sssd-tools-1.13.3-56.el6$> (֦!#Q>2X?Hd   A *HNTbb b db b b b!xb#bb%L%hb&'9'9+9(,Z8,`93h:RGbHbI bXY \<b]b^bd$e)f,l.DCsssd-tools1.13.356.el6Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP passwordXҿc1bm.rdu2.centos.org vCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686*ɤKSA }5q"1EQ :bn3] 11m:+}MHOs x?sH cC A큤XҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿVpnXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿe1ec854f68372bd0e1fb6291a2573776074e921bd39bd69a8d5eb8da2c44dbc38b16a09cd1dc9fac7c51768c27ea19bf1bf0178909122c473d60b317b832c936881b770495b8cea72067643c78870ca9a78a6d1471110d74d39710050bdbda0ce2b77b0cdae21a8dae1bc315ad375eeab66c01151c46a8491e86e483a753062a82fef17872487505c20965039a68b51f18b63afe029b14ac4b0e403703b050f3074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e21af5f3b90f9ee2037534ee896eb380f28ee4c8287ae079cca647e0c0d110f48686963a818eb925ce8bb0c94f9f14bcedf56014ffa17275455d2879a0fea2fecee8dc6123da04ed246a9e7d1c724ab7dd4d41c33f7923ee72052bc8a4b934763363da7e47f2c3c6df61a7cb83fd33d9eb3ab5c8931126e6aa274c347902583cb57ad3622cb9e17d2bc083e990dbe9c59cf2c0835cfb21210168a04188196c9e18ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90350d84c60491f81ec38582151a779c4e2aee537befbb0bfe275f4af2f4d91a6aca6699600e6c590db54624ae492e7bd5af1db45651ebcb0845e606ee559e903c099c3dd8a113fea8f43eb6155a4354bd4ba2aea406090f3d764f486c3e07556996ab7f4306a908defcace37f1f6c91dc4a2209ba0ef8dd7db7fbce0d4f11aaffa8c15ea2f38ae06aba6778774ec66b34427d8643e9a628e459fca2f53cdd141a70cd03bb230a00adfa378b30947b3c4e4f621421d5598642bf9562af08b264038b2e13af39c3346e820dd25b1cf15cddc65f83e8306b4d14e31d1195d193d3aea0de4f9fadab65b5df315e660634fed1636d3838895735028619c989826cb5cfc92d14b8141c5b61150636295bede5443eef854b35c22858d94d27d2c4cc1809266f7df05620679dee3ef453326967afa37b75389821088071bf478aa26cf13ee8246153513a6490d29df0340aef9b406ecf914d9fd7a8308b0516d609215b4694c32ed1653e72de94bd8799e968a4bbe1b8b2b9b4419c31cc4717c46345219f05981d65f788e6048bc9d1c4c6b217409a3fadc3c5202098a604b69c1049123183ddab8a97d33f0efd00515183d712552a7fb559d420b2382a98bd47a8aeeee7ad17ac5f114eb8c50a94cf87f49ac08f1f6a78c739b1d66a03156b16dacd14df3653c2bd588a3ea18eadb5c1395551ed10740fb86aa2a6e3424550381c92edff47d31c31c18d4e0c2f3420467fa2ff7f54badf57d2e9d03452d0315d4f328bc751516fc4a79bea2e43ff71b134457cfd7ca6f09d9670c757d031ffb545df1350778184cc5c85e2f38cefc1a5fbc5f27546a44f1b906dc11bf7847b6dbfa7347088c3644e8a7bb4fb18fe22400d07409fe8bc6706e9293859f315cc1df71e04a9ef1f4439be013ed636fff2def8917761d7121cb9d135a391457885d341aaf2a349d24a516186ab7287f5a6ab2c03e8afda7442d66c4b6735f7f2b2b644f0901c6555371032147c552448e5bbff22e4dab75d9f0693c61498a6a474cc1da399b24cf6e74b46a9f5b20fbffd2963e906ea123917cfac0a9a145b66952b273068dae0691872ff8b6fc1d5c7eb4a7e96dc9944560779ea8cac92be114f2a615d329b4a010f54b2e1aa82e5fa037daf771988bff39b18e50d73d11e86914487578f0a7d22e14bdde49d0276572df0c93118d7e18851b28e315cd0b690fb3653b48c041c1d18b55521e967929cf5519975d67cc935da4125c3e4031f740ef0691977fa70a7cd8b5fc5c5640e8f39293bf0d0fd2dd002409bb268ee5b7d5c8e9f5a2e4866e6434029b91fbe126e9b533814c2faa0a6eab5b5702367c212a4d67b56ea340dd44345ab427050eac3b66b6369040272b6395539ce39e226e0c922b03d49d6892e97853882c6ba50481d7743d20238c903199c59eadeb3fcefbf87fdedc2ee4ccd8d091076e2949dc5be54449913b808600697856d77d21e8c6b015c713657cce66a0b45917c3984c95ec9dd46b52bbc394c999ee1480a5da334edddaac82b413e6a972b5b871175de92ee547fdf979e6e65996bc3af2f4a47d1389457c87c49d9063684934fa435074f2f345e74b4381acdf58882d46471862ec1f4bb83fbc436f5861d9637216e55a43f3af1f7797aa78e950971e876219bfde4dcdaa55b851b44e3a24f1e6c13aeeb1245750e4a3f529e459b76904c07f2bfe70df8bb00c688dd10766a99d0370dab32750bb1104d0c7ee9490f72aaaa0fd37cafbea446666ab88a65a1350e5bd28bccb7c9652dff2bc19c305118b28ae971fca9a6a1c609bd4ff0118e29c72144475864f3eaf903bbd346374cd618d03aded0b9d85bb22b18ed76d7a520d73a7a98a763f502bc8280d5f025b1ca3d6cd38a1718cc09d1748fc1c2873cefb6307c94a7bdc75d597c98c038251087f2a23619b583a8b546086a0c9f418c4af4c0727e43a693f87c61d7c93860c972436b203a29e6a69f255559306bb17c7f1adafce4335acbd746c86d7eeb69a8f1cd845e74a05226de15ceea5e0bb09516fd684315b32690dcf357948e1648bd97b2a6664bcb857c1e5fc7be27495f3c2e99aa4bdd98a7dc152a75b1135f31dd5ba347cd62cb39bd94bdbcc84c3a6d505dc36e4fc685a81b8b1b79d9807a303bc4a5a9e10c184a1581e77bebc6c6cd32e0a20eae4f4a0e4f4ee90d479a774286ee8dea1851a877114f229cf965f4dd1d49332dc9c066e16edeecbde3014cec0ec6dbc78f271ea0a75012beff5e88701e02fb3e1e4dac8b9420807841bb755e2115c6c6e46b2cdd3c365407be4cfc0d9ba04335d0fd8145b67b045c23d30c8992acd37313ef3a7f7c9b0b703d143f437b5543eba373059805f2e778369398e0af93a55c6c1e962d7a6f476d66d10ff2622f619147e1c39edc58346d17405227e7df1e9f6336c813e618f826ea003f18d714d22e6d3cd717eccc3fc862b25b972d746858157b52105dbf6d37b9b4eb52d2a544e44ce2772184b4746e763ded39ecb4212ae61a05c254b1700fc47890ccaee2d08cb1530610c305cafe9ce2d38267ae622a6b7aa145ef999f128730ee832f3b04f41117e4c0000002c30d2e3b219c4f92c7a3ba309486e1874894b97b9004b2ee16c951aaa1db93c161e54a79d9e5949293b3fb5aca5394007c33971a5ad4b1e0acd537ca6358a3f620ae95b66b058ae3c3ad08e6688a622225d05f16d42013eb4be04c3761a66e93cdf716c743c02f68d39f71441dfdb2686664989e4dc0b629984b2e6aa0cd2008af061a1c3b83a024afe3f6fb073267a63cfec27c8c21fa473980e79371ef2b028e680567692def0429ed9209977bab51786b070bf54f8a69c5ea3aa03efd01f47e44c4d63ebc00dfbde73cb79d56e2d6551404f3f7add230b60c632407d918d3b04644cec57bfcccb0e3b7c5dbb43f8df8167f01ee0e32459dd00c9bad8c021647a6d93c630b21730d9b8d865066d58286fc1ebd25dc5f6119317c9749bb53e25179442acdba94c51e0f07cd3bf74aab44efb6ddb2a9e95cfbd76b4c32854a8c5cbcb7e4b0bac81fd5ff625330e230d3117b78a91c41095fb786fcd6509bad5436f2ea04a06301ceaab2f1490b76e494ab4927e340121a5ac02bbf151ad1fb3ebd42b8f5ec440e2c5a5f00edd5c0efcb19834a87e39d6f3a2a220d64272a18e15d645e576cca2f096d689d03d6898f0afe87ddaca1e905d8c368bb5730f5db2c102b487c47ad0bf8cabba8c91facdd4098f69facf4adf8494ddfb5179a7266accd21f434b602e562d6e11de028ff27abd1bdd4944258d5e246e2c2b056fe6e444ab9e82cfadc4f9b50123f031082ec69b3a844022f9f9b41e8f407d470ab533cd8e2219e5b69d8ecb20c22d514c1e15372e3d1e536a359272218cfa6f9e60ce38eb2539d222c9af9a192a73908ea2cdbf268e9d8fbf457e3eea1a45590ea8f1ad2bee83a70c9ffa0a528bcd61e0eaacb3c85bea64c1c286cdca88c6836a4252c16c48d7a9f2bed2ccdb9d06d4930205b81415331dab055906cae37e1aed485f5673cb60db74eabc239927f99438b7205875343e775d22d65cc198eff590257e709a4921176a33d8c086e1d419acdaa5b60c25afd269427220466f09c759167b9bb3c288d09733d9f372e17df19579ceb4a6852dde577c73c323eab60c92d8a977fdf6e12b1e6e36f9d8cfb1af29b014701d677522bfe6beaaf6739d9f4781c59429b51418e670fd8954e75713bc336838869ce45d31fc9d596cf305654266d0934f3e959c63e179f9ff666b2a79f55a41649897f04fab8e8596269de7f227bada85b84c04bf8214c716b21ed3775ae200rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-56.el6.src.rpmsssd-toolssssd-tools(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.6)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libselinux.so.1libsemanage.so.1libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-56.el61.13.3-56.el61.13.3-56.el64.6.0-14.0-13.0.4-15.2-14.8.0X6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-56.el61.13.3-56.el6 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH6;]"k%n0}:w{!vQ_JY%a ABrWc`qkIIɓU]A"efvKY)/HXJqxۣbP,tp{e LV*jyDl0;ަB:aEq%'gRZ!'-*(KvmRMvj,׼ :Э ;>DpmW ?Rw-m!dSIԜ}1G|9pX nO`r$Ѕno /˴qN>R惨@d87Ԫm==`wm˩u yE (\r-]%jI "9r:UӒgt9i:ɡZ- 5x+rhSVx^iUl` &]@`"N>fyԖSEpI$zNeg_uxQZV$t8)b= )%2ϓվ!l.]Ofq9´uNUυ<&\DկklaVb\:}Y*0#!}H2_bM&#A׺b@ xr)춡tȡyjPu+v[8A1ĚnX 4WOmft5-%&?!9zzFZs ctvu\*FCspRljl^K| սW 2/!f>ZLGv;VȈ@Tȼ;Պ-=142Gd캢yF 9 > V2*(YHϸ?kЛ߅Z~v s}< a Bc1=lee p׼ȽgUr,%NblFJbpYQ~1>,rrF[W2/%vigK0~㎐ɏ'9AF 5J+c*l.eŁ>W}أvyi:Ze/|X;/:62d-#Uۦ<[^0%R2R<6܋xDL<Ǡ%'V4Ҡ'[i,_Տj\uOM=fs{p+l;%U"3ޘ]0u,Z~r~3}jČ4Pږड़5#oB`% +%VYHb0z3-ۊ#oRv;A=zh]I u2'5~Gha}VXX0MH|"a::q;N`S,p*5%buYJg[vv*k & R*!!)X] T U! qUVxÕ+tj_Ȟs0CtwggG+sf M8|zq"a&Ïy4'EWL..{:wľ#!0ka~NAU]ICc~•FØ?1l)˭%`v'}O吨5pSg0 xm/xV~!E aH? ȯV9aFdTr1.JR"t_;Jcuy Roի?!R Hiz.X ً[FS7ხ$!3OqP˄%.q??%wcۯ]ՉS(B#tKdV%6,͈}"I r$2Xõ'pTIBzjQ=3KpMv% geapid;g6E؁;Pq*y:zOiʭ +C"9zq`d= qF0k9 į iVюgkϡE=R`Yp}V]XՍ)0ztR=I"?nȡzOu@..L G秩HVόi@ uOK(cQcGw5kNJNrL@ze&nD=rjI_-֥-Z;XpoZf /%P"Oi ix"gq)Lcܐz:jqCʤ'@od'ȗNM.^*Dd+xJwd޼Cs/ٔ9n0[[s-ѱϱ tA'+XਁϾ_TA3n0Ll)LENiK5r\s@eV8)0PyjgIRFLɖH.+N+˦yžGl]kz}eddG5ҫ /e ,9~iq4C=o{+TA*^!"56Ylӥ>f2th[wԠ'fMƀauӣԐ-e:֨)y%<t81%d蟟CZ6A{R=렙,O.5Vgrp%qt7vN))*Ck m搄D{DWC)*mw{!+<_VP9D&fW5ělYӝ+#ֲLNu=0 Ol) Yu&Wfd6/S`W;kg)wxȣA94Jfy6a3u}N5-,"سKJ@,xg8fn&jզ/,G1|Vtjr2 qO7NґGX]hy{V'9=k@)*-zVS`g'coஈ8J o-(źK{6u'G@;vCAZ2t8VV8Ƒ-#Yܢ^Tb_˒2=PBiR[p鑸l`DEBFd3~C;TY3]3OVMxY`䬪1A GqHN.w9nHpËӾuW8ց'?xN7O3^-_+/egR7$6R:Cg+V#Lb]=Gm޻qDxܰ?p]wsHlzV_?Rhm7p7#n'F |S<qy;zmZչi[=+Y0g)1ŋv'HF :2^0{p;k7n#\a#gӒ!W$Bl 8SYDT ?H^ßE>zD!PkK ͠ORt@[ӑ>-30 Q.oYT+ & j/l<nK{w3@ieck/97r'̜ '>}H]hx핍K[-d9Ȥu&{lOf,k9$&: yo1Yw Ι^ʃsQS0ur7С9 IZyYP,\t =~ȫX<ҷ(!UVhCDkWΖJo!晛Τ~lzݷNE7n*nAp#]g\ 2pwDhҡ7?Qp\5H}HW8/bsUXKc 9o@I1ǰoݹpk㹵Gew*wxg3&bgp%hhDŽӝҵ@d 7\UO+ ]>8Fv+pQ]bB΍C7??gO8Wْ};A_^`E>5@D8\*!QAh]%WScus4QOo2D9{IHr§T.^YmRv_*ٕFAQ6rV'm).H Sn| 3_]յJcH:\Y^mlf{gAB! F^zZr6F4gOcl,3[%wlEĶu#=RO H?;\MlAVng xr3.z;lUhCȈTl9QLAg *.f1܊O -bk\W`b5-[Uq62NAŗ%18AŚՌ *!6гU|:xaQW>6J1@V5Cfz cj>*;EA"W̚VYGߥrlQ:3ܣh(RV/`|\jdr O -KdJS =|\ӏJqӃP[9|U"pb0UF(~k  i?e+փQW#d;o_~}QL5C/mz4L{d'K pKBո!SO&hi6pw G0*G£d>\c}|n_|\A dbʟXF ӹ31qw\@JIЉnY; /Z$c% bT-bEg sّ'xa Iҙ-K:=륩GscT9 1ỂGtӐh.!k:wFgSe;U;mqi|}47nX{Lј:#[4XpUx3LψB(Ա7?;:$VgR`#e 8@zܱaʬvoL>z[czf\>32 oH*eՓdD[OGn5{o>vht#z[^RNj=킻>% ;I4SO]UlxT@U .eOC>y43ť0y%ڴz3L;}^ՖoOߢ]KĿ-H)ܕi(Η;غ\yp:wuK>zPO>bg폤ZeDŏi.Z[k}x8xCbi j,Ԓt%12rLnj-Cr"W- OwfsLwTgHtD8؁_xq=\SVtX̬YJ UƔs{e"!fFW 5/ `=M褌WËr2FF?Ԡ>\_ g]KNȠ83",IU;+ ׅ|bE`̕>paA& _7`^oh.JR7ւ]T&StMd08LJD|W f Wgz b~4lXj)$=!w?]MIǟ|X1-j6SvE{}{)#Q,T厚 !]0htv[EW"ֳdBp}5WidywiiUlzbzM$XV?{ZxW>VDpLO 6];M@(V"Ǜt(>ә3d͉sh)OSBx~qAjgp6ۿQޙ -bD.c^VXq[Ƥb7[s9D|6u_V`y=Ujij.4wlͻXpq䴖Ҟ9Y8!2t( ~MV7銱b)"j6Z_ٌvoV#I`x$a?61I[Pí3)*!wTU6P>:A=O)T`, W5}1G Lf `rm{2I O/ibdk5 u6@HVAc{!%,ZF 11'6Q"_zYǔ7}Ugߍ IGF2i^ Nu 96 @ )j [AX\m&vu&KQ5<A9[3}Pɚy+Od@Q٬)MK?~^cʞUKo]NQ-"2 qr\$+̠ }K 6rYeEMνqb?7eïF+ L80sn Ib Ib@ZH %o.]R&z m<х*{Bş$[3'[, ]Fz偊 C8wa=҆~}Fl܆ ƒޚ*:ˢUƸ*"8 Hnk)/<5wV,{AZTȩ4缺  `# EPdܚ.GުĄoN:0IbKZ]d쇍Em4y4iO#fB+/z$} z/UjEvkiwKWr̫X_uG3-Dy~B~Ԟ6v8(6A^"{luP هCNeTDh$`oC1E(-6@b?!`^1']`?ShrR4n[/1[!_ݮ>IhPsС$mxTՌ ıd?ꊾlݰ Yh  ?>Bm!'$_]E_ix=xK 8 ֫kt[h #N-eѷ5pڝhϺ!i%`oƃ/yF6_/T /ғqM<qL@(U.v.M 1ۺq~m[x#бt eҚ0G|$! ldcac?KEEWQ6;G;Cmn9ԚKbB koi9$Lɚ!ji -)75-a# *- C(WS/J[ۣK|Ih]vDRiC:u^IV} `bBʛ58%jj*=p+ :렀E5kn `"pX؏zj`!}/d&uRrV hC{xȉ]\oG*ie+('лV~{{\k~`,ÆeߢRs|2=ntk2v Z ̙+ tUȿϠ XѾs. qmZ-rEԵ0vm5J,$_!%dʴ'<ʑ])Kjѝ. v/ψG RBC;JS\b鏐߁)25ŝqAiTj*j;*p`NNm n=~?9#Vr JDvknfOEΙ团7PX(&!4.JWܡjm'ҡV7~u|wұ*4p}wXuo .Io3dX=5xWFi5mIDmdrHk@dG)gAMI0+7kD}8l$4?d-6$܂@SޗXpK/bZqx3{ި9Ha/OiHF yٗSP X@(6zVk^*a'!1|f2/XT7j/}z=ο@RJ c̮KF5Q8ByIN ZK0|El2xA :Aa'Vv6~ר!IT=l+e ,;#V\\dv%j_STLN.R*F83"hSp>oKIa)taep OK7bx]s7KpHgn\ţнrx"+Iq;צهU BSlgm H.BzX=X SyJh3G,řƮPDh7&y>SQJ!NWh~>gO'S]+R ®>r=mM\ :LsD=K~MpNWHϓlGM@D3{ȉd߼GxɌA^Bp` $rmwZJ6l3wm1|YnꥄSZiB@By)9L.ۮeYt %EOO&_qtw$0TbP#86T°Ux`,J.eHz /hqÕLũ*ʆ6P f5#*َ,z5,&Di{vRH/ǢIntueI-C:f £p[+O?N?#~?sŻ=,H5EBb=HP˶m\ratTR Xszñ)/E)/?0n\F΅r2Ί#nA-x[oc=[?I[`fÌT2}ɲ> ]DBu+pcIFX!,qɵՀ΄}5;!5ٞ W0 o!f% Q+&V^sn=F 0]xFjkWE_aۚRi#&D#r,4M޲n : Zf}<--_G*R:jE‘JvdOGhoz ZjտkW7H/祭 oMqk88KdSiLK+NYrWD @:N ӁUQ2toAJFRNo^哛6k=;]OjK0]Rf]4D^2u?Hwf_ ^奱[rt ˰k8{y`4_+>r]ĺ^xNFpI?١zi&<^DQenV Y(4D15Gn W<=> PƧ}kMfM}^-ԅDZ! 4dR\i;%{X$IzBxҠ唩'8,Qcga!NeWl'GR%of׾i\G},o5qASzzъg'fU=ns< \:V:sЯ&2i'()l79T V=Ut?^4΂{q%3=Gj4ַ!2 'u`X.M A,3uRMؘO[ S{.bSbA]<郩DV VJí <~YG4}#IT_vor [p6%udlԘ.tq6h&taIEkrS`@4԰Ɏg՟ (*ifM1, 697˹BH/#X yJFDmY**I( xMNFƩ${OwE2TMh1ET=+W5Z~ F _B}bP_@ܩPHɱ"NTf4SН2N $){Fx:#?8& ȜѧvAGXÐ= ؟/)v*P=!M h{&6b1 *i+KuF@N/*H}%L%#Mpľ.\EĜ m/>{7ngwR+ [VH p+so5 Q@Er]~Xܚ>ݷǶ p%@Υw%/s9{aA$x?!V5bLCF!G=fgt%QO縿q?_)yĵv)i$PF#hܚIEcE *i =T^@{dHk z#`yLs2v7kU3&a0҅*۵怵!'KC}*tGLqf[?mV)FO%MnMQks8-+^{BsHL,\R:޼[ 3,S}rp2ÒYY0;Zދ ~Rxwԡ4׵ȂԔկC%c7 !W"+1OmW)+.9QDD9`czCci=G1$Hv>DaT6CbfW\4*{ZZ7;)v e41;ZugZCx[SGZJZ-o/X9زJ{K7e]aRL6G3 :޼Wa``@>AZꓙAKde 6dEK`K#ga\/# @"͕8D0Ӄ-ց96tb9V@tOA~i IQgT RxNnmЃ(ɅwV`l@>uBTKHN`(\%b6+|2!= 7y!j"* 'G|Nc;P;j% 璝9,޵6 #@k$8֞H⍈F% N *ӗႻ,<|q(T.0*Lf>FtN`46ADO]nځNtx (,C@Д߲d/_SDQs:o;(xڎRLŢ{ xgR~Z;p2Lu_.B,=l/29pz \XIcFe95]"S93y$n7$zLtX̡ek8{7r땻m:'ٓ%/H?['Y\6 .6w̷:PJ#9`ݱw/vssI Y1KWO;~sJʜ.:Sq/C]ɇ{pirvZ(C:1t@,Gol#E:t8*Y@_uYRXed3!j7i_ 2?Q.:ﻷ@}~}W0qnAqEA}"oq0Ȱ]H֘9 &T/hH~/ocN[(r -sfk?o:x2WɩD PS+??L;LlzQ)ɖ=aY&udwȍ7,v H aAlo é1CkaQl3 ;vC8:}Az]2G[OrS>Dg*fw345yRҖRq%RQ}O//Y 2_“,_`87T4J__ !n~*qa!nlLˋ%;:tlrgu_5`xέkh':>@4lDۆp6J` Ww4`f"n &Jh$e}ٔbTүΈuk}HѨ'k2~;DQq܁^]+kb|% 0:|C*-R+~${H;юW*$ B#պ:bHȥ&DÃA]<32?*xP4_Msu?Vj *ΖUORa)2[qNk,\ U֮gzCÅyOc#{O.9b< _"LjK ¥iTPued^V۾:9N(lMdf Á}6kME9HGFm @gFjQ!%l[[m-ZX!`[N᜶;mP]pwl-)=r ӗ{&wz&p|Y<4IǴTa j5}O&*  3ZV #)@*מ8†~s9Ss"(z|7 )Mq=ͅBb#WzNtL7A!i}a*-&ңv7cC:k\¾mt=vVjF]Ѳn{0Sڿ͜<׳!iF2x[͜SN4bkG$Z-dRﻩ 1քRC8ObǪRx:+)X ՌgC.5һͧzFwޑ yrOh>&6n)Ͻ{ x! O)UD!L;=:n7Xl) 5zt:=iy*rt+{Vu!utA;O..6r.ui|BI8EFJ;稺*Upï_ @yY p( zvE .9Ⱥa({Du#O&WŽ,-VB,JÞ^2~x;'#C* JC@}-I]4Dة H-^b[ l6k8l`be!GY"ӂ놻˳OWWWɾZBlʵfwAgb:)}[QzzgVBB@sۊPnKFD{s2-V-XNtȢKJ?h澄j@N1͊HłOZ0w}ݢi].H}q-rxIR*@"{M@9"kXs6<Gu`LiGL7ATE!~mM(8E-6u4a9{zF:AT8bd}T> NܕջZK~L~ݶ}17&p2J–DUMNk2T hnc=BQ@,32#!$e `SIP9"~VKn탼j,|8JZ_ VgQ+mQ mc?a,"UQΦ O9)Nrp}QqDiU(^u|MCi^RŚ(SGE]vأ)A7-)UmB#"|,OyFmrr%Q[L*Ɋ=\ qsqma,'#jm<Mr5(s[HB 9ӈTlOY.!oLղJ6@  =Z3r 723sj{6;IҼjUBş|S$  I,YMRCH|pu1KPs|#1~=pRp-Bp 5 i5V+>GU5?ry&(]d-]r)(z+sTeA܍"H̔Z*=e(oAK8\沖!E {X_N,5XMu,2eJ5 l?o&0LcnIcc90zL:s5~9G84pO>/4G^+hA{fut<^5M7V_KCWCX8K b"ZEjDd5|i"YɧMoO+7=#t&Z~xtϨr ]Tq+c\ɀbJ㝅VAǦh 7|Yf;ڪ):# w'`P)x* .q7>SGn/eX3M|*",KoXҢP]x)BF2z(1{IƗԫꊐZZn9A:K^};h,-J yWb'RkP>`o%9ypG/-PH9]# 7 2rHC+APO BRKV0Q@.IzN+j5Eg`H?,?ԛn7ڄk/@n+/z; 8BQcdJ :NpWL*e/i5M}T/9\Rl/i-;L'39X/'4XuɖJ3~r\̛4AZ2(q@BjԒPRO!@XG#kLMfCBsyX8] ϠJ[pIbKRA9'@{t&fE30/_.)7cM8P#b3|: Gy^uRK=yJivOOA;mta6(IB29[@eވe.]w iXf&~ٺOq,qOr.g&PDZlawjTx 40ܳ$<Ҫ}GWŸ7 2yaSkaaRP:W$㥨 gk0`ts|&"͇$蟌eL (7Xޕ2q}4-;*懈%1҃4K)7B`]D:+=0-o`JFI׼ǣ5XRƆ:4X[ /G>WKwSEj/s~Xu=K#Ό|ba*lw v vB4fWJ|e 9V59>YKlY"M[֍X)q{Y'%|E?nX؉C;SEV31*xfm0W)^<-CQV!~/ zd(X"Q_ABDNjSnkɘ@DD$XrTU~UJ=?d0g cIܯ픩]Z겹P ~Y̑doWh˵ۃp;e181(%ষB&}}I[^}Nkf0/^dy>E=lOɒ2身W p2$k4b8 ,nǒ{R#RT?0jB`AdMagZՙ -^-ק)Y-€|Wi 9U25Fh4UʳN~^BIOTޗ1.\+nܹt_Ű PܪĖֵDɫK͂t$ay//$Jx* (,G))?+|7vJ g5fcby2iKW}{*cV'MA{axc$Ḿ@ }@gos%!]ßfq<̨|ˑwzN$JwDXvڭ9ZwS2k!7jzvzTsKd4`4zo͘J5y4&s'CG 5QvLB 0=5V/UA<4"q#PL5 (̨>8,Z(,dwlcO48%mrD:^ S #(J I1q6]_5$/h [sE' rA!*?6uP-: $ct#lZuy rm;uL'?/<T62u=V=[R%`/="vTapHlXLL,} ?zmn5r=WYQwt `εI 1NlʻdCϩF@95ӺB=9As1S5=1 ݟ]3"OXshͨ 60A.)X{N'JMtIw.\x'pn Yh&Cw4#J9aM۫>s&#!b\u}PqMZcwEeplH^uOap2SxS+qN:=zU;c `C8e`o_B 6zHIukX }jܱ!/ ,uN.?S9fiW~9DykoɆ M, |2[LGÙ%Ȕ~""p 6oND@KOCDx_:*uE?X\soxW ,p;qbiKjYU&N'e3Nf-ARS$oDȉt.*:^c~sP!hWcm>d&6n2fO{91҂FGA04M}Q }Pl;K|oڐ]CԏuڸZ*xHnG یeZ[Ƌo؁ v3Vt#I!QCa0iHi6򠭟$4)HG;r/EnfJs&eHmFփCr%=޻d.H[a U3$vE lgu7F>oHo[ZHRE`1qBΩgRcS47ʢu22x,21sڿ[KZREta?$~I n%w$WQU3#]op ljϺQbYu`%>g}.gCo Mbҧ.}~홏lHwFdC>`ђ[x -7~g8o;*8 |z? 뿫GXENq\: :i=f GZ|XKg"xM!u[4R}ƻiBMe>u5.L8br)@gD$,x! GJbWZ#f?~xuZ5è~g.Vd@,htN`^B#jMk$,&B-˘)/cjnnUm=vpdb0S.$).Tq Ʊ+'};ob΂FP&E؀:Q+~Gncy<=`\L% )8@]iSz0딠ЪrSv+Ib&% 5e2 \>0Brׅy0͒V 5 S^aBslok{Q?o Bt&?1xbC<كTM xp[K1/R(cҲ !۾ &P7+H~Fl5-WKߢ7઴~̩ijJVFZwq蠱2~b z7)HD畻$/ݐœ M9H#b}#bٰ A8k.MFu$)o^=ԼPĈg\C>~-a;1$P&8h&7S*\fJvY\4)#r,)fs;nf%1#g&4mQq1ɇnu~ﺋgrMVsgdI p=(\'b}Ͱn) 7#Wh!$aw >m ;0CƏwa1nD$䂐'tAE^儨̗_[fxóv _+c Ԩ-'"c[VRv-b UQY{s>qi0D4augtۈr/=|y\s8h_kj5~t&OȌ(x8 34D̋)K?J;T,4)v{eb(=A~l;7(u==5wfZ^7\DHǺڶ\ܦZlU'(«R YǩE( 94jL=-j!_oX=ъ<ݡXm@'ѧ9taƱ!D.iհEp'542\v|,?reLQ۹.йK;CzYpnxMbZ5W{/׏/;V'zbVGyχC%>c*W %.z 5^2IqsXD0M.QnGehF߃;pEwO5],`J U=^C}c4>廏 ߊv]ΟW[g0'ڣ4ٍ䥒*2@.Q "ͮ#\g"E/.?\LdK0-bpD<$uڢ! /O9LA֝05݁hF}+0(|lD‰M*ڕ;*%IQg5򙥊qkb`W8. 1 $ǺKO|_0f(,31]֮I} ^kef*mf[裩G^ R?PB-Nb_gŔ8֭,zTm2" a;NT'u 09pO>z*L8)դn ]T)3b+=2}^MǏ[WB8 1lbk?w1_("j,z7~(4)fV!}%I&H.`51.Ŭ#F)8"_q1°}s-6ݒ*ɺu*x2t7lNDKtZᐩ#鱅>saMqa[ˤ^;y׻|#Uv@eXNy5U>nٜqG.!4!xl~&tlX>q=qY0~s^?3PfHdJH? \.-]nHXFCMuނS $Tf?oxCcKWEi*vv9*Q K<[ @{v՝D :WFY╛0MŃ0"RZrp!5q1WQU®r'ڞ7#y2u773& .pa1*zT眧I.0{?sk|(vN@k[&<:mdOuA ɜm^p7*9 0ڒD|j#RH?F1,_o I%M9V64E@PS GgBPje, etxxv1إ]掮$F<_A/:i΃{Dh Ӣ& \$PnC 4G@G)陗zCZtE݉^Uf =g<̘OznD=; r؋NGܓ}+ `c!DC3K‹ ЇJ .)-˿paϊZD۞i`g̭K, %$ я~dHbf~>w4^?yxթНY^k@ }eQnI32="v7<B)5^iwi3 ~,݊ Hq(f>%s6v8̶z$"0߉~pEL7]/-G:d{I--7K^eKT?_G6go¨>g[ʲOjꖳtrSZ朌Znpaj/lx"!0r%A6foa5.m/v+m>Zٗ)Ք0CIvX 55K'jXǰD9tFWQ+x(aluf^'JvfN3k5trTHf8p/4YIbUެ: # 3id,!V"7?a\{7:zd^&IGY 7AkD_àBz 9' FkHOߌ'|nY0"?-4ē8 -nXDCۖ`i:+hok?SbLWɀqoVmgxLfp~+~r+-fzgoris8jlɐ"JHkh^wH e~jd)H[)@ZAdwѵKClJ@[@],뵌a ]I~eZǭ'O۴2yKQǽ;[M$):Fgu\eH>"zɁ e]26m1OIo(![}^Ζaᵍ2 рnB?v+G GrsZ1yy"MbLxAf$MIVt] 3`zi+X =w]i**?7 Bvy*U ݜHSuK5'Eq4ˀ 1Z)<7SܜJ*{ {x[ V|VVtάgZq|hyv81c<:8ݭmMSID>BL=xR,0O:5><Ү7bcCWePxC*l  <5 N u厫8V܎MP٠LQk7jRqv^G dBS.&0 t?⽐( nlhƺ\(7Z>/|@dkNO8BVàá?G#32K\ϱ6="dt*Jnjg1͠ibu[ng>AxPً~IlMLbu95D~e<䫜kPUMuezMqmD㘚v {ܹ 26+\^ffu d%mY qrgHH |^ }~r'ȍnJfRXguސuQxڂy@"'ſ,5/{0E;Yu$FzKɡ]ت~cw1woLϔuˣ\¿x$|:kA?~ǁ$͘0Ɣ)9 JPDQ3SS@լޘ`Ef L;{VwlIcwV{G7h0u/$Gj<U84cR"u ݋GӾ^[B$/j<‚$8Z3cJgUN ^قuiDž5dTY dP)yBA͋y|Ow =Zr:)z^9'7 RѶNgIĤUg@+{c -jf0{]Och-`>ALУIaߪ_Gp^:M3{vtn§dz|~;쀞&rK]lD zsA|IMJb+qW}F8'~s9g, ۪/ikݶ"CSK6G~S|zsk9'9]"}"g_X.\˼V1Oկi*\Ns HT{-]}\s\_Bmc9ZɎ&=1f08k 6G \˃'dKF+jB.Nq(?X{sJV1JJc$/t L1NfCHAhj~|=*6x"-f`"&gP_ tƇ/ě@JJ["XE='!& 0gIҭnf\#lHQ" %|YBE#zkm}X7A&%;Q!~q "f5@T'"KE"d* U9rkn^:>T21{n9;T@T0/KmbD+?m&8*=g[(5a uTၱ}6fW.eml5*ڟS1<#뮔>puJfB}JA(N0[Ei:έ4 &?Uh$_YzE=z>xKߡ lm"'P GGM?Lq(zʙ,]#j*Q4:ۡxs<㱯Qb(t{!/?qmq_ =JODXISYqb7*E_KuFq&~ T*ٍhHWgBI RT.7C,2WC @SJy6Kd$C+GnVڽ &B5F~t$lأ$8t|Vв> WѓR8n:Myjۃp8/WxP y78h|oHrr7D{ f_; Id\T.*NI18_c$)<a.VXm?قO鎑 [TZ[XFwh ]"b cn]fq$}xZ$3 =@ZJA(}ZTςg[w}F#,aǜ2vSE>8Fsu%a f:)3bý-_y6rBK9c}*>DUKgw>FSǀ$ړy^'` 1%Mtad/¹RFrYoDžd9=K#/ '2#~&ػVO|Hd@NWK؃<="DAL4`0zfhyNG% T 7=*29Gh™c4# MbMv5bxᇪ/tJq9jr>rE7{؃oltd@ ,CGuβy)L/ 0%j72F^z?g1~OfZTgsJwF\^lQoas`Q+o+'g"B ?i䃝&*P&=c8NTײ<uK-_,"Cs2iLYn:Đ6&sʂvW 3LoPhD+;'U#2Y#ζ*׬3it>a"ɖT/W Be_!Zn!*GO0?QX)b~hGƞYjذFKlӁs׬:fμ乤A lkӠЮ/OMMmi+и͵pU@&wpz'[I|l܆ό3PtQHl^Te`ָ85ήTkʱv20xyj8>VT-w*D-HcAƤMi#)BBYF"0lRXz8DYqMu4 \YDeP[/p~;a{&ɓ!OCr7yC`CU.C-BPj0+5&O1V>M0lɆuwKY™QX4g0F.Q788Sl"]b!#$μ$fIFTEX 9c-+?FTKngyrLb%,9]+X,#q1 ٥!Cs cCF,51XLS1f#oӲK<,)&E&a1d춟(vZVTB ILEAA7?ё9oD)qJIڍe7ygAоpj 7KlLG7* A'+W܄~h7z'Ei(0fDQ#~؋xa1 Q(TPi6=k+žseNJxmy; 0 *hZ:d;?G`Pmɹ S!2tBS~%"JúœcF)Wϧ&-mQi^ L:'tLԞC>wP}Iwi;@zAL|Q̫egp ,9x0Q> Q<WpӲ,݆#~& 5V>O%Y) $uk)(uؔD@SC78!㿁$ olm08='j GחݵKiY|ו5T銡Eԫ[ٯn]0rJ]c4.(H =sfSiұB$73a AiǪ҈6Չg y"_?iHoNY;.lZ,v@'LHkB^[zͥHmoe⏽/rY:MxS Nm0+Qt2'&m|"ma:/ Sl-o`\3p,>mN0vYY, 5w@w>2+W !jD0?AU|* KʵzE6 s߁So*KkgD6\c-K Či-z.~M(Ѝ(+^pu\Z\&Uş`麩U ildTe,=f@;ꄰCkiɛ74}=(|aRbL?1 v[T\xō*Eop @%}7۳5s_O' C] 1`L# h^Q qvK(#/8rKŊgC8Xvnk,?)LaL@Ay臨ܡTN4;Α=2jx2?9w~)ޚeLifηY 9~(h*gxȿE[r; ny'%D\g# @2w"ߧƴW$3mJ۾Ao8O|~nuGc~VcC7!rih?Wܢluhɢqm+W `B\] k m@H6duvmS]-ϙ@Xjl|SN|1M S ! RMě3u^;8"h쥑̽+с~Q|Gc|uF|@]PuNtsf ,neшs#O /Y[c栂K 3[_7 ö#'rH_*U{pϺuxK|'Z6 K{JXP*BkQZL8Zڮ _0PDZ i&z0eUJzf.)*hI}0X'xIGr);޿jPj!|?Hnh$? TƓD__±,!p؏ 1u=l܅Ly- 0KYҀa]^T) 5Tt[AP&T\˟f]ًfh:,I"OãAE{._Cl[['Y#SK>K#Z)an;,x NR~*/BXq GiDxwC&"%(ǫ,(DtΌU!mR.٪I|/6SOd?o5렒@^O]BW-dj[xs6,Brn!g 膚-ɲ0ay˷=¦ 57ݲ:Að9mdr~>\UsBq[m8!+.B A6ܞ y?3z"޼?djk*SP=zL2^`;mE|:]]/~4hW<s*< 9]][%=`'py r\-:^]ךy4m!hh\h\sgt88kf漜pU$K(3f׷1|6cNjyk\Pz҆Mףڜ/L_Qzh) ǁ2!86kntꏥp,b?oLlTڄI&XALL\6:i@zQBU j*Sfi}O3u_4)E"pJ];\m*"1(gho])˅x9ٕqI#C0Şv!%^#>*stČToO] f{뗅.B?jHBfrqvqqZjxT6N(M+E|OF9ATN >Z}5`uKR ,22tDQDM>}e9jcFQ*0+b P-Ô'\:\nzMlv`}ggXMغ=c "5{Sl!c&aiVZDӃ:[Rǯ=e$- ֻMn쩟?HrΏ5(%XDF%q 3#AVf"q2콆"D&((Onn}4C`F6% WHꮲQo +dX 9 $ ا-gv<'O[{taS4w 1/4.=}v `!;E$WMN Q)13=Cgj+oQc\2bd*^$'Qk{ɏ[qwngW6q[8W;)=47橓?\X⩟{Pq*dELԩ=v^(]=@y;*f3Luw> 8TOėj-4rc^8#θ> L1D:͓=)5ӳTI_Fo}yMeuE#t,E1) hyv>ޝaC2ޡ=Sr֤3tyWFh &n9SgnN}%$H~߀Sq=aw"XG".row 9SIXL<2c7s&(Kdz`|Q(Ѭ[^SLjPWuއ١?fBa8Ӗ2ֳ 64ŒX7"cdxL>Q`{ ,ad9짡VI/U Gsjޓ bfq@(8ݾXH'j/$B{Fq?jo槌ξ= :u1 fڄXW܁Gyn?쁶I9`UcӦPx\~h)FGjhk- I!<]>Ok\>9z}U #] -GZ0ΐ\g<JIB$yL(Miص@/cgY$KgwX Gs(lbT0r/wA].\8&x$\غ66Ȟ 0c>Øhɞ_SvFYfDT{gg#i x净g[FVnG(; ab b`8貆WؙBAe=vl+楆K|M0#(-2"Ь)O2 EP.Ku/ *C%Sb17 ?e{Z6:3h+"挼UE3Qk2[m li*>sc?G`ڮF9 (I9ٻ0 w8pKO]<(aǕٹAU~-$#9 Zf=٘>ف## T r*ZR SRY[S5c1sX.D}۶Hs JdE "8 [OVǶh<Ӥ(q܉mNݼi? 48jF"O>hޒO6Y-!?[\Rn]= HmMPevv$'byv_L ,UY`y¹1KJ 3a!i}]pߋCg@C#>16>U@Q=: 4nN]ԁ0 V9 *RfPj*DTVs3N&4J8jbqN.Py0T c|m&.'Tz gp%vxzc׽|`5t܎/(tXܟ2 ؇DG\RoCSX 8SL%Vtwf5ש!6QP 03U( ]yA#9++4ފwM귂BW#V+Z+Tn| 7ϵt?)WE m$߹p@gb{-t1t_|iQ//h'-,O[ [x}!?WBJ%S(`ZIAԇ^h[6tX0 kՓ MomPlףLt-76vq%Ý5k]UVv3Ԯ?,"0F4vHa߽a$gu$Gc<|7b2r Q7an^ƀnS-W{6x4Eɱj?TIFHl/lc+Y,H̏;QFX}Gٺ5+-IyV|1rh I5_'3+\,pRr˖LJ@8I2Rnݼ>׮B*FnC~vAFnM"4 R74%VreX : tv MWvbCke+j4f:>o\yYzH y!*OX8z@?D8)ҧmT kU>G.G86例{Xךy\+Gih8_Inz> N-ax@4؍XJ (~+#坞!Wa8qtb8M~v}X2`(F5 [D-CU,`-Id`"\`Bھ1dG)7Z8'(x`.Ij2:\Xѐe7-TZj!tc #`YJB5^U 4N6=..'#edkDRRnM)%D qshHBoG5IUMP<%jH)ngһ.=EkkE+1 xn#x1k#5 CuSWW١i(N?'MT89y-At2u5$.nRi HT<  LAq^Ѕ=8M'AqK! .Л)X57վmG3ѰE1ƽ@5켓t3gNv!wS{wQ⽆Q;~.VQKlD*ܧK 7u"L7) 4jl"oL.Ɲ^dv> v/ͥIg:'P5HQ5oYl I @a>UGA[&bi$|Ԏl}_YfˇKo'ߺȺ:$Jbsp+yNҠrjNc"y벵6l>ƔD9۞rlf.$q!21w+dٜ+s{i恫M5%"> $CWK޿gNx"Teb'7JAM٤1@kbyؘ?8yޠ~wݑ1Jfz,d'T?>sa93d>IӅlSawA<0/y? Us(}%DEmxͨ}J{lWzVBU0 K(uR[?by3YAzoYۇDOX[g/ /Ge7X)pcUkwvWo< Ѧ-^O^EB0[K}F3ob{Eͽ`¶S5>*A졁 ?q'a^4v!5PPP,SL. IJfmL68葄G bJcc[9(30Lob{Q^铁#` xlbwQErH3 :'Z)..ԗDt,W |`bM#bwcjЍ*ML]phFW]1\vh;o(Ժx#& quf+][G;64ʣ`LK<Oc42\}Wљ8s$ &W0 j,M,ktp-;@ifVA$[S|BAw_p >[mP@ Ӹ<X*[L64mw=Zo9A\*=jư1篔D %W9Pmk=Y佮,K#%.iw5 `Hp 6&`GwסqfWl]J)Is{J9h|W¨?؆bBT'&lk:EcJ-f>3Z5u{cAte"oj,~ϳ&w }-"{?jbYF9IZmwx q@D >6}DKܽ{ 5Vd8ŷdC,E6 (RLPpZ6-N!EKV-\fJplGSm/ROC=cϏGBlؼцBKa{npz򲞒 ghԸM `4ߍrtbjFK?UcvǤQLcq["!v;VxxV/m|p}@riO7%тvbjvʼ!lb3h3MG,gFJ:"uQQ59 i,KUD*W=5 2)o᯻m"en?`mCHRQ5 #.<"wEHR_櫉9.& qnSNTpYC.¥L,kp߳M`ZȎVU^wo$9zLgt #zSҏTy!Mm!u$xCJ #psvWL{c+( 98mmýk+†V(\|3wr ; >K~;=hRvBht32<\!Tvw(tw1ndrq5e.՘ϝRLL5wqaq+=ر['[/TV#o*#hƐAZ-[)l+aṣ}^C]n&Mjrg(Iʎ%O\e/ LGWz5A!mIx6snEⷵ6qօ2Us#})f^ʁu^$G!mA^{R Dj^:Fw~ jKC+@hDC ;؈2ʧ< 7 6/^J-aNt_Y-!u X|vc/fDG|+C9mзxBC,QyK]/)}~ߑwͤ8ϸ΍_l4_",KI격>"XF~;>MX+vC[?J%7/LItYK,tIF+HE%"U'~Qظ!Z݄kYҪCl&>gACQ+U%(ut #hWv5"Ӄ.1EO[QQ&2Kd샓X>YŁיϗs( kMԮ!PXRŕ' 3m [2z@3ra݀5>Qm|$h x RDzemPctu TK 0i:$?0`: D0` A(%BYVUrXI^}ϸF8y8n),u}A#hm@E>ƥ|b?Zɛ. eߖJ ]͂ 9 ˻cJ6֗ ;J]ۉof8qXi翧аgC׼1k%+o*m7z04 ,@6䠉 SWD~\qTI*<0Ddcd b8HE0 /QV+䌋V6 (P{x`GVq>| Wd)4CZ6!R9ZtiӉ#iNFcj|ZNƒD] nR+#^|GOkCGv,pKn)ߚ 8>ph&:o~A1KbeO pUiؤݢoJB2}HL"`ѲreLh=:LS{d:J;vê&)(crd3ݽ} C~YQ$CAր媈 4Y .;}snSPA^/R(LBj{y[H[Z:C#t~ڑ- D1zJkݏdnm)JʧW$VوxŅZP|Q0'"լ!uti#@= .)R{>uls̈́Kl40 MЉ'dw HDjXIP5'oEBQE鏁&9*&&5*>^@xncKrY(&zz Y'#{UJSL']Y~hgso6xHs#a, >J]GuR)d"=C],m`$CN^5%8ˈP-GA )Zښ(*lLfND~x4Π 5-kIA2]kGӔF.˚PUꜿi[h Djfߕ@o߲|ҲV^28u`Sbks,[kC*WX#7{rW0TVZ6_.? V|-zU~"B+?gT\ e(XTMD^OKNT1嗂2j77:)Yx~{VDbW31={PZ.ȸoYQt m; X~X+8q'OD mOHn{1]39qo[Tm c.M NXĩ%}3F1G?6On &QXXUe%q*}Gl͐I_6 G85qyn𛉽B#/r_6z:.y1"L@G*N'róHJ» ;Ǔ vRAA!OF~YTH RQy8Y֬^η({T E- ln2.Ŝ]F/dK33fvt9O˅>ޮ/vb2Cn~߹0Ҥ/n"PmS{OPvp>̉2tWe1 UiRO1¦2r N㷣qj !?e5v άۦO0}@IDgh[N3ʬ|X62.; z> Pj g>xS@I\!5KS~hl"fjewwOoOs) `7"/9v*abjRɓ]^Yw3Xv*&q@Ęlަ4"s`>#Z^%8Z䎦_8bImg8>ޭԊ\AJ8B3"\tyaއ9lz|Nqy ~P˼~7SWp, E:fu\LC:# |tnTm&C;^A_<: žz5m,\ә;ĽQ5{o5;n9ܨ̗+Q VپCtÆKآnٍ0~&6Vҫql1?4ưh5?7`\Y3K;'XAh5UA`_'@ڽ.P2@0;DgԜP86d% GkAH(éEK h9=( hvv-;~7'f5 n9 ڤ_Ho5:QX!p]cvL @,}Jdx$թxcw=¼%s~ҡB,ܙJXoe ɟ"YFF%^+(c&jLթ>: i n׀8K51ɚٖZm6S8؜ ԥQSEGz>_ӝOK1[`AwS Mx b͵g`LU$L% G 4_=]u*(8Jc_Z 錪EH9xh%KgM?Sm]Ώ?(uC+֎Q+CwW8yμmÓ$>}Apۮ~ HoJW(އ6DL`.u_eϑ㬷g˦d "WY),g * Kb-G]{CKv$k;#cԏ+&V*n*R=] G#\ 4|]~P|)TKk$):~&8qAWj%[}MvKʡ֎9Mqśnb -LPwYG,`!(W!g(2be%YOv=Bm;kRM+~G1\_SZ3,/ -QəL:q{k 25,{d7OWW?LO(oףl_GuWj֧X8".yzQ* 45' f E{ ua.mX]hsփT7/CN4/f>sl6wK)8a7S`׭H uA/9XEG$4*IӤ}lQ T`$t+1(uB? I1FmD(;&^e NU6^ jڧWbMԪtd$^ OODF-& \MQ(Mꟊа)%iֵ^mR7(F>VUP3R8ic3Nӵp@%{^Ux,%rZGLǷsGFM7:e(n#SlETޕ A\0oIݸAggΩrhYOϯdeJ C"LH 0_ovq-]Mt!n:mGr.OD_>"/n"ӂTә_ e/ EpNNJ˶&bSȧIy40+=ILgwxqJN ̥$~zw|wMfiRm&]e s4囘@7g?&oU]-/qۢPPµ| FE5IN\x9!$#-1EOe*a+=zʳrL Y:Ruj3q'ȆdTrQ ikc&JKl]O~%KOmXhq앢'-t:uA5rhg1ggG`)8TyyvR c'ywD"@n1K~#<$ ѻ7Y].) .hdj5~=hM>AV3#_ePfr fD=E7E4YL2Y9Tmv!I~h``f̞3ҬC<{k׳ l 4B\jhqmBB}ZkP,j WĿKecRj*8Tu`0% n͕%ʌvU-rCqׁteZ,ӈ=c1g `bX%zW5 e;*~'M^ !A9u1F '[ȫńD DAm`z7!8RG;&2|zpob0~V`DR]|v1YHʤ֎ѩe!f%Y5ME 񣁡};=-\hKE:MS,Q](aNڀhd媸,k$R(Qvzcc=o*R7sgQ{*2cF"crm('2/'|:oVu`\6ZͶIYqL|ä߼;DceL[qONsZLd3 پAy@e"3ߩb >eQ5K63`xC7iKTzOA w ZJ C)=$ll^20J[XW6 Nɿ 4%tpkCkf&vcc 7mc7Z)ͧj'/UEN#5ɯ:*c/M|D:#~? tX "0HekΈ`-sϳKWFPìmBY,%6(TdmvziHvkr BS hEp:q9Mb>K8 Lhk"x@^+zŹYa8J.62aCI0f~\[;J,)*0՗:\V?L,`+np@;\'@v$p0; ƦU?`H%8ve5 guq=/?}\ T\LJQp 1dX4@BaRܘ(xv4wBL+/ψӼv52OkOH6!&~ŕ;aNraoigq{KNGmbR*w\;ݪI CTZ'>hHĨEJC:fQE=$j̅#^|/?X-?lQg p]De ]YKj>r0 (TG佭B/b]t[`p'Յ-R3XGbB4׾oOfsXV_<~@E|OZ%x;L5mON=pє9h.EOfpDa ?,ܨj"껐rOBYD?߾yg>sg.RM[>fM{",=Z4u,Uk_]G=<ҽumG;;kv4:UC52C3ʿpWPCߠa+$;6Q_e~tEv ';N#M;)z:|OÃF٠:Uf)0֛;]r# iQ_C:oь\-AUrm!iV“Sw (9ʁCd~عwr3!" .Z'GE܃j`L/J0PqSV^^E^+&.cN|!BUI09WV^;q睵Q~qh{/#Ү{0K8~ˣX3/βeeD5@E]UK/<1oq#pjAip5Q,l G4} -dvgr^O۫h\pۡVǞFP'BWKPр|ߺFizAnY~ijMcd%`KY}iS.#ga\YD EŦz;$7Me<`OнrX2uJ:(ֳaؾ5Z=C-m& gz øN^K >{@P,R !,bQЈ[)0?kD rT5xzs`IN9 k(֔Po\П*ZDs<0"SjoM_3^vw{ @P"(My b N!Mկvp֙L; ޕ- 䳱>C4_SZزCA?I#oXᎼW[kSxc# ^KŔ ˳QH|=$לT)8kl~yam`EZ)]?9u3؉ȲԦZSSz1>v8_=[k{舚R%-{:X'ćZmM @ofsW *]s H41vlʅ%U15AQ :rDbFTK wK0(k@EE_?5#vX24~C*0Kws jeX!E:-J!m>#%Gs@`ŏrz$QY"6ݧ+r|Q_27:8嶙#Aa=CY$G'/̉Nzf\KBzk-`h23mT'ݗHRMZB% kh骎BVaLy ӬTu䞨Rȑ:Wye?CkQ2Jʪ jwL0aWF38nfqz ~/='hf=ͿLq9Z#t`="gRj_ dr V`Jtxu݃JP(H9J׭ !LBֆ#~hmbak=:=*ĸ`XN p9~WOi;?btWL/p)v13o_ݖ2RBA7&5ƃ1RBgɬuIXUtp09& }+ϣW\R繯$XI]x2h0Í󌏉!Q~ a^さqjFo-ʨZ w(ɍ< =3JT㹾_ȏm)*'pTt޸ot'}{lWwB[)샀t + }t䗷J[*w /qˤ#]Jn,߳mv̤T|U+!b e[yJ3瓋ocKQL6QNtTs~n_0c㵠V}A{m'F/N^Vr}bnȠ2.Ê|odf F s]o@9[#m"4[7C-):nXq>2#C0f-|3'Y=ֲе! 2qj}Qi; ;7̎qk*BA g'=IO[%hg>N)2Riژo aLM 0b8nx6RAA 쎅0Yܢ90'TjaUo(˫ Δ}K^I^R+4< A)^PE^fP~AqONdkpX?R46UMGLeW)4xNAuOpQ~3 #DsQr_>b2Q(r NMg734ʢEcNٱߛ߾D_ggƿR9fi($h  װuKJB]4.g[sN 2#eX6_B* :*Ay:G;hܶ: l&\+'U Ȉɏ} #_' m%6\,d|oѼ/xsyH2`a(zu^^U]`.7 #f>fnkkׯlU }oWghSv?Fxtk;鴉َiOȂ*FEj{_7ce2"ȜK}陻4Ls/nέO 3)}%묿U m-`]Q%gjyoܵ ]P>/mXX<=^r2{'؇$|=x5tTzz9M4GENN9> ~U$PJVR_l0K#CxUOQ}RWuU)|h ԣ|2px/G} ({Y;Yn_Y@_axRmkYQ4w`|W70v80}@:daz8 6gbW]Va_!rK7n-C(X(Mߊ,\8d-5|qx(`#t?IO`l@wyVoU1cWDE α®)h^BkBo#Xh_x=u'VND~ |##f;(F򿔌iKWz4fӿ",tߥ71%Q=G- nvQ%J5AVD~" )!?sK{.pR*Q6wMbg^E<(K )SPPJל<h{McHH?Wm`f 9~pC=bG5y@3(7O~0MQ*!/5on2V 43dxʟXb hmiW&'dy,ͺZ <ۦsґqJƒ4p}J5H.WN8AAS=``r+28is-'[B1+AV^kFGյ.Lj%NX}W*2|V$hٲcBL( ? !P$3EnfqP$^6τc(ahL=`NZ%= O;L4.jS T/({j47 3}(@]E`ϩk-q1BҲ F|xODK#C1wS]@v 1N4ƌNs)QІ}?$rnT]DԹW0N)sŦc%d8Tu6$E'$몾s`@Pdx1>g"wd؊VRQbdJ3c aX)TusŻ4lu푽#e#:"=z)1; h+dVO$~&_pgMAO1؊>2[2HBgj0^r}pIˑ7*~iXΤ =f'lF x>67 =04T(z_%; & gF>D%[yf7J|I)VWr joxug;a9 J1M(8lH .;sglwUƘ,҃>h {/,wIu/9ЪZci[_-H %K.n4rp :@3>ׅ{r,њ Kz!9( R 39sӧ'ݠs!Òoq*!1HbEDJMżɗ=?Ro]e,瞵G#]yYT)hU^^QB}5P hZ V'Gz"Ik %m4=% u U3 w:5cwxyv1UMˬ60ⴸ&; {lS(G6+lV~iniй[e F"v|'5bqRZ>YN>R^&JH0' @vnW@HkZIeb0a`>_J f{[Wb;SG5F#S6U!|ggTzD8c_OsoKQD]CHŘ:rp&ᇅl6)C_Ao촮8gM{tX͙c^D~1m+[{E4X.f%QDc#vqtw; q gM>(:_Az޼0GO8:ZX@,\vG-yP@8OQ9 ^^5 ta40$8ߋe6w铍|lB;4#\%Fʤy侣Jb|}2؄:#&[E ('pVM:碗rk{ސD*=4F)(NjTq5ŷJgM#tb%y=tMiXj;d[З59 /H.VnJ=:y˜˛yoJ=4 7Ѵm};8MIOxFG*Ebh9}a8eP2 d[ou]77ж8WuQa'>u8ࢎCTC^E "ca3Va\DϯC;r!1}e*FkEЃ` Vs^2>3 H:XˎkmU,bfC:}Q@&La7,aCn8˩f}IX"\[ju}-dUN±(sJl ]1^ #=Eu8L.h-Uxh^n#]i ^JvPIYjg*{,s)6~+,sĴ9>$4&DrI=PJ<3t&DG|TL7 yH[C#.$-XuAC344=lj_JB? MA;3C3S'O8b[=8dpU{8x+-{b. S 6ț5mpv=5>[y`ky22n6C;!01BT]!? ȗSkr)DXuy#3ܻ n u!:FJhO8B`BSHbL{T&s`5.9D&UNHmK#_Qn>|b FM9׬߹ $5=gPfj$Q ofP>З :Q\O1z/X p#cifkpL!{&bw?V{"0 MAb7J;P4^ʵ[!-m͆-[ՐI:/P $25#hdT;w?7^Hcdϓ$];C@UӶr;b: p5NP^EZv @CG]Ӿ4 ˈ+pΪ1KH0a?&ɗ;~Q9(.dϙ.>dMhP͉ܶH;4f<T 6WɚE+ph94F[7>ru@^|f~DsEuFi48ż;1;݆\RNLt4TN lj᜚٢ft SR7hBHФ]!9,bZuF/MbX癔!m Z7ܿӴ*Ff\̈́eqO!SW;;YȸU1}sIPjdVquO?skzG~ ?#Rޡ N~A 4?vE_i\]AK/TU:-rmA4@Az&L+K|[3PO rޘ\yrEӹ"OOnAQ%QY=&"7z)ښ Ƭ]j ޥ>gs:i9n#otSK+F ^(GqIm/ws,]Ϋ51 M :ק802qUT[`W NJby qm%~JTO'̘TQ89 +SHeL*"#lms !#G6mN(kQJv3?4c bTt&ڽcJ]1K!`qfV֊L4 gy}P95!{%>,XRsU!懫?屁bw NU[Z,Ś>fco,a;J|<(S@zu5]9M(XL?3*˸@Eލ8U`l.K\k22 Q7SoR&g%Y#fc~_ 9cm(cr[XzsX v!vG~%>ܜޢ-e|Sj6qQV`3kFw^:>!J8,۝cS M,@򰾋b~.|p9Ш\|j㰗'd&#sdx7EP 4Zl?Srfp͘.ŌQ^C>LxcP*o2Uq fD,>'#c]ro Hb4huZ.v/ >>0{IUڐW;(C6@AIh׋]mL yg>P=Ŭ8/v~ϫ1FdFXH<En1gN(2?aLܣ챂H٪3sWs;{ZJTdXmۖZ7[ ő ]̦8 U(f5 >QੱT[t+-~,C'}3\%T|F Kk`.p8$^XtaG$Κ㿵xd*$[ƒрt89m,Mo9u ^GW' 5n8I KKe3(PGE. )ڪ@^Y!D-r_d2#sY^J*?"|UMDxL92 ߐsVܫr;I&_/Be"/u:PXLScmsK_ p:?МIlzso"vwAK#"^1V*> (TefgDPa tvJGR-L(`0@H N DTO rx<8™YHB:8FKЎy{3@ Eb z)j*= [L~x)#wtz"Y4E=SsvG@?\|5o|qq^7nf,nH)' H# @F՛lrkr!ʽ3(x1 hk#Msz]r_Ҳ*SײaSK`**9L] c;y%˅ey'\ұ㻠-pNghhs#^CcFcYXE+f+,uH15i Vͽ̌#s &ӭO>g؉N^)^~̸h)JP(&DUAS,wk!F^k=jDWrFW!(b*TgY-lmj QUF=]CLޑayغFB"ݯ7zpIY >aarEIM 5J z$&4:%!і2nV5ۙ?M{t`fڤcZ{4تRx\ i@ <˱ ]hbÕ|uE6*-ݕE@AyC ywzҤ|1>nBQg9m<.wQo"w:h|(Cs*=[i!Rl- 5@7^{o3]27*۲t' =|,M(j8\wY))PE}YƟ*\<]P *D|v^-cUQw蝻TdPPaA*Eh jíHP`ZՉ{v%AB$3< ɦ^/=LmTꆣ8ߔ>WH:߇x_ @ωY_/[2(\X[OOwBzJ-a,{oY*e9.:`$btx#Ґq6qx `oߖCܹVPfjT64B]5cd.U'G݃^Dx-UVẗ́?V+#+cI;c.*Ze ql&\BJEx۝tZSou` X\ǽ*|^ Y:K2Zp;- w#rVFZKЃ>SQ_Āa{-+1KJlA7 GpRSLIv/=vvNcsJ}a^se8~dQ6z6cfiQjɧ3Խ%1 QέxM3bܔmha|3 !) OQT'ݗk :]k@g?])J8G^fyd$"~2F^u.u#z嬭#Ay̷G;xp=$R&bL?yeećlTT;jfO9^;dSn j`}Ia=49e&s x{>IcV_o&@ZvݵT/8S0܌iC+4 sڛѓ gqȏZb} S2G'c/3.Grn-}E L%NU~,s]{EӣSʙB#laqlt c&҉IhvY%I-0|+K `BMljooVAaOԙ>_yjǡRJ71wd;ouX¦]m~ZgGtٗv j=Z8+]e+p5Wm*Lbq>̄{Vp P9>0~`֣lm[$iI?E0Q㸦 6lOB+dXV{kugIyp`"{ֿ 8U˔)b.;-T@ y@`׸!(Xg۬躇 <%+$e L4M\2#J6C6EiS%ab/!&v@]iT3c=pQII{!}|nIv'0)co,@/ҬRɒK0{?Okq1$/f> MGn u$HWW'e֒oN[;_C`;P6:|/mo\YHkX`1Z#O?y&T}.'g?eEdȦHI!'^mC=vںcHƧ3=HLJ(:cEK'\n*Li!y!>ؙ EЭow)ZNw`$G-̭qD򀹧I8ckj> z;N }a* qzj[Z=x3\& vc0$Ê^HsKX?B< LpĻ@[<[瓙>1.yȌ^(VL{hP߸(KTDy:9^ ỘCl ivڮTdL-臣w;vJv/] ™R4$J?,sg͖94#qb˼ #T;Gj87clc‚hhѹk<O2yTo l[5l;M/A"i մ]"s'2IAH;ž ^T?Xu$ȶF968qMɍvg6E['% L|Je z|.bzzLpXK# tɴ + ǥ%O+D4)|$|八!T7uw0V x'3ܱ0Fx ƥBCѺ^ڹ^% [9g|D1^sm5B;p7cՁh*_l<[;u?ur0[QV<52=݄?µoxni-?.|E6%]L Uʫ =?銉"H %[2/Ϣ4{YLOxah m 9P%DXb|ANP4K9 p@MGUn fS3> agD&/Hվ.ɥQ7vL@SʼAQtΝ'HM*y~;_%pc7MdǕ@#o2twBr؄-I>GD[wiL>ՠtX^VBjM0Vxsoh|y Duk:gz0^L_Zdr*bRe}U"RI:?0^N=Kɬ'?dBsyȵ&T^v,k&+:pxx??oαD_~7*9{8MuOQ{Y_“Oւ!\Jyדf)[;NftcgNb#z[B<d˔mAN/W]a'B`pӨ+7޶M74()98o)*3X5zxHrX{_PC#'P<4)  nU+5CJ!Y/#䗵Admxɧ">vidFb!xM{x ꙼E% W#@XtZeH2Ju[ dg*:LZPm+]ǕBqFe\#PSfP8P1Ǒ.SnH}J鈨%W2>&cF #艭Ec1w6ȺEP0o?9 O6{.IOa}r'jjac5@(a) I,3b[]Dq V.)Z>sGV*`8 LjJc;7bߡ505\ϔiF#HfӓYp^[Ashȏ7 _ޔ}Y*5"`粫@vat9y YߴP Rm. WEfu9:q=T^GK}˔[`PLbʹT5uxVF?`7IT>hyp@3 bY_d}%92B䢺 Op8]{@rn}:r]N˓ܻyG9{B!l mp/I50Gd&GWIvϓt/1< c,rmn_S/c S@ƛ YwV7)dj=)27|84S+m iMIgnyktZfW]JX,ӵD! VGܜdz޺uߐ|ϟS +}U~8F~@X2tXD%2{m8` 6+|vٝbZl7{WwR:A> a:i&F8:`5\Rs7>Gc쾕6~iO`5E"ޢl}ojב<YJlMq ዀ3oA!pM Bm|< m1z*k]`B[=? 8ŰyW-6cF i 5x+  gV'j'uݵ,uK} 3w |n 3P 3d{*L̗Rh yzDSMvMMu!z9}ѿW^mT!JK6\Z7%T"/ Aqr1[%'% *[~_d}j-[/H8Zh:mջ?EҀ)& {yE: ETT}<dư ݗiRo~ ax[ p ܉;*PqG7䰓J~qIl[1I_>s袃Vk,&[QN; 5E ' iPx嶀RѲTxo6SXmtMfB|mP <]d1 "3gCV 3qEk/ԂSO?Nܲ$*U@t=Bg3jĕs0&V7Ut»RsjD"$|Өzbnm%:^7B:{=C7| iŘkR+FtYfv#>[]5ҴɅ_f'md&޳7 tsp;zPc唧>~E&_bzHM$26#*!w.0t0*ɐb'Ӕ4`}@[3cjð+OL4G%=_$BX~2G= NY6d] SրZ.edl/ 'HJᰘxڏ)ⱹ-z DT1sh#%W7_$g%8m<ČᕳsR,%EdyEZE\FS71qXgqiI+Q-KEO woyKhaIԅ췄2hF O`C0 s<h\]WRg&'8"MIA`2-k}&K"Ix!՘Ʋ&c%׃E|lB/Od]Z cu0tf0H_ m;|ðlj$בev&t.\G_QP9%H%s% !YźҜ}c4APhOwIϷ[V-Yv#FQ?ad.I)Pa gUcfzC1-2; O2hdI|O߾qet&o8?E1컽08B)o`pN){ʮ5Ea~4iLhaL"H=-o}[k˟bIDpW݂v(2*?/pt-FUwPr"bu9kOpbZO5AS᥌1:+2S/qQ.t3?ȵ~%?mװ ;䏃6YHAcCx}eΛGmfH,ecpMI$J\dzp.յ6OlOrz{bIȊNCšN\0 !3ΐžǯϹxz~Y,xuW\:A GwE'x癊/N!pe/bŤ8m>-3 S̎KD7|LQ&mꬪzE*F#%.&O6 H@2J6}?! _#:qI[K;AyB؟!M$SvIKSH(Am; ؘڥV}pƽYNNZoxJ6^~w2@8ĿyWڮ? xP"9(QloYUyTi}ӛU{G,d]zTXBx䘺D^rfeܸ)Hž փzjoЬ5 %DKڳWbO%b<"C4-򜽗,X.d h0].;1ZTU D{QǞipYrsE?,\$UBsEFo#]_H*L^ ޞJ` <dY>BZAz(hۦ)}4Ksg2f-EػOJ:NLYKGvIq=G0Qg (B罈P g pMt!Fzc%lgDTCBs<(D_]h =7~? @e qߝHr$~b֔?2/f360W$GYճAi;<,lzN8G?jUm,]/ i}tQ`E.xi845)j: |FZDQH*{MkfD<^!>_WQvqyzL%d!OV\vNU[lAqd *I1z% j*Nr}%K:9J;0 *0*jĦ4DJV.RMq vZٛ6ޢ+Lol1 N)7Yg,iiP(ǵ Elhs̽ qOLM@h49=>߅cTEg\nNz$>%^Hbc6.,v MB?/vK HGcR{Rq;u-2SYֲg1,=LVzsp`1%<.W;[J. ōv2FɱS.B;䛎_s6;"04 ) ]C^Ο_zxؗ 8k+I57l#ŤV&_ iho1᳹,*N'cZ93 rbGB!5۝w6}V&.߭z py5}MZ +Ֆ}`掓74淑jJŢ݀8O]k7 !- 0?#EJ̢XN{ܲL]X E=}U30]:)~O#ro@n)U5z&Hܳs.x*ެN$KMLh)<艛%IC+ =E%:Ɛ̛-%\|kG*[Im5ߴ\;n kѭ%DAT@#iA ѮkKk[v V٢ [d岇W+S@"9%>"e }xtaJX Z.=-UjBŃ"Tlq$?* à1l=aN~&M[SQ|Lxq,A5LcخޘYbYNԘ~n7vNprGSp`=,H!03.=D ¡DA͌9S?Vw%ݐtDŽn*5Kl1R*ˈYgQ@_%x%@̥Ҟ$!QńʀD31e?Kt&ͧh2TrZRx#.~9/f0SF%?:B+]["`Φ#T\B.p7ug|{RF} ((,9-b0FIB>{pt1uwD\(_'*8$d sb_+Ϗ .*.*&b1W}həQTVNv{"d'"SQPdTPǙ BݡrK[U'U~A/hc2G]s5tr7 ȴ[?E6QiЈuOJ# ;9vn\ l5~F&S #}s9JcWG:ZiW;z0|;{GV\b!x/:b^)7jx+ #Ikei)دp#R~~? yrTf)c&FvgR)΅PcK7gVZbCFdhks5hߟu\7LK5(xJ4 G0٠&r-O⼁nN<7#BYe1]ZkeÛkƮE,`EVދdLeGCzڣ+vF}Our7IJsE\E~-S6i]foI"6u:zp=ě|i,))& .ܸe5Z-eKI&m>Oաō㛋+Ȧ~~mv~Q݂Y6l"Y6g  dQy,En\@j Lu.I@ 6wFC[nфl8kpvƭs ! 8z]ZG+')GrgFupS83/\ M;+[d}|*^Qi=8w]omN(juzT5k+/YK骮́-P;,V*瘷i*ha=~x*tdQ=fc/~2lM"KE X߸FߒL̴g=$οذ[ҠM귥8u} hr۷a>3b ; zX~O7՚wL,h]@[s OO :sԣk f.76q&f(3:Aߛ ^*3"N8#}xz,Թ! $3#* a5:( $rC9X'R?#"hnFP,L91Jc/K\YxŪbuB"rD(Ty T#>nw"/I\[c6{Oo8Nfd8 7a<}dm0p\ᣯs`+Z-r@YE-#ד<@k zCi^ `#MmYO`?=ŽbL:AC:k[־b8B5w콇 ,%[Q[T`DGy{gEV4L54 LƧ6lФhE7Rp+R/X-ZSu¨Re8:ecclSW,nVo[TQ}dI̾5/ W,HX0q{9_M~Th) ke<_Fh4@)ג!o `U%!^pbqVh$#5s}~z #!g fЉ;'YvE&iqDY (TMSǠ$>NoeLs}BF=l2b+%Q y[ ϳ3wף›bkj} ͸xE-<3[wbY^)Hl}"Fd }qf%eln.o9Ѳnt>D=W }zoHr~ty`b`ې: %,{wn --k'xұX+ 8 R4M>{t83u"h7}iQߓЃ5e;[$ntp3bDޖ\մHi{Qc!kW],`~Y^Đ)3`.ʎ8rZ)OqN0GnT28eЉ}hjg͆1Is!Ktr HyX3LGK*L)3(ftcTh&ndY{ܨ-:An8oaj7{%v@vW8o.}Xzm*&$s?Z(zǽ%Z&F.xzI{ )0< **MI@^@ !Y<48ɂ;aLUG' 0̫ɣbeeL9|A)^VY2 S,o=Ktsޤ $yjdb {ulF:v"Ns$XGMcb΍HՓ^[` ƨlNrm Mp">(v^Zrݬ2 IE%>\p0k*o\3l2yęT]|*נ4A]X-˶;Hq&lx ,Ѐ]T0Bԟ~?C9I]30q=~ZѦA1/z`*^#N.lnX}bώ2c/'Φ^R5S*ZQ>nk ٜVÐ'O}xDEi[֩bPu()aU\ETcה;綀Q6dTzW0QSY+)ɕGhF)W'e<ѺmTZ(0CpyeS梭z r 5< #zBpPC:PS'rmEAnTUk}JV9.)_G\dwI~^5$zqy4`7cBtbuҭ&@E0WZViÄEw.y/\:Jk&ۥoX@TsВ.qHE5;a&yA>1w=MX9 Ss=TyV'fb]/D-Q T#5k:7Bg?(|&P4m :Xd$xxT)g{O Yq}>jTҦ'_#iR{u87iqf=ڿ8&i֎˲r#EAcN0A u*bzQth54fZp81s wBakŗޜy• ܇@ FpN|~𢾉|h8~ i59 0^ <1X9@UAL9p|GF8L`:Gw隃ƛf1G%mi"Y 9S[s-WYCŘ0 Hn yK&^.@'ӭj _7i\ibv3IkNz,~OgrP?ˈeQ?DC46M^)qX8tgz&&榺w7N펳8ѻ(1zAb&FP'H4TftGX8F= 2x}e FN#r._A|y|8 \U= e%Z}׻UaL+i³?FMTꨐxѯmjˢ EuM3j YIuyP9ﻶCj R3i +_QeTFGLpSD@]D8IUI@3A2>GBSc+=dV>vQgJDVΕe+g*8R#B*4nL6/tD|*;dFuMW:򁲥G_]))p-c>F-̒<% eT\Gsn9ƀg#I%`VLv?p H hzXgE%Fo$uO7!m5# H=謼Cq׏]5FfMiM/ὣѕ*Ba,8ᮮ‘YWWb$?`u 2 @ת'Cr+܎zGHDB쑪}_#"rzlI4 mφ_llk^x" z;gsu6ԎH#u 0&mCcƒ^+߱yε;LEfi:N(.` F2 :{$ӆ+tsΨw[#$-MAB޾Ema,`6v~$*ɍga;7~ OU>&KRQOq~/>϶ qU؝$(6p2U`SMC~IɌaڨ-MS,jnus%v݌vV<ܕ`;tg|ivB'uɨ327J o.xh+4w!a|f`6`۫&舒s3K5^y2[ѯ*O}j0e,r+O:(}XZ! &]$@KjuN}єu:SUbVy+s}\%C|inG68GCdzS3Q{Z|4#]Z.ט';W>p=Pd>/8,8mD##V6,SZi)%B ['&@n{:0g՟fe2+ :l*9 ^UNz 8|>@5LȾ)0Yشb"\˼ϳH{k(m9;umB-9x64^;^GK%rvԧdsa(;F Pb%iI2Nk<ݸ^19 mcy(UR~i W9p6e'?\uӐg]COͤt_! Se8atoQ&FU㾶nky7Nf8%GshR`w!:5i#-"IZga*BtƨRAky[UMq|ДH"v3'0@'ڊx#82A̡gJ#I17ξG5 qP7`0ג.IC&/N^dg[Ul]'{?V@i2u4I.ץ2s%1P*^ft]-w "Kn8w~mڹt8w~WiA8s&,gp t5ƨh3ԝ m(ghPA )}V80."Xa+.f]I` ('غ YWvAP舡Ea+./O{7%!1.{4Tgxf3NÆfdm3pքrtTPz$Fث}Su2x B{"#gv\Irri-I^IIp 6fzY2ȨŐD (ܳKEkHMGr>8ZRkpP$arӀ<^^ ^S6Oj}"SBPGI5 Kb~3043 R,Fu75_oU Fo=oqPi%GAniWͻP3Cajphbv_%5|HEtlOmh6EMQD>bs2B75.ñH;tZ|ᒳBKCR'avbw"`\/Ȩv1z/|vPV4$ҋ&='J~}"/[șEN̈ۓהTa01?N*A 0xP/(U7q[>@hn|Q\䴈 U¹# lE3*)ZR}V ]A ɽڳ̚X&=7-#:aBrѹa7;:LT湀+4LSGmJgp48kÑHOn%]X5@x9) RAw mM9naL4cHl880`jd=}aFΓ@#R"!Sev|C`[ͦքwHJb[&@rc{Qr''zֆg =MpKX +J~VG ptUJ*$(N@ sBu_6>ݭ2gǣcJjpAm>dW#o"[3&#)<䐋P,6{GKֿϴAOBz| R֕-q8q4> 5,QG,-N顀07Xqc՞ pKNBq?u-ɛʽ* 4CtxΊ4(Wg6pdVkcUNS)ʇf6\'id/a,p^ Z$=uj@.f+tHJzq9)4\^mnxuG? r懩+:`0N&2mkzMv;m,^:֡s73B6LGwD.zUWGwMsGX@CJ{& )71`'y|p73&`9nlO ʼm!ZTMղKQ&10",KլL9|з36Mkх<0kݏcU]z'X\q FP֩ڱb3cw< RȆiĔQٸl09IF,l"0wCQ[_e TqN<D^g_y{-ecYf6c/4`mv ]PE5<k@P|neAi6l)/csK[ÄiЩ BC/N,n{qUb~n`:~;<&@^]Ί675-Le&)kM ]dgQ?7n2٤ hG(wJ&TՖu;uO =q'/0J-e6o$߾}6Av2nyeS($cʯQw@-Ʃ%͈r1D O;熝F?2`{dy 8L",j3oCϮ Y5a7 6((Ou&< Y2fwY2e켇 nf5fk."Ջ Gnpnnډ PvfXW>kE?@*x/ 7RCHkVUT/;JVή[MF Yvg@A *cmJ!8 뽛f=kb~Q. -(HnL\l@GUX3ueQ#p9`7\2\Y v.Bbl[z>2mV[gtq}M#V^dz1֋ͦ3_6@R[~ hV%thqN"Za q2cj@UJD 3X L ZԲ~,ah#w:@M8BIº\flYp:5"+L W㔡MJ$)K荀nELFOOvcjs@XpV6&dndqTS 16tF;j b묷)}'o|HDfQ+F\' #W86 p {7J[l,DjVV@%ۘYӱU5r>uڱWV7^Z??{L`ڒ A)½LŊe/ՆȱQPp6u$577x{ur>XS8F b+:AZlA]٥xtOķ ~t yL?0i9BJ *Q 4EwAxR=08$#qTL1ANܡ/l{km2E&njjwK^`=<_V?Oi6SI6U&_.}3c]3ף JOo46PbuU ,`Ӎa&XBN'qtI(5'wEqzg.i(hӴƁ\BWeM\q $: L0s_7 WC`6KQڅJ7ęJSܯF!ZN40T$ {}p!ɓ.XChhlK@;q߼W)i_|x;b* |穳00>GZt T.r ^s [[_6ѫ4baNPC@ef࣮rϽ7e̩`ոUMH/r}He8jbs~Mf+6HkO{/>fPцq)/{$>#1ɠ3xϗXT&qXEJsg%_UƩM+CVxpXy!zcn^A\:~=Y(evo8"׏&rT7xSاvj爘53P:28lJ^/7b`kwBᴜtw?{B-G>u|#JqtR&GQ$jSd1L}Xe?zw*s KR7Q^|rys?tn?TQL!}UIsg#մmwwl YXAMx5JJN"b8QS<6u(h$ cf0h;LIHyln .:V0J%Ǿ9no/xLI>10W*Y\ ]k8񩻫?Ww +Z`.75k T#$΃ۭսz|$ًwYQZ>);jtueI`M3RP!\׾]DM8- |\!N4n=r3s=b+@-hZyhka)Fm3r>p @79/N;5D%mI0@t׊PlyYgÄkVQEka&`pT; P89^ ^彿sh58,^ 3vs =Eb gө`%X=Dh^c!y &>:+*yL_%a2wgeY`Yⶑ+jXrI1–y? F!ObUܓ#`/qa:ּd!_> 斺~dû*G#+Tk=Uu_cG0rPO< 5D~-IѢ]EyЗrc}p^*@> {!p=| ]{T)V#,ܳsV]x@^&3깪Ut {: `%"P$( yE%vbNtPbSW&8J/A1 9]؜ [UI0Zrr%tkIϰ$[, M[EB|=R"G&7黵Jx-6+r|{ߎp/9Ic<D~w|27 I+cU Y` _ nB)mԧZ?dóE PonEdr}@MnL>MD3 ʉ!hy%&dSC).nAɔk"C)č&"ЂXN&\X}@6u2[/yh`0eŰB#/o~)D;Wqu2D`JS&MY%]Fm_iL %[{]9y{AT2}Au4ǼT*P1ihZZB*r٢n5Njkz6--͖" 0epF1Bn[hRv)}iRQvgHF0J%iepG ʟY\OBEh]|r&}|n5$oT@FEVKL5JL2 [!-3ÜT09H/%ED3M<ηy}EyӦ 4@{BQ`:4²ܴ[lK㓡 dy@ {8ސūv-e#җ$aDl,?\8#> *9"l'1e7˽u_csRn-7LD1%$K|io q >bgpZ,"$ +9^fp."6|ttrݒOPD-Or{:|;ļ+dLal BTΕ!G"!bփM5cMjΠxˏc 0|Y}&%N;&XtŴ:Dgwt6=zKq ݯU}Dj\偄x5qA!GdRQB?'=sxӽai{wη;K)ҋ_UJFx!,03?xlRX|ȥGA2×Ҫj# eFP -V?A|W:LBI;̖q2+HBfbM/]HΫ ЂJ2 YfMHosk)ԸԲ3S"0,5dc3"4.x=@aHu.|fm7 ߒE҂M. eMafȵVB \u3?j`f!2;Uzf}ACz~wW-]2r__aӐJnYb_!@MIk4i6)8IL:/g*y ~N=MV6NuߵS Ni!hs7(DЛ]E/X]7+"b'1ʻ.!EV*Ufl=o E }Y)jű7ό-P9d-op_ό)EDIVWs@olt /S-:k5z清{_Mv\矓!x+? ="OoG_N W^cYQDFj5hLsNĖ*0Z#)`iw`LO<2}{n7zA)N->i$ KqWA|~ĔR|=Wg|1Esݡ?c[O15h ˸̶ ~z}tR/`-0h-iaU N*NԼX {jcQH5Cxl?jd 'y2ޞ8Gg| riP 24+^>)HyiyO8-$ã=ɏ34A!xy2bm(2 PyxʈBYI%xj0}O8!KKo4 vA5adm`cW]wȥ"5`^Y?vݤ`h/1rD`MnaHt$H]ްy7Q V@=$ID1@$^@9RBv~j T>=lJpw*kYojLZtXۅ'{%϶jj^fȖ% ,k` _->ex$Q<~r66> `3i$lְ wQsF].M3FR2k2nWWێXIEo6n]!e'[q~&!3l Kt}wjϕ_PCKV3F~8ю@Lf"M|OAJ W>Q_Y@柆UK Xq_4n& ŭX"e1T NbH[WI256^džkkpGқ4) ].~o h~KO*;8ɍsX#"WuH[{[Qp9o 3og@|CAԲfA'g1/T(Iw4J%&:1P'TMnnܐ'MAaGzp 3*t(#(5͍lE͋moƩ2F9{#-Nz*0}3k,5E[ZVs@T B"UʫԠPQf ^ϗv }ML3+w /ل7kA=ZϒXv IaڸiЄDKklȔjE@}ˤ+;X 7G'"J$ԗz) 0& C׽ekeyR$\G <NrG󯆰 ئk ?9xSZas@ɫ~-atL9-̣ك3G C?Mą:;Z49"U _;]}BVs QmRT)p&rqq\{{uŘ3 MYN%޷@6'Ypw0WvcapGpI Nڏ|/Ur~~OX|Aov";j8vղ5g r^OYk 771P`!ro#}4^@,;t؂ XR?naLus,͞t7ʜf|O)oq|vA'E~k1!Lx?/ѩ++F$esPiTdcP;Әo Fĩ?I:KoiHr ;dfpS-q*`)͍E^^e XÇU.@\fEN8;3Vuڜ gB{;\ͨK>&82(XF ^惡C]#r30b]~U#׽;ZkbdYeO^?{_$Hk-MWZ\(ܻwԾ(c@u5m_ՓeV 3X& "rq*sWtn[X*6c} l8-kxL J& 9"]nq(\D IVMup 0v "-$^a,.i l24c ֮/~;MObiHO;Lz4vmny1搹[qǗ"C=ި8ᣮ%Il5E>ȁnǁ"uNR>2Jփ1EQ\d`깛,]h:au~ 7B-«֕HCHNr+/NN}~o+"_ه,,e3ScGb DY=b{a@M:7eBL7[y[(p3廀ul!`l&v΍sӖIGb^#~{lLLYR1;n'%x4!QBй-uwMj$ o\^Iykpģx6;߳{#B># ^ȽrM7/o[ M^Ήk)ɤVh آ#a#|# @pvhދ:I ]FEDD%7' CƤyG)uթG@֫Nm :\FQ;̹`W]/łzlyIM}@u~c 1A{ں{ >SVCTl V-=VTF*ϙŞ &Y4rPa@Y XP.ވ R]+E ׉̅X3[H](?JC %mA0+GKkϵFCtڻʇצM  1癤ϕHrqj PoӀ];D;݌f|Ej@Pm'n;vɡ!!MA Hx؀1{Rɩx.=8^nȐ8ݬApjov?>u˸K y|Հ5Z@9Iv_B X^yBr;;0uOC|.{709Ӕ3 i&yW)Ç_xs3sQ|_z$.YҟLG05ӗ.V'BBG4)v(@-,"_l /w a-4qc:E)h6Dgȡدvޥ( y|v15bS^$2WY 1# Ig8㌆Pr 4@iXDLi, p1mn8, ISd/9 ?^||Vkwx*{rf)U2*lC+a[\eW- ?)._gP?=(vǑ$Ʒ>rīENmZ/14?ӤBn!Dc<5H0Mnef$  ~|M:!5̶b 4./8I҈CEޢ&@8U v8ޮh*%/)D><ӯYPom4ǽ@<*N߰OcJtMpCvTO:4]j-r+ ʌ+u}=-C›#;An oCf⢔"mh3zq Vճ='L*w1?ɅbjV p;~Ry Bt & z1#ӄ$EI͚^[ƝHA9C8-+i[gve_%IY9&y[Ӿx~G~ Oy8F֓t"uʀ>tv>qW,o۝o3mDu-W"c lE*4Hu&C:{gñ-#2>-sE?lfx{p97Ix?nxYHg<ڃ$+U4)ZPZװjhFE'YG_p`q0XG&ɉUΆ⧟%HN*%  e;a1 m4:@/fMݫO XU8\epA6vňkl9'V;#'Hp0x%0!& Lc/c A#tF/ yYI m*]`8,.0]$=օDu*V:?7tdr,Sg&εS?:`BĦXoۑ¾8it9|/1>Kpא:]bakUw:?_O: tDz-`(nu)0-mcS؃D8V=RK Rױ .U+P N/:4ˡ|>CpaAv-Жcp6mj7`~yoe/TocO",奐L/3z~XcjpC˼A cʼ1"wdp>=s6PFo51 Pش!-(Jm*?TnnzI:ngCbM $=\Ȯ.w/NiՕ#Ӷ6-pdkjE$-G {DU(eFp#w߯ߕo:Z%TOlMTxһؚ9,bu.qW6 鬲vmdRdO,X+Entj@yg bS绺pޫ ͱv8?qfCu .S MyLp9t5#Ě1jS[l}K]]pҥHPjv;3`'sČ5V.K1C*BG=\-KPIxLɂϷVt|}WTkchS89&|~Țt0<\ǀ4m (nHHp֥zw,Nא'cvUF. ճƚ3*N)te\~zvXa\pwG~6n\ c M1Hݷ:fRfN6*dq9fM^%Nؾ/2[CgNq0#?"5}>;HF`*T_ł9\[)Aa1íQ|Zvʊ4tS\_ cr~Kvzj v=?ZP}7qù8@D1L6^~# c݂=ϙÔ*nCQskh@$d4&Tl"dMYZHX4ŭeٖzaq/}1&pHt3lOɯ-j 6koyz\oZCb}-Q0E &^v4I3eNT#FhYaHL%"Ynk)"/D4X>#sF:O⪇GWCMIU'{K4ŦBQ/tZ},Ֆa#7CX~?I(~8Y5UGb{ˑi$|^Fyثº1Z57o^&$8y]=GÁL{"GjflFQꏼA4E᱌B6S HyئhHiqtݵ]=xju~]Ln+p;sN6PݫBʋY əi. S\:+ 0wCHN2*F>JN݈ ]XB= h8=A0~cv>5WN{u k3EšQ$>ySRɐ~wVy&[Nx*X/e_l堜O.u=}dWr}B/6jF8cUEjf7CyMP[4ޟa8 Nf&g4M5 pѸMs9)ȞG%Y H,q_EĤ2'>٪=Ha8$ aușfFB\1@Nl—rapBr 0+.N]Us\eFz?~UJsO*<RbBc\IG,vus[1+y A2-g>Ki.V~G/h!q1>idu7Kb:>|Gvyyx$K8ˎz3Nr9S)6|u&qZ K".zna#f@0ە*b˗;rWpyy$WMǘTɻ߯_@*3ޕ1]zFwUiPV)EH~`3M  :RI"ajQ*5.mdF>?D߲{|c[\pNIq/]֩anyЇ)gʂeo0_ 10i5햞8~#9U""噞aY!Z  =넍0RK77Lg 7;#z6B)4eNJB-NTksrQM^V"I;4r쿿,PZ+HFarYV0L@#0M0yژ̜Tp̩EX[2`YF=K#! {]Vù)"x^ZL0qnpR8MW巑lYyoߢzI)?XWnE_+$w.k~{D~،H?+À NZZ47zx:8Ҹe`nd'E7T96&#jCW "ŅPm7(21` UZ(7 U1$\Z`wՀ?]Li 1D(lEr; ("8JSXF:\v ޿t :FTuc!j ^b=6? p0Y&?)ld^Vhɞa= 8LgUoTW?UF2*J[$şM"Hb ud[Ȼ2ghQ;v|yhoU' -δ ΍yD+Y=W`Y,Əĵ`vN9fA)cHi&'UDsoך9>']]2t>,MÐ(Z[y TeML8GjzVu%ƯBr*#$iľUd۟= 􈕀ĺLT>&>/~ \Kp{=%G>Bu`_22OĤeCFr{^Vi&L,(.ZuiҔF;qGEw!wh̶DpEz=b_|j%)n(|eyj,t b.<+gƶy&_fdQS2֌M"a5cKy/WtE9pS*fvf应SO]s46X5>ؽd1?*{#buU^}nyuMKf߆#`h՝Jm߇ )+;԰g6 ) 6s*\ɍ PʻF#MKQ]WU3> n6%GVgMuD0eŌ6Ynd'pmXɇfoV`di6LN%L/wFkoεdߖT[s~Ȁ)j3G@mܲp؄ոfw.TzƧBzhJ$?2 syr\Wȩրe@P肒9z:&Nt.jIje2*#mH^4>͜u}lfh]ܲ stmZdoDlbY1RbXw[ly쩢k\9&@OBHC _@;&Ӽg:a5DqF Q BNK؝V&<epH"DQ.Ce-9㊼O }WI'pN*AGVuV˚55\DNu 4}nl Mn!/Г$I&&Gp M:]pNj#+lLc J@l75-r'1ݧ+ö<2ߣq9TXHL# R zGJIA^2 E&gɋS("pNƦ]wكKw'R{\bwsbsZv"MG߫YU|+~× g_/ %Y.XV 8^n Ϧ]|Byíz#9\ߍEgܲ+ \Q,a -o 6j[&vMy`F ݕY!h}Yl2)^qv +3Ve6@49sQoD魶, y/X3YN 4ȞR.^Xp q S8~cٳP^nmIlz x.t#;*'ICtrro֊+;oՒIqτWfFE > %++ +یZAݒ"8Ǔ:9I5I. 9j+2C;<oU&d穟2:m{Lo(`b !EgV& tt8gqM3nl{JQfmva$׮sVNv 263 UďQDd!&L!dO1R-=RojE7b3rȒcTaOMZ(vRZW[,m#/{ؼⷸlcO8FV^ʗ} ^ _CXyLr#_ik|yKu*YftAG?KTVK`C}_tq^N޺f}T'?Yܟz&bh=J#XpǯzIܲʥswA(2sB-V&߹y8nߑ1ϟ '+–<^moڮ*&kus 16nQXJƭxi3kw^gQ^~Jȵ!a##(*iZoɡ*iʐ[8Rg6o͝]'ϋ*y#PVvoJ e{}Rښ0hXU7 X֫嵿̧/c2c3c$PZʟ`cV9J}@,js0ixVwCyxꄚ;!U~N~}WdhH{37,t~F`n Q֭^˨wJjDf1`mkiX :1OnwF>wFʶ_."M"K0f?+TVh,A%VBJsblסx_Arn-&)L ǐծCm:G:}왞 ZHЈ1W4,JE{b C61. " 2"w}==Ɩ]ܲ\?aM!6;բ aaLsU;:x)3QS{o0]tOwV825ߥתTDZWCK&J[ O#o5 NDKTu .գ y"MUV%^u)M~[H-7kv2q@x#X8IdLh+vҴ g5)+zsϒ S f]tzwMC=6)EP;QI2JcjB W0iB?Je9V2g^_c^!]@@74st~Pa__RH*G,)s %uLYy#*ػ6ZD f8 1z`q#Kn[IEzlA e_Rѽiu;ϖj:e֤w Ͷ+Ƨn%dRHNlb@f=I/&]pF %[(m(s7mMiMDpq%՞c} ح C"> ł_啴0]O#;饥f )`0",ϔhgS`mǂ,@4jhw1ckni IC ?i 㚤 mYן̢&I3V9}ATE^9w(sM gއVȃXypZs"z֤S}xkGPOa{vaPĥg{ ;dVj=."&t>c詵sN%+ ]{RE^[j8gx7˱U0dW=w!yÉU2i^SN2opi,d>^&E3>B..,(91'/KC9O':ki3ߟhHV/hbH#^-wRIǓ{S+,cq(Sڅu)ؿ& 59ExJu;Y YL Ns"⩄~tC4/vξ/6ĚOǽ@ܳwe% MhG"#$FVDX82܄vypj& R!n,6 *kgS'|# &xSm0vըS}>Dw]>.fb?1b]d`+ 4_u zGK'_3JCAKg,_/n`BfaºC/>7L}8P"W3g/ko#ftۘ|̟h vZtGry"_Z8yuDͶwCEZEh@ދz7>P:c!<œmK:Xw:kn*C JR$U iEi:iLj:-lCIuĠ򦺋%ѲaYr6y{\+Iu- =KWw+⩬%`("QE~1lkE]ڮd/HOTZ-Arך oWt7E i,6We f1Z_ rjnۏ/', Xqi:U͙1$bJya:ªE_Tʆo ;tfNs+tuϹ:nSX4RzTuvJD.v>t=X'V:DĭtSU!3%V){ \E}'m&5Ť9iEe `~.r#;F|QU*%ElךeFE-&8` i#uI#>vFeh+y66`Yn]B:Zۓ=gі U5L6lpͰh!E`ndCnO4c}V-)6R4 yiA2168(`CKئY!U4bRV~Wr·3pc 9 tgx}N Ь?HCT󜀮(r10*mEjhNaiH &QJd-.]0OvtfF Xӓʔ`˒.VaS XUǬ;5# ?%Ը/a?W;l^̑UꕐtSTfׇ+Q uPa+WK)Ň񵗬 ^cOp]xy[MM-a${،j !ۿDnlWAI`Qze60iD媾Ѧ[ND+H>/bFjhʤm*N><yF8d5>hXYS$nFFVيkv32aD-F) g{T\۬|r rRgwyV.5DV.0) mC^0&[ } (E+C ^:PZ>uDLra 9ϧ2@K}#[pk%ĨP"~}( @q;5:,x4;sc< sO>!GaQA]TMpHl;\awx.-5MC Pg/,63}hl"7Uم9 u(b9-F \aAa) V:=Bϔf\8"+q=7ms~0mzN>V%/+; xO(s5z4 R-&_ yj )ihbu~B $ųbyܜq쥄lǫWQFGdZ|lFqbKs ))>+"O,݃ lER4+0.z9nj&` dO-!6;-TBm.T\];qpgG.ф$;NKB!ZC=ÍTbb@-@iWeɸ[p4 BF#ㇹ퉣)5ܜd0$>õ!j{@ lO#Cd %͸ĻQ ˔,DGvMԢ`%$>ǡRVme?Xɣбw ZI 8ᓔAQKqHj .8ɡnI놈eOz'ͷLCM06,W̰hD(XKה,||FFt9tLHg}(='6'ԋ| δj~MPܚwZ0vhrѤB!:],Mb_I=KdL@/-T`!T[^_ٌ@KV, PrNRv E֛mg(-"#ӿV}` KgY\­_wjIMeKzwh:N؍.v~;3( LįÃ2S$9hfR8nsQW|g Kl sdK/ltY/2cπděM19l[3)RKǓ-@agfg}yhTBiHy5Bx aj¬|tC4%w Btۯ%J@;cFmP'pmד(_*N(ao^z~O[ ʿc1H6 guxF4]+B;`!Yf$g+tCͿm=0 "y+grJIՅn#qVXp6!Wѻ>M#ɁmU32Oeȅw[xRNL&2щC_TrםF)HuUS>hӟJ >b#SE`juGDɐ e ZN[C69yoȱ,]D.G䎱'#ώWcYҮ_Ȼ q/ ggSeZ$`kt  M$p#xHID{ {{َPus& ~YSD.֜UbpPRw7x6î5UMR:Ltgcz #غ1,rXv^i"}95n)~*e"ika)VGz_p6A%_Y[-߷UEqtZC'}EN~Wu߆ԍAUl0O-TAoP!5Yy W/I jw0vد T&;'䢆]BS],m\5&@ >W-v-F~= S*Γc/gQ(7uqWd IJfũ` a6 eoqcܞ|Eu "VfGjtas„R2!n/򽊆 ?>O}InĆ#Owp3w_,zmR 2ݎ:PfOXTk?a?&ĘZ4ZRTa('E;i?ی O*L{>3;-gPۇ(,s_yIj#!WWzO`U.57?﨧ɰ vRY}33p?D2m {ֈa8jETgzu07gp'kZ(J%]Xl_Eg#`0RKfS{6öD1T3/qrבńʷ hh(:L$J2j( kNIRKDX@&ݿ1>0v l $a.)3Olp`h$Txv\S$~V>rED4};ǒv.g<85^_4 IUj߰o~Q*u%a7els?mU1fQ̙l:i%KqԳ@%Y8A+ߥ78l6qV=mVp12.Ug  d<}Jmv7)>-n=X&.^f4wkPhD򰛌O)FFűM t#A9d8͢"?$/N}/oc>h-+'(pRgKuk%a٢uYsN,SsKzra{]*-B,B:\L`-p:s1A(Ժ;)X L~ɌhB ;pPmx)YF*~o了JZsYt5߶%tbő?'' )CmF8g \_"e}ؗ a,/ҢSԇm-wyyZNJ؂>?"Ħ#Iq 7|o2K/gomJ3]e {~~&{њ+R NѰ~O'P|?mP<_@zf @Uq䔻L{RV!1)g )[RJJl ry8M4@WGg).lՄNc>d5K z\/ ɔoYy.`eAngm!U-r&BAR| lL3 gk@[)[&P\bbxʜnz hS s(Iz^=ϩ/42^U,jJ2=&jcjx 7= X Pn m_pwuʄ\ܮ0l,F Ь3+ :﹨?mhL]=h|$,KƟ5kdGyt/ƄW1/W zcL3%j1>S:[$ )ZLBi۳Ջ$|rq<~US>_vux6bK~mpK-|]n9]篟+6u8=쮭:jbND =,G͵dŗ@"x:8B%b-&),|bdbNq@Ht^iǤoNֶ:{`(t~RNOp͕ (Rpgvj;UH?>B.+_Ek$W1c9Y4aהU ,HcGII0]DhK_L/3{j\4 Q|4`d[^(sNMIY2u6Xu=@&32a]DL '[toaTt_Ǭ{ sϊī& *(:[M湞CPD$  .ʷ+]*|Q>n/(p_.DU5vu1e:i$ooZJ6 OaH ]qq2x4!X.;fŕ=?s8ViւB+1YBƂCDC@e-1$ƹk۸n 4#, #ytԪGbcY"7sݧN9c8f)r/a/:L:c8vrAsC"dk^muVD#JI-0h4[.ؘTbݏ h> SEJhg!/%Kz,ߪ1MCyWx'YP]#Ȉ5t32h7?q';|zjx\}H ^C #LE?̷R9-Y3^I ,ԻN&"[QMCO#1EGRRQ_veD\&JZh6w\iO5Sͪi`GFbbtrA$c K= ta$(gT,]{uԻ+~{pm C-cl>=&"#EzI+^xtGz" ɕ37ũaJE,Xijzs7<R[yy[5@rU3{~xH˕¸uЄF[3PR Fq06)(/XW7H:O=FP~J!ڥ;)/'`'Ɂ,]U*NWjN}G)yy=3#$>Ș+S}\$M렒kޠ v~>Pu@HdѺ_N -(V$/sE~~YHw?sZ<,|Vs+0óIYrA-WUv]x<5vF-kgYf!=ČOȡr/à_#|Uq[|<%R.Qk-WbMv\xɮѸ3vm@hk8 fJddDXb\R?&V< ߚ1w/jj? 'U* UvHEVle>WHodtZh".e~h~]xa7gNϘ&2K]gd_TܠIᘺmO>yn܆;؍ի˵ެAw$EdtpD׎_;eWZɰGԞa׊/Q%T`B9Vn~;z' + "O}q%Ipޣ~6SXWm &(R E1ȉSGRSHً;L%8g$4 0u^U.RwRe xxH$O+%LhTŧ3 ~ ЫS_1{Swٟ/'UT:;ɒZ%t~<҆۴\pnvDSh4W(vpC*}cBZ~:Ux!*حI{뒷0$Fq<+.oLY頲0/J:R6 Z#MzVG IOto捄Xmb4J}!C3wZ-Jue* ܦ"g=Rږ:gٻSE[M_~{\|0$)ԛΫ+&Ԟ;QʁH+d{tl;q9*Eݢrydm"2^ h 妩0D]yohZmP /hB_ !);VHC1=YFj A p =#$"Qk$)ҊrP#uhI[w}=[)8">r1ӗ/ -jE2+!ʚrB $(q1Ia61c o20LL/b]V'$ P2O#S)~hmW2oyb=(: e *V)]f=? _XS_)ۡ0;x/cWrXK؜#j*ga%s^O:#軘;䶋4:BA} k"GyY$zo'.JoxBCbMdfwTNˁGJ4,ܕ{u3 &^oW }S 0xCSM v d ؍ nYv)Z1gZ,x˭&@`r TQGa%ƪsX?mJhd_],[G"˝7jz-A~N$W*.OPOoC)5 b$v*ⳞB}y cQ;\Z;g, x2֫X:0LV|Nj Y\_ov7&fʓ,M ?QRWyZU Ӑztw{zMvcfm%VDA=_j )R;/NQ8\O]d2u<37Jp+Ym-B؝~]Q0}LM:ovuxiW#^hpeNm4{RDA8L^&;p ӲMN_kd95|X, ["F'eZ#p|+^O#ԝ[N~ nQ2WY΄3Rµ,-& 8dL.o-B;ƒWlS}Xk6_qǪ |d2l80f|0Ef8cVUUjiqr E)՟sˠa m- X]'-b2s.^ӗEwugYfU`A}"8h 'u.LsOvƓ]Qe&kv+8 ȏjc⮭#a@A2|a|ur6\cu:Aߙr~6>]N6dh wY:?vL .8|m>>6Cq,8>Q*Ky>ن:!d{A>SzpQ9:LSaFO9\t'۴>G.q M ;sj(<ϤsoR /SjC$ `XLIotiʝ[],_ gmr{:Ǻ/ċI -6P|riWXfD#A;AD Fgma##eq'/ߥ˜*ej'2 ZcST+kܳϦ)X])A>h/8qnI}+Nu0vS!D!g_dOyL1^kl܅ troyhbP% B%,v 5* ep7cHT4֤M],NzZ|XA̘>Ǚ[+ozQ ܒuGt ւa45nG2HL<qpF0b >"q*X@Msɞyf#XoyWY4uv(OS#ughǰ(?2uTz^mYk80=A=F,+16?3Bň3x .RIZDwq6abrBDTn0ȫ*7x/,fk.DZ{^>[]7i M\i)Yw[Η_{BCdD[ ~Un}5ﳺ}\0W55D<]hOqS$TPs #bD'w&{&I^zv}` *=F#X[L)rukwk 2*ҝo?v C")ԍ;{4@Qt/*-m͠C\Vm+ͅ n'xO(ndCʁA?_d݂̎z,L݄KhAEӡgm-xJ`bd=B/wEmua_ jvƱ#mXqKYaJat;"{TU%(*s }%X(ӟN!'$4s]') LK4n͓`i>d2fKC1܌ч}sk,f;tubT7`2m (}ɲ6m$!"lkޙqY;azݹY3olҢS!@>1CLEowmٜ_rKS8uX P@Qe,/f4=7?'EB"JgGyG=KnFwWaH>0dâ][!er4 Ә`')P~B6@n]7Ƥ֖q@nͅRadd5DƘ`:vݩG}^GN38[oY%䆛tN6Q\j.S,,ue.59@ϱL?5^V+Cvf [",{x9<݃QǥW&s;s#wʕDN=ýPFSw0v+%R?h~4Y<%@ '犓#ms)mT@2vݿܝ7jr!6;iH  Q ]xyU]GqntK߉S^qWKAPE]7QôF .[\ǚ1,Q(?]cŕWDB(i}NǝlR$g'^x$1dKʉAOl1~Z=ʶu!Pzn9 oNlUi 8KEQ_R@V+♄,.cw"TεYђ\ 92W11& wÕU|TοrOղer& hzBܓUAORyw.K%cƑRd5cU2]ZzFpD0wHXR⟌ Ʊ6hQv'7#`"\=l}<=G%Ÿb57 x,sZ. nYz<8&KUM}g(f&D4iY) O(}S2b > K.^`Iaee`$ܞzdleb{A A9ɷ抃=Gi#e:}Wk7.4LD mD32ni@a1Tfʒ~ Q+!Ci^>VR( _73@cGֽ}BMt"Vis֩xCXS1n9EӮ%&h\:$(0|EX4^ě%K'4`PMF .P3U7JٺrК{_`f }E{2#΁B-*"⫐rmR>u^FT@c=K2D1#W^ZdQp5{@Iq}d|iaV ?(NKX )bdDԷ+Z[$MlbM^ʟqڻrW֤G%k`Po^vv~%"7+OcBP'f)M@!ǻH {M4yqG0!%8<1OD,Юi?$C"4&8 MK/Mi-9qY]\_ Z٭wT>(R0 )mp>]*X8㧚l8Fh*Aq=grb!\WV$Tzh!tOw 7E _7>|?EGS5%+A2bGVߘ4KW'ExBoNuPԡj+Lմ!v^HfJiK2~/2:UUdߥ`c4q@oSOQBhEn+-ji{[8KB'fAI$١k;rsfBӭW`_"`\} .r SI-w.c@1S: ɆX͔~ w̑_8ջ! ד㨀S\nЌ<mۭjD^\,l ܯ3HBB&aF3P(?܇_d?2YŜc6( ٖA6SīKM}jٗH*UxLy,6sP(G6qR??[S`}l= AVUm>*?$:= ?W~auw;x@ٞ"}b# Q'=d FR,+, sj7OSt%`Jm#h`^}<|2B]YXgW"6QAOzH ZthTHD=Ɓ@xUc+t߈c:Rnp / `WJ3sfK>:E]L;2YgżV{9)8_hnX@1v?6oWF]s%'qmj-%bZ%~H |h`Ә"Dhmv<_jOR42X0[8D*wf˱ΡT+GŊ8,N8zN)&i! >Rޱ9"T=0Xd3cN\|sN,诙_uA Mk?E $/H G`8Es4{mF->P+p`-| -&XWĊK+SRr[ E#H"$d}XoT&_mK/~T""4Jg;onŔ*T⅖noA]O=$c[RGLJj۳$V5 BڌHY @I5ŮܙmiD71Aw-]\.]\V  %琸KfR|ZX%z,nwuWajIbkc-DA9vrIAj]]fUB{ Gsr=x>"BurmLv.'ػOÎeߚi1X  ^U.'+Zϱ?n R2y㏃\[q aӕfť1%oFI][敷(0`HذX]\hw/Jb3RV,{AH5 `Ԣ[䜸{L+hׅwaLCȷ8QZy%РvX;,2P%(ڠKe vIރ+![AoX"Dz/Ekڠao F@7%/zAnἨ6WI{U= ]- 5^x΁mT7o4ICN&H?t5OP{C^v'4ӹS3Uq3opd$%vezx0W*t񠀬i2|ՍK[9!jI*̀@ZLֱ.|b'@4𵤹,XCH^=H5SYUP*GzR֩MX[OTVÒ&5(B slܿ=fNFf’"ԃUmZ/V!_ ( .%ئ`JhzWb :` u +r4#+6PHkhL K2ϦJ_ͨ\q?q2 ٨'t\bXV Iִ+/!`ݳҷKp-;y p;$JyM:z1e$!3|IaYSoرd~h vkG# upɱfuJ<(J2-Ɯ+z— !%w  V,6"wQ*( adXKF)hzc>r1,JYi2:Vx<(h2=&tOԡpdN.ݼn4wfuaخ]\wQ>+X:wvy2wƘlENݧv<Tw<ⰫN!EK jVb|xbZ:c)ļ%|Db:)4l!S$tL<=jP(; ^!I A7[oWIN/t>UX O8]E'yB31X̽N2 l:(oϑbˑD)-$I{ՌPs(jRA#xmCpݚْibAS v.en3edővӨ R{J/)F+d@)] % Ɔuee$K=9d qmK?=Bt>O4'UFm/JjWwARpl:ԓƚnbZ/hð%Gʈ/Ͷ$!lZ*@<[2Ɵ_)TLG?X~dwk97TfXk }+_+Eg;KfB?ldjTLtz ޜhx%B|)k$ >JVn%YQeNg^OɎ Okq SCqՌS_z$8>^ևǾC5Ca hLİcXMQߣ%qwcT*E fiy(1^Fn3 xǶ=10!N"oo"ⷷ6NeR. *+  U+W"AT6e1 0"Vи50G; Tb_?y=')O?@38u>{57R;=\GScJ4ʓ,w7q@|z"}*lE> aF)g K%`cNg~h>X:L-4yqׯd^uqa1껸% ᣵ?Q#Wv8҉W(=E9{t}W6%Q$Cas`1ΰurOp0NAm]k}应}y"gq]lcD;Uivc wS`̩}8&] Q^0T4._`c݌/o3+4|<-cTRC?ݻ3a &6aVWt$>:ɉ))d!{~^%zlat7KpY]yE~KZn'Db#,&d!xc $p= +cDR;5z~xNcWtAC3Ŭ1@݄7@Z4ev.:Ƭ M⁰$Qp0`HOz #"F[}^9؃FF!٭Z&\:F:v+MФӋ n5Pt1Tn4XXL(j=Q!g%9w2ML0;/sx;AvI%71fλS7&./}sH.0JG}sJ MUf rEy^dVM|Ry6ְkn5i?~-}w !KVؼ-ͩ%7;}o°>j3k~_0WYEd)s$zHg<e-U;=18w6R/PYpĖ)MBN܍Ѵp59MHzh.xe ktp{z$a-fgD}:֤[Mx# *^";"N~w&>11U>%-8;o-&{TF宏 &!(+HbΟ#Z`78}:y @o&: w+)7ӏR<'_1T[ǣ88]F.T&ߘӣU}yCu|iru~UԔ*1O>NiLڃFgɰRĒ:ZŒjST#dvkXXm=2 x!aY^k({!<F;F{AǤBzm(QPn@Fe](@n\AblZfGySԩN;ų$mA&ɒK-Tb1olW{!w95.`+F^r~蓘Ec!a!ء:=]0 ~ޓ*S:=wyEIj1ezMO Q25 =vWEr3Z閷>Um ~K∡ ;A1XPث;D5lʙ Xj RTv`x_*Tls~$T!a`wq_$2 O6ڶ݁!s9Z:ْR,AsI^_ܵ^;-Y ӜM'W%xdO Y nCzO'W詡<S֖C,&f\DypB|U5IwlCXw$0,^fqd̑?n`)Wrh2nČpM [L+Tefk&4qZ/]|zUҪ2*K TeH_Ӎ B1[(XP!XRɨ©ڕdy}w087 ր y|h(v@(sZYFgmRn5FP~5Ϭޠbw=p/JsXSS)wfRsC x}U7mpD:-ͤ4Ua38ЊvPSJ>]`. wŧ(IE>{'˪O(^ypgԺi]rbL".T%sE7-3\t۠ >(k3%sGrk YET/cHq0c@' Yr(S`/$'Xk "=w5d9ƽڸ6 _{E7JVtryb,.$4' Dp uf4@*a~A91 m"5ˡ:VHlBt 9">"%0k<~n7#ViiRai[_zNNX'd#L֊ R@&v9N_ka3lNHz^\0f;QhTL0Qf12ke\RezW+>zefŎ٠sĩ P4>LM*Q_GӅ`d"}#b'?1pOʀG{j>V̔D|3z"slWzHakdD[`)`)Et>h8k0hd컮9 9wdD[: ž8kru3UN`[TIRַ RQ+а?f)zI~bKI1>㞄Cm 鯛~60Ѱ\"[{f]JʇfdQbzmg2Y0>T,+¿߶ F !XrcT"BE+e1xWiS}$`)-a?@^K,X5\ xmteC VX"pA튋긺2W;aQ.\kL4ѕF+g,MIbہjm]7DIf1Jx_uOP=U^oÂ.>4fƺ,J=%nyWE"ػH쇆RC&@F NzJya7uekE:M +@lL?F_̺IV[rsJ /$<Ǖ6 ?%И V $s<зcm_9 wj0˼ ʖ+J<'ENPhϬPwP\E6wob 5z@.}atO;Z6!ڗp"htTwr`*ϥ-Y7|°UID^p+c׻7f 3,}4/.ﺦIrQPm}cs"ٿ 8`kUqc/T2b'v_|0O͎qU9GKR&c t7D^`8"L2p3xa vŦt<9DIcBQ0 AmGq7Vk.-YuOʆt TشN9ɝ@ơSC {)+u9!ٳ&UQ3<+6H.uss&nKQel{*Og|ay]r=J%P|js[h8--DS UJS9AwFD)ck.#,pZkLyE{q0c(>Ԙ燋$#9# Q߫T]Q6Qew C]eE$ qe}Rˏ$Fy-X Xfq^N&κ:Gc{ b+>e/_Ә8DN߀WHi,dc[oZJ9`BvS $%MosBVѰbtˤi8$aYLj3J M窭gڌ*ĕXႮ Ugr*p:f!,E5`7AOCq'6 H ] (Ɇ`ٹFBuB#1$^nΥu"ߚLRgߑ{}bDzazr+[o-Ƿ"vcXb-NJ NMB t8TZz^2n֒֌|'UUQ{ 0ԄT+tJJo%Y^HHۮqЋjs: >⻂ Ath^]^/oW>5F3N|5Mhkp^+5!{$)d^1}xi 7uТPb^[LVXg// ʧ -l5b !LKmEiW3VC;0Nc\h]wrN)VSZVP>Q :gN!RFE&jUY+|M!DN.D`w,U*Ǣ/' vII^c^5w&s *v 6#YT"6–JWZp$lcя՜,tr1@ۺڰ/g"n V>f{}e@l;\?¨FԻ%go -Gn,gSBO߯tb] Zx֖’wm`W!Ay$90.k‰ݽڎ9{s{ V)luVZA.Ld:;l 65B`OD[ZoXwVOÛ=GeؒRdXNzw?Ùg+ G1Z0t}L!L{rE~uByaru܄=. u0sj>tr 8SXe9T w9"siyoӚq!n<w*C$1k/ +_\(ѢK 38\ܞrchxl#p9ⷓ wrv=!yX8)8&s:8BӀw^bҋtXA1jg}O0$@^JqN¹kU}6c'3 cH-!u͛2US_Bj=0Sx0~`x %麎:_Zg QT'G ȴfbOS_GڧKxx+rape#ZXC&f]| PLnr%xcW^~pvS)CQl&^uV!֍ssMTG kOt`o\`ݘ֞&&AJB)ݮ^_Q9 ׌D:|bd5[om@7ت*<lMXCdO2~Ї b|*r%(ٟN(Ar! 﫵e%R?x4Is]~@Y7|J}Z༸It!Y/kSZ(/jzж8e$vz޼5|K9/^ Yj- ̌p$r~I$|=䘒MRdžO߯ӟܢevG2g@q5's"4_Dq>ԇm_GW+syDܓw\l78=J `DVHx,E,MqhU;ggx"z+-*L$q|hkODWZtrN`iGxAnx~8쑙 S:CW9Gm~ۉMwW; _YÐ#T%޺˶72JUH|ETl3å`BLJNr_C-WWV)q,;vL!ִ^T%ZqJ<ΐAEiϞۋO2qf|ȟ/BGq1}Ю+?-l@q^T% Zc~lh2N{=ASp6_t/=~cgm<[U8yj{$tMiQIWL7N a9+ζFN6>K##^8OBxKE;uoZ)J Mx ?EvXI_ w8H^rHPwl7B}R R}}&YΫ_0߸EJǠQ@׎5!Dea7VnOi2?v)$dT@-C}ify,!'B-kAa7Y<8) %5EusӇ &TYuW5ա~咕Ӏbt|]V@ibZ}bD[QDž7z8LBF[%j2 #E@ pr3?e:6dDm oU=|~;q̐K**[,(YZ_L }50<-<^"J5Igy6`un¥me׸rGWvc1-X뭹XZ.@`6+w0/ӥ!{ {L(Kr&Y&]7KlfyyC]RP'EY@<(nt)@xL0IӨ!0\?L*X338R$c \'! ޟQab*n:! ,l b | /Od7MgfGv huyRwnDIlV-./6$>ҕ./ysm@J՟^}9‚܏bX,ꝍtNrVni 0:7_ YR@ƛhk|Q$Ƀ p7z _ۂNC8j+|/*/HbO&8ա0ܚ%u [s#@=i+'lؖ~:m'AZe0Qʏba;; VGcOWM,)v5HW2EnA Bt8%eVg<9=^YCC^=:]U ajӣrODF֩ D7_ wonHd00Z 'N/a1M˞h5SLf^UF!Ա;L+dE$#אTN qzx-# SN!sT#6Kx2#8.x?pH|nᷯ@گMSyͰڗFӼgZCFc9vZHÃiit9m*!|! =b%X 틗S3b0o FwV/L fSF:]~3yH Bzs"3 S5vBvJP+ uTF*W1^?入|Mx7E?%͛7q޾(u! J6rP>$͸7chi+ˆ D;e8.#*uF@ q٘>P %܉ViCM ʥ8 YK_HRe6'%nDsI#; i5v;혲#D>P( ܻnr׍DsDו2NK*cZo=$.}pqfu))2?ZcP#MqPK M/cmXlGLN8%Uc$^_ZnTW$1ѽ"':J١=PsuI܁G E+3{ؾPd&Ё)%Ԙ.mInn YSu.[Y;5ixFбO/2b54hzg;z@6Gc+jʻ8Q4a@ :):ֹׄ1f`wiE'XoC> 67 S[^$ AGCGZlF@>X:I {Q$@ۻYB6U{yAxؤM Q#*j& 3 k14^%?陼 ^> $Kw# #eˏ-Ap@VQ)8+|! >üpT۳i0>_i#Uf5fklTDw|?"AGL;f8J 9s QDzMsQb?e@"8lʋ1:ǐhx!&|)'SŦ)n\7Q$Z-ϥ,,aGYjG22QJEJ0N‘ 7€of-R/f$aL'A_6(*5[Sւhm*V cEX;; >Vb~X!4zS=- wdH(%2Ζ"~rk)vC 3U ><Lqt^+ZIQ֖OiKG:Ao6gQʖZsrkqf61*fvt7*a%Iݿo NV%wm2IӊV9q}v}l3xڱ,ResKâb'4rkڀhэJҰ'MyOL1xƯ2xR{O  'T嘈\l)>|+Z(jwƝ0Z*2?J[)h,yB5!,1Ithmǘ$vewN9@T!5K1;Z7 +!7DeGcXrm7Ǘ =lp$E);!tb"2QNad&[ 0xF[.NjCa ZKYq.|.33ǔ ҺdethT:x ٹ\ 4hOm۟jb&UQĬ'Xf\;lnUv:7QY)]ihjdgftNmnvō;MhĜ=q\ɛܰrōs; #{| Ir]VZ"/Mĥy>UWΒs8!oy?RŬ;#Xfl:)" ^`|'/q xڸ0&*Rv)TYE@$o$ǝAi!Vo7$΀ gJӴI^ulC ȍJ)=R`ݜ*nJ_/&JXK7M*=Bϥщ-j#1bS 7(v8M$m­܋idPg>U锆h_T-o