƺhQ? TQʁs}LMyQh1J)LsN3~(!V,#l+3Ə~/;kz?00n[#7 UG<[ϖ(3U?c]xːipA,?L$U%&#}Wޔg58le_% Q+'U|3f3v>ܘu9LJkgL(2sFohIIwv_tWuA"xi&Ҩ"AG/N|C <%Y:`p~웚dW{zA܈5+ v$?#"] 46?v2jPI}Q%GVYvWezU<{E[%}D:XhsT'Y?c^dn+P&¸V&C 0aHɂQ<ǔ ]33h,8P^XQDV@ d@5Qг!% z @vnJsse;Ifw_\>o158zZV"}[S6ݵ%gQY}҄Oɔ[7YEӦdX? HJ ( ϲ}hXr"[Di[pCn["}Gr+GYceO;ȜMSJ4Ƒ Tp=9\R>*ήgPZpY$J|Yv lbG\QSo)HlFBY"ɝF{ČuYvlx ƻtUݢ0&] c/(&#Np5Ăbifw%f1hg!{nGɧ/v,TC|CչފVR+(]`D [kԟ rגߊ7/̡#2^NeQӖּg\QΕ€a y∠ z69/[6W7Y𦐿w[Dꠕe%? _E f*P7UP$TGF՝^MU]z,A",[ٜ:W8uYP\_^csl\ i3vLf:!;`T:rZlW8F̕urx֓/١5 !?h=mئppGkWI|:՞Οv#„C qa7ͳfZR0AQOVήbrNkEAL@eo:elaH_!CɾhD?%Ooj;?bXNu٫ĎH8\݅TˠQdC{v K 9k\#ץz_jf(8:xHD@`#8E?.-^bo2-Ey.<9ߪE-6e$zOcF gI&bj5yzQ&cΝ*P-WM 6_hfA$RXdfՖxN,_J{Tg2K6Q2j9\Ugyx{mt}Tk{[ww%֯Od`H .&UmVwv}R9bUcٞ7&.`~bŲbޒ0{qOͅ[XG ϥ,%en{K[*< K)pg:#+zRR(Jn@eZo]$=";TEj[|Jy$\/nVڝ1B tDg8[KZ.cbUV](z:s,@c5E#^h/GἘ#qz7wA'' ADcwJS#;_qGiu"J L6fGw <:p5p f[TV=uQf KT9\ߥ[rq۳QWTP_ s\<%)LZz3gW)WD ד%e"_%߹ع֧IMB=O/~kq Ɲ1sք,-gĪ492uE ;dN?%ҿ͂B8pӺa̚St(8CQQLJ'dpMm [vt1aJX/ #B|rX9G{#AI {YA+1lY>,^ 9Nr8#H7n0Lӹ2U;ml0ꪩyPusX߅'tP䗲Lv-Gꑨ_ r(W$aOC^v !'r\<"T'" C}♷?g̛\I}+b?~zV {=[8ٵEɦve٦ iH\,߂85Z0>琶vKy$!:[ۙ5ZyeOm[0K}TLo*!A* 7{c4M}#  4gqtm&wP.6x-9F e ? I9(BA)ݛnTe 42zͯF굈HOb 2b򦓟u6`mX9ew:GAɱgx 6G6<ʘ[Y 8W~ Ztʶ^& 022,O[,i2 !lZזĽh<|a% )\cr}qu 5$g66θxW>C嬄D8zYy@,}"-@LM[ܰ2\=sֺ[RbUծwa%ƚe W͟Ōw;KqdN.ԵoD*M + {lU ).!u[X*~.5ĹBIrh1N3 H5R׏wk}ʫoOǝӃ&qcPU *VdW5 Bk~_iXay CcLlyr=HT7T7\L亸&\0`ӚiTrfW`Ytŷ# UؠahH~4#TgRH'{>14"06mmA/N&S !Pj4eD[oB¡++{ephMZ;$Pd;]J(ptsZ7\ձ1ľ cNDg<^5 =@|GCc碃>pFn=&-K&ocM%1NUG^4 dAh\fgN(39w͞/@g[vԄ*~ׄ1>F~Js/k5j9"Ȗ"/FV1&Yٍ9za m%Ѿ~<Ť*[R" $Wۣ "2qcZ@I lsPo#E%0P"&yo EgvLd|ʬNt#(Zfs6xxf gL!瀱擇 ;LѼH sg=leQ$BQI4 hggó jn N9GuAF后PH |fLk<2vcvf"-](㺉8z(x-G`5x 5O&]&#6"QӜCuXe૾M1ksT{"rp F//#\~H~-HSiᑱۮ$_pOyAiA9AҪ?bF;+Ǽ aJӈAض%VvFE r1dNW@4MHh-qfwjvlfQaMUWF辖 wXc۹_8&bۚ{W#Br KLS?4G !u>K.$-` H`f>ފU5 yL I>"$W-oL)#ByIm4>\[*T$D}r7ޫ{bW?RB?$qp&/`|$<XRC@8[OZZ CeGFS,8!Hࠜ?Yn3פUMC ř!ň&3hTaB$Ax*XRX-Ar\G?ay N% Bk2s _|01J&f@MO@ bx"@! qWYOKAn*,i<U:P6}/4~ʁAÊh72-yiD[~< VI,d D5JUsۖO㡂hQ[k<"uƳΏHd1Y„^˨}K!*75%op|O Uc!@8Gmmu=9 WV7Iխ0:% $p4 p~r(11*/uQMJ\/WOiɐa AA\E҆vo '6\΋)*"yeIy?E kZӯ{fu(\1N*G(ZDTgn_go׉4][Pf턮%ǻ_轷)8Ӂ+7E.u_g@Q3 gRJ6D2Pj'M /~{49#挼@Gn52O4V-@v' EYm- [啕*,~udp P&5s|[:3 ɫQ*E;{>"XzZF E{ ˚vnw kWϳz ~-!룤".߆$.1qn^^[h9 7, _W2_P=ۖ)?YRDTh2:]h\+S3nD)_(>ԁ"ud;^>M.LywiU*t`Ax["i(VZ{ ) J:4sd\v xꌛ;#oD͏ܸb0۝NW,.PcXH爒{Zٲ`dqdtNɽ-(*x$y5 o j&z&83 hzH|YC0̓r& ;Lu5.R ,*t85K@qE 8 WL(Wl=)ZHaѦDͪ%+^G5f0]B[?UNok7j< ײҮ qF$\.8WkY TGDR.~BzV"MV"Iw4GO'\lPwO&MH镀g#6|i&+W!{4*pP-'H2I"IhhSE4hf .AS+ɜDJ+|qފsΔg@ '+פ,Tސ9UlX`eYV@VVPAxFܒ2>YI٨ t͚R8!\kHΟrM8伅 4$>8Xvavh*[d!]0R1H;ǐQ4,;^8 h=$ynt l TPu]+ kX#k,bCruk@ gu^{w@w5$M ZêR` Ow#k^O3;!&@Vx2#Q+rcU"ބҚqM߹׾8 ~xARFsC.ZZ"S3,?,rN5N/Svȶ:Ka8 @xV!5)" iկ3jzUeڵX`0wU56\ڑQtkj\a:H~/ISql \BqeGRgj>o~bf)C]C\H)su'2y[Xo.w!*trr0J(A|-EI~lmbswr*VY6h+# NTͳO|7C9{KE]C-ԛ cQ(PzCU8moٲ]g@D/ 5ȽdE>zV[0l<83J߃íS"dy)ʢ}x&}[ k?p("v k$xܪ O4 *W=hA~̂$7m.H62myw+6= J;{Ңpxx EQsrݎںW碁{=WE&)^MJ*|wz]gFV3!p;(EReItMom :'|J9|tPP @y1#2zTNtZZ?_@rYt? Q57^oPjS\ k 'zz6D+}YYOd=^tG`g+1o OP3 {WC2 $젋UW~u:NxOjGajaˊM&z.dB_ыuB>x2vo(/g"&oJhׁCAWìtY6]+4:LK_/c닽ozvDV~Ra\d.DL\7+7q6~"G~(N Z4NgܲT7Y9sBUdwh9ͷK GMCb4qe &&/6uc3WK 0JQ%:RBQF2._v[aQ- !޹"0 VW<;Q=ֽ$H+M6b`@>;5PI_FRlZCxe%lJE1^tڜ&@u?y􉡉"j 2E ?L^7{i[>vsG_';Lp ^ /$;e@`Jwqz6K)h?,-qwO#hH2ꎭWۏ;$%$L|/] BTx;4+e㐴YtNDg:d ufJK{-z>r`flƺPWbf) ̓'Rg|$DpQR8Kݺp̻n7;J&7zzg%iޠ:} cJPs{Fpo}Z Fx@c\wBߧ|nR@W/5H2( V&)!:ӎ{uu[l嘑OXR&>rBF7g>츥߂L4NekE=.ph1b͘ Y;5@27-湮A$@ |ޓG.W*I,0[>`4<,CVΏMF\t&N,G &ЕBwf39h+ZnJJt-ݔboą[]l~'@t/PJlŽW\:5E|>Qqb5e!@rXBXy?BQ?۩ӛx6^E2x_ԼK*ZpqI2!|:*\[xڒaw 4nh$Uͻ|j)Et.sCޯLdIw!2qƽ",Srf|:/I}R`PАzsK [jPT[*6:IE=eb+ӕzwa#6ß`RKzK`yv|JvO{8UUO/$?a+5DQ\Uo*8Iyֈ  |s#yJq({uJ'(7n.;R>q"Q]&?/WRƓ&jnBTME3XtOP_lT硪YS1G׼kB-vf/GGjA8A#0aDnIh5z< Phߚ*/'*[#@,:r :UZ( .Ht$MµoqBs| (w&Z J o:N N؎%54b(vXzR[ЃУNu+QLM[$vylY`Ɨ4OuPgYKRDut֟4oױia-nIG9^|K_ʁ \ =3"}2FO# Xߛuz%> 6˷)tupdI7O2]$w1c2W-`jw;TAzDOsCwW5/Y<,X5RafV'a;8:?a`Qn,M{&gnMun4Pȋ H}DdMU%X:sflͅw ?KX;c\N(_K7bC:޷2Y)RVC=;3l/}qwC^ZķT~Md*E`/\%]W7w3&YA(uXHxx^-jjdZ4Ƣsݙ)^' 죍!~ecإ8mJ_ol.e|@9Xϙ{\׸k̭./@!_5XWg7(tHFhSn!:ndY_a֙2WSVPJi Ppܼ,Uy%bMSߥ_:w7S, QF˯d24dot` J/Ï+u{9= d`Ԑ^S_=͎c"+25sK >p&DS{fHʗ;>-s˼6PƽIu2pk"ЭCTݲw)0cYv]ӚS1$dyp}y VjVaև(%i:Oޯc+*S~ Z!:sY3GSEڼ98L(l60 #ُ`o mՑU8r  7'Ǥ5JhfO1d}3B'1LN.vX"~A|kD:_ŸdE났/؂C8*wg;o5b9ȫَy #9{##qEToV;O KdfÀg;yŲVo)K~ƛ>+!o*uډ\ҟ'eK2u(`3BL8.§jiqYV]e !2}+xSwvBZO̞co/~: ,ٮ`G+$ b׿SvYxf71FcĶ!Y3\ǙU 0o teujs됟GHY}ʵ_*ܠ_SPVg-3Rwd3](÷ %mRҙ8'x=gkcizqro~yFih8{W$# \Nj5rgA%j$BU(d&0U-H 95~(v %FsnZě4HL#4)ǫ"up4)nj6޾ 3`Yy\8lU'UC @xz}S&NƙAGxv']`$8E-}!:I/(3]oՃq1Ε3W]6<$BNU:SPRUHzO?3Ԕz&5TqC2ųp{ֆḯe#;8QXcxVD!ddyT5WG's/3_q 5' rw<>4zl 턓j˵uG 3Z|]#: dm8{Aw]2aIۼ; ^㥶$\6{^) 5h{Y!OkG Cv1 3se  /&;U%곗 .;@;+s.Xp@o -Ze!g;l^㲛4 <,bVqK:e~p85ǞfVڂdjħ_B?"q)VܻP"jhVfz:&2m4kA~U(2aWGgi,ǣB0;`}6y{,4L$D˂(ă}W9 #ٴJ p0p|{=&5JACAt6B=e*&쇄WK<,'*pE3eΒ&m4lRG6CKIVT-1t;5=սےE/enͭcT$-Ov AߺEITGg9 ˷ Jb{ƶ X$śVC:Bp/^Χ6|-sRǔ%t^IJvl$hADi{XGncm>o,w] nZ_-RXS9 "&oCvKP^b@SI{K_- %X"Z xwBrjkI\ž9-%\FE+G;ckJRVgc4#Εlz&YVZ75J_z $*7yN蕒Y# oPzPI@da:2)W$I*2~Zd`g]FǢ+ߞ0^Ykf! :4*_ V9搕6?U)?q@?rQXK1 QY8.Yg_fZcKtW:;UAGuzZۙ3 Nx4ŋ|#t^hmnUIJeE{ آ^aw17qL#' M,ifrn[ӵZ5:(!Ř{ |q@8=d{OVY(C;SLC,x?zXDumPH5k6+~cǷ2C!{M^besB&m<Cw(΅Y䂸ùqrEৃU>J쁚l$JAXaY>T?ߍt%i`H=.!>N.t n+y>EJE\XgZw>{Qq@$펰%bq/_ S|N/Y 1ijy?TAG7xFS+@ צeNyZ~u)djzrmm5V>P |σ`r;,zkt;Yq;qr^՞bJ"Uq5F&(ɺz@הnC5d-ݎ뚗%B&JPÝtS&zN:j=j(UNj;{*BN$"=x2)tOSo҃E`= wi$qFjoΎ o|dLxCl&7ftk"\LIl^1`DF2YdӠv)ACgMmS!ȇYN]qs|V(&Ztժy<㤟DFd̈́pV M.+W7e7*Q xUJZ7T@PA{BaոtKLjtKSWͨ9 /Ey3Fs(%gUFө"g,#\CZ$0-4ÁdU .9 8R p=k捫Lwm9(#`gfBVUAƜAM$x5Aja`rwO]àf)$64Bךf>Q1J{0uEM.0~t? 8"D㧲@RE~$ݑ0ttPx,.X%*3g86[5dR8.gy^IK~Np5ӗ )dHFUoܔAJ`4jעH/ⸯDş.E" Nɐ:Xj* ӊdGdV>^1cqN9a5[ٱ`'&&>U&- N`JOŪ P)@jc( :_I='jJ0ݻOE/>8[#BaQppMߌvpL[Lj`uo'#%aghcCEw=Uu5N*&fPc:b(ۂH=d0=? T|l5GSI/TVopd֢Q2jm/JPpׄWIm HD5هK }R~n/Scݣ/ 7 1&VzT7baݵMLΔiP_[Iu׆ّ'bDI8SCݑD7 \]m@[-XGH$+& \V̄gAnhu/:eH2eykq0Z#!IA.F|ojGT6:ݢV]YqQ#tH8Hp HTa[uŁ.V%C!na=F)X~z(HbiJI8ЯWz)s$Ɛx.%fFAv*?yc,3}(0p%rوNUR,ը:Ƹ 'ayi*cF7_KO`^~7W+IUHetHFCg{SU7r!LRdV)#>=]grz nt03푒=/:Vf:{y Zk|_YN!MGc`Xda ๬sSfҏ_\|"=Ї7hÉqW φZFV?:O>0xwP]$*5vBGyTҫAv lEi#Ur̶G34́z$7.{nn$]ܝ2ɬEbjym$/M{(4쿗j-ȣAa +ҀOZY5V>#B qg"mC\`XIUdb@xh/(7U/"0?r?q/1v<akLq+M0lTw".l4S\`hnV1I^f2Y%#48m/0Ul\{[?OdZrŨ_(yˊL}Vg,xt\I'x[ƻraġei/D67Sv2tBmݟ&XWh^֖y~5^_:"ûFߟ7qZk~Pӊ#jxt+E{^hiv=8})ϞZ>5ޘڋHщJ,w= ,6{25DV5]_2/Aʹ ApQxAuvȼ Z9IM =zqxԬ&ZJPu ӳɚb )u+~rBBL ՔT`V}%%u0u/ }Kw+ :!_m&&o4V&0-nOX]bo?S\~e.U%l6V[@I,>RN#~lL&.G4.S*WP%uFPR) l)=ل|wsIcHЂ%Ƿxxw>;Zx9;9ff2+@ "-qXpMS%ttn XF "v(”K&Ƣ'Y߭ӎB)'2Z6˫d5k1: ;Jue+pxnrֿUSfC'^X]ONW2cpn^or+H ND ;w4ddr,WVyFJe?Yςo4]rUxӥ>w›x-0FTOEE'QW WAR}/>R/8(IH\ v=쥎ԩ#IW/a+صRˉWzz&(j 946ǿ>гj]zl-[>)a,Mm cTqʲA>ܤKkl jkmUeVEM@4&67Xv0>|Yn^;/ @žbёx\ًihd_+{Ԗv[M篴+mrpky@=Yd ։G=LhRCGJ@q:r[ Kp_~Jv%LgڈTPmt)ǐ(v# (2g[^tb(GDP5[*u6p4}B8%yd/G6*}P.~((L8ev9UEo9-=#4@ !r&`on{ t?Z'2- A}, \vp6آݤz݊^1tUyLe[\d:jN:ra}EÎL!G>JB励Ip# ^Qąmf+XK{ӵ9Zcn6ĀXr)27:6}_;P䀰rWZGVԗ^og[<h'<%R*IUdH3^^/R}/bLظmS}uEP!mQH^Dĕ'5PFly6F 69,|ɋ11&Csy~IH^*.3WFVM=9Ĭm;g@՞8%Ql_?15 ^͎; L-D"B"$Rsd\{+zwV&fJ5TQbޚm$m%~`[?>T5_QgEE%iG#I;+M-pkR ;YیV>ka!g&ȩ)vCS3,Wz]״7-g]ӋS lU\ž~o|Dќ(navGۻ E}ĆUh0!I{;zӥNHpvQ*}01ܻ##D霊(`6rc )/`6;yX gTn0}umoE[ۿD(X܎kˉ%*Ar+}"(1g`ff)mL71KeJʧO"0PlFsn.w_,}!Sinmwm **׽K6A͗4,pi%g3]񹦊КN].4z Ԑwaz6QVd ϱXӿPߊ/AkpbGCAܿg}RBB AwF#6p(s.$>H5as0# E=S`o$()9λS$a U9'R:ϿNuAB DeX&{")c1:d 4lїW=_$ {QM`#a.ծènv3xQ#I#!{n|i/;1MiL:{׆aCZ-;5PDK-@JD_`7SZ-P6zݕ+xfvL?35lDF8pq[E&jPu=bL3# .of,+wV!?rVs$KZoh D 1@clC_AG,p8̈iއ' r@~{Q5 w۷2!Uc5q\JKMّ2`]\좥ռ]ps iF}8}ww m*` gYE zr]Pn-ӊ)CͫjMȕj!TZ4tćcͬĚY= =IBt9îxFڬsFaCrTUS1奈^/+BhSqW\"n7RU z7,Zc\E45^nKR[<֠4Ą$mv]5 {ɢj:\%k]Qp#/=Z+lDq@;9bXҦV{q|d0禂띓3X9[ҭ[d4ը$d ~F#'R0N{);OV,J["l_XVpv~vd|mf|XP!-a4USo|Y'Lt6zV~l{rHjC0姍3iRv QsiDC%dM1)t|v %P=v>(BM\.in" 6aA_W7% ]F\p.G.S]831P%w+J{,mvGXH5N+[Ss%)kc JSj=B[L!bLVUաƣ,ny2󩉖OiMS::hjX@ybT^LHWV!&ɴˢh~&e2;۶Eu67p7O·&d^x/^7(BQyHs=^nBS .Jmu#p'R4ĠXMVf)JYzM Hb-2]%eh0ɫϯ\* wu[/Zvh7uv"kgĜې!GP(m#7@ŵ\r,B|Ti辕Y DR'Nq/_ZP&`@ֹԺ{h?E&gVA3ovlmmK>7fZxt%ث "4NofFRbiia,]/:ʎݳx=!"ӎ YnԭQwpkڛ@W IaPVE4!(F}WSXY8RPa顕 {Ibb! Nae~WS{ԧup |¼h/頖8%?Y1$@_PjFOn| vt^QP [w0Б\n w>t5wǯɺ%Y8(bSՌ1|gAL&{6ΰF6:bN,%xx\rEsL& ;= .et=f( $ }ǁFJh tcxQEJy8WUxC_ kAe Th7wy:lIށ3 v]9BOKUTRq)-bߛ4v\omg=>fCcS"R?NdW b(ž&d 29>B ! {׋ISˏpϞݔ^YrBbG:j੮(ڛTΕpxgIi`ߩCJ|0I)o\A2 ̺-3+50De`iY)kC?+YBwx&)SC96Mj0]CjdW*߶wpl'\}>ڋ ~XU5OТ Zv`n%Y;dҬBԛ"Ғ;gL߲F&^f7JblLk[@7*AT k;УRVK#Ca=cʥmXw"&#|sagb!d&$ DkgsP<+VŬ%*=* 2puANtHFɬP[(i5|*TAҵP[J%"H˺Rs7ED}\۫֋)}7 #D@x+Fo(P4;_`^M]'"``TVXq$SOY~ADbnu_uO`aOу7.2sو3;b~Ag\/ K֒t%h){jٌ=)FĚp%J?1\.mBh.^E+o8 3BWu`'uV<$Ab~_ m{0ptVy-;! 9;y?1_i_Y 5P)c59.4[uvιA'(l.59.ҝ 3 Z$"`[2UrM/hFAݟ-w"Akg_~õ(DdMNptO-/]o!{qHgR|>?QmNCѠ3 {\3Ҏ$ݔUC8F6VhP5FO2>ȘB\opt ƒaHY,(t.vV~T=p)G 1ՙw Τ5*QZ8 j3z8co>;%5BoTUa-ߗD땵u͉M?/>qERHۼYC1`Bp[ű+.]d ?Ag#?uw1M_3ŲP}A hcYc~*0h(I| kC=3^_6C±Oe\W JA|ˉ/6م0uݵ#ҘlcI ~$?` +i(\$9Lop`k:?uKD$1hqɋ : ]_W';V|V3ȫ 2)SpYk|T{xx7%nAGY+$r.zI8ϴWnw(.PI@,+Κ?71?7rOxFG5Cu9wƮJB6<+>2ghM^z% <}=A>Pp.lc-n>Ϫt .x\ܣUZc@Bj|{IJG >q=$cx\&* θ"_|Etȼ쭚D{]uG ~Gׇ]|$y۳l(\ų?r`o|4t#R$@J[apYgm`/¯r0_<)XyO݀nI?A Jc2nQ+qw# 1o{ Ds ߦ(Y#ª*&Nn] fO*x4[tnYM~˄sXmSgHϺD9tDcltag oko7᪱ e`~H: r_";p>RBP޿TR. #<,kuFh SZ [ ΀p =S~Ezbk'd,94w$9"i}HhsP˓*{ڄ *#}+x-0QLܰ*l*.+݁g\$p7p?.=TaI4~=m5tn׉g܏$PCtmdk\!w75Pt~GynT؉U*C b.>?B{wmR G( &&-L][g{wBu{*fmV'EE;{{KBr^hrX#~MGխt0;qqTi5ߍ#z}׭]:)$UCbm o_Ͻqᦟ oQ|=B4r(@8[+E~IvQliܩwWB¶P^jRV- k F ߫+ |=cIt腼s}s1'[߹1 H*e;Pi>PdO>hZ5B8.GNGN% UjП\T rSUJbɳB^QDa3 ^xY} S(ǫg y[iv4Ƅ\#ht0$޾dZ&^P4V8Jv%AH98mƲv p- ;3i6R_+?y#ADQ'(Q J 2SM9(co|귋Bzd7d8_ F7FzR3/i|-"mmOlT> )/d eYc+E`еccXJܩa#軷I t–3wt~b+y !N(28ϥ9$Zy;|,8kdxvvTX,A| %Gn2nu8)Oqygr&B ?&KB8WYpvN".6 xw? :߅Ȅ?-j0IϯO j&txCo_ ]>0a`/ȔCI| EET&=;ށb[gȾ?ݾX5PH}&_!|}tkFr2Vo/jeۓV<ŷQh)syNb 5m\2i{T7X7KɬU$x'ʚ@H [QEՁ!&M//z\&.yv^15~w?8=(agA1`I>u}WНU+yWYiAo@mV_:zK2 F 鸭V J?Ķ9[./%!UWafgPp-/ZhOi{Y_M⺦A3OX6/k-`v4#Q!SgѠRؾqIi-RC;LUPfjqL,ݐaXz Ccpss%9VpV@s/Oℑ(+ Yef%Y.xczYtKK~q,67B;w3`:O֟k/.٦Myx?~pgfU jk^j=QX{dsPN ~rq}}mg`w?ӓxaP{ڶRn<įۿf]#0K啰 g6&x,ĉbp 0Vǘm0vaP-\G=[ Zd(Y][wq \'ڭ+nJgR4J/R,O$ZufSFa@?_b9QjZ1Lcqc bpB \m PFM[@ Rg/[c(^Z׷e$LZg8p.sϥMngoFi7J^aF aI>nSoR7\y1|J<6ۈ'^}xL]Acs "z>+ͣm^LU*S8CZw䏦hN(jy+g:x6 3_{*mV\#ֳu \Cwk)1򃪬ҐB8NdkKbLʨ*nuh󤎸Yr}yɾ9M@mZ_gp !+iͭ'a;r|Ǿ @'%4T{ߘAF2,o{V\H5eIt' KWv ?ZG.J؇A.H8 v;QJhp^'4K@.CV??F'([>-ī"9H ItF?9vEs\i ˫a= 6iսɚ!vhcV"csix]{ɹp(czԣo9Jtvu<0T#K0b}\|4!8^U5bڌ׫*9uŔWJ!)wSBN ƮWF@CyoFֻU^D7qn&떸l 8|͔Im{ulI=B#Ӹl7u81[W2zܛa١UJTΐ[h&_St<4d08# 8H^v&qD(97H2 Dj;+57'] bq͜9E@"g~LMBo}Z -7+Nb;.;w)Mo\3 KRmG?XgX :[$M ?ﱐ@k2?yB@WFqJNbDn:3jU~6v"X3±pI bgY7:C|k8;N,OAD_/t0x9$x ]_,Ym^ UAtjQVu`?;|~`͔WyinJu(_8$6ۛEl.~ac8n,?RJ\*L+x:9/qQ6TBLHôݦHMڅ~.h~hR8ڠmbr N͓XD7>X C}cދi$ǭ"uwC4Kubc|-$L^A.5ޗʄ-\ȵC1ZpjF\Qh1qK%c]ST`zB0?њ1OifmByI0x5stc"r^?Jf\* {(5[qU0U~J{.h9/bBxl1XJEmc/t#\>>15-r!c]b>ՁtQ3A hn~R8X}j߅o&gK545dBD kVF6ؔ$,u ^TӠ߱mه͉Oa{`F\ûM>8!Qs@HkW eYPLBYհ̞qإ’6g}00G=;sĽ./_4#D7>=a1L ]0E$T?K:2c,>E C2Wx$s+} ]nrdWShI޼Us[5Q%fbՌTE8d4"'s0GjV}5kBE}3hk3޶Xd}Tb۲(Y*,kOI|h8FGkhܔ+"P53@Ef[Znub53;zaF^vA>FCyܔ9ۭȨG湵8<3˦ #o0(ŠFtjZ#ڎY5ri]'y`(~n+$+X8F;N/r%ZLCLcfUE5 eKy3z]\)]ko6#diI<{yY am2}*"QM(w AWꍈ9s*ȍe)>USfbP5Ƿh=&CwAxV=ˆ:2nFz+~&?NQnh͛m0NvQН&JCIҗN9,f^|f\\t:B pEb)ajS՚Ẅr ~s2hklu Bw[&R?:LD5;S?+E~k#I|"s#DvOV_SvBD\T T QJ;Il#[ 3#gJM,nZL2I?=AT*ڷG q7ﭑc&Px(`InKq; sE5&hφ*VmlVgfߘ+nPbY{~\.T%c T3H_#t(^Wd*JΈbDip6ĊptwN"fFڲcXri5H ^%|T F'!Zkv5|0qV`]e˛8PRbzL;w.U*9R񽎧&-1icˊJlVkkRe{Y x0rV&Ѹwx l рf#kP[17@]4QTqIP hv K'k 4Y~n?eJXJ e2ĕ= j[_Q!p:<"@S@7L3YpzzDfN.~6')XcQ{#|?b@[$1̌rs#E>r\|+=-ٿ@o\|7 j`ٶ%NՏ_^QG!M##Mm#Vk3^9pE"f;ێ~K%TᤐD?X{F0Ck3 ,qX@Gߨ \>cvѠ(M/NF{@"E%x4]O1lb=`ks5x/oq<&rn/Jܦd7j"A힭WoQ)zβZV F@8WMC eG0bEZ<_(ut""# eImQ*}ϠF7C,OB$賓&:Jna}_i&xHݰ ~|lZ5o|U%lnkVLjᆶju юi"O=K׋]1-e$|c@Gjg85h'2`7/Ÿ7s^`]*Tɶf=䪄ERZ-2>gw":zfFigY#c8 ăr;!"Q#탱S_K&҄hl}]YjtgNa(.Hy9+Zse_-yw IU?"^,~΋kr<6l(:ɌZͷ͍̌qDڍK4')>+:HE30q4%bs3%BS O^Ouk=~_A 1ĊT ]&@(E%Fh(#c\6<:kr9$t1 1u <-owrC/?ŸQa6fI3?WR( Ft:ПTU:x 5HM?N,eUr*)poUm5L<VB|z6KԙQܫm$Xnm(8wQ()Xܝg;8e8hݿN.r2 X E|o1ļQEBƃ=QXPz~Tx3{@|꼫 L@xꧮfpE,XKSYXՊh+mꔢ% #;KByYcU9%Gjh(BZXS?cJg=r8^oH;XdC2>;8#<'!tvF5]0F{?AK! NJЗѩyBP 9pTY1IC׌W+`v"N 6&Ebg^m "YSE1m.n@zюwZO@L֗ uۘpL2ei`)GGW;8|,>) ~&-I?X<! Pj`?@%1϶R TJ.Ɓјx츆4Qn6&"5l/.ЩAMzv^VpLY햗A3Lӽ'akT+]4(Uoiuo])y|+-$YeDžJ;m6bq||;O9]/"՛<DlmޯF' kQ.ѱW 0>-E,j4(X!=k2TdA;tT"-_:IZ|>(`6$j|fZ}8%2'*fu{yćv8t)ө$@q bM4","Fe.ɐw8îIJB Msh>Р.Kiz{Pn 5;N-h4Ta)g4t2$X̙ 2s |!G '|mg.'iSSS2n@@rfSEZd\D1%du 1L؉PД(-$tR8R$mfPZ׭Pټž '&.l, ?glfY @g$ Vʽ_ Y _T{-x<,/Uo7ipf*]O✂>,B>IgJrшrr}X~sytSBLx\BRwAuɕI듡3Ϋ 1YyW} G-{b\O^ l͋Y; 0?x 1T2EM!7Ek9 ~6Pdz?պ)p[d5B=Uʴ~Ke$K1V?d93G܁[l aJIT)Հsu @p H0)_FlUlyk'n)*\fbJP?nf監i7* Cp~=Yr](n?̽Ч1|] Yi!ԛޒ'w#zTBZ&pf62nX8SQKej>8U;EH=M,mW?aǨT1fAw69Q/T=>"DPKY(D I/<@wMLʖG* jbr'@C &> :eQ;3" "(?"[yb *^|UkǤ(HOs31ވ7S3+2Ws:;> gIu }efזɢN8q-0)a;q9ϴ~q7\?f0\W*1@ݳ`p6 \:R~.#% n+ύ G:5' u;+YkNS_IM$RI(H\)z/rsGGe~+Ԓ?=at񏍡0m j0bX17[־?C|$aD΂I lf)!NF0v.9cq.t*Q뾠D2JC U# ˕Di6[Ԭm;q&u:P-oOL>NXriDG'6i4{nG7s#DD_n}`Āq(cfiUQgR"j4ŔtHb~mڴe B>in/'<]ڭ {P,[ğ47N57ΉwNIF=~+5Eû Fq~xaщ:;; x%6s}nPێ/FòDxu ǷYCgf',v5Iu%?mΑ٘u0֠1O(!HoN 9m8`ƪt-q3Ppڃɳz nCJH4rMki%rH˰,Tщu? s&.qF}cfRoq97Ic:*퇤H:=BNCe* ?VzܙD%x63?K+AH\\`%  lcqv0_N~SAK6q߃ܾ.k? Ε.(P+P( iyl|4WF ({@.**p99$ٌaܚbX5RՐP/8| ëQӺy-J4jن9`=~|ŏgW{s,6ryQIP!t 6.gi3Yh2% k'MfB'& Toz6ι֠ÿ]?Ƿi~ /r=N|gsc6VۼV7EJK"j[Pzީe 1X-RTn&U֙!4&AY $'Uph+f|{]Ev%( e:nId *I6zg#QCo1d>%v#WN) f߄Ƭ: 'ך^KTJs>SUZCacTWxٗOp0'V1UjvYr ))h1bZt&X=|~n4n8ݰ d쨝NW11{2[!ָ,`_u>Sbf!Zy̔ʹ&PSZN˰Y{ ^NzK8-Xt8BJ90N3rTyo({-b®_$`C3 ?VTy O3 %'n)$?n9we[Z#PsuAAx c}c}1F/$r-2bHUZ5q21= Γ#G-OFS!ò}yĈm=t51i ^EL.fq)9Uht>ϮY;9}gr[3|IRXKɔ$~5\YZ/|a4T${%Z _윟:9Kn,Xs龃cv4E DߎPc6vǞ@hGYe0_NiAezOl&0 s^1oxGs_x@wiSfO'7!tB6jOE -<'wn^AMBB=M"um~)~}B+mRIBi9 3(|hM h 9 Ǭ[|q{ MYlgYC̑DcN)((gq=z(.!a10':i7#;ql&v ngv64a_#vI/lO Ҋmg9iކq"!x!B @'#nC7UsC.]CťG,0t9`VL!/qԍܰI8aY:GI afDm{kKM`~JT(-&쵔|Y` 9B~"kWL܁7xtyߙcA^ʴ8Lj' &a"RNMd8K NyW((*Ţ('zgCo̚j<[HD`{ 7rϓY%n8$25FHpK|?,67OU(X+8gHYu-"Rbe;h5#Kt–._m `i%" te75ǫQ__r~3 O=GOdE̡DErl-X#x0Ey8Z͎Z-vl2riph\˖gsUEr mebmIUOA/6{Hs::# l۹M45Ł|CI0Ϳ+nI}W YUp+r?ٺ,i!w xm:`yqB-vo&NЃPd8/l0@v{$ Y \q[\{x/*t\rTWz@wMQqe8| h4r< *l` Fr$,ơE9%}ưiX%䚣bMTq"j 3bq:ZqՄT%;AېGTR T&}R"B׉md`xU \m=(Jꀃ=9~ aЎ; }SgL |\NTiki-lN=Wjv(ԏ<5oMǝO g\pz(.\XubRsa- >-mJ sY#Vo+5PhsiCTC>⪱M`b]!~: $|gϋwތgR +xDS"Nb $[fh%ig \:CgF<]Tȏsia+C:F+LUK2{'Ü>EDu@UB%yayLހKl'd"=QK^X]^ fJz0I6MG]S[\W !Z}7 aO!rR[oQ[ϴ_߈%G]lȐs&*d7 Mm-#57P97RVUx /]_Ks^_$+0Y\؍t8avӨQҤ4Ngޠea6l}}fov Z)"Xm?l U`u>E|w ;b<%>X\Th~y3q ~R쪘x-Nߐͫg!ʘ1-A [԰$h)KZ4* F#/M/%I1D:9S?źPR3;++/0%֕-K̺ ND}A駄*tpAdip6D4˞hgJ\$"דDl[v9ՕhJ gtz|Xpϵ1)>MVgB{ 14VG&+9q^S9܈m87|_ƎcYls ;V_`v:}>@ Dڞ+] Kl]rv?}iMi%] h^\\ za:WMTS^Q}š}t4@<YFfJ!r_bu 38F0w|Bv/i !ƐHoFƍnA>.dDe 2i-nOȋD?r ߸_R؍:)Krnk*d }s#@uF .pM,p4_m!#.cO6 XТ*| /@Β41g5 )SQ@x[s6͘}=&jebu ٩g]0_h`hqewh(u;3e۪c>f]i.Up"e2a7/E45PCw'C}5e? [_@1Vc qvFKɥC98Ph\ UCSzܪ4&Ter4S.J!?0׽%Ȫk$D6j8GyK0F3$|ݰ 톸:3!ouG' u\?uM@T I*Zɱ3i،6Aԛ*啀*يO-|_S7` \d7K H|T295]W?}׻786 E/U\U-}`d 7aI_ܫZ6J-*gyf 6QreuՠDu`W8{!Don`*bgPt,"حқΐ~,'TGIU{Ĉ0;h:  icբwyT_ ͆7w F}S,'S)&̙VsNE/!Ӯ0j;-`4(Bkny?]*kd\a$G,K! b(9vޔC " F'plJIFM02tD!pPFI1y=;\́35Z k K4ddjWz|]E}|61-1^=) XW%]K*_"gPC9bլ?=v ? a+{f„fF"ZPXW^q)6|Q=Әԇ_+2U¶$hKJoW&iu >Zz{T%a2I|YPV{!yjAEmتeoTC`PABP(G{SQ3~_.6Px?9xpꎿY\fEOS5O LA^-2k`OJ?0+m~7T&? Vƨh..z--Q bˬv>+8g &@Y62)e鳔2؟S䆮6s,`%}< [/{R@`;.>ٸ'sYmg!7!q͊"vI!ҰH]W5!RcBuYv$)TmޖG8F8(熲N4[Yſ;ŲZѹe2}3쯈Ο˶N۞>ȹX@I8 RWbI+w0iy?AA7"bXlq~Y`NʰQ`o)NelPiʔ%^l ib6&pf 3W|JD%h龵Qwf*~C2~.buҹw?)$: c=8oeLhiV+T&vPɣSlO43]{t2?X>џ{Dxh{;BYq?CҸ'M0;59ʾ.B'>v%O5t3F{}eAF0Io>| cTkGnQYlCI}>s 4sCI;i*?^s$E9Vim)"v@ SXȌ-R40_,񥍰oMg4[X« Y*`q~څ$ ?  Wl'{ i䤰*D6GɉrQG!clnOh)h6k)@I:vnƾm;Jſ ڋ`LO'7!>Y#~$#Lұ:1s 뚟{]eˢlywqT,H`CQ v̟fF$tD|U HN" CɎr*] :+I੗yyXd ࿍,zd:Tr_⊕iLUM0iЩYG@齑}!Z3BC4Y ϙ~#[N-?SXW63 3{9,.!qCX+r9<}%g 5Ff$V;w.~r~1$lqK?yL}gt^U r^ۛT͌~gv(DNIIi_t?[.^bm+!Tҭ(*(U+> Vp`4aguE-s+.'3YGn\7jWrX_-E## W9>2̉5TD3 (NV4=5MϧÿZիy<,K6;J)(h_T7sbk#DSr(JƮ>i7lnϰ8):YaA Wa $ecs k^Ha.NwPnm{TG)}2&(PS JHM!V4}1uQ£Fo]VᏒl47/E.-eh7 Y56|l||P\W7^YB$wNSV#|0R@'#M5 )wVqSj2]6(X F[S:5EnQ AjI>1ʝI#MkS_i[W_<"b-'E>zw-j|_j~>FZk|PnM:[_`CunsY}6Ĭψ'RHQ:Z[K ,|ܠYw.2Jmڨ.d6nP*w ["h%OwFr:;ºW^Cp E9{K&~ړU()ț7b:W{ݚL/%vgF*ޘ882#7h$Ś0/D /i<(dhԍC%rP]< Sב #]Yܥ|fVH;K%).JM?}H%:0,h0^(CgKPR뫳5%}DH.wdm {qVTUwrg ̟kheԧ󞴶|;mÅxpb?|*%,<*9$S*bj T2-7nW] *c Ȓケ7H_2qoHCt#mV@< .3?it/`|en ?iə$0:@ &2M~w/x/힤3WL<yb "Iҍ*ܱ 7~H|M Ie3y:qZGx6EӇO1}{43#PzuyVwg=\>@A 5'i!Zn-\WkVK|x.4^oIN</\ 5"i'v2_Xjo#M#/e[XO9#ۼޔkK3i6ūyĖ 2&JBa}HRbxA>5Jt"s[Vúnʽmm_F|.F ̯e5ekVpuI:tvq遉 7"ykb|[,>.I$2dr3'{!kV:U\+UGdbbO#0GɌ`Q*;*S҃󱮀R/+EAo\b y{42={U2$v)d%(o[ȔaeYڭ@t@`kPy$Sj"ͺn@?6 j쵪PY:G7ZS/fjNRN'xawp+$Î; i8I̹~hvSO_ܞaYڳMAv"sg]$_kߘn9~M嗫|C-pt>?{4"]%m9|$>{7Ś}Bs +v#`C8*\f3WImv 0/AI(ox̊+ŕ@w'F ])52`M{@ g8ud+> m2(%^S)Ii4sܪ\'x}`56}aD/S#T۾V9qLXI~/)^*5[ĒRNLjz>:P:t4؊^spd;jvgR^@s(dH9#+rjq/'#з(Gs hy8EO8 k֎MFR?'o@D7%!`*!fBcOw*˱L8uh#~J^eA,UBXV'>7lv|O&%87ڒb>QVle~R(D,# Eˣ79%ԇOkgp+e_YAϏ+[]7 ͘F3cek30 ݓy"Qg`VZ&u"dx '_BDlNU\0\~tsj&P5YRE5bBq㤳zN`U^Y}حDE;[{t~ Х`v/K DR?xre1(($YqJԒy0fV&|}\\Bf [18&^b(lBݵEhֈL:RLk}A"v} "6d !0ڂ@;J3cb.D-k#nDIWIWqd+aڌ7»Ȭ`׺)IqH8j6/Sڦgj,J @e[Rk%U\3`>iw6^ԩy%Mv=IG?zt.Dk")߰rF +^18WbAv W8^m}#07b';{Y}Sԉ#ϾRDjm S7E3 ˢ\&>kɐX nvx1D]$7$ hW K-m fGVyMkJHsccz$,tD ={=U<&A#-qiV@,e>md"I>:kɗzSc;(DP:܈4Y/#%NmT0=Kvh~ŜY=S@(y/9xy@gmDs㉀t\x!nY X\A!T}mJ&-5^+im2 |T:/U(? %c WI&ϩL&&Ѽݝm4րms:sKc4G˵@^2>]$[r&p*,}Tܯ5=+9 7eAEIocyB|> Rj?rB!6oI9 .O@\Milp&OJ1&RߙUzߓulJ7xKxA^8O,m5nw:zNQ? !+l]Kn"Ȗ@Me&nwl@zVMOlUꄺЛ&׋FV{RB=ຨ$Й;>~ 7%Ca{"Ve"Yb B G캃T_yf }ӧX{ɗ( "B_#pl{H嶆&Jw0`c8pevqNч,;K07pFP\Jk1 cN=:}{1.`.1xIWc0oNXrդow5a;Zxtb=M/ ႤD^ Hu'؅ LRqW:wKv[fg3nyذ{3a8fF2, >SkCU,T~LcO ;yͽivN }<*ENܭQRSY8XP(*wyШ(C0u8#c"g$JJT[%kq_'I=^6P `ic.A%"qӸ] i3J[rñR 5-<l/S.@u nX">203*`eRx+DfWdUlYa3&lv=TߌB#ú`ۺr8vd<q>5,¢RZ \&7Q!@@[Bz0{L@iZDP!SA1xro{r9d k=  ލ`k &z `At&"45͊ NNxwFqL"^eI~N1}Clʑ<*?'WBLJ[KԚwѶn5us(5-Dl"`J'cƐX[M9`''\VnIUVԷHl;x*4} n'kREǝ!O8JT7lBi&H串5^m._1@%QGDǛڧaouV)!6TS凕;=.1K~;ø.'Ί83HN5ެ-0^iKofO ILwD'I"qJ› cAm5D%BPnv^D׼a4>oa 7br3O^h8O RaJ.(8bTw68R2OV%G$6zhO 1>oLn9F!!'eӸp{jZL]'*M=)SHKIap vh,@#y*O9' _YPj>ׯ sTP`vx^ J;4+IwwAr$/8Tc:\yyL<b>,ﰝ_X7Sՠ[q=ԷKiyxTq:) +WsaNWX#Ͼ5E/ಮjY!SRwLCˮ /KqjU]$mc9m桬:qe?(GLdWDmDj}Zz 6r L@Z1|8v(ꀑOCgchm mȏ` ԛ`5TGdxVf{v Z/'7Ey]"ޛ@^N #NհD6l]n=vNר}NJ-< 8EQ-y^ɵVelqc)\54D0ΏQ l8C4-kfUץy(zkHE31_@liMJ})/kZPtDlb\uXBOc)45k*lW)PO߀м!QGؾb@Js}$ﻎWmNAŹ5ǘ7>?b{ΉD`?5* M> !2ٰ/]YK0}Flhmơfz,O/"Fn_A;P҆  Z&/w8WPcs;ܑ>Q&@됎M>.`!go3/ǴnxXX]3_x {mCYZ hG]OjLcc1 "Z Вk ,@ &!9Tߐf JaGJmPݧtRv.5c?YUHQZ\7SZ FFYʀ>by@<U T krlmCTvP[zn"[J;} i$fҗmgH'&.Ʈ>Yes Ӈ680QunBV?G {pޚ@`_[4*X#9tG c/0"ɳQ#߻?mNǛ*}du)]]k+r{g6\уWaRozsJ_L$2vwն_{T"ybn-W?ɛ18@;O4thzbCP(dlM"&/U|j7}]q*L󕥟zӏ^ K {2 Ab6=I}KC8)uȖ]/\" ւ ELd  x0O} Z3ܾ҄r~E:#(Ҩ*.t`Y-?sVa'pU8v^AršII7DF|ѧV3Zf+aHXUU-wy[Iˮi& sj43b0%lWϣXLU5Ǝ/y}=PTYc# ;qduwEMZ){U,T_ Cp=d]||ƹP)^AH׽f%wr0ML-ig` PbjpeYhmxi7Y/! [e&XPqhwB RŹ8D\0PD4ZkƖk/ :oAmF?5!b{I̛gA\ԍ1/`== ?@|=Ǥ4z-Hmd>gwKkxidw&Gd],CV41D7Ӣ60z s#Y(NB hRoܣr/[VV*`AY@zU3V!ignh-¾f#kՔvx`xc 7=dƄw 4GՏruFfeUWs9M be9H`{UM\iLj->ȇnY}tHV/ȿs&|p8v5U6J{4E/iaW8#k>YFZ'fNk ,dٌX=3W=s)[]iXVjX^oP|#!ܠpd$e{GxYpFXWYgbV vfrFuj+⤎ 7_Y9$ ڗJSIIM.P7b~0)}(+D9:Fk'FA<%)ZjCOBo<8Ck3Cr !N+1VccC\_+` )!f5v h^d0B e%hy"`ɳ{<ǎ3->zK"|xЫ6tf ba2|p՚cX_[N@9C%6`2|^^HQ`j׭7~}F fYL&ivpݱ-Nqp e7w>Cwƕg1Ӑ{9XNiFGӮI-7ȳ;l^WmBo54+ϋ&yt_UP$sn/ Tjl< a`3~6MZ0&] <X]D_5Jvo5S~'|v+K@2^{]{ PL!Tt'2-fV3|Yya!oTSC*s'Xy3#n`-j5YV"p3wiDie_l̠=m_REX!שO"/JS-Haa~ԡSA"z '8 oޯzYɓ(8hC5iMļdst,NSJ]CY-ʖRo|= Dn՛2$3? ȋzDL#;As0:G0=plkNP٘&mivb7nYs!˥iՁy}_"eqetʼY ONIɟP "gun,NT~X2GzNӉ /?ދGh@L!"-.AYkRV\N[NNT`V]irUMZɪX8$>RS1_]BE۟ݱ@ N%b1ǹfGkbo㍭$:cQ;YR+^ ~eYH-8Vn+d%^*`Gv_,j }ykuM™L1s)0 { &O`f ܭN7j9t  4Ģlw"0 !.tsxe_@N ѿD:PRc4P^6@] ڐI6p-2_y$t(kc =去n.Ib_ol^P~1Fkwl2f85082D~QyJF$A6%KToT4{ql.ˠ9|t.x| q[;Jsl^\f3~iQZM/Aa)>$$}&qj%6RX{jfK8Kr "(Aq"?W$)8_/F11t^Ka`̬kHjJF(]M  Z8!\F~Xmd/uQNTĵ( 'Odl/(uR`ͩI]0)t yss\#cQG1% #|-pJ!ӾtۊHй`\!Jo13zE"n0];BBza:p5Nt6,ccܢ~t~CxS7qLЈp2R`8br IGW{ץ7I|XF}('Ti[hN1v5fB 6% !<ޥa~)xe]1OΦyuo^+r6jIi؆L\#iLKk܅rhQ>(a[{\c)v'ASt:8'= .< ϧ?v= ō nw7])IHO 'p۠'uyGrHFZ = D0Da #M,f0 nA 3$CS?FO5*.Neϝ,8d q0"3#*5We@?{-Ḧ́DFF/l %+|O=rSum=nNZ_':!hg[qXd(7N3筐#475NWV)G<1&"cf酑 +(]'9Q6p$rHѹ6lp$f]kHƷ6՚e x?0[矆dD|{ք;Rh),^@s!,t&+F2q0d vb'0'ky"%.HWʪ%gy'+$]|7GXEj"t8[,L$@(977-a)b :ͱK(.PD -.ߴׁZ61o'xGٗaٜR&F"b0d%4Yt߅aޛS(4v,].["Ǘu'CqDeu\Qr=лC"Hp_\wA״R?ġѾڛJ~K*_2$U^1V\14R7|y=J'¥f_dIc̓6&Zj+qS;Ʊ22by1ɡ%r͆O,,\Q hs9$miXJqMl<0s}.c\LŻ朑unHxJk6E#bNl"FrñJpUELp ۆ^;xail@.[nܠ)g׃Ѓp8 k3ӣ9{ӚOqkNGԙj魞l<yCJ= Ÿ_%|Sr >W[ gXʽIY\R'A@7~Hc18wHeuo~xs_u3 1h$+ . 5[g֙8h^VJy2i=qUZ3%] {6vN( *o_<pa_uegwIx*?O߭˥*̢;\Ai-x;PAKł ԛz oGX/rij17m-AucHOO=^VNhVa%.Q7X(nfԴOwKXGqr3 ;kWd]37>l M|mxIDP'"  z9_,BTUj&!eЂY>Sr'F V2qY#/ŊO.,Z"3τUUXBpI[pg|l A@J! qJ 4*ץ=KmCh~K^V7%UriN"Rzg߲+L' C'pT:BL7H=:zʦ#YnS^m_IO YP1|&Fco uG- `҃[8aCӉ祸:`*G2׶y;~]?"ԸjGKȠ/jKG_ K)/}/k7X"&x# w"#蹻ϱdzRߙ@\?:-#tY+4ދ,:7<ZK+{;S۹R\6xYO!@|}A{ۨKȅQ:GSY j );4G0D(,M&mvpQa B2LJE?,{.JtMjtSh:`ܔqneocyyŚZDn)Cs4PFEZ,9h#նYLJNA/h%۠}!JWCl[s$ck&! W|PIƲ5.yXvRk<7, )6&m%eQvm 2 NqE!z+s}h(OXc| *#De̿ v7 79iZG] ZbH!KI1??K~[YERG1)Bk & T?DRDP^UvV@ he'EGUsU>rǝCA*8f$65Ujc')4=qw&e$65R=xkRHdԔL.4h W17NB%o'+d?{ɘ.5GPS&KLzaio$wƞ (y25npSu?o{Nqջ9VGe$}5jBͲ%l! R'i> V[$g}["‹Fm̽VUqq6aZ)8p/[sm0 !ʏjPqF·)͙*dtc ;'|7"gr<_zU1uTnO5*.?ᗚOF}tI9Ӓ:O:{A >wT;nQ lZ&W)gJsqzgZV.w*ٺ&IC,]FʺBɇX*~WbbKzzriE,Uaq<}g2:5x\1i_y.zhxk{вqVDllIO t .Ip%0)~Ŵ`)6xޞ&CSI#&,+dA>--u1'}nLeM#Pk+5;pZ+#W%c28u`;(ĸjPLM@<_qVOo_{bVv\2^="1j3l:sWOQM!1k#eEWt.z:=dh}X:]Đ t@Z!j4%w} ԧg~ʴfoQFK*)?cҩ_5clV& 4JW̟kaiێמvNb >c|o^ WErD;s[7JH(0 hj1fѓ)NQnfUiIUvcrHQ)?'3sl;~+1Kx/0{bS>kp_:4". + դP2T8r)hdigp,^rzoz Z Bzq)Ak_(ۧW<âz4x Ba| Άf u>"bvT;`bVUD|OnD*J *\I3$?Ҕ:$ڂԨbL`2! g>/7L%!kb&_*&HXçu&tF`~T EGG֡. }6io`REضGk=:ý.td5tmHTAhа$hU +6#?{a\]\dTN]x+8?/#%9C]O R.uԄ (bRX'oDłr.Ygn/f' < Vl'kβ;[7SH)_0,D9V'K]HR" JZe螮×#Rߩp&UޝY̎' kV; 1vq+< ܠ q~-=NI Q &Y5Xv k6 DsB<!()ꐓ 6lW3i2!+_S ;sU8JICE<×sKǭ\̺#3􎠫|q#UIz-xiO{VkowuH'!fǯ ×42 f_Z'NB?qS˩co T (}L0wP.Uɦ3qB*[rf({Vs 1VW߲U5'>jdd? ФԩN~U@jAGtHGVF0wXDSH7}_!U9 %5lX\ĘZǎGd ӊhݳdX~/. PZobCl1ܙZ¥%PljAnJ,Ze;҆/,JJ*`LZv=2-*Zއdb<\*Pyk g8SQ ֧g<Ĺ&]K`Ļ?Rmrqv<Y+(^ VBcHxd02SbC .lГ*gɷjdmNdl׽Ӎ܀6I S٪ڙ8V FܨQ oKv l ~HY~]<͒ HWS1E(KH̱M#^_Umd-;LbL:v-e2+ەy $(Qc'rNa#WtJMG9R(C#-+\oCfdɭ|Ewūrh'^1µ |4BMQn8Sioh[ b~ d w ^M3$KكQl#lrbjP$>iPGF'ẅ́@~X4}{ ~},'laziϵ[E fUHbr [WDK:8w|Q;LsЬ{(bہ?=cBpH\1\IQi(UJpE]ԘT@Eg-kp!tLhL;U89n(*ɵ4\%=#t3,a?fa.;I,/Jv܋yNz nC р_1SJ hU O;6Z_q_".JP+H3P|2o㞞$<37bP/v]Yv&qv mv0!l-2"ʋ[X@F"] `21G%OM#ݜ(9NbV{K6D+-Uxr"wL:=nQ)\hX"0 lN{缔bvYl"OEl%}2PfMPʈJ(0"˵%4`f!NOQV &>* ݿ f\f`J[!h4r@l7 Ss,2t2J@xKtD0T{Iɸ;BpBQH3U٪'6mroOXX C]MZ,'4b$fTzz]>"du aqD̚F?8xvukf gjfrczP aK9c !.Dhf| h!pT˻E9g tIt(:5YTS5R~%ςzsR=|նJ3\v#[?6td$">X9Zip_ѱB>7fYh{F$m n| IѾ_4'*ؠxէ> nѝ'RiWKΪs؀dp>'*XFL\t 0^/0k!قkamx3c1O/>}yy<_1MdY 熿b;W*[`/+3lg" KX1EjĖ q $|W/f-W].r9YoYpS^<F$3~yF>r-ȥ.zǓlYKUCb,PgG&FDoؐw ǥ3Csd2a?Sn9]6OZ'SZk(IgH C+9y`lOߕM~V{AU#̶Zw 5iɞY#ga?"7&W}-dx@9mn:\ c@i 4ș sO"y١2_Q2% "U%aZȨnpڙ|>wobsC=3_ `[dxaR[NI- q ,&m |- S;GP׼+>^RU8@eu~ _j8\^Q>bCI}7#/#dl8ĊIo":oAj<'lnqyA ByCf1uȃy)]u(Z A,EG`C޲$rj{_ Ta _k\|r$@K^r^Tj~`̎N`n>+:[iQ,o[Ѩ8hXuKG|֭T#``E BVr7oh/Iw q|.q>4i>a  '%Ff/͵73;H,Rn.j^p;vC'c,MT@zm5S&q)8.?Z;\?^aP6MƍpT1. w^uu (-[tPiPcxzPfz^*]4uKF)QNgrw=:ZZ;»~o;p%M%la(v: aR-@lS WFH;''!Tyh]dbc/&};e5]*v.A_0>63+ʜ޷6loQ_Oը\gƍ.oEc$knؠLT8\ٌ\jpXw{Uaߓqqyǩ#pB!uFVI5]^$tJ hw[ DCE|p,Ӫǎ]kp~PC;3z?'@:i"'@^ṲBT x4Fx/ECDm_,嵜^nɑg.J+ iMXHMݣU>Sԭ˟\t>Dbm}sY'KfR/EƎEa}ب:4v/Sv;0)c yփ߫'C/T); ľ~j%p3P8} w'UpMȢ'[GD)+z6>|8D-7 K NmpmUI[)-gI"?hV: SB4%d6qOkU$F?:)`q ޥ4q6`b5pZR`5iH)h#te\ݿvQ'|/ڣ_Qamdonm2`4}Gշs@בֿUp\t*wY=r:v+st_³W9𭧁GzfxHm7YmNQ-Eau1PlNp0qt-0?,fr'?V,#xQ}W}!s9 5gn^*EgOJ\_RG=qzs"&짧蘏^T]L[=jz~ZܣlW~_ΚX R學]~V )G! ^06JQ'G I?V:Az?qz\B ht+;|yB>;%R,L.8P-k9'O=jϦ[[, =O %+NW6Y:(/ R%$c!{p֕m۱,`% anRi+⢌atg[@Il[ 5NԶ46#YXƷ;Tа>g&MQwSF5ݫw=!.輯]e+@EwlA"i=CQ ,L¯[9旫D NE@f@%|g~j rERA 3|YjMgG޵!]h=3a)?Q'pWNxzqnn*Ë|5q1`o:ۭNoQ0$$ Py9]Gj:kli~윔z \iW ` !s?1vS]K<68z9|%cqq ?#J%[GZ6U@ 30SÚw n?'&v=WIy"YWg K FV(a0o mb֎z ռSnȚVմ;…5 ARԋ[ߧ9N?A4L;xt0eL++F)ŵo&׼5amZfˮ''ލ0v8)`jHY_/ͳ3}0A)کG1[͈݁UnAvv_z.GU ƎIwv6֭ETR ĘߠJ/YقXu:9#yI9ۿ{?d[]?y2VHP hQ~~ X cW]dyfF{2`[}.onS0_|:$G׆T{)JAVsQ zSz(gKO0s6jk< ѹzj {t}V+'"MVk= Y<;.G\ks똌v>5/!ձ3 d*~'\Q|g2ʻI%L#ga+IwnU.->(g9~COexxDx .l4M]"' f.bG'M?ٲBh'Lƈb~+Wh12Tm9S SB7jzc;Zu4@I#r5KoKmo epOM4VR:=47[RebLg8y?3p=k{<:GĒ':rUROVK5{8j6uV\$5XPΩD(]Oث l"㋗HZXc yVg6}*nWJz(&Ƀ1"] 9 6~_q $z!bfOTpd=X]w"?/ȠD&O f JMw'8e_g$=O3Pp}ekc!时 Yiv\U"=H,+Wt \CƟ%+7'J{I>dz&&0oi}2.%W w,U+Gyi.f4B|5@ZYN0TkI9@oXL,5@ j 3#Р}+qT149Zΰ F'Mkf.-0,oBy{@;6MyȬ !eB5brTI=YnbEb ?12HOUO])/o`qIIrE2R){C[JvݕP$a3 )%'BY젶V*ci2w c!N0{t 8-$CA4a?>?uF|*x,ZgJM>SO)lAoeA!!WG3.ˢҐm/d!ҊgH,Fe}VeETq<@xWAf} ^Rz$uu򞘶'0jQ)~ ǐ]:r,^2 x5{Ü%dvZfKN&hjՒɼJgJJk[CYS* SKݞ`"|й>iFd^wYJ0 $uj'˲^Og|ܶKȸ*ËQWR{;CG囲eTG,a5yiu `Q`t^7yDHVz)864Ld8' w5uhqFj7ꎮi7$ גGA re|o!x6XKSO+"ʫ^\4!im k板R)5LMSH~JK!j%>jsexQ?Mo}HCRXıS[>oo zc"4ӤOw|>+wûxg>I}Q7=ǬOWҾ%YS] $qz~F|B9] 2tQ4Plݯ# :?O(՝ۍ:e\3c%⋢ W.Ca ;oJK}STZ㐬Sgo;t=UwpS JXt1m9t6%S罩/!muQFGn@<?멿ݲpes~}+jK@Y_BƩ`]!S'%sDa,~u]#E2(X??"FOܚھӊA&AKH.2 ܖ44W;Y!j N9y"N"ܚJѾMHGSWgL`}Pň"kG[rI]  0K3Ά]mAKhbi Or*g헉a'+FbG%GRuJ~eLg(uY^N,lw(`G@U; LO#K#xh FΗ.U; $INjf7xykIo3[0 ά ۯ j]z&]GA4,- =YooTZCW$FmОM!ZkYB[YF:j*bETnK\>Pgij^ L) Z1,q/fU6!#D"󹼾Wy<]}7UwZ(MPљ.K1{YdÛKb0&Tve!6Eqo˜;EnLDE/joi6[; PЌ]xiMtJ/TٕSgr縘P0kjFt\u|.pEt\LEN;otYE푦^XkTTe0E,HӮ@^+b u-Γ<v\027(*"HvFy@AEoW%oC}%+`om)(-0 ̢qʩarXkR]1)~!lDbO}?D(z> GnɐXS{=M #RvdxPwyE;՞S w@ф ~j1lNfP˖ cЙiS*UEK̚r갫h՗y 2\]qb,"[{Jd 0OѻyT~3݁ Q`~kv! u| nE5- r5"|tpďK]lBrH;WX3mO"Dn: 1 +->U7Ѷ᣺1~@ agG|[L.ٹ5hsQĐxcZ+b ,6b>Gn?2IKG\_nmX~NrjɊMm-NIOR?#^ƁN8 M˷ $KKM^@ "Уz;.1ŌE<϶a#)`GKyyd'ۅwn0;Hw%_lR5}w 1EmtŬ?~7':9%daVae}rT4ZlVTJDe[xCƐ BP++>Y=nwE?-bd`Ӯ9aŘA5)ڳ74MKh`ڼméMa=ZsNa1fBԀ{iҩLwy,(r&@Q}Q;qdiWplt 1 1, p$ T0͛=t2QMx2-L.SDzV$SN̓kju8u#אyUfq}y-l~ Y+ ʅ: L`u.;) 樔61抷hFƠͧG='*˱tNٔш$~*y{'Wlhe3q-A82[īrh,X 3BdS**ؗiϗz.b?V]Vm M}7i;YۅV %EBUߗ}7rf2b L2h 7/PϙT]! 9Y!痴n0w*=ĉ&̩[- d:`{ˣxļ hѷlt:屄W,Ra0A'dI!]Q9<[Ci % G(C[I9è)%[J;Tδ 1pe-a }x1jN UaVi4ĦdBi5Ii<eD`r5e L%אFYa,wn|f\s6KR3xDoOhse8y&%j꩝z[`>29ۊ#ؖ@AuEv-X8h!8u4փA:w!=t.eE%3ht;q_^ȧ]Op7k*K'VSñ{5i15:/\Y 0t!-ڢ%x$9q89Q#lu4#!M"9m3n#kIBvWn^ tֺ Lík؝x>ޑLo\.6ʊ]KԦ٢ݯdQ=\7 Ň&L rG>i=<"HmJ8ub2dxMeˆˤ{͢zyLݳ8uG~Ꮾeѻ$}yU8ּld`_}JTNzi_TD0Gs}nQgEB5z;4TMNEԕsπϱ&酨?\f&4yB{eɁf߻T;V@X cþr 7{O=Isx%-}p"#du}4FúgER%ob{G.-^&q:ј?Z-I4A5sO{'(؆. ˰K}*0lse#4IOj~"2?oWP Gİ ӔAJ "_YQH{/`\tO0kb<$xrJ9\}Y/h(3֝M}#Ǯ>W@oWH/e˜{{BYvjˠ$\.^W0h2:Cb@$8>&Z4 䤠~nB[4CU[sF HIwI\$ɻ 9g"e~gvⒼ=}#ׄ=Ƥ}aㆪdUդ5MS KUj} {kjc 8b06X%!$̜Бxd& \ C^W?psD&>:6 { `+FPЏL3=0=h{ů|5*kSsR //633`uzFlWI?4wrS඲RҲXNM4w< Lx>s'$WD4Ħv-NJҀ} )3(zhreB)ZT9!-Z@sU(^Iē|1{Hin͋GLanzf-ņ`U~ 2&oǶWKq6_OK({"`Bamʌim oZ^|vDnݑt8, OSوy}Qi}*!pT̓ Np iF{N. rco-E/`?u f ¹7vMG W&p}fW!"=zL6A͆gϮP➂«GpsIoIֲ9zS)*j-p{`?2+BlE[xi[߾r"W~X+pVvYGz=qRU/N1P2Y;暷KZFLdAࣖaeŲgQW1=9z!ЗnJ,A,gq\ m_^OE#u5X`x.glle1ލ< DRNj(!gu>^r,d^& OU ZaE*$d.,m:v= /9pW~-[C(æχ}JRMZt kG+CJ\Ӄ?RߍuL"摾La3T+`W9EuA4"Z¢cӌ߼JhWѠ?(RYodn[r_}Qju5B叇nJ j|#,gjD?BCzbb<V+i0,֙;y/,6X>xEQ]/Iz&L:mz<ߪǝD+&c"gO%I 'U * ߡ >t]o/FM|+*yS7+O:cPľ sG!`Bo;#t%a HV g]&]OD&[7 5Ǭ'$E!gh.G|bXX#uUww.}UlWв B8[ʃr0TؿS86ѻSC.˜#kƈlqf _=nE rAڕ;N1'F [!/ %h1mGkL`lj^4 o9/ўRT79:]M~OriLf*8zDXXRd1;UY׾ vj6O=Lb2lnylJdqBGy^P\;#4SĥU{`|МM}{X Z夆 $ǙNܵahF_T=^hB;#|ZI)'ͼhB74\7FDv\ 1I8Tk(]&:;$g *um;a(FAiƻE@:p4?M_q@6|N俄{,go&dl{Q+H=!ڻ&' @u}+ș[pT C3+K z!袧h)Kjve«8t;B͏+(qzʐ~8?fB;SsWP?o <7 ߆yb:'l6~: ұò. YwA5!QNK7]=vDeLw~J:]uV5=F=8 I/}:"HYyԉaPs9n~ti`Ke`g?pso f.uj K@UݬGf͕ wر?Af϶:R Gvv~i!9qݠ#զW^Q\D/ m%;,Fx eq Sp噘ho23*̚Qf\@2Zn'"N+Qgs@ŬNFv- tA^!8nheST؝]eq3O}bS,m^%A鱤o&9g\PލvE/$t):^U[3kZ\#?7It-c.!rl 8DT!~H jq­gmPۦl^,2>" #R8-,q* fI5JZO/ -K*sr V^Qc A.bS ï8]̀|-+Vټp̊>$\g@dXp#~IN]gC=|0XaPKL+_B@Ehe @e p>eDdvn:(\>)*p8VEtrrYH2h \$pݤ_c "I䬪A0}jbɺɦs%NU){U(v̎C I-g6y{шH>+ 9.HrvCkv5s_H w7v_5U HpV!+lA#]*Q`7~DQ&0rULwT8R HpEiC֔2VApXUW(s[cuEQW[7Ao֫Oyu8Ƿ6[y+J `o &D#wQ'ewjTnK9%4Ў/Y#I1mQu #AT,ul*'xvtzoݥAznc#>j@( 7?ܸCh4FЋȒu%ș4qŠߖg'Z ZnChfE|.%6˳^vӑ0T>?78l3j>\_^i| ?)$du"7aS92STj y W'joĸ$.&CY<8Rtia1Y oY>:Ǿ2cBL,NV#x>CˣKRX%(P=U렠Pי+?>kfQ֢.:"J6\Wykx{"A  C޴})w3)w.z8QA5mwOi1n2 X@(߀?ʼnJ0Q,I(kK` S[LQ 1jw*Evwpa$ky:P9D F=WQSN$>N-eS٘9:7H!8L+ڞ}(mgp 1+M/ZWf{D°z1 dw+e>x*c]*V"|&G0Z6AtT2kC].ӦI ,2MO#t.e؀뤥aX-N6q]w6gwݷLIh  /MS*ɘww& z!n/R7\Y~ϥ΢W6 D ZYQ&\(JYnݻ MV)EO#n|2ʇzcBZ&W *v^}R<E>p"&fSE/,=tȦs82w\5'z3[aH;%2YZn@f8VW'^BnG V {mı0'JHemMHwc΄ÇA n.* uÿ_ ɼ֭c gKG)iW-Fg5B7Y+ x.b0<m<]T5‡x 6iF` z[A%XeMRrp~b(RgM>ԝw M ~_>X3Rwf`Q+)ncI}lҢ9~9Ԯ>Iߢ+x"T5I58k|YQ:E.r֞蓉TN|Z{ ё73x Hs,֍vUkIB16lsH|r4#㇙bpGf]C= !m!T̓2^ Q1vD)ssHW) iQM0Su,%[9/S\A,#%?!r\S gᄏS*6i̘|b{irE #i1 f~U pP*~:Xھ#_)` Rp&>3>d3AGv"W"U\Vt*FSo ^Œ!`K'Z_k[Z8!MhѰXX'.TS:+Tn}@1jx,PaG#To)ʼprxPJ(%bA/od(la(3#AbɢZ$6b"{Lm }'eCpNfvCXt0!.途Bna/-5eF q1u.[Ho>!<'yy=C\d!pUX "} YZ