sssd-tools-1.13.3-56.el6$> U_mV (>2X?Hd   A *HNTbb b db b b b!xb#bb%L%hb&'9'9+9(,Z8,`93h:RGbHbI bXY \<b]b^bd$e)f,l.DCsssd-tools1.13.356.el6Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP passwordXҿc1bm.rdu2.centos.org vCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686*ɤKSA }5q"1EQ :bn3] 11m:+}MHOs x?sH cC A큤XҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿVpnXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿe1ec854f68372bd0e1fb6291a2573776074e921bd39bd69a8d5eb8da2c44dbc38b16a09cd1dc9fac7c51768c27ea19bf1bf0178909122c473d60b317b832c936881b770495b8cea72067643c78870ca9a78a6d1471110d74d39710050bdbda0ce2b77b0cdae21a8dae1bc315ad375eeab66c01151c46a8491e86e483a753062a82fef17872487505c20965039a68b51f18b63afe029b14ac4b0e403703b050f3074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e21af5f3b90f9ee2037534ee896eb380f28ee4c8287ae079cca647e0c0d110f48686963a818eb925ce8bb0c94f9f14bcedf56014ffa17275455d2879a0fea2fecee8dc6123da04ed246a9e7d1c724ab7dd4d41c33f7923ee72052bc8a4b934763363da7e47f2c3c6df61a7cb83fd33d9eb3ab5c8931126e6aa274c347902583cb57ad3622cb9e17d2bc083e990dbe9c59cf2c0835cfb21210168a04188196c9e18ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90350d84c60491f81ec38582151a779c4e2aee537befbb0bfe275f4af2f4d91a6aca6699600e6c590db54624ae492e7bd5af1db45651ebcb0845e606ee559e903c099c3dd8a113fea8f43eb6155a4354bd4ba2aea406090f3d764f486c3e07556996ab7f4306a908defcace37f1f6c91dc4a2209ba0ef8dd7db7fbce0d4f11aaffa8c15ea2f38ae06aba6778774ec66b34427d8643e9a628e459fca2f53cdd141a70cd03bb230a00adfa378b30947b3c4e4f621421d5598642bf9562af08b264038b2e13af39c3346e820dd25b1cf15cddc65f83e8306b4d14e31d1195d193d3aea0de4f9fadab65b5df315e660634fed1636d3838895735028619c989826cb5cfc92d14b8141c5b61150636295bede5443eef854b35c22858d94d27d2c4cc1809266f7df05620679dee3ef453326967afa37b75389821088071bf478aa26cf13ee8246153513a6490d29df0340aef9b406ecf914d9fd7a8308b0516d609215b4694c32ed1653e72de94bd8799e968a4bbe1b8b2b9b4419c31cc4717c46345219f05981d65f788e6048bc9d1c4c6b217409a3fadc3c5202098a604b69c1049123183ddab8a97d33f0efd00515183d712552a7fb559d420b2382a98bd47a8aeeee7ad17ac5f114eb8c50a94cf87f49ac08f1f6a78c739b1d66a03156b16dacd14df3653c2bd588a3ea18eadb5c1395551ed10740fb86aa2a6e3424550381c92edff47d31c31c18d4e0c2f3420467fa2ff7f54badf57d2e9d03452d0315d4f328bc751516fc4a79bea2e43ff71b134457cfd7ca6f09d9670c757d031ffb545df1350778184cc5c85e2f38cefc1a5fbc5f27546a44f1b906dc11bf7847b6dbfa7347088c3644e8a7bb4fb18fe22400d07409fe8bc6706e9293859f315cc1df71e04a9ef1f4439be013ed636fff2def8917761d7121cb9d135a391457885d341aaf2a349d24a516186ab7287f5a6ab2c03e8afda7442d66c4b6735f7f2b2b644f0901c6555371032147c552448e5bbff22e4dab75d9f0693c61498a6a474cc1da399b24cf6e74b46a9f5b20fbffd2963e906ea123917cfac0a9a145b66952b273068dae0691872ff8b6fc1d5c7eb4a7e96dc9944560779ea8cac92be114f2a615d329b4a010f54b2e1aa82e5fa037daf771988bff39b18e50d73d11e86914487578f0a7d22e14bdde49d0276572df0c93118d7e18851b28e315cd0b690fb3653b48c041c1d18b55521e967929cf5519975d67cc935da4125c3e4031f740ef0691977fa70a7cd8b5fc5c5640e8f39293bf0d0fd2dd002409bb268ee5b7d5c8e9f5a2e4866e6434029b91fbe126e9b533814c2faa0a6eab5b5702367c212a4d67b56ea340dd44345ab427050eac3b66b6369040272b6395539ce39e226e0c922b03d49d6892e97853882c6ba50481d7743d20238c903199c59eadeb3fcefbf87fdedc2ee4ccd8d091076e2949dc5be54449913b808600697856d77d21e8c6b015c713657cce66a0b45917c3984c95ec9dd46b52bbc394c999ee1480a5da334edddaac82b413e6a972b5b871175de92ee547fdf979e6e65996bc3af2f4a47d1389457c87c49d9063684934fa435074f2f345e74b4381acdf58882d46471862ec1f4bb83fbc436f5861d9637216e55a43f3af1f7797aa78e950971e876219bfde4dcdaa55b851b44e3a24f1e6c13aeeb1245750e4a3f529e459b76904c07f2bfe70df8bb00c688dd10766a99d0370dab32750bb1104d0c7ee9490f72aaaa0fd37cafbea446666ab88a65a1350e5bd28bccb7c9652dff2bc19c305118b28ae971fca9a6a1c609bd4ff0118e29c72144475864f3eaf903bbd346374cd618d03aded0b9d85bb22b18ed76d7a520d73a7a98a763f502bc8280d5f025b1ca3d6cd38a1718cc09d1748fc1c2873cefb6307c94a7bdc75d597c98c038251087f2a23619b583a8b546086a0c9f418c4af4c0727e43a693f87c61d7c93860c972436b203a29e6a69f255559306bb17c7f1adafce4335acbd746c86d7eeb69a8f1cd845e74a05226de15ceea5e0bb09516fd684315b32690dcf357948e1648bd97b2a6664bcb857c1e5fc7be27495f3c2e99aa4bdd98a7dc152a75b1135f31dd5ba347cd62cb39bd94bdbcc84c3a6d505dc36e4fc685a81b8b1b79d9807a303bc4a5a9e10c184a1581e77bebc6c6cd32e0a20eae4f4a0e4f4ee90d479a774286ee8dea1851a877114f229cf965f4dd1d49332dc9c066e16edeecbde3014cec0ec6dbc78f271ea0a75012beff5e88701e02fb3e1e4dac8b9420807841bb755e2115c6c6e46b2cdd3c365407be4cfc0d9ba04335d0fd8145b67b045c23d30c8992acd37313ef3a7f7c9b0b703d143f437b5543eba373059805f2e778369398e0af93a55c6c1e962d7a6f476d66d10ff2622f619147e1c39edc58346d17405227e7df1e9f6336c813e618f826ea003f18d714d22e6d3cd717eccc3fc862b25b972d746858157b52105dbf6d37b9b4eb52d2a544e44ce2772184b4746e763ded39ecb4212ae61a05c254b1700fc47890ccaee2d08cb1530610c305cafe9ce2d38267ae622a6b7aa145ef999f128730ee832f3b04f41117e4c0000002c30d2e3b219c4f92c7a3ba309486e1874894b97b9004b2ee16c951aaa1db93c161e54a79d9e5949293b3fb5aca5394007c33971a5ad4b1e0acd537ca6358a3f620ae95b66b058ae3c3ad08e6688a622225d05f16d42013eb4be04c3761a66e93cdf716c743c02f68d39f71441dfdb2686664989e4dc0b629984b2e6aa0cd2008af061a1c3b83a024afe3f6fb073267a63cfec27c8c21fa473980e79371ef2b028e680567692def0429ed9209977bab51786b070bf54f8a69c5ea3aa03efd01f47e44c4d63ebc00dfbde73cb79d56e2d6551404f3f7add230b60c632407d918d3b04644cec57bfcccb0e3b7c5dbb43f8df8167f01ee0e32459dd00c9bad8c021647a6d93c630b21730d9b8d865066d58286fc1ebd25dc5f6119317c9749bb53e25179442acdba94c51e0f07cd3bf74aab44efb6ddb2a9e95cfbd76b4c32854a8c5cbcb7e4b0bac81fd5ff625330e230d3117b78a91c41095fb786fcd6509bad5436f2ea04a06301ceaab2f1490b76e494ab4927e340121a5ac02bbf151ad1fb3ebd42b8f5ec440e2c5a5f00edd5c0efcb19834a87e39d6f3a2a220d64272a18e15d645e576cca2f096d689d03d6898f0afe87ddaca1e905d8c368bb5730f5db2c102b487c47ad0bf8cabba8c91facdd4098f69facf4adf8494ddfb5179a7266accd21f434b602e562d6e11de028ff27abd1bdd4944258d5e246e2c2b056fe6e444ab9e82cfadc4f9b50123f031082ec69b3a844022f9f9b41e8f407d470ab533cd8e2219e5b69d8ecb20c22d514c1e15372e3d1e536a359272218cfa6f9e60ce38eb2539d222c9af9a192a73908ea2cdbf268e9d8fbf457e3eea1a45590ea8f1ad2bee83a70c9ffa0a528bcd61e0eaacb3c85bea64c1c286cdca88c6836a4252c16c48d7a9f2bed2ccdb9d06d4930205b81415331dab055906cae37e1aed485f5673cb60db74eabc239927f99438b7205875343e775d22d65cc198eff590257e709a4921176a33d8c086e1d419acdaa5b60c25afd269427220466f09c759167b9bb3c288d09733d9f372e17df19579ceb4a6852dde577c73c323eab60c92d8a977fdf6e12b1e6e36f9d8cfb1af29b014701d677522bfe6beaaf6739d9f4781c59429b51418e670fd8954e75713bc336838869ce45d31fc9d596cf305654266d0934f3e959c63e179f9ff666b2a79f55a41649897f04fab8e8596269de7f227bada85b84c04bf8214c716b21ed3775ae200rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-56.el6.src.rpmsssd-toolssssd-tools(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.6)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libselinux.so.1libsemanage.so.1libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-56.el61.13.3-56.el61.13.3-56.el64.6.0-14.0-13.0.4-15.2-14.8.0X6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-56.el61.13.3-56.el6 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH6= ]"k%}:w{!vQ_99e[7h  YCu.8; >t@MKb)jgljtBZas6@ &)'qRxݎAjKaAvN-d:x%=*XYYSDѺߣza4]#V=6DO~”)\󦭤=mR D7 لDk`tCȓ ˊJSWZ`ċ2‰g1]|P P/]Piڐ[vZJDZx?,dgi*ת_Ӳv~O/9_lWg !%@W0G+}%p'.6ۯm2?[9 5-+h}ʖn^  đܥ뭢BdTo0 hd1MZ?jtdG 4`(^vYe0%+ԗǟXG`F$\Y!(rwk{ںo~ȭ̋trEP `'J(?_ȭC;}SX5+Ρ|nvfH7a=.Hl:X=ꡰû"kZՓbI e q M6n1Ӛ"Ĥ'%z %TIj7<9'b|uv1i]Ӎ@u A&ʡҮ…Q,wEE[K#wצ*7ȟmeԘ<6'Nƛ̽׵  q¡$O4Pʍl04W^fyT> !I :ϲ`)M%[H'KHS-(R-BKijfCh<@%@S2fnڍTsǡOٛ9T*n?!#$:G:њV&fQ!Τ7`c S@ZJA_@ S7 W A܍n]*0,FLT+Ph~+>G_3V1*|h۪^ZЩWSQP@sd^0q"G%C ;&Ě_I q#nk0y ZC5GAweK~ q^`v1Ja3P0lgِgJҨ@=yzq#њ™e AKT:lѥϣaۡY'3} k&z=gs= };Iۓ\K1o0yc qFa P""[,l~dR8c/SYP=VCS9+;fsoL vOf6P}2]{aҕ:huI齗%{Mh)z3)<}Uqz qCNLكk( *fzQ{Jc]Px@g{ʸGs!ݝp(~QtMw7yT6 a{Eck-J\ %v9F<5[0uz#|AOԿph+ۣg!0u2򊭎SxO#eTV#Lg2 Wg; Uf{jWβ;M ސF;Jc._۲Ș/waE5vu厕b1>Þ1ed.xVSqX@BqBdKw$^l] PAvK͉G셗oTˀlQPD!qG7D,%*EV'F' 6l0w>lxK`3JU[>i~CELf̊QN[1'_Ir[ Ę%,; ":XCX /5>Y҆ p 2h䱳ODA( g*_\:0WhbpUyfruyc׭&M44%s?s;Nud@fo[2iT䥂O< olAhBw>rcŸs!F=kӻ`Q 4 86&eD9ޖMӐYV `Bv[@ /Oߨ O)Iy)vjv@1/e$S$\?҅<멇\o8~%ith̐ lTrg5)>Ճ7Mo3~=(^mӴ<@_P%lW0嘭BlQ|0= F G~͗ ERcMynk#,<,F1Ol#D=R|Yv1IG7L+>TבUs-p >C>G)ێoXŎg@mnں/`0sK_1p[\O܊3N|IRR!M~7Q%7j'ʧ&Ƽ$4m";xEl˘47@y] 4Π; ׬]E bZ C-SG„kIE_<͆!}ӈx>qM~R ?Dkf5u{:V ql=G_Y:L;j yVN 7<~6møzB EG|ef!щu'qǀ0iALVKPrQݛkVKb:V48# aˤ4K 9sw1&^$X& ~jϹ?8Yg'~~xSu tlfP/J@$.̢ӽw.j O\Ο&q[_RU"߫o?bg>(, {ýGSd\5tdoGv!jK {MҨz}ahTUOF9)2x2Mߧkxpbf[! >qu`L:Z8X5ֿs@h@6YE()բ4oQOŀGXg[!cE%ִ?dK΃v?~gsuaCa1\$+&c+ή;,ZX`> >.Ù$EA;=baC=~; (\,mkzg^c,)v>DB#wQ=ay /]ģЂi s'TjyIwe-e<Тq6byJ|6d7Ixf5=cϾ)91YNAvo +)C3u+ΟylޒQt/~G|sY\N:^<#-dHfbH Ë[SȆ H:Z!<­~.<\mrr}]3S \ <8a gҗO%rȲc%]R2|nH2/|['ν#$(;V٢R={T=I>Bsl\i\xڕɠ 5 gD!~z,_L!S^sh(5FyP>GM5zQACTkЌ>nۑPip${G&g0ތۤdH%B+DRc^ 1ulEaʤ$]3qXw'L5wz)nV@^ՔX9zTF)iWG6uh |TC¹pC⵶ KBZv aaLBr_-8D fl-_t!=HJa/2WL(i.7Kި\AtxK'N&MOm[yLܸ2ZgJ~z4ʌSH\kK`8Tqv&\L0Ƶ\v>Qr[T@gS=a!7*wD->os i"h{kf6lvl@aRv~`R &z($9^ WƹKaԬݝyyg{G@pf*{3l)M-:brpGչi6qr錊t!F2p3Uz9=fCw%N 6 LH§=x:j!7{|(f{N'vm״/\JB u XZEW[!ߙXCSXĊOT:^u|nHDNO}C!b$=-L5ObQiYzJ %5JRfgՠIW\2 !2K N#*ќ9f-/sf\Y}o_"=˞%IP\cR P>[4 k䇨fwHyIi&=\l,S~46.j!6b`oiZ'Q! Р iˈ3gć"6w yjyZ\.5A{ %scW=#oYdysEF)_, o,$V:r0F!14Lu܈[X*(Z&OTv d7VUEEHW+o[5qk8*8Bg;p ˄Qnmf;㮓t/ p.PVj3 ʝN:= 54(TbGm8i!=owa7Z+.MAri@ϠrA7,Do +Dsy P/[ ~`f?m!;0\lϑw/cj}b0E7Ue #:kO|/">>PcLh.yDh0Ah8 `/fhInOMy*3c剠dW(%dX AXcge/%÷Yϫ$n4*nU~w j2? 86#|>ޯ|?fL+`ܡ5.$Ü'B,ԊaZj@M>%A2Ӣe;h~EAU|,k>7j Z"?@26Ӧœv@%w\|%NB9$0b'`-\wʥBlrp蟨9iyP5RgӁhemi"2%^uonіȣG1flfDkPRRW|U=5H~aw>F;*ΤNioz 3?c7(}^;Gj{g=liT +s#VUKpnPz~PYhuY٭$5Bodh 5rfkzKNU-6l X$1N>`I_N\hS A+J9^x%i?DvhS­#Ũ$?/,G@ۢ9{,N&XGҦ:FMM9!ifp/WOpp49:)AAjn_c͈?$$I!~ d^yR Z3X- j`j#OĄZ˔K HNC+# 2Mjӄs:_ cH!?".m6+S%^Gg۠¸Wc%fbm9E3 AA-V֍ΕV0@ƞ3՚ɾvpWuK'@$jT%}H/(Aē r" e°^(MYWPŤ#hMrfn%(Ǩ;1M4x{HN=Mm"yarx YVNy:~ꈙܸ9.9b/\ 7L$%T$xxz-bnqr-,O+5Zubmz] V)؛?xDCP/Pd$1u<wp%pYH+t>\L^1<"FK\:k);c_-sŠ)Ü !.Aepcшo"@[ӥ/'s/. (5@6Pt,jχ@eBLodB$`䶸Xdb'GX] >MAὑZ6uyMaMYq4ߟ>ͪb_D_$~OK 7n(BgٞVKZȖg j{Fv400˖%g2׹728x<<QWT-t̪h /=>>5 0Fa]vfM92Ђgğ Yַ`Pp`#=د0xbox!T]ߴM6 bx R[)bӫN25{|ʢz =Uji2gAeOLEx~YBxiAQFKP Cq.̺rXSW]vi_^u]_ӂ%Df[n4X[EFʻQzHfLg@mwZ.~ȴ.ó~P@KO7X0Ru0570yQ*31Z-3ۢ݀3r _x lҔ+2?Dz1BĜIކdk`v}&o?Ic&(;]_3h7$BVI"9.&DV|r y6$GANqQC z!l{H6ּ6ى<kNP:F.:?%& PZ{ݨ4>f?rp!jcU0 a9&3M]tyl=ZbL1ϯ ~: [&"l$%m#M#IV~Z4nxɁP5ނit^ ?Ä~ܿPab|.Oq@5oTi!xL*q!-("~/p?Z}'pgSIN]Z&SaU9zr@PFC1"3\ 퇮a9X`zH3R~ IT / 1{=| :qYP- >bC$"gl N}8;wl;X)Ml\ű3ܿ k6bՌ|@'k $1ڻy|d% g-exIyT@P~% ٛNLN'S`bgp8w>G(!L=lE49&+G[P`hX# 2X)yTmFR? %h=Kp"UiNdwz@Ut:uCJ׋fbƞcPg:z#RҊ~҆_ #7\QaqΏ7 X Q.0a(%hI]@?"> P!ZqsWA8}bܖqRn;XS]}AI)mZ5 Anamot{LZ`/[]#tiP\p= bIUдUrO>DZgk%[ub)*:m_6-vwJUDeh)_ k`ғ,R :x@5΃4`>L2b2E!>2Ɩur(|(9ӫYIEMRяiO{ϟhdvZ'HS_P1GڷӸ5PDB2ŷ;àR(RV~"v쏮0fW6O xAq_"n֠.D$ϤaTC˦@$Rk[I*70*>) eZJl8lQ4H/CY#7zSI=&W@#h0 у4/3$1!*At '( %>EHZoS7sg}B*YBXZ嫴X*FK$Na@q.Y3&/DmuhK%1ۭ>BQdΣPu+ӄ2_[ c,A w[Z>aE))ynZחFBKцa=))vIMQ"lޑla4 &=.jF[-dJӥ#)噿a tA@HRFT;@|7T[ MnIT@Dh[tZ'Ky.)juX^䆁x6Dvq?-kݒP- @/fEDzZƗaurSX BTGd P={ 򷌥{qgzff@Am+:,{+bRPZUС -&-=3'/n]6FE܊x4 ]vq-%+=&f>b/QS v& n.cdG1r`UT.07$!1UZj(zc[VT>‚1h)=6դQ`C`H 'H B<=đY٭ʪ|p ws;om~©dhcA,hOvU2 gI|AAթ޵cqS1qD /YMr&Jx "5q0?lgJ3U/5*xL|&FQ: [o"d-Rb:=fSd|hEO>߁V[~Ās ubTc?ó϶쬔t+2RaXd*Fд5e=iǶ:Ѫ0vW9x-Pڞ;*+u5v-P :8?{ICZ=+D^(ܾSD(i9C#+R[#+K֣NJz|%gq'uUӫ0h-+i7qҢY0=8D@h@+&J=L*nOaTtyX.&_Jayݡv[V>Sޢ?]RWB)gW V:7f$Y(2 ѝQl'&߽0$g; &]V>fPkk{8ux7x#SD 2,u39'!cm)Xo;$!Nʦ@TiO$I~ML]7OqJKDV}RFFft=S"iT3ĕܻ:-l1Y5SXpǖSJR7ĥNc$HK3 @ׯ+*(2@$duz Bc<ыmLD!dN5KOrJ$#j1Q=^,P"rY$St8<9)œ }Po&>;wd"-ӓ1@+PYH$v2}botQ $hXx9<2:jTCk]`QHƄPO{z̺sg GhF1'3@)~@e tVgE{ˇl;c˾~΀ [nS]e.(`vq ~ G%ne6&os崈:L覩VE:aն(I-EA=Jj#%FFaڝf#{{Jځ?2wEt4ԭkƖ 7F̆9aL;6 "@ڿ_ |dI?g' 0x[ʼnг ǿ-Oi`ˆnē҄]X=੿e8s0ګ"!8oW,R>SePta9~w!|=k,]8UlVB I;bxF5eahtށ/N.FfEF+"$'*ʖG#+8V[1 ƒ xY\l9m{/@ϯdqń N!˲47)`1m9 DBv|YxGLb*2ꏺf*&UniB,C|A[gʺiOJDX@AkG|ٜ ˗xԡt yIӓI]|Bb$Y[Đ}Ѩ,a)W,s_@$})G=hy}nP ?\RK}->Qf*:"eE^޶W/ьrw3Ms_P߷ -*O( &qJyt UWӈmJ؉Xx7!#{#J E4W etQT:8'v==Guه1 sA&?)$OR=C?84EOF N+P\3pwZ: %dMŌ@S?!4H> TQl <> w ֱHhgZ(ã\KPq`4Ek$0 ꦾ`?aqeYI]>{,lIȡ_ lA;=L="SױKU } !<Hd6$Z1wKkfjwז@*?p1iC&wWV!ǷgpW6%! 8w€H9s|4bϙugw:L%@-M^QA)nc5`7 "ғS(lL9mu\/W#A&t˭Q5a1P5:S'8oZn\Cxƈ\^2י#AHh cĐF3й8$lCҕ {$.N@m^{&DþfAie /YG Z4$jԳ!r?9njM! Kn(ݿ?FѤ^&ę^cYQO?3ƞn)u/8#1Dt&18P:{2 G !?5b>X:!zJaW|'lxe1,=(Jh*ȨIY"S)#u#]Զr&Kָw#0YK,豋8n0OɑVӹ(5iXZj /At^˕| 5 P}!aƉlH(U+BgWin>TYx;mxꓓ&.*`r#hY6AKT6+fpTj>M8Ļ!aol$b3DeƎj+<1UYDNk%pÑW?zZsԪ_QNk?~\02Ī3G{vPޫZR&5a}:w  ,ol3C.JgTӪc.P uۿ1. " ?q7XpQ*/t}v+Wdwmj[x4 |alާ^Wߋ1 55*!r5Ymᗯo֋Y  ߐz *Pl_:]ZF=ŃS|~ *Omx|%YVOLn>dM7ӭ҂ZIomFneЦ TB1ikT9F7,ǩPe"7i ${'![bӗB;KpgBXVJI@clT4-o-iǾ8Fza Vk ޥ_DF$hL~(|!H4'ڪ3RChzE><)GS> HU3eCks9&`OJBJqwHkP 5IўK;yE=B-V~~UJNFC- P]?"b=pCJs+'{Z:͌]64 ڱ?>w f?-ݛ_)&K9E $ɏ9Q*G4MmUVVH\I%nhvi\*p^տdëJer:"2p#U֚׈_L{/Ԉwi/Ŷ{|Fx ni!<(7]}Ȳ9DduuԲ˧5E'󪹳 tPn9%0mwfc5K)Ĺ~KTJs$11=uTD' դ^NӝoI(?x?=bZ˙ ~+7%siWA\ÇaX"urΗޡM?RMG|v2p+c f=#qR[5zSF琠`Ϙ)/ts_ R}tw+hOb'QS!ב~ 9sO͗l<_g\G=򧆷hfvO߭K8_`]K$ع[4gB ^muX{N}<̓|u%T7˵*5.Ծ; .N6qN}Elj@Q dݥ: "a_ɷ_•&ꀢ8"jJ)6LףHGϹ>sWֿf4EAIp(&4:PngDRE+fbb$[flyY^ST)Dќ&wS8[:6LhWuә1SZt`y|YDl8}\{὆'*4#duP y.^ mlTN0wYP,1A85Y*N L?&Ӭ^ճ3u?W3bGV_|4K5'`W.64ΐ`f_}[qW5_Esk!R)4|ч,U`_bM=##3l!1w1=q?Al}_,C$M3/'ѥL %[*$Txz m*oty>`S`Q/ۘu0jg.gt8s!&@S˖`wEM@KzWn [+||8Z g6`XZVB-}߫ѣJc.+6+ *HgyuL9lZR'<\^`++*gTi-O=pV^bJdq { 53u|327Fl%h2t171Tn.`egwCR@K$7"fY!*2E 4)$٭ÂA;{ -`mڟ\mM{0IZ3 ,6b"ȔVz?rQƬ!gcRDl<p-\{3 pUIYN͡O/7`Ď-Gck}][;hfPv?sU\5?ʁpX]uZp 0W^ChGl^3nؔzxHB2*1]z`C.ްZb1jN=Ybf¦ P￑W!vkY5VdWTJAP'y3cH.vS3yK ebT`1ڮXlQLNyՉ@oQ*D0BV?b@&&s%W6h 8' DE9Zjca40GSM,Nv.0[%ډna!phM/ԓi # Q>bf.6.։-5H !}cRu^X[$׬5av(Ξ'`'m2فqҁF{%L!F hRxuC/CkK!<@-zwt} < ߶c(]Dz)/ҥXfzap _NƧB}>* @B҅רs!cEhlh[Ws_NLwv,l-c}4֞TtEd~Qx2G{`emXBvϽ^uZȁL :pb[C'A*àjȯU/_prBAj^31׽mFEXUr[^'̺#geIi#KR\fA @~we#0)Sѱ|N9PI\oq"i#jC!*MZqGWu_6A[j9qX䭇K vmrEr9-> & 0̄5g$ͅ5Ԓm_cWXe%]Jy|~{?0'1cH+)C,iw5;LE3%o#0"!Z(?2‘:gڦKՂjd`k0_?n.!m9ʘBDȱ686alᢊY^#Y.qXe#U.sXI 74%G ֺn*KNjHk5g~E7*:`l؝dz$OCa4 \ʐ!l o/J=ydH ]Ne".3WbnG$)2(RyK6yM߯# St=Tyw{6)w ?F ņa_49*`bI=搽!BrP+l3݇KZIq-4So ׭[Z` Vx䒷ɺόz/WklևRO{IÐ՗f^] 1 S(9@D:鵳>'~s(hx TB0.u&fNv,7C nĹ{IM7shj(?7VXnHaR6sR8ƘO896鐏^O t=Cb)ld]ٍq%H K ~L1߄ "Tٜaf fA3ʅ*v$ց 2a왕²}v"n̚\_XiVd(vdG^)(j)İ eY#UN1l-mzi˧$H[ɰ~W}Jokא8wb%ԓة 8[Aq?a Wg|pF8xT$./RI[" Y5 SiL9|o]4v~ۍBq],i5 sK}ݐ 7s}UEiVqLvܒb(X205וҋlUG4Ng]=Fp~`t37u0Kg,:@>ա#~ܱ*ʎfגIț@y(H\IYUۇÐˤ(x\mSmqv]_4QnE,'jf&Ke@2aHgّ-ajOuOJ&f^]?߃_KJ!j&b+U`5#Trdr.Lܡ >GFSnrt؞Wl;7xfJ9@ѩIP ;Ovw02ncM&t+鯬E˼Gvo{?ԡ{^toi@KPuqSsHX USȆ0Ƕ^9ﷇ -P*Ҁ.y| [4!Wٿ  06W>=2!;8=$i^j Fuoh*rD"@*]q߁sWFCCnx^24ي.3$n4\u@25td+K:5zi))~oqA7Wx >=iHLzZ!_4(yV!"4~D(cE$A4=mIv@t"gP=R96Q/AeKP0 b o&-A|Q;$EkѨAf"*;.ko=$Α;#൑ s>ow!s7,EJ^{?@bpܜjMM֥pTJb΄P{ҵM0eknQssSFy%YtGQ[[(m0_&1ՕE좓0ڰ s%9r4EݵEve) g;{~0=2gz=K%X76$}kVj)@ x-z#$O] T<%6ZGhs J~%NNh`kŭyoq\()W(?q޺x NGg3V!E2TG֣74]gU3MJz7gkku׏5H9yiGdv ;_@l+X8ڒ)%p!3[d/ch!ilrc.PW)k~ltf?BTsx<3eEnӣUقs@@ ĥ}\Ûf?J'Faz,-.vknxTbܵ 'Fa?:%EqT~iEҍ^ƃ|R])M@D0Hw#;5_N|w׀!c>Z7:]ZKh_1FȖax`eN V)9^ iz9ջ&t*R:uUF*twr; b`ѱźKC}ڕN3 px ͎^#R B{/^n~Ҕ{Cp zKZڝvDE_bvk>qр?`C#^9=3%^g3VHzy ;}Gjml*E/8'"\>]0yn '%(b:x ^Z~Fdo1`Dkoϲ=S_BłsjE3ەy57s"EBAS}<hF˅C=^o\_ےF<4PnV\Ӽ% "ksux2CRh(0H;£aaI^rwĈnr'ٛ:q^LXMkM@惑'w S;bЉeRׅΛZ"1iQpz[]tbz^%MKxD fp.! 9쏘g۱`$9ȩnv]^O0S?->gGZc^:&cep2"v%f-aM(Rŝۙay-#9 )!J$ ѥAp(? ~PJg~y/ FY(UN?81`о ^J@D[+ZV6VH/QĢa -+X񷭌IgX߈c171WZy#rf&]*A YJ~1_$Ma3oۻ| ;JQGYFx0wW2Raw'O,w /  ʖx)/tQʼ,k317s|.G( xYO'fXYn䑑Y,YG j#g$Y]IA0"yOw>T̙p} FUfm 0)8*TP69>g{cYчn@Wezc?sQ(]S~t!o"dC+zlG/W* eBkTeF&f==^$,Am!ߠ] :ҧpt |wUSw]`<ӅPMGmֹqWK1RĒ[sXѸ3ew!vpwahpVxT$]c )Ov{%kCk.a$хR=7P$؜5 "`/ Aq!X&)mޓ.Ѹ)(5S%-i)dJ iѥ\\{z <MEr?!?ðN+JsM)$?0Z`Iyl$|Fe}:Zɘ([=KA,m1=dS qIK;G9Y9XP#,]f7Ô:6ϩ8]$G a>/k a8O:tnDVAJ$Ba-4@p/n*z*\95剴p~ְ~)?3 *nY.btBo^@Ҹ.~7OVZ>yioߊ-{π9[Ӿ (nk;1o&ɑ{֨:B3xX}%dSBUygA~9#5;)U`j>EVR%Kɦ$&r 1~]畚>vXx5>ˮ&HY!9r>#G-J9W#q`3itb`_僙F8ޡW ݻ"iE֑8heuXӨqqtAVv\s;&0|]){;wVq(Uąi"JMYǘ'.<յVaړ n{gT2;w8 Q j&bTf%:b&m x+}ے{WHE2e0+8z5 mdY?,hmz-">em#qrm5_拝RrNy/$ksY=E5ՠbqPH$ey7vC/Lhfݬ2u=0u! ًZgDɪ:_]}5K~bΙMP tCd1n_95]bP!kx)q34Zxd8(/2x>} Y(%ȸi"o}Uta;dt~J$qoUKSN/O7Q9l=`?^q.r$vc&DEΦt17gSowfc(-$_`Dtd`@HY|\}B HoQt9am3IBBL2:1hҕ2p!z$̓7f/$ 4|u[GVqŦtiy ജ9`NmeL,V >q:pYU+Pev@`(9zMeqؿ/2Sj?߀>kۧkGֵki%H0/ EEϛ:u 柁=`&!M@ EBmr "[8C4Hpl!އ̠Rs҇2䣅.7~`oU4NUV"]_M.YWIT_2'y؄X *)90h'ߧv$,Hq=;{IǨW~ӭ,{iv[QH-ƎlDͲ@ \%)^lH%oNBz}'fd0ґQܑͯ_O lShw1l :?\cN.e#f GJ77LBgau̦ag{/h bE ֝o*VyxV>U?˝=Hpu5ׅ#jO> 74Ք٢ylK)8RE.ÔYuFM /0|P!wG^+oފbvDwٕҙWph|K\\YVD5m{( ?x "z lيO(rS1 9 fGr1 n W~/<3":F yކg!KxiƺQRq7`V ,lICJǿDn6pғ4W feF]K#ue$dCpeV#W4Z% .|~1uc ,SPHU!C碰pF)AEWE\xX "sx4g{mXW 9(jWDF hF3o#y=T;QIcTNQ~)5L:j;Ҿ9l{GwIk[%c̟I _߀]CJ2/gH|)IC*+m ߎf% L?]88:f̕:e "f)yKΎUwaz`+M˸i2x !B ȍ;\1~"E-A΂1$/$K..eBTNrUait0I uiuW9 ~h(_s7=ŻKeuR--qyV/U6qǮP fЇV۪[ ?Oo#r_QaiвhasMZoaTdi+{t=A;ÙSg8/HƤwՍ=Q8sE^ Ȏſ=lGD<E/va"miwн?BsP?{(ց5vw#Ms05Li2gZ:v%;P\iLˬ&002PØ:GCŚ?Q=ߜ[&>zC>]{gr&w~loÈ&b_A-8yRBK&ƥΥ6l`+QJ*µς1'0aW\}:%'wu/܂q6T9ϭ€N;"h͍ru򦐯$YMuG&8{UQl+́dV͂ۨN^_8lʇ敵[ѳo]ٚC8ĎB `dw=x'tЉ՞0>h/+j#?8R 20yeBJ]t7&Dkw +f1Ұ_:KBbY臹?$֢-k u8h>Zr{>=\dX:AgERљvM!ө&m9La?TVO_s!@ #˭ivI@&]p>P?-OBh`ԺH|.#HIoWU{nE離id1@-| ώe;CJ'%ԢʺE,E #IdKK]e2#FӰAMOa)]h%duK/Ry^4NpUo7(tUy܂0V*K&LO=lx9#/߯Nj%~^sϼv\´n&)qFյ0J9CǙ(z6zvF0ʢ-ɣms-&=F[ʶaM(6#1,pDZh{itU~]Z@ͧf&Ħpe[+F`6Lc4jPy[" %"Z hik_{fMYiUkӓ>ͣN-4]rg'eg&ӳ^ߺ^Pe\yC.jY h-Ws?LtgTہG4GK ((h<+QW-t?0m=9"N#dCu_&73sJf"_YZv* ~l1 Q$EKW`NF'+ 4Xu-Lh?ώ>l,i- S3eoͲꈻ("IE&9E({Ǫ6՘FfEFzQ&ug_321h7,PXcRqED-St17"$Mn(la'E?fk/WgD+-ka=FsɅI@訄Ylt/)]5_&`%u,Z/ /wq'uhu`D!?}Ž͢ضmudܵt2@z(sń>}F^Ml @iKi؃ !s ݚɉC ,43sht&EL O̦P_T\ _·wp!6EY 9+yɔMWfex* Uu}G^iI$\*`qD+r m|b_uzp 8W'`IN9 NWjI)Rl;_N|賢^l] +̻QL-QĥGd>(1 ^ſ:)nY8 #Oy !4 rj! դ4Gľ==H㘮L[`N/s-Y=͊9 +q{rBXO3^4|eG |#|1Ioxc`C\T_K)OgLK S9: */^q%3Jsd륟צ'RRɟjDžebͼdMotBcTsg{ca'jʚwWR8/kJ4a ំ"!'n]_ Cߊ {3M٢oIŇBO}߉)Tڙ ʣ< eT"6_1}D ٜο7Bpl@ؘo%ٕWއB95$?uxlɫ1}4v.z[VM a0&|;1cn3\^M-vOȸemwV;mw'oO#7'i.ҷӲׄ *4 <@1(*zY" fՆq,])^LςdgG 1=Wpxy.-(uc W_JA+a:D#P)] @/KzD~1Ϗ+͐x^wISdzdి>Rj[HV9I!p(#E P:a{jþ=4.boQ0Tk @;)||OUup~^%8D7-̻Oq.(<M!X9:SW^ӕvHL>k~8=FeҥJeQYr0*B-nDx޿=-# !J2f7=z̞_[i,1y0+Rf7IcԹp/rmү~Wz 8!}t&i0HK+X}>(BX̭OCac#Ȣ?5lB+[= Ӥnnc|oi⺹Bb@ESPn!v>>l%gRqe^7cY !jP7[*1єs ѢjVW=I cYpUO,^=|3 '=zIccpk;Z Ύ'c5N;#?==yW׬Ѵnpl$&C&e(9$>;W6j?D_y._^N֝6TpO;C)yii <hr@OIr8(zz#nS hkQ4bؾ (|DyW82ֽN[&%u%k hG=vi›zxle+:`Rz.CyK;`L%8=xi>,W{(3h@H%愛S6bdVRGYQޡ4D#fmy͑v'\1OgfG;_9'N"ScspϺVM)vLi#r>cGAOlVF⫹*:/UU Q=K^.7+GiUZ"!'QZ uF(P&_RK)|8XT q2;6[/O2> ^V|ISR(jUQ.69jr0eFб*Q+qf6)wڭt0-pEzgFIq|&4 >C)|vcD^H,i`Z]ճrC,ǻr|~6[;&Aъ~/tК>m> TpFGp.ExBim!kM vT . *F}CL1xO'ƸyWjt*9RplOIy`%?ttNu99c3YW H8p<%i"[%=RRFR&[@%V He% UWڈ%Q`P97Q $8Z`q GqA]6hˮNr cpDP$Utnhs0. ɖ t 9w!s8 bA Ѹzr(K#tNH_˳zOW9-]n αXi]Z?+]BŪGN),c\/)#7hY|4 + IdSU;7KTfZV{ZG u2lߺLI:eɧ,E;n zѕ DSu*(ALBv~H%4 i>@AQՕKi&t,B:̳ܛ3{Sx1pTr {[BNmmikmتn3=ȑ,j=l)~ QQW p=_jecGewî]elx YI*1B46rԬ&i\NnieaIZk+Us!͇_V <]Ơ?7«Bf9ÁwsWo|N۱n-oh{7$x!䚺̔b0lHgc:5AU@ %qkæPJ&в$3Fr5 h&XH~ّ\m>jLgtC;i*)+훺6!P1*)2ili-_#Yz@iȭhfBˁ7qa˂QnB4)2.5gYl^s p; սk~ΧhFQ; F](Fu] Ve Q%St) aⁱCv#7̚ ဖ(,hŧ zSkegF!l-DZ&X:KpAKBa4;^>j [[~ /$fX*_U$$N0gFo7X٭&Ljx{%Vmr1[l3 q8 _Ytbk=*[J^b٭ .S:KW]lZS㢥+҇ Y}VIyzut…Ȍ ֟ .ׁ~BRrE I9dʔ<+o,:}9,2 c8^&੪i-oN&( ~;vYjc=NOpgӝA)a;F6vc[ZgXKmiZ2IaBu"2S49;)~GDe #Q ZS N{ cViz4G:ڬ}tZ}'!$ 0iC9-,S==cLWiFub;dlb̘Җ;dՉWEl!_֓$w])FıB6wwicpW#|o.?[x &ߊ=#276$oy>#u\cqbn`[* FZ<.E4׎hAyjP&h{lnv2g+A[aqX\OsbVRx.h28_]񜴁yԷ!RD7cVQkcX kAJmW`[0xz491P?5fH?wоz#w/jOjl~ԊmHo[zVDf eļEU~N]n'861'LF>, hML~CLKƉؓeGXl5lt|B3.([;_r;^QKٌ"%me^.lZkCgN,ahօ͒Y]6$" ?0/IܥI$QU8dUl2&.ԳLxҚr,o:y@AOBNzPB󣼨4/~/qkN˙?C,L^ԉ{B}wOֲ-a9YO]%U#5“ @ yw1kx ֔|&0xhNS}-PFZȪTU2z&Cxsْy u 񘙥ň/.3kon1bͤ,$siaۈV1(H s/f{>lDCrC\wMPu C :Y?z6'2Uw25\QF߀ ER3 's-T1芝7Z|7QQ[yd7K#>!m|5:'x: ~)8>h/߯ͪ룑)0t6 ^_{5H*y';~Ҡ<8 e,|\-毚k ,;RG Vd'|ާsZ/I|*"K)̤#mύ1~ xJꐚs$w]wFBdiU# "Wb$=M3݌k5ߧ4Uc9 ͝O㤣Kjt7lb>.$$ÉLm\= J4T/j@C r!d7%~Z{*3Qjl 7ƫ\oPQ0jE[B`ٕ?̌;fz`$K&"dߝ #{jcm2pEnϛ>zG]vnR·_[Q E¼_:Srhu@{Jmy>Cf1:ʯ"lķ=Ԩ`iLsp҂aZ.3_G֭^݀0ro56{m`6=6]`  ʎq:h^ Igq}Ra!J2?}u!IM'tDn?Xee(|\T ;IO՟IO&NR/K qs\?1fT@?ljg2 8kB "Hv0 YYMK%BN~NUU50Q-R"aG\*NQ_p`xV86_n qjRzaCzal]gu)/@O "|ip B595}X6L2jR܌^ FvƜ/W5eP[_~Q 0k-J;N7_[ndR0vN;W;^p6z,d%i2=vI:cs6''nxų+;9~gRS+YGGӽVKVh2\6aHwUvs:= ao &(ygxrd5쇀 >ՌXO;oYT;5eBn@À +HZ5H$.t]'YZ>$"BiHV.Jh2̽5XgCxΫTT*Կw[d^i YU1G8DytS#w"@gx:Xs͖ L0#P]!S>ta wÌd/8567>cwD0$7BTnbtwc]Q%̂P5dH`-秴rB;:O9TV- \Ww^Ȏӈ PCj8+63+9w5>Z4 c􇠿S&v%fD%G:;/P+qc+JT*)H&Dq>x3$KJXrsQbO;:$C)nVϮ#k,l̉|U-%]9*\%(BaEer,܇E7n޽K$z![,# _5 2 qO-d'wNy4ΟqJVmCklvvEX@jvV)ՑW>1.g*Od=L}G7c1T=C!zV/ژ@޻8)]n-o #_t?f($ %oXxNG{u&7[ s{G Ģ\"ϻB[pN6l0c?VeۆW@=MS&,P2kM q*Q^Ok,%?(;=㼅o#dPq/x@.Mp7 :fU-ɜ;YZ;*KhfKA\@J6GL6M(I['4[9mT5(?V(&l9ZC"L w*ˆZ :?%-Bʯr|ux >4!욱%^_53]sz#ؼCy\_<`KeCqH\Әv*v6j9K%8QO(nVTi %(Q1,J6]t kS!oݒWwD/Mjkf>ٞ[ءxxYw{Uߖ<~"fFy,#&& ךd֨ b՗eFЫ&xG[QSٽ+o M}_- tZ`0fˉSS?6s̙UH3Jo#K:{_z79rA@# 1* yF)?C58s>- K] ]bs]Zq yg!hYqC%1 v=;z"& ?F+l_=KT<~bg4R_aey\>M<Z)Ug`DoxS _R1*H{ ;tspSuNS*KP? M4#d^(6[T=IӬ9k =7lOq)z |iޣ[<+JtEmx65 'MlUW{:V$\}Q+ wI"fF9&>OF /\)݈9lw&?KqYzyG1@LG2~W ՛k]TEǽ|+9;= Q25 wd+8' < G>Ky.Q?fhruvdZ+%V#, %ߗf͚"ɻ= 6a_8FE]]Β99z}x皞Ъ o+,%RYD_CV֋Ҧ_Ur6zq? -?bcRG/ט1#S5>kƥ~/IlC B"#Q:0ˉśfw&+ /D6;Io!}L)\Pk )s~xeA4BQVHDM<& VE8FؾϛW-ÆBCظsYZpS-4ךIj)Umػ5nO'#O0??Vc6"=u0՟\Hv;D*tXN6_j|+S4*893pcmNvOm8Ur)6z[\6+0i1&ǯOue.]<bԆ z;÷VT=&l[Ty@i))BZLz #s4GmRI*սN]E BO7uAPx!n[;A1PDRLFB9<'";(^<+ avWVR_#> (|]"4\dKfR BfT G$u?y@CBO%R3`N\`P!;ڗxpYQqK yA ^BDJC&aiU;.QP 5#vcԗ`[}0"' ͒ 1&WVBң|;kAKXW/D pߟ7A 7+ihEo94ۍEa]#2) VOT`@w!e(PL=N,dBi~eE3 ބ4;)MYZkqxLm"ˁBW+?=68+Qa,#p&ߤd9qƵkeU\> OH֤BII\ys,>N ŗ#1`'^\0tbNS{.x~3evX F[P<{˺Z h uEh3 K?F-" b:Bxtp3Z@dz%R0f"-ͤhb6z9CMoWߩN7)|DM0Пw ңj4 ']cZŌ}N~O377 Y*zԓ"jZ6]B΍RLBZzփ_s5YA:ʙEZnotGtgy)-j͕,r}2@LЯzw[uƿsmmljb~dGzC.թs2Ud.5 7yҭx0Gij;=V뇒WǫHI ' e JG0er+5#ܿuWD=E5uO<`_zSq1> SVjp0pJzO슏[OQjE Hw|?X TrT #tjTwcRU;uEƨ ƲpL+Eq?F-w%}|RFji2x~v>3:@o)bqp#/Gm>.HȚqzv|omM_ؔZtԩ/V];j!F$㹎PHŕQ hEZCZ=wfII> lƘeUHDu&\yr3Gx>)k!uOGҪra wjaFUldB{?42rx7ߑܯQi։#J(G}bLkJ=nޚMir?#hIr@F)%,$<Lq=Dcj|1qedl?.l$;t3qwRJU 0XZqL]2O~<:9&H!'4vEoVe2Yb`ax9jgSt61̝B`)Q`/5 7^W`!b=\xgȷV5̂Y/ۑS95!ǫQ\<}҈[R>yOyn_8z5F~|6B+TD('Nh_wpA6zK/oRmu+xΧJ&v@-j{ Ls DUdXcS?v `u>vlf1 #ݩO- ":HeM[bnkŜKX!'H+zr_V8ܰ eW PàTBޚ8.oo ȥ ߑUrbK&Ԓ1?:?䳏3X+OJyRFZRW]ۏ 8fh[L#!ծp kihJ䧻OiIdϚbb1e72ۍt@3SvQ"zג==(}$^nAe~xG~ $ /Gk+@[ }W;qD9zOG%RϩУS5t9tf^ d9::n<荔jfDҶmmɲJ! 5'zZ&F OX}(Fd-{Bo襧l‡XPϞ%9.|*CӪHy'GHFK÷boU~¡4 WĽvVa~RK6\d9)as]%9K@[= mip>IH;a shّ;'#=XuTe7w :(`Ln DNͺ- 5BȾ'cnj|  {%_=I _GKx9{C=w mE"k}8re~AP@O}zQWK:n.пۨ'~y*훿xr/7m IKhDr*T/6xhnOu-ݵ 9$6̰~3LXѠsRKGd*P3\Y>Ò~XB i23ZH*Vq ?@F!o%F dr oL?W++,frCJ'Nf0C Z:kSvޕ9 &o'0jÅ~ضi (9/7N8=j39[C)7Tjh‘=1nȈzIإ*av#Ϲb*"d; `Z7~_GU7F"ӷVfD~EpfrP|VaE;~t&im{:y@WJDsmSu5!b|0Y]"L-6ٖ]rqM!:t#VՃq=cbԛ3ifihs%}?;K&A4g!@,a̔<:$oTh)˞?ʽ8+Ԧ\k2Õ7$eЮQ d/!^#My|&R @oIFUwx}.o;7s}'T!f1Oi9/hI8c¬3C^:YoĵsͩK V;*w(Kf@`yFǤ=P+wvPo9 }LjQ`M>ƒoߡ+SV7Nbwv )M; Z9`%_-в1}%.m_75 ; `o p|xK3\˄ ;څ%1Z3N[ffNfe$mjB(I!+VS.pӫj&j bdTm1a-9R^DG:/s T~ X I}|1 b hX_ԗ/O{hf؅Xbn"<쎴dȷofm@먏`Z}C9>Qh>'4G܁dOHƫ\t)*4-BwZLyu@ R TYŇghOn1~#hKp7zɄ[Iyw) uw-BQW` 0dQNt" Vl 8nްJ&(M{a.~>(feő9 #8:=K\"a{''`v:ZO3,تabdۏ@-D hbaM02z)Zm SGkq QW . E&>`;{N2_^wgL{E%e;ǣY;)Oɴ -tV Fo ^ q]k r1^"P:?|2O'"\z_hݏP:ƏTӁPI>ZRhNl 8\|jI[}Oɘ 0)tw%-1aOKVw^ IbZxr_NR&qN\ByڡDѥTzzQZ }k]@ Rs̐ÞԆBؠ ܝuA(,A.ʚqQ!86E𷶪Wa~bxDio?x1`\,PAϧP*kvԝ'q 0XEG7쾄^9 n ="#Oˤ5..t ,^e).Ó4s<Xm5L9.c22 ͞{a!OlB|CG{GVȠ[Lϸ4F هx/qdykc-ꝳ> טbUH-ۍc%+Am2Mn^XJ#Ta-R[̰{cNow#nzZeD-g4M-AXOewdíU;z,N zL7;v =p OKS _U\'Yœ8N 9Oie1 :NYeO2ϧM0 Z -o.'(/酧sV>h})GU7Wcʗ:8(M/MEXY{S(Ԫ@hgy'TfҒȍK_kh߹O,,'5hײ Ym뛧w,_B$H =מCJVnk izG!`}hoT3ESܐU*QAR; jL&*y=We&;4xbm/naQR4d"/P{yz؝b dV*ѵ[{~bS&@Cr;\tohvK=K}@QBK{=O+T잉꓾}j J'I֥%O/u^ +$btOe)³mV 0nC$2+v\k1Km9g&(!7XS j4s aA^eې/&|a>5RKAWdFlNK/:H; hQas#韓yYп8f"vkE0/_U푨I{iB8y6|#:} ֙C5 !Nѣ6=*x)(h䶍Tl5̧+(ήbqm掌_+(EqoS˯8kZ66kAE(r 3aőSvc8+X8KK6qunxNrˍm=y]8oNյ7c!&'_z¡υq /L q'EfGv)VdOE4nG2*9U ײpPɕՉv@u߾ql?7i N2| Mwi%-4y^ dGqX BD۝2d@~!J;o}6׵`p.dk(ZTdUu#tQ^|p}RZ]wAPй`c>B[-! Mf`7&Ð5g]zW܈vsMdr=0!ޢg8]i/~SH* ?Ed8۳g@O9Ex]}Spί`~j=,Kdn9 zX};<`h__m0yGŒg9,D--=ckFJt;4k}A_mһ(_0GSSo#O#XZ(VYP(ZC#5YvI5~"5rЬuڃn'r.O'-JYʹy%58NQ P荕g6O H*;w9UF1K~TkoZ<d,ʱ /9ZCZ=M<b-ώem/bu^i1#C"z]r?mz F.rA'1|En%vN<0LD76&7"cw9$>F(YU0K^")^iVWm`MCxFab\%D%D1Ha)LJ[F̏Sq oFZϭo:1A#T9Ma ( VxK^Qd\ؙ)Ed?@!U~}n)/Wն({,@HH|O;|fmا-d|2Xd laHRM~4*5)̓M16Cw|&\4(I[ е:FNԇ}U=xELPLz"َǾBl"&k}Utir=^ý+ZBѹӍ.a4o^7'i>// 㽽JM&'OӄUR%#,9F*_mjI;1E$V fFYm鋀 v?l"i/Xg!@x%7b\햀&֒okeãa}NUkztQ<& 96Z3Xeeij3NJFݨ & &mrel鞺zjh>[FLrU\n-(_ 3.w z? QʘԳ5TbHG[%Mk!>`aTK7⷗PE[0ڨ-ՁPtVž=</qhcXhu@'$lSt- &cvGSJI_y[ u%fx1K/ '-v}`oTM7h`&D(a80T-eT3:M?wt>{ Qt2TGfdFjM^~"n&Q6TMP`N$.qHh`/00}u*J{̲+ŋu'0wJǫ~Νϊ@|s9ai|,ggtFg[{*c$ȵdX}z {"A.6SayV;xtj& `: 6C<3 oo{ʄԓ3Sx4ED 3GNkɂ3dRސ:j~֓?vؕ1BmN{/&`^d-8(C7~)bE`Z6H<.f9X1icz˱$Bb߾hWG<t Tyjdq鼐!J@t*7ld|8kf7@|9}긴˦ua2V KЮ bb=}dEERAH-~0$ ^GmD;/XkM>+UnfՒ\fM|1,&~Hz}6"$%LLO%7ofX+ D4ϡ(|UK$i_W>mѵ%wH-oˈiCv5b?S;u?NDrJ2ہ<\=BL)=ȝۑcy9k u/55-]pUaW jwRwRɁI-?+p}CP~&F! d=c5ʍfϙJ6IYo|B͉!%g^/`\́P87DO!З/yڟʱ} VGl_Nt:e?ˢKdI8@Ȇ{l1OIU;6saY b>0DNWQyHm]x: A-X7qǃdju"ݹцUըL+%_Z˘IP޴æO1OϊF@(({?+U+˓5^垵XCoܟ,Q@ܐ,%K W+wep)RyF,Foc~xYǂ32FĔ[Ҍx"< ل@GqNpH4^6,SOM+D@ALP͓oچ@ `0Kxwh Sgagl@𻢻8IVP\ lQXpCQHqoظRo]maB]Cut:"̈k5.Ʒ.G;&]|/AT= uq>OtwsS 3dB!7t>:r;tJT[5ĠlII(OMCb ژ?:SkCb;To1#E4,Blp7>YGXTKEaVOSV4K:z)>\|N& c:m9Z̤*ǚU r >VJ[QJ49riJ?xa< :cSe"48i1>B2מĸ!R"vFlVN>?9?\pu)w}0z=MFҭmY'jÈB CɒP%;p  gnnq`PW:G y(c8F[ZXD58LwX Y@ օ:y:Յ.ڒبR@p1h1`@L4~XuA/,s<cxiZ[hI4;}l#&Q <o_K]-ԴZ}S2nuIWe 6kTj AE\JR]t© Am~c ăuIcyUL vilx==];<>Šb &%U)l_)D;lcAP䞁 .0XRkYkA@ѤB/MȍLTPXC4<%YC?n%|H. H{.tMȮ?ekJf'J4:] 0mF`"M0#lFӻM16uAQv (ҌCɾΊs]?\΁?@gA8!BHfc9Q$1Q6)e *u߀AEߺ˫``O-(_d#"M rσk(<O:ͲV]Ȭݔ0O~˦NV I8u62)rhd  8IEX.Q B>sB1@ V}ZiLwKo=v ߀OĬMAXb)ٞAVFS$4Lέ'Xt9gH?٦̌0;dM%ٯʛgE/!c8‰ l5״N4E?)1JʘTg 8jP7aC^܁nNX$df@/*Lxl[ 8O>篶=jZ@No0Z=d|?,~Dumߊ_SҶ]ؐEm<I戬"Qoǃ]ƣzxDvS:m"g%;Q'/A,&p&[Gp3#dѸ6Rr}AK)ƭWȳċ I)kjNV萉?萾U=x"t3$'u7^FxO&hG}{o|"s8N!N+cEGK exW?peqʨZ#wF#s@ dK/$^gBkHN^2080%XB˥. Bi-UT.|GJ fUJs5ӡ[! @'sJe^U>h@)քv\hKbJ6\KH;bj4́]<N伺3E, _ $"4 2ژw >jpsX x,`[q+!!*>4lu=H%0(•3.sޠ٭ KGC8Wt>k'rl0% ︟k~fm#k1 j>ֆx*"]8c%zfJѧl@ϓN^T sgU4'M^92 ȊȖ}4~T+5&z'ڡMCzf7H5G^gyԡGލC?[o}WS=3 Aui?#/ZLF*JT3K&,1lT䞛ŗ1S܆L>9xe4 o}6,Oq1),bexK|8-^[n.0)fq&$E%yu {% P\`qx= (nXe^6Vp`dKL|vH 9X[2ċ73I/Z).!ʕ~ lZ(yA<꿦Z$yWB~jζ-i^08r7P=,O*y@סER%rZvWw#YK0?gIv2ܢҰnqiH[ƕcV0K@׶oH,Ο{Gf811HMWLllu812Ly E1ĤΌJ$Ir0٘ws;֦ 9$~`AOd۞H88vOAWYCm.5u-/LQYڄ}t08,u!ӅXȠB+[ wF u ZNXzVrJ`!o6T!(A ,i>}.8Ң!TVdKE}M,Ԃ6`-rwM(WR)ʩX gp_T|EG x\Mnb3rG3 ;%\B/8P~sy)@6Mm"B8LX~X/t@T(sHKַkC]VE7GQOwP˿\݄@W\mlNSM iĶ(4EK,;ս6ܥa FFOў֙?(w=NH9I~ԗU8KX{T&9"y`IEMJ٠w+I) yI@y^ RX<&O@̐!]'OB{\y5:'EG0UWq~  b^D9A˪rl' O?#BhO<,DZrQل+#h'It5!7H'pT;WCUcO@Ϟ~,Xɻ_\;I& {-1jvYZ/ s\Dz8 }I%|.Ն#n4:X _~|5Ič1%ܢW׵dk|S.]xZ8dpra5_T,Qz)AgXm%wop`/+vب3*OTeoOLCRv k8v.jy @)4[ ᬤم.*/Dp-L׊._U2.U* EvDzi_MPh=-x׫%b.##r_Vh}0?YLrd\w'pWėϘ48FBYG؈t!',5;ȧT$sFݍ_FtbPuW7RJO9X~vEXM1hB(?Pǫw_qoYv0W@= CGSl.Hbbqpj{+i#j,Qfū<@z-xɩz&u[SrģzYVK?S@H)Zj֡6\w ]Ky77ܸ[GzYG |2c 1ֈ0}4x.c;uhyZtc3mOƪZpV/Kєn a!(.#/8Wt_tqߞv*Y3%mVe4o<}Q> zioXg~V|QJqKIy4㒘o\M(꛱J ?uhiho]> hڔ8΍ßAA/gwWiarV5ʴg{4%Sn$Q+ڗhY&'ޜߎB2P:t@y=vDqG-QxHSÌm6bH orr(@Y`EA}C 3Oq{ok#PynWjYg(ύ!2! |s6*i7R*5u@WNoE%J|pɶ Pf{-?/AqjEJ,]mćc,sSKCo0iBk=]MX~׎5Tr?lOϬ﬽C6W#xo{<=["A a։x.!Ah*Wu2i`9c@-SDo/bb+ܸl&d* <&Tvʶ 7 2O@sD|)lxV%5WޖV,}p},kա5G5{rTmدA2Cgc7FF ~PiYԑLu8y1Bc?i[V1p]z<^M * ÖJ H.*d[uФ8:7e7o:Z>E 3)迪І{us 7p1pR$º4u`u@\K"b)nh.y?Ǐz+$\!g%qrM,ʊ4{{ٽ|_aL6%Z@# )2m} .UINԅM'Ղ i4 bB2~AhrG )KRUxb .ݭaD%<$*Gȇ_,sW3Qŀ:`( Ւ&IWz\VSݬi埰qAì``C|w3g؁ms@EENl= e[mpI4t pֵOZc V@`y5m2~*o(OQX4̘M7 yI8W(xfxo^PsűϗSl wC=5?dwfONxeN<ϝ YABǼ7agG=Nj,JZx"h~V"/!^" T/x˄⋡Ъand@Z"Zdoo)q6+!X%%nrpΖOVp'VJ=foXSK'8)-^8}\1Q͈~JeMЈσgPͭ)bY)8W.aܒً%Q,lW9VNO(=:@* zVfGWIH. w(].z(f78i [GDÁva||LC-1bC+%R~bכ'p'Cᖊ,LϬJi[ 0pDh <\aG ] 1`wkc(-b]i1d@1ĎCT J5Ԉ5BmPPX$ޝvbHBA`l!O''c*5-aff{ '^C_te> $]_blQN-rf[O~7`~N %Y5;L{tv&G0(Q(%VìbxD"뙀y>r8nQq$Tl]ی}⓹4;{UW|Es5ZN1n6t!8;;/8t%y{}kB/CouY31/xMM@F#uc"yX[{q~eh+h/ OZѐ8/t\p4d337Xiso[POL`)Xh:wn4)\[&D RIE*xސu2~מu$^eRw>h_Kmϼ m{_6GV儭/ԞdəQaqB !c߷EөU>TkF8r橲RA^pQ9t]31aY^ j9D#[[W>*P.wݢYQdI _GYP! )G6A9$\7 Pnp4VrM#,:P08c܍4h]|3ѡ%R)}|FΜ_ 2Һ&^Uד)cR̉1AIr ~ەAq]t90-po2eZY {[nʩ~lȗ;t:mCs;wYu:F&^i<-[ycԧ_'6¨t[a[*g}ٕb~R)r&t%HC: !4"S]dw0=&c!^쾛Aw|>q0lk-\u{o;dI4_KD*`Qt3>qz57p8QHI"oe8;x0CY@d$[vSݼcc (.NEDnڻ-6B3Ue{%~@5hdGڪO[+ceL$}-ޅ6&qhp%Z'Y~Nfzj5΅xs+Z>]%`絽bVW g9/mZ_ qW  z 4fh2;?~,(9yTGk2,wO5 vք_z\OL" }T0ͱMQ浽ϺV)GJB8\*8 Obhu:Yk8W]+{r/_bξ`۵1.[PωHOBƧ6{-q8{_YyHAdĜG֠15 ujMsByo$ lИD ^/†` <r-6Ա7M{)dsο8pZF*duӒl wa]}HOkK`)k1PHdS)sX\9$$`pnq/"`+p-&R#~Aj27{`'+M3dd'^^.L0|=~a'=0;hVFw5_gklOnW&`H+IX"npXk@S% g&D$cy J=Ϭ߄q&>s2+`A/=쐹1kFrW*8+dk`;mG=&GG׻cҴcXRDt- ɞ8E2G:JesF7:DH>Id Ԓx8XxY;$:ɛD_;":w"*!@?w`=gkAӼ',ZpzEg4i(IF#*k7Ca|<{=3gVOiY: _Yhfu;{W 0YJus7f<ŇaQ$/Ncp#U!D5{J]ƒ:ּAUd>[r RBX˃4b.reWd.y{^Yى樫U|/w lTww`mt ǟRZG.H*˲U~tʼn*~HP3Kc?N6K.IrΚ_cwrT1Ns;ΊJ!Qo]•(T9Gj8c ٹ^bm %SmF{0"n4ܷ'3?_ql8vDk%L &G9,(O`]'"_/˼ë |͙NxVJo'{;l[yN]羄E 'F.Y{b&_VR$ ݢ\g8EBD@6Q*TΞRQlDl.8a.毥l.RHx_zEKÁ~d״D1"`)ނhāAMz78聄3 HcʋaUc&AcKzRLeK AiVrJB`<~uY ==#Cpw؀"D *{"O1AaٓHGٽ=ܭG L=dZ=`P?\%t¾P<{ ͛wh \*;M"Dxf.^A")j2"ci#(e~rGUXn#'p.<%C{A/.S3ak0/€) .jYɒn#yTCPuȘgW;]eL jA@YNؠ[!\Vө Zk)|Y,S5rL 5-*58'^*s:*@;-~bޱ#?q&JӊI6ʛRT &(UwVi&#-Y*;=A7}.rд' *=}%Æ-ˮ88W. Sem#(>6]^x?p o3즥E~s(/#ES ֣JеU7M[DԜgRЯ3lr!{4xs^MbR{pbe&As35\3 & vҀmCsS ##Ϛw45UkV?&t J Ay߫_MOϣm­G|Д)W$G+_[9)Q=m* h"&v\x8UI~V$8vQ/] k$@ӃHA*sCJOcg=b( @甲O'TCیgX(s5u 恝Hi+ /Yf(3]z>sLjiyfE]Kk0 AI_ByF–/OW搴~A|k1Z? WzQ4:B)M>o}[ -/`L~HjMy+~]Æ2SL920 hcδ9ew5P=f220\B%mT7 ,/ְu,*@7g'(HZYc*>6^tɽ>S఼y7҇ު4ggW_č44 ~r V"T*&YMWՋz!6ΠGgYgtq (LOǑühz{EBvs7*0gM݇$[s5(0<YÌ塆ԮYY8tջBj0)^7LX /T 书/srdc]WW>Ģڶіy ͎ۊcfҧs %06>ZeBNU(רÿ&񴝯S@z% v(2R .`D1aΔibWj0K*v)RDRѓ3p\O'g%bu=OEG8L~G9*Kt:pFu4Ĥ}w Y9V~T-q3qV,ӨˋKйD:?ׄZqaCL7 h9 j[ t mS"C8Bu#XUq̝n$sz$0:>\z= HZ @d @t6,hJ}u~^˟n=D>Ʒk ?GKoE9l\`j2Y?UN?S*c't Ϳ"uTR"+GȿoL}'H]5m(v(’i(XG|'E&://g 3 hWsdY7\g[H_䵧"-Qg6}ؑI=#j4MRHl5wj1Niy"h¦ Ԯ`M8d]G*݊ ]~Zne>U#0->rm\KJ%81:MP1E+p<76!T#ϘHnDEGoMJgЂzPy@S&b e7Ha<@}$ ͅ.؞`9EQJ#7k1R_M:0|v:cښ#O|]4.!\z#c51VTP8VzD'R<;?N!1UfTl30 J}Kҁ$ <0W'>QWF[^qN{4C35ajpuIBz%s@,Γ)s@-X#u ftN}9~5$9zIs7l!ȻF|I,y/!D'qq jjM`Yq; nWN:Ԗar:@6sy:)AY ᛽w>*DZJQK=l,+[K6 J) Saz 0'Lz; 1o:)qH2#@vg6`x1=o ؆1Zi=R]YQ)趽`U6b7 z 2m(Mȵ|HafXyJJKp$C3R\UΣ Ǒkeڝ־0R][-chQ-x\AOv4.T^!+S5L7 <%QbMQ糠Ǽ%X29( hFq Nfǒ#=LHN_9Nuު0_$Sb|y5(^AtywyA'ӪA-VG;@J3WE#*R&K_9U3^Nh[RA]jo?f݈UR]vOoyl߰"Ze*?" }5lzC Ґ؍GtDrw|&Rze]ÀVLȭnX%bzio!Fb<^>xAvUWKE%\J'޷RMqs/IBH,EbOBxcD{ 7i@D1l!6$mTIR.< \B?+ã۹%8͋1/u 3+j[bĜu%kv[ zs T'ӰſX7ǗhFiJ HZ?{uWh& SZȍMZ5,X4(k0^aUΔ*oP|-Q_'9q=+Vh6w(@>W5".i u=[IpiNTRKeJ4P\7 J>ZX яt&c~%&V'у:{(P~(\h |NB22wCB[ʟvgЃ 0\K,~E!ꯨ~+rc*ӂ9L'Oq[Ks8TqMh]™|U|㼮]L|x߻AsSw9vaY*jBـ談\H9 GW2?Vg+ح5+u +p^i؇=ꉋ7ukħH=v,h,jEO~gL9j47|t5 =cޭqXbfd M`,?H wCjX[XVD?mӐΧVV郮SJ q[+"B&5ޛ1\TV{>sf`M{ƕiUeR" @$o*~#?R W2Lf$ZKnDN^"4,}g5 F$V)~wJmŤbI$:u }뤶Ewc^(Җ+qD=@l["ZG3a]|P*N3H`\лiQr[iA/)~X[/Þ:Ȕ8@+a MGz5 &.:6~Z4 `o*=J-I#֕&T!<r5z/%?j@;ܕ!QFf &T^d/ P@7x0SA&ڱLHYB\ZzBK,pBJpn 0xY#́Z`"1~EV댡#?K jHkPH ^w$S'>qrHwfi&cpw!X>tWzZ Գtl fkLqGI Lדn j4Qg%҄Gbع*c;t*(3>X-p/ YW%n[D#0@ĉPj<?&.0qEggVjwt&SaLf"CG n}^[ouc -e@&nEkXnqhg=v_01ƾ8!smڞ07$c DI b}ҧɠ`,oKA1i9R7Rx}) ,V<Q!*|a;V};y v9s1dnMKڠXn9ӀkPyc gt1M'/3e.6C\xݽLK.kВbc)X>ގH~Z 4!7pbEU@(IysiI{Psg5QYԥO8M1ˆ1߽L~#C+ T_Thl_;7ĬXPp.wY0_/-eEzaQ1Dz-)+!=+`su v &V8!S`iBN>8&6l#=IR1UpJ(wjka8||Q\hu,T 쎢 X^lzrFwiBa\i{yA}<(fV0/%EqYDUn8,CGK3QVx/‚xF*@ei+Y^HZ#2dl|oUX=&(B% 4ȧ7"c; ,FЍ~,#;(WҪM⸎Wm>3ϩD{1:Y]a埌 ~}|1y4~MB*`;Z3`s4LAM-Eu@&k "_D!"NyѪ8/ ^0۠0S89M.\4Ϛײpw2r~\Fpt*fTIGUPN:1ɩ! ]48S;R)=|Z kG5y@ڇh_Q{KcVtQRD۞`1JbZ] )Ɔ9$7 $J ~=`^)H>΂UIv~Sw!%qyTtl@0C Ϝq{7C䊁`,#Ł&;M*톣ʤ_gE7n Bl"Gbo-9,Sn]1dq|jc\|1P3 yߍ}6je,δ`Rz*6 >cjiD!y\ ꧾU)eg&Lܢ! 3fDGǺ7riK2ۋjRU~(/Ԧ=#CwU¬rsub!`yb q E!:ݠnOۚ_~u=bfhy^o:@vafc?Ol`&HLƤ!/uӧ;c%bB_mIZefQV|.@oWSJbՊJ#C;1&+)YhX$FJ^JNQGtr^pLZKdKlFW>apsyոUG Ҁw̻:D8>椶 Uh(/2*\z%d=nbP.̭"%nE>G;U8ާJuҫᛮᮝsn:wWxE?]&@dZe)д&n(GNeA`J*5Jniij?A QMjo"n&Otm√ۦg_VB$Tɑ*h Oz1ŭ'ln~I&٩x9[k"k(0y{ jY`òp[G#Uڞ3hjj謨R/ndZB9m}d )Űu^\ؚNCVhi_Ayϴ2Jx+/N4aJ`plq6Ĭn͎&T| &`642J~KOSMgsSgP@X ;ҳvcsREa{mQ:(ANJ!]B 2P$@QT? -g/sBR_y\%#U p ЏOoq+|-3{_h'LlO;C2  Ʉl8&?nGt4O0`mA`>oZXo2hj)[0%60LL(H[Lws6n:m\S}+IKf6ZmZ' c^dzA' 6@4 (ɥF;DƊnӅ(US,DJfyFቚ ,_h.jFSGWY,&\DL9:#PYLCXjJ:E4&3gU^M*4;Oڝ,f6'YwΌn ɛ.Wy}8&ݷpD8p6V)%RaL ~ x]4o#x~(jٲ+¹ja? EjƩD$ MՏ a+c/9=TpqӗUնnK4yPhîɪMڝpڢ Z)%yio@0'qWQtJ.P>%6R/W{~JrmEcİY<-#gX ` Ra݂%.Y~Y[oE_g3]E=qM2חOr(u"Ycʄș:OSC%#.cHC"! P?Gz6_7 1ɸSHL<x&\S)ʚ!'GQ%]7pdktl(ߪBњƐwR B8e#4^D.gNł t@?S. V@*!DH'/ qXJ=mnD_l4%ӊ,`;D\1ӳa3]-*U@~x+e( Tw6ća96eOl>Rβǧ :_#M$<CHzK*ypM- 4|)x&7}鋽L<{^AId,*p(*+ [ۓӞX(A%tꚊr S;>URzn8_Tչ%XPgLZe ⷎ gdAS2;}eN.!-P m>4s>@=HgUKTni˞ U%gc/ Nem_me'.S`70|\M;{{*UG|Ry7شZ1.Ԁ285І#z'b r\ J81wܞ/$n/܅s*r:BX^_#Zj--1腠 K&hvR̪KGp^3 ֭>ȧ_8?nVP,R#|G ĥ!I-<{ $:Л>Rq0G\o0h7;nLݝ#{(Z'v2Zu.:w8'kz6%1hu<`AO\$+] x DV^L;ȑH.G+ee>yB UWH*C)˜{PV!Ξ7dJ 4%~W4YyL4#2oOfC&\F$x4*? \74Qoswz%[X~bKZlЀq@E b7IVݬ"]9ZE8`@ *L'>%UD} -G>1ͬ/ d+pvSuY1ļ=hw )qV~JPsG!Ǹ%վ vcm{d*定z.H]ıBgo3¹x)7jM.f3 "'lQJ_o(:;ȟ?*H{PQ?Ǔ]8lMϙ2ͰT';k!5j=ޗH-6 ~#3p e9AΈ VwZ˵4Yۣ .~gjͨD`;kMfܲh6GَB!B\>tF6H$eFn=;HVe+kFfeӱm2g]z&Y- &\AS2^Н0J&E^T#Ճ(Jhns|MA$!֚4 M~$/*Icjp A4q[)jE ĝSX{UVhf}3t쮷z9P4#9R!:֢#>1vtp1n+m0'Ajw8vg/6'Gu5lU/U1,_ƒ@th]-npe0sWn @5D+FV摹k|ɬ+8dGxҀq |+8G^LnYe>n%)Bf& Р61G'`c q8 -" qNazЖFJR%cuFbE*{΀T%{i]Bu{>탁1Ir :d!؂h/:7PHp=NA?,/"Zp ۅIQ.kGo@dkv*5a,9]E:1 k{^BEGg*t7v=Mp`,2nLƋifeሁL| ݯ}c4C]ΏR\,KDRE2x̯s7Г%LZ,d2V=قxkl g~kb?DE0ǘ*yIevp?#|( G5]O7N~CXKg&^D*g)GQ$4ȣ1R5LJַ^7M%si6vǎP9[iN׽͗ЪKV- [P;$ JA|Аs@$2 (UCx:zX6+>4ҟ,6+<:4yee9)"C1ue੻@2~ѳ+MpH~xiw3ׂ zK7#Sj+z 9<VΓl8*MEfk#rg3,F-Q6j}gfJ"ʷ[<"')?ÞX.0ýVAKVñR PI>XslsqIDoq@t) =G,&Z{U\cjyu>^*)uĈIYiuAeQ8o903 Q2AC a .b2̛0<֖3Q t>X}m=t2xU"g@zK[ WL@t Qr:T~A\wYcny誧G=s2PԄ3PYĺ,PD}KF{ hD %ې^Ž *JLFVCD Kx,J= ]/, #v"k9q_Y3ẺvuXWa5+/tf#T%_EϘlTs=7FfPAL1zvOZʹ0 \R.2d2z8h\uzp"Vd^() :KpՌU9KF3g)i@ȺFaKiNη-.RI$- ]'*֑"q&GVk& 5P}BI)z$˓T*QxK'ɚD!t"nRdw^g:bDő+0|k|}|&hs+(oˎ1 sg OL*._iH(2iiE&V~ªG-Q)>@O} 45 Q-iT*PK07\lGɧaR7 7K Őo "OLtavq/s :s!Hn!"u-\F® |X'c-.f=՛Mϼ G cB-7bG?wOnB0^Zq:xy? AQŇe.6HA~ilA&-lҿȋy)nJ2x|ǩ C5]LpۇBJGѹLyP*Fwψxp$2Kvͷ8O+ϰ"jzlo6+v^?%jc}n ǰ(c:5ݡ2 8T'/yu֌Q7Ɗ3Yœ]r]Q4S6+$_/ꊮas (Aԫ).7)|-f2FmЂj;T)mbZ *L LJ8JEYAsØAQi[Q=FACq2PkkN59J.W^`%r+Țb)*^l9VܑSXvdqrakxA\1NHsi2NJ==m"%JʈcG~! FZC*E\[ڼ0efnng.O|@!~aЭngY}0gb|_ע,8?S^ӧDU)yH Q)/ށC?:L5 jqPAJ,h?Vw"{'&/v1f~0ǘaIs3?hs3xݕAԇwPm$(TW'hWY\v} zGn.r "R҂QXPI^zw.lǘأ'BҀGDx":qŎC{؀Pr%8ȷ[占1&wf6.Tv<9> RQV#ē+I>Gб&p`v}h dLtT06b#|_.f$>],;jz*oDg&d>OB"V6K>S&VPBMN6yDNԕGj}{.4,OIe%wKi(; f-'ۃڨ~nW=2BpS:b/< ôKo:'(7[ 6<\uؒH|*5lx([ @uc(B4<$#N6=%6;?p>_%9#hN M 9z+=,暊 ,DI3O7'Zv+JMz澰[$l=GjzWJfYx.Lm Ӳ6funϯZ )(s7ص2n!>QyD8!_# -w$y1rM؁}$3 s^\ah0*#[)5_C*2e.Oh T,rʋohyXI~R(DGSM0Bai(ۏz:O167Ad)j\eٚ& 7~MHJ‘ G }67lQ#W4c$MT,Pgcdxƒፃesl`0w&+5>j:PiC-ˁ䶀 Wj!'&n!:77ߖ]CэGg&NWHo3ӘS')sSK br6B0J4Իy'Gz7RhIA^74JD(zrCYnatB ShW0#-MhY&lu #ɹVLIJ5 iӵbӹO_K IK>`\AGRMe FK8:k.!^(b1ƭ-9r5͛zvP7 yP῍Z>fI D]10L?/"wt[;4è5)j[mS՘_䏋QW0Z_|zP[WRjOL`;;0˗&^~01m@j7d:-}rh/TدP|t(~;>i]e% Q Q!]ÅXS^5]eR>N^rb6)Ǭ &'$ҍuxRMgsdkݲnnK P댔abN8 = DKGm+'&-qZRť}X?z6H mWa[4޹Y͛jM%% [ܖ\b0*ؤj+ .@vqqLc߶`u 1a[X̾=$k=XA- H(c[U{fv6Ld25#c;C 80hr{˻nx0^#4weLTcvh[H!Y棒)9W)%,#D2nWi cqZa~%UU60'\)rgiT!cׇ#FGc0P\x]RqQbܴʵ#@Ɗ29 2E1/[no(NYX iP43S3f5׶޲Yc|L&եLFb;9)ی4xL⎜ZM& GMw;1둔$v&+XXI?;aMv#u QSmr1h-F-w=FWQEGI|hM7F=/.lL Y'ˆڬxzծ3Y]eU˘zHkPA!_:| ; )yeeGS1aSK0<<7+`~j~,{㮛΀,f,~Eˉ~V~(GEI&wgq#y?L 'GL% A@1ϹS蔭1}J:%ߪt&\\WCfo,l>X)Xqi--xBkugA6Z[D lYK?P6; VBVXM7U=mߴ22۠n)CF#-;)eH6~Kóh߬2>g"{6@?H!eЙ`M|st젱(5j GM6F]G7), b=n]A vxEwo7ǃ-0  * J)#ө&@Ideo3{5wQ#ր =kae<10+?6f<*?NXȢDve7!E6%/6%*? ') mx ΪCW-I4zrT q┇uETu0cddT9ȟEDwĈ' ffCźj"cK id,:ԩ&=箞& %5g;Ff-J}wRL1& W>d(~-Mop u")&5P8FȄgbqs11&-I];=]5{A7:=-/@r•Z5Jw]>DLa0Cv#Ή: OdU`L NO۱d a[qAC>]xfx,1ih*6$KRvܒ`Db EX)9֤]V߈GK.ǰY2}_?=/ХPL!o u3TDfvChO7tfUƯpHmg9kكF#Y/-&AN[R \1žqʿ\1-~ۓHnf!/LsRPE=8VUtTEG 2T[dydߺT-ȔnC8ycm = #'h MjܪRFK1no~ ;D;I+:exq2ll5y~h_yg*m-]FU?wIAeNx䷿zfII%#~HEKvZ~EB+.]9Tfh_F[J,.W87Pۚ FeE x #RKLI5ӓۜ4??Ǔ$!w*媋-TPIȾ7yF]?C۹mm0WK"_[^O^:<2zGbkZ R2PSPC2򨭙7 k}+L@ɟé~85PgiM2S K>1'kQFz!XvwV =d(Niu YxX+Ʀ}b0 ǧu͡#]|#;r2&&ހ17.'V&Io_zRdN"Ǥڊӯ}<"|iHRBN]h|ݶ?i@eg ZS⬌.`t8cfLFo;vw 7,(U.iZ)uxӘ0!RalqurgoN(<l ٗbhHmvb)RzM֦9VuS0\N2`&FJG)WƲ|y&QwԃnNJV\TϹnTE[ TQG3AhB`1v,UJ~wT&x|u?DBI8 _NmpOBSJnxo@Q鼁JS(g kҸC"i]5Y% `*V"6"lk#I>4E_\ !> sVӥ23TђpTWʊ4^GxOj2 Pê] ?rܱKZ1A[xt:u9xR1N>ۗ-mo96ի\tV7>8%SwЖ-a&Apvdw^L^{(&?iڙ WּƝT|XCf1̟X Qc] 'qWV2H wqvxAE &>Q*`9Ah^5C#KUl}"1JF1yT sTLϛ41Yo&R&^_-._QUEqe-蹌,Xα(#;ܮfv{?I0UI8'k=* !^*PgK)K̪?EJEܕsUyhE0Sي3vN;X uE祲θzjB{b,uJRYK3AkZJ$3`B"$R^L{,OchU)I1$}giJ5ً87rmh^x+% )&7W=e*O`n mAͬSV% P%F0[4b]9_r=R&w0䙴%MVHD?Msl6(R\ۘv=3|r h|ː5A$ f͓X3KpS]vm42pzkfOj-"5"Ĺ{,0pFKY3 yO.75:#;1dQjѶ^ 4eԡ_& #_afF}+T8}cxz ('*ÊoR5O'/3^9\<\Z i_]'I+湉|Ă@ɑ:H,ٯ)cQmVqX7+W3OYot?֯ܧL$H,NӵLmF]ɔuz;Y?6k/^W V1?m%"M]J~0x̨3eT~Z Tz̭w {i'~or,$E*g\D '=Y)31ptc~˫" Zkg:|#a%mqWNJTG)wձˬꆥGZbzg_xd{&v[ES7 ۞Q4DJi:{5**Ǫq3eN|bL!d'l1 gR7w0t@- :i@T]x%pPe`RG5(㻽-\AXy ᚓVCԉVC*% ]e &ϏEx&RB;':sLs4L&1=>җAHOMn+Mŭ:(mS ]Ȝ U+.ůYK|3,oܝ|oNpN rNx#T*ɈVʗ{Ⲗvb2R =Ƨ{YCއ 8SvJ`ޯT/RDI)IW fL﹔e҉ *TKřx#|˩$&;L3lӸ)X.g Y+RNZNdY_Rˢe:1Un`9<,,v3ϸZAGbf FUFEօh\2B$}ap5?s ,t`Q-#VCnICZ׵}`4QЛNjڜLu]PO1yQz١/;KʷĚ^. c;F.8q+' Ng292k2Zͺm(d d=А5 'y P-06:sӏ ٤5:WF'qJc[mzOk {) ^1P#O/+ʗ}w6]`eqhQҼ*UCoAwptH{q M~dg!g-jzb{&)!7kt86Mžp=f_Tm3QA:.XY1]F'.0aֻ+A=) /Ff9{1IJz(=Aпq+磯%3ihɆLRlĖbM?1Dna{}١M U zEäIV׶Q@Su 0b?Z[g]M#Ԏ?+d). ѥ~IŎVYZy ɶx-/7M[u:I1ץY:̼uhK"%9C-UM3(`Š$ >叵b5'ZZ[\җ*a"aGh&\53YAq==vp:Vaɚv{nCM0VEĈdwrs3Zc28j_PRdN6b_cn0L5;'uƫk 'T#h?ajphؿCf9"S$d-$A{|^$íp"zA]mprR#@ю駇,wAGZ3pvm qD+%Tۧ*^;,$0<1y3?4B*a(ûsݗ5ԡjG0nx亰RU b WUP\Gؒ9gie*^=u=N${`fɫyX#Y7iIL)}8dlĊ:N|GSjϦC =ڀho$\4گ?oih$aYZ\i_q+Mx{iH>yxH>w=s 'ߥүLFKM)U*6MO>cADf;<kyϹ*ؙ:ڊ̽ Hzvyp7#CZc?25׍=;$f/_,hTc6^\D#lvꅋت!t;n]G01R{wGڐ/T#3ؽPTt 2'Y`}a=C=aȒR\(f $2`8d p; q*R底;Nz:x)X8]8ždM3=R* Qa"C68%VdHve,&_Y E`gjRM݊J ;Q:,%j[T e+ʪZn0j >En1-*:]Pxbս`en V-gf:MQPJW1Nɗ{\¬LK8RBywo]~W Z|ѧKNo=;b7/{!'a=[]H&YY~m\%d_*i<#Nc.iMY a]s7"E|g(f@OZ3˪D-J8z+q p)k;fs  oQR(xuV:a=2canQ@ JOnBq3z1YhHN&JH]I[<ߧiYIl'hd(ip4wOt\~W0H1lȡ->h)ڤdb5x,b' 6F(L=LdT>Q=}܍*]I=쩇wX›NՎI2K?^>jqhJ r=Uրe/w[}YB樃TE.;VΆ52>kה0c/- 읕הІMӤߕMT\<"{v#Ygbu#>aX(sSg'7 x>wPtOBlw@Ln#Bi}lkPL;Zx^fe'~eL5t'[v\(;M,A֩2% [M;dKO9v}@Wno+EŸ/R4% Kfo\_*NdxG, |Pq,f!RF1 9w$9ݹl&1(Gy`Rb/AJ{'[(Ǚ!3Hdx(OE_B;X{~%&~m??Oc+4u/h[~Li@?1<4-, ,Yr΀ RJ+Y\y##镣$>mssh')4y hYd„2k?/K^{\&7A~bM /xT8j1^TVLXވ#| +~Sn [T9.T܅l$Zb_uIZW,+d&I|B2䷞DȄrS Ԡa%07OjHbWmg_Z,䪺N /ai zuC,#C[DOeI?RCͤOMmZ6#5 M}G`A(}y\OĶstulbq:k"MU5JU wF֙ىGO'[k^RQ8P&")@pwH#|D&3+ 0Iltcy MޭVI(Yrqj+B[0hxfTJ Kk+f^lhh4SPJaD8K'6qyk , YxPD.Co_Zʦ#~CLD5hfِ wʮ bo=;qI$)Nj:s8:\!]rw9 m? ɇ^"6ٲ3ȿ/=%$z͚~X{?=Wm9;>'#5LjrfcTμ&"\g(Ԋխ殾 Rd؇+{5˛RMt\O^=.^Ifͱ6zվKg$xW~6 #[/sW P!c8cٿ"wv$ {pMWcpQ%6ebBeV<;/_6Hg~ Q)-㵋nrhGʊ\=ɛ Ҩ%68- l`2Fq]-/AAB *܉  JLYG!}yPPfEqx¿T9_pâKq6y~LΪe s,~Gf}pB6.6biA6|ɦ,թE?0"@Y+c٢%+:HFrix/T f8;DRc)y["CaBUP.lW2G[-&4a+!үY97R&,nT/4%cF*cI2K FtBMYY=UmunG:6ԩ3Z4ShP'! K+`ۢP|\qX2Vq%0le# g  ˅ ݏ} +@r]u؝Q x-{0ʺ)"S[;:\o .bH@1e:MbzXiztt5slv˕ڿtT&b֓+oK48e K< V "ic-(k ƈ:w-IpAs PJng(.⿴FO}*uZMF8:VDn1d֬;!y M?Dゖ(m DY4b:\}ώ=m+`42FY9#QI,`3 fjfG',\{zM%?Q;>VTN!}:Hݽ# p"FxO*! gRcCqa30t0 CAy"F95[X@@E5òkQ>G\Pݥ˕ͽu$1-)۸"[i`v @1ea5~Z\JO i19ўW=Atڼ N**O% `PHphmbh MD3_ 8f64QbF.O_BH1<AmC?ѹ6do/PSw$@Rb!"w ~5±GO5~cJ0B:2j Q2B`NǝHPv#s^|\]&XL'SKZRψ8IȖui}BؐB9!)ƾ^L8`=:rVRiH5Il:Jp5?#6 `b X0q`n3T!Ά%՘,A? SQ)ӆ"â M"6kݘ2l_cvmQwA:5/0woXΜ7joj'x4 /\8ogf`wi.ˊy4kWcy)jmyEDCӸE^0W嬀*$O#D/Cp7N;dWMɨD%1 .jKַ2Wn2xC!F 77:fDht /Z qPʶ\7-'d 8q5ܒ jYoh1 l(}ȮjZb&?"+tI,@Cb@=!3-X䈚Aws* d[na?äX*/b6ZjO]Կڜy?@BFz b [!Vi8GΆT >7α>[Mfw,Cl}D5Ņ%0-,BIr)TBedd dՅPLg.PC^nt'9:!^ҪցbqkouUMFgȆ{X~?I/B_6j lpb.EegR\O;ߤ $KZlY{U(z/Bi4*w}} ]dy $4X7 ևA^m䵅G^GlXeV 諅ewQ{U`8QGU*ΩB #+fdnt FW2J.Mx mčMb@ 2[Po +_B0ƗĴ~Z!lͤj3F,~b,TʦWtӣsR=%sv/wPz+ۋ EOBe$b1;{-!*RpްO9"m :8zRQAk/ҟ%aFaEqtJv̵/ﳻlA,:sK%s^^AVMz1/E:~//4.yv `OR:B-] S2$b3|k Sx}91߄DaD@ˋAZ5"rFT/bo'3BFS{a(<;z0)_`u{'܀; +p&"o&1aaC|Z׉ 'KPWcZݞ a]NH$u{%*t)5Ep['3a0]AA&w5Dt,#HqsɴǛ״QZ N$dD_w v.T9RLr6dݿW)l-H(2 js.a~~1t)FKx~L,yWk|_1ZA>F6n9 q-Ц*Uױ452V{]V[]lF^h>^#wٽy7HBa3L~DȘ!UUV鸈˿SFYr~FCñmXMPz*Ԇ "&MQ%}8֧ yg0,XאYH?Yr7O7 R@"Tзy:F'uWB9>E~ZB2J|sWg E|Tՠ|"*T6bl$ &S7j2yX5=J7Zv35ٻo(}KhKY8Ge[IpҖ3&Fh.kg$9M)ݐ5j"iBݴph_^9E״6Y 0ᴼ?۩5^r!g{µ\o2[ !όTԨ˭g3K%WȯH) ,IuN-`ߦB@ A9{}Ww]{Fȸ|:fZ J}hfŪK7BbtڎnG6((l$z47yv D'04GRI;̢K(#5փ.b m-B#pQ:E{Uv0I@-OT|+dor Ǟ~͍`0΁x׾y)w _(q@)}Q/8m2RƄS@7ڛ H6]%zڞ-dq.\Al ޖH&s9H],j5=t b` o<{Hk*ђ#ɼqJGF^.0K MqC ن:DR߳ڨSgM! IM+F?o#$VǸ0+M@6J sYl ]ʞ)gтzCG*΅B$[o"erWCXb'ƘXG`w%ȀP1'dhm 29!];zX)HY-K4o LiVO&k5t7!!i_9#s#aa8:BLlt&8kһQ3xU{!'khȀvrIYfW@)sx$h!Y‘m|)ͶAvޅe{jY$N봄r"ֻ;ع0't^>ė'ZB,CDam{lP}Z|奘d(=_+s`**1ԞYCGX[-t7 rn(b-Y{\3%@ x$RiCvxBfBbJ}~u΋u^+݄:9&(&֡HQ DShS4g,:-q\`H8BgizbQ^7Б}qF$y>Cb6Χh]$ͩ >f{W TӔ o߶OB;Qvc"N=6yfʆX'.-mc)(Yg}5|IppҿYUrwPt :I\V G]4i<_ Hp.".b]_c띵=oF! *AѴܟ)cnۤR(~{ iU2D7cԀdqHDֈNVڰ[. 4<fd ߡY$&UR<=3fķÙ"w7(7.%N]TZW?"%=G2rŵD?qPKmRZT*ݫMI>+A@bB YBt3HI*iV`N:>R'4'_ /4n߹iqDInjd)RUkQ=O!?63؄m>?sBl+k}ulȨ链}jF[>Nrx2ȩ# u~WqMUk'J O̪qMH ժA:8K[*[ :5>KS5##FIg%_m̙}j[^\2-cEry= LNᕿ\[nI4`Km zs յEvb#V=)LY0/ݕdUޯSGM@ockFNBguA6+Cm3^S#iEK!̂ޙYMW#nN}sܣœ2)h;w 2S''xn(*USlqhыMn1g3&39kC\31DېN!X}\L@B7V-SZ?+T3v1 _6NFZ  ɨ3%$~ի hm [r푉(vb$>\T:hNS>DigK"kMi*>Akk+w%>Zu[qM84:`c;؍=:w-*šEPȁn}~wi=Tk;R71m%џ"HyuIϪH˃~'8L +MfJ̰K52`:?T%PHJV%aFIY@Wl}zP'|f5˳6=9+ئky3+SV!WYD6tZ}ւx}0P&-!vd2d㒤z #-@ Yg|B>Ÿ\!{bl5?sr&eK`lVrm aO`e Kó 8&Mڐ2}3VBV' NBzGaGPt< Y~^a(3IwxBE?x Kܽ 8iw)ыP8l!V*H:f'=n<UbE."L )M4P {FDk!e iDh"t5 d6㢏4Pz} [}b ]1~D>l+MBOX}acաPۻ$*=R-_})_~Wz$` 2#$:yIr%ƒ}ڋG`.h\i1ʯiWgΊeLB/ T:{; K^Evx&QRlPj7 " |uw(;,{ޅ5d` AICkwEY+t+KUS~0t;R)cok8# Irm|@ZA; *2zbCt+$F[b2G+=r^1Zf2fg5+į`..J[0_w^ ۵ X 5.#N@4>"h иPGr )o ~dZ,׆44RerGjt~46 Zi6E@-Z=\9ّws0P;2s!*he4 LcdȜ ב/Tݺȣ$0 eGUa&i@_|uiq|@;5T,X_5{6ҊP۵ˡYDV=lB:C:L|Vmr? 1ЏoG쵋RcZ!ԽSz O0(\fi9h[lҼs.BӇwwnWwY?U>z2JŎ43D0}/\^ 1"*m8i%bZ{ҡ.!Y؅ i(I[R1wxΫB4MI Ãgׄ\9VY4zǧEYzBu4 [-jDGSOjXt :!(9?S0ᜃDK;ǯ[cS>3w fLS!r7ђae4u?ᒙ+\+9})!# u{ %7ZJ#a]P(O"'O^m9[Sv{k (AfLT\V&lGbctUť%nR߷UL6C^ (w(Fo7+S ٵ2Ԃ1%<*pd4xNa+^D^uql'{&r]@&@WOORV@ڦ\E"t?LPa+I{:ЬM DzNBtyCdNA) {+m!Z.3ɮuK@K)/uqpRäKgH Ǡkb!)WzزWՒgDح *ybZp|[}^^@q%z/-<8zyH4E׀rUL!(z^ D:PLGF#:)Tݱ=5>bU䶲z! 6b:71YqH@&ȥJ9& xJ◧Tכۦ"Hzre&!+.#^N"A4Ai/Y[juu<[ 2w v{jH&4kC Uz#iP$.Lag 3_ &w܍K;g%;B`<q6IճA1gt/At0  g(j0]ylG(A'ޯ_t/4E W|tlGC~&LwyBg M[|E_|*f%.=kEsߟ_?3 GDx8+)I]w)@y`\K$;A5M*?MKZ29%QzH(T7pvM$#:`8ލfC:2g1#v1^ ؚY[ c54ҘzQ4c8`XutO(_c'dsP MPIR`O-[I215FDi1^1wpM|jFl#X'./^;f"CBVnsf@u k8Z^fᵪþb%y'ay 9bE\uͷD?4K*oH.[-jY:)1dUxnOS @d),j'IzW /^Ą#0n|"$(qڣSp3$Y-ב9 SVhX&Q=ƖݳF*A~]t%}W(5[dY*dOiaS|vݮ`Ҡ*T%(83t߫UHXܿe1P!YfM 6z- ҅B+{kÁa{Ϩt?Z`r4 tE5&]EUv9 @*X>TP ;C}qz8@EJ+Yɢ#|b{!⚨eH"cÙ:ӋrqHb{kH' yQ;-m]x/4A~Fv>BkgegOඤNO&|"̉ Om6 6^u)++ܜTu'xo6<{b^\ސVۤkp>/vsk5 ma\e=|d=R70`oɻΗ8rIߤvm'J(ȔܓcOʘL.`cyDIT}[K`PllW=ޘ$XrK4 bp-xx.G0rqJsh;_7a (|[C5.NS`:[]Z-qxwQжj-8r/w4[mx6hX48"㥪`TzK'cDL]bDFji;#̰(8߽377tηl`~~S9yl[{D))i5CavPHx;z-q9}*;7?DAIjѝ V1\I~I(fJTNIr\6'67If!YHcmw(%l؎îPy]kʅ.je-K;P. kGf'%"2s3X>]!HK(?T`kϐϙXT { rMpnіj5#/ZBZw=c+酊eF^{GbH[!27U*QK#W$ۿ=xa&S^ץ6Fg?Jhr\RN~JjP7n#s^$ʅǭ əlv*mZĖ8:g|uY*dkedE fd{jqbgVFy}+7JCYu g>/:9QI p$䕭T>gQ &yDb/3(➱91R݁2\Qcָo34;|8}v,>I X9^//Ѓ9D'le/F?tw S6ޕ@Urz͗V?5fH?bIhɚF y7p$|Kyd{px8%s 8 < {`DbI7"<ّfg1c}]5kpJz??Zu)GC7qw& y\&o҂/oL9@-%( ۵Z]`~7͂R7YOD]Gèu&+Υ9 W[ aivǨuldyآ.ʕ_AHL0wgVr(/X܇$Ļ[p3H!oXؓ΃}6S?̌o$GE0#!keBsh|h;/j-6+](X(W,{vR'ŨcL~^#HK+tIgZϏCoz ϓT#|YH>WU] rhmb1E"IV8s_x>7թ4XVRo!Q$Vw,θr-aYSy203v%_,/>nVeFE$ 4--3tó;TB" ,F~ V.fDLHlO ڄ׌@ E:Cꚾ ZZ%Å @) ,o]*  N`Gת,@Fkwۛj&,ft{Sb ktBd V&b`W&/}Dc/'EQM -*F7[STр#{!sܚi/|klq_-.:;SdPnZfY,/#]uƚoX޻/^,F"خ:ɂ{6ۺpㄠ*+VSՍ6Aśw Qi>dYjWaM#7e$@ېܡd@^Q zwwo{uV/1hg 7Tl&an e_^>Q+ʳCM3ҝ}N&_5DLFXӭF?mG&Y2]MDB G/F "Ye.3>2#ZI]ffNww1p8Pk3Ńˎ95"NTckE066Hi[l}Fòh8X2wkۧD}r{>0g0E,}A2N .g $ CjS&yaş4 vd;@[)  ;&2BMqP;dT̳?$C.Qb(xLx]jȍn)t9aKE]B]XGǵq{3kh Hr|8YW`$E[X=^ t?Pl^+D7k7 6NE+.ӃW(}5A5!suǜT꧍@El] \Pkћ`CLtxdܿRU\9 |RP'Ny7әaG%87{vEb.rݪByPͻIhꩤ4[ 9Dv3(suHRy?웋H4ȗfx[wY< YVrL9op4TNZ %z4RpqGI/i۳JG7m\xI1;@D;`|52jxD!˛)ƃx}ţx@6RR'Eu=@ށ,9q]"V)Z vpSq s°38DvݘALve`\p+I/w$~d R1`1I2W&_r& cBXnZ=$[ =:ٖ &OXVؤԽu#wXXX“~g8.J1b&wɈE+Քˠd`DiH8}*#3jaEkZ6ƥ0MeXpe24=\muoMa@a`/zיژgBW<ӳɿ\$|TS7XFѭyb6KU?v5j<-5Li:Q5aew &Se@/J9t* зE*MME&5= X^# >g-EKJIps[ 'iJ~ ּz4;|?ƖmOl(@C)+o>;cCcWPCϨe!?fkV_bz0nnt+{Z$+yqœ 8voAU}7[pX'ow$4!2Inmz"oāۍK?r%viƱES$1 6yO3ߕ-@$@$g^ DzW35͘P.FS*0h<Iπ#gKFv[ ͸-쟡&TDݻ@Y-v} VSm1s?<;H6#<)O'W"Co6lVs)ɒ9Kq1Fg^c:0{ˤmX&aBv˯Y+̡tє2̣D,19SNWF/˷ZV5BVfnڐktKjTTeiń=:U}?bCډZm88dTA ![!${jmQNmJE] /KÛ7Xj,1L}d8rtI~=AKyxϲ"LD8 ]-J|ó+NyZd,GP. U2x̓ L!uš6.=# x%6(ߔQSqSW W(.p"S203 [cJzZ[cܬO o 4L6x>1uXJ_hW7s! h{fK !twnFcmn)(JK^3 jA)7G6Qw-16$s@E[GrKژm&TJ7[BӪf^cW>Hnڅ{h~ZܰQ`XJ8syL=kjxŸBtQ'ݐZG"h@qYȒW򥙘3'sV";k?7f|W7DD_ p\(0NX,T#BPPWDTL2r`js/Y-o{s-]mW I"Pr>uP8<!K(Q' ۠z'5e5tJ*ô0k/6`ay3 ^1I ѽ0-dmy:e n3U*&gU<9e5v2c`[ܿDN{C*-i 5MGXՓjrۺ= ȕsstDnYNjD%WȪTW0#QP1lNL `Ko$ _;mJo~qB3y5iYz:ІH>fؘWȶUfEM)RW7ijL[͔6;rBib qH`R>$ LWtͬ ͩArQ>n;Pnj<$3c.a~_s%`a#yw\NI/"HFXf.g^($Sǁ>&Qu3zrچOl>Kd:>$#>%YWsJ}!MCo*s;2PvYx8(e0oal3#W>Lŀ 0 0UUj4FP1o6/,DFZ:tt˖{r$+'lq V[([W~M,0*GcW!B?}(% ]`:S{K5pnFoEHxӳwqQϧVS7+#WԗQlԞ ;!yނ;w:9.5NPO@nAS5k:t .ONa.撐_"LM=OE3(Geku˵>;w$_TD.v i\(u3m-O $JcںjDR>u!|HiR|Z+_\bWap JMpYSe2׳}〮{gCz[n~kƶcm7As> 速jV}0x?_Y;ũND@x17 bwT1u _ڎ#V%Y#C)<'/6^&4| y [V!g-J_.򘿉|lB",IxGA>8梫4[leܭxS8.Ť^NɄaW>_Yn'"a47:59z4b.ͫ1'k{,(GTyg%yW 'y+EnvUƒId 4VO "G}J:3g8/7OwyًZtY [!.`qTAUѸGDKlJYPp}ᑂ"_wDr:u, ֻĂceHwZ7P^i~a$X".-l;b»V3 KOil[^'*'yCu:7CLwJ>C7Y# ō =1= 2qo0t*K#@b@~7o$pTgX?wlo ykG R|6.(TK6EH!ecKԷׅI#Z{8L'|XEhM)gzϒtRdȚeܾKHod6GuT8amB !Ahoۡ/SX]:fL (30B՟UD0ތzExG}e[qQ)]ȯct7JWTh l1Iuۙ mbQUSΗ(͖ƈ/_A-Z遜mE;G'/ h@wS`Iq^ +.ދ!lw .=QhnƷ49O^@=SBt;C%p%[Ditg:A{ ٥|u"7%Y2=7)$-S[*'eMO_3$5vk!s&4vdMbxF<=0Op]<(B(i>"ZZ/ g (aċ%ܑPj!n8|O~eRDz7&XML'hq YK!iwɄ E׆e@ b]? l ѽlY1)p*Xh;h{4|)g{]BE'F q\|1zKIΌ;0v Dbqz$.1ΒG e/>g`E~vr7c |v ȘxHwKy8/ab0nQhN뛚|R0"Rx}e(>=|/8K)E9^, $ Ӏ~Ň0?rTyʽԪ ́mFr;[(ڗ9Z^8k-@K(( ȗ\MK ꨟZ +Hbp꯾|.B#)X/K .~:Kgk "Y@JnYhKpb*$@4^w,2wŰ$mSg#\uQi@$, 5L!1@¢>:p3LnzvW}F/Z'̈́mͨ1@~+/v=H2ѻߍ =^:ϋ1#^(_H8z2X 19s0Mp"tۢz2Ae{ܣƒV ;]H~'t~&u7şX̩+9x3՛mƯFXxZEaVgth ws]YHpr)(2H%b/ڡ6\HBZS,>Mf6TVL:J=?W6ZV 9HeC$%_\&1ۺ8Ň瑺W_AYVӷ2侫=NIф.Ջt-\ʨ9hxJWD:.gt7DbyMf?R$zB3 89|6{V}U;7@ 9p0&CZqABb5.}rOoWɨL=IBHZܘJ!p}eL*HsϥۛYdǿU nŔ?#`j|v?vH `|Y2.! ߊ>G-cO52H<UMTf~&#]A2B@oë.BZG%G"CM>#+%qI^1OtxBfvݭ-ܳǢ`d': qGfz)`DbydY2*dN9f{"@R!;סY+RR^)w2|zPj%-c#ZP, s]D's>)$C p]NxUe ϼ#)h²M3LFN1RP6?l tc % *|`rqJg`/J3:C.:0Wm.P)amAGK ct{0Ny>Rܦ@2zIGQͺ.A րP56cպv l͜?,Y:\7mfo>{޻_V`FJja{’>:q qZpnIb~߷Gʥk UVCrb%e ^ ?;[$}rb[Eg li5t M; ʏv[{cR6Tfh-|Bh1`To]i}3ݼ߇yn/3!MM|H9+⅝A>Z Nha6G_kK zL9Wh~Ox};Z 5u@A,Wj+bb9-i0(;[s;g!/qŧJte٩ވ!ЃKJݯh@娔4|CITt(u@1drגFB\FPf^s93zQߵ v ,9gpwY ;_t_܌LQ;!5wuR,=D}!_}vr3=9x APLgP=ae't-$˺#H [n+z EA𯈕wa?']FHANRS\e }>hn#}'p{ qsfXAYPD\_{TՌ!$ 7'0UP(`mkNDK>?<4().WDN4)T}BB{\`sb[UW}d`ĘvȽ#k̾N0}:pJ~ߎ%~F7nDz OQ=nfMP4 8g@D^S:(Q+\uFIA^H -yh1"\ܛ>l(YY fǚ3/GW~å: h2ݘ}gU QkV/򎥔~g\vN1TɷF XT׾T\n [3gI`# O -àUZ´98G֚-h@"!aD"105|j lN6Ѐ;€4@;4jk 1dDw˽4.6b :;|y pSUtn'cvpi ]R=> #_',-rtCzqUz` w~:K&j+XM8p֬+5;X|֡n"xq9u_n .C5]cMZYVybu3yokG}`N{LdSa }k[Ἒ\+TY\ip Xӌ <XBOw#DP_c$X9_j.bj.?~w4(WhN_qilh2zk#>]c1"Nkӊߎ @B15k8d >P'("*h4Dg ) _Rzk~*܆ma3?wa֤%j+i/. 5sXXFKcRh@~CMKh6yhgN|\G`um)KKƈ]?rgư^bȤd`LdE35@_Z8UòBu̫|yYY2#Pmģim)Z (s}4 5Bm)BKJu]W곃sDFAN>l~Qnq J3%In7R@ Pҿ\Dp[k &^TE ßJ'a>B`҂+ H(({G-V+A[%2(Yv>)7j2FoEz%X{.wD'1Ip̀?i腝dn s+6.АmmI$4IW.14+P;_3TX]:|zdDN12y/;Hg#ę.Rr?#wd+#7jg:sbg%}7S"n E)ew q:ZJpr b}TL.5 9Y_L%*EIBxJw+kBtʸuS^P*I*!JXE)"f8/>AƱn4}y͋lj~%DGqG~L2gz>Kr\&6e, 3)&a`k-|NqB݈p^TJr?^r~*IVHl{ Ҳ$/jV&$gà/xēƄڭmpb/^(LYCW [R($9EWѥg(se;cc #J l R4G,8E <ꅹ1ePy9gNtO|ޟj՘| 0j4 ڑ6LQxxn&ԍRԸep1lUp ?S Ųd-dnjVgpIy=BdeO#7`?LlƒYLaG'f׉dG?JY&ŅSRuLg]2/jϚC>~p/٣3,QwZ%IШ(t^N<QMjɱ}H{wh*x>lt.vHK5DhODƅNx,u@b+Ⱥ[0a6U`XE?A=_: kC`ѪANPTj;H‚au %>WOPf%ho,dobL8]i0gZgZ~4vҲM5J=,!3 c- GvH]2,Vϩl5>w_>iGP][b&vmĔyi$iMK듑^ KJ@%k秒И hc*u#4| [$cN±ahgU,)&$`#ӏ[6#].qHU"޶?jj%|]<}*KUu1k!ͩ! ?JVy|rt %E4P;Yd(dj}p7yǴBa"個3DefkB+^z@҅caE[VٙPB S(%pmt΃ ^L!>[S4ˉg4 !_Q%6ʘל(\h%1 grPWZ'RH4k ?o_[{1 MHoб۞Ik/zzwK)!w%n'p ңc,]o"mSNf) BzDj%p؇wt u؋BѾ fs 0}eGff|yY԰:L~G5 5qS O %y sy50zͰlξsveD2\XCRYg\Ƙ$K*2X9_LJC׷v6v 2F3؝?iSЗּ%fd:kilbe,.$iCFh^R(Iu\+"F= vopl˼tP9=CdqiԳE CgX3o4Ji_9m|>Wk SN H[[n:`*uoy">olT]&kM^s6*B/= _+;5;A VRB[q‰$YlU7BK `!^UE1sۘBC\g? U`^1I:W qu(,h%',]/yU pls&mj렓),DX}ޖVmq7Ey4`O7 s.4YtI? g0Tʙ [[yɦ )ePox!H<]Sy(& Ѽ(< !ENok.'8RG5=Wbrx&Kan,gAqlk.wc}ym+@#ơY,^yNm_=R6{R,:ߧt"p48v X<Ōak.CRƳ~] (uďwfyS26^xe8htJ\ݙ8v69. a P{D%+\o!8 ưJx $7T]|1JCUb+_c#5dd/C^2Z=Ԟb*s#BIU=Oyi/O2unzw܄TǮrem F7uK'x^vY4m%$ bvBFI?d]b;m/g#+IQ:.BX]TzlF>@3] c {e"ۙOV jZ"NI2@[NL]J$O[&ݬrDg9P8{J15Cc~u1 -4ch,|3U|rҺ#k'顑f4>K_^b'-X7_w;~Z2/?*֎@/G?V<_ 6mR[+}6N $ZxjgWV& C6>yпXQO6Z$:'1]p2OA :EEw?_e47nکiIZM#3;ǡt."$*y`_ >ʰQ P.6Jvdw->DՅ r"i6Mm>bvEH~v3dx먮xuՔn*"<H* pW9s|܇c޶=²/I-}e8EH~C䕲NgT~e>KTbGQ9 rLIk=#tng11H{#b#aab%6xyy) H(c@_g82ٸ0ODJJWVzJ1eYL{1<7ZEMJq^0#fjLw*.|r^D)Sp ]ўTQxLahD.0,lҐdu*NbIy]j h ~r yDvMtfsM3"N*#rGM@eدq;d_4k'h,X_Co>OQ1y]V.*~/ 7 %9<; F+n!Q7?=LI]a^uV@8x(%.r -!:f[l(nAQˇsEIQ+{n۝+hLEB_iڤWhMNﲴX I[fΨ2 0/>uEH9͢-~G+E@4EiT id+K\M8 :!)$1KEPG3_Щne%8k?'XEg~f|?9[e6e [5QC)VBtv"҉GϏTa`nU vA{)'H_<+ֱ\@ïFv|)vِ8j0*MeDF\d "#H6⤻M=|ZQf3%1x >6_cۼn'Tk8dV/ⓦTʿ c&V0bI^y& tu "+BJRw)7T5lw~t ̂m=%uq8z%兦v?n@OѺbCN~ ȏ,,o&7ؔT%(οTI=XJ M;Ij,ʏW7]?1/!𳂩GvsH.Ag^3nR$a0if0h EXوm86%Scܡmсl~_Kt. ιB&B,_lnviPQ+}k"ϯDA>"xyRi+?Z9=08wIta\Hܿ:{+EN,TY_{bmwv:\-5NxN_ -S4/F䕥 g^Ź7%``\X[ەL5~73ŨHOīz͡E ])aiR&U/^:DCyվ@NR%1͙t䏇DrhH,4O2`XYv1{i]ՖDNO#I\6ʹ;ܴzPe~|2{&O7mF0zyin%ơUkbla6}3%^!iG]< 閶9L?on@"mţ_Lm/1 OH0A-ڑ8IBc,w Ų jDc\5ůc$'ƺ 9kWS%Qvvh Md]Mfis@dfZ|p6.Mڀ(%P4t+#fDJ[gppsr6NQbB=s % p>[D7+WCLAIG!+.z1t3N -C~]쌌y[}W-`EH_&]\^h.?$oe7)[e5\( Cd͎H/y-_ R=-*iㅚ&)p<ބ1pU &;ȑfWFM<(AA i'0sm\B&۞DEEѵ1"B/XL׮:Z Br<ϒvm)<^/.+FP iiWtS@T">ө(Gcr?!!eI9 (HLi/櫎a§'c4~ =v]ead4Ȯc21Gd$ݏWX#ժC"Bpm0#F~&LBM4O= `~Ub;uGr%>6<\%o\;٥W/bnd KOe=5L%Q0TI8Y $g*Ù[WP%BVWsi@ko Gt dj|2$c/8h9f G5W7Γym֤\Sgd`u0@5I-#w0X+NU:{IJae?V#P2m8& ԬwRol׊F&.|0Li2m͞&J3y%( &X}h $ەfĠĪvc &aUC|(#[l3A卻=kq.ĩ9-Z Z /xn{t3PJqlSs18;R,(vvO%x# Ӟyg8@IgtN׻6VE>ү!.Huᘬ 4v?z^ c눆`ƒ7;KoM,åaB5_vOLei2~`b1yMpl,,W3U'}mZ3XDNv /mk’Oe%aҁfmm#D`e(>y=ğ)׋m8/Ll֘%w Th\/u/M@V=)!GmǤd>hu)ogam78wnie\_Kֵ,L/P[Ms#ߥ.Y]39gDcKkD|6{4Tp"`6v_J25ׂ%W쥭؄;GQzŧ*^f=p}!3$]~=LMnȲ> ~_6,mnA1OlL< 2QxhlsV̫wc|i^Q70aI|4;pUҭ e\o*G f*7JUYYl,O:.|[&i#M7ӯ\/甖mm!HD,@)Wцqh5mĬ]"p?\C#R)u4;MrTm>`i~<i؀C0ncNzذpr6ElJ7R* z)0N|q➭ơTo >O` hji|գƽe)ޟ_nq"l[˗D|1`Vߴm0<.ҝ\/&Ω<R^]@gz~j87tSDj>01kHS'dć8uPɸ1-5[ҼG`9Fƻ0uouE" )3\ ը7J;Jʑ rRT5z)~[Kֽ?pC b AKiG+M?"bpF%McNM)p}4p$*oH)8^L /A-v3Wd$a݅b(^|^$م*.U lSA:oG'nɯ|DfxSA;߫gue ,V)x\@5<|W6 .ˮr]$o<\@^Qف5Ѭjaw`,=i-Qt{6|y-Zoo'dXQEkh!P:/}gm9 ƑX@ {v Ldނ='j oxF ׁCg:%(Ӻ:ӥ{3-eu`*C5ϒv]{T.7Yzk^ʍoܩO[;$tc p2`Ban*:med/>3EnBzp@~ s۱zS(7#iduZR]q InHIoVhR6S4¦[(BNF`j`δN(d$+iaުV$b2TƲ%"}XC -/?nJ?Zb'bҢʫJj*Ƈϧ+7W7;$H-dHѷ~]j,$wxg@2h 'r¨a ߊ֚_ӡ黼 p q,5nȌOs }:Ex+i䅻Awr[,𴈇~=:/QD}^K>gm-Хl/˼Y/VH&Q'h^b_KUb)glNH{-z},!i @!?Z&J  ť*u8>}'#*iL1Rȱ>@ota873UvO $4 $9㙈F?3[Ȥ;_DofGAQRY=M5p$8&O7,>ID55Uुh,Q[ Fج:âZX b;9=EH݌΅-0^FHP?MtY7A9ς Kd_3B7ϨF'p%Z#쎨- 'N)9\܀Z1@&lFi FԬh|}X=C);rxGm-MqŞ}U B)qVCx_ 3N.iB(dgnaC a*[.8!UQ@>DE/n(_gu_~t.\;I0ᨡUB%-Az4u?H4ejD&EK3+5:b煓v(A6H?&<9؞o"Ƴ q߂cGcl[&e(˒νI=%#t QAU1T9;㣉~IbfHoInҤ-6$;p_Ϲ#Gr+H/DƋD˭7VvB ab#I(W?SORh4[ D>sX%ŜfY6?k7-=jI Ч˻yRk0;Ħ&ۙGow;eI4P>Ld;w b?b?B4ql`">YGܺ .X2S=U1dUQ#; pzY()H9q1uP&j|Ы.5ɨBԗdq_4F_K\~;-Ws6L//ktY$ވyk~Px#4zm6Pu-h/M;إ(F8ЃTHi4kkd\#ʤ;'n?WpD_KL#@AT&J [vEju+oeJ #7M19ӂ 4/VL8_n75xhbF(KT5{ٹ7<3Mںa("rGt4}MK-LP!rkT<"奘tbk5,@·{.U.ʀw 8픬>QXޞUe.‹kq#m(%yVٌ&KXS2#·Mӕ, НU1]`\|677;$(2!C1`2}("3|-l;HcwXT`KYw%úێ63rባƲR#vmu'X1LK#Ǩ!],l35o>ؽxuֳ&|C3x:]GPrv%lRWǨՓPA'56׫xUD=fNo ws* L7tΫ1p3$_ٹ8@OUhuQCNo Btg3jQq^64sURvc|v{\<&_U5Njt흵7MPKgNVtτAAf;dw[G]T{֡VKZa')ɶ$QpңG8]Ѩ $(@40Vۯc`=|M~+ܣ|||| &Oΰ7Ku'u9ysF k+qH4D+S/Szv)\G̝;uU'5A1e0"9~p}))--/FNN.{D*|:Y˘w֛\`\flmY 'ξM9cSΧ+o8X'I(tRH J#~eʹVc &({ 4._:W?ݧ{'qBi—2 wK9uL5,9xhW~#]֮ ~Jb.517G[Y$֊-xJB±6e4 -55 ]#>8_2/k f$7!|~7~YrC, K_0 sHՔZs6F6YU0k6tw1B{^E++^I-0݅C۲ x{'5Bp(tEpaQ d=^jPzZ"Z9.)\$Tzpg-Ж14[!/<as%k񷢮!Јt]XKX&FK!)C*J=LUXԺtT^o̲c`26K5_,u kSk5LX!VYL}]D2M_bhr-scٲ<`ᬭoZ87jneeրߠBߐ37x鼩Z>etXt26WQh])6$ZdClm.RbY, ?odë5Kqn=cw4ovF?\m?? %fnZ@܁r|/CeQ >)cђ7=ml@[tߺ{ y(szШWQ 2t(g?=鎕Jn5.R#$6ؙؐ,|^M_39kr? HZV!Gs PɋByHrHf;zhd/̤D- (LoaXjRP}y.lF. {NF[DдfOgVMMm,|'M)恠B |)Gʨ04_KKZ^pTUu7C&f'[p$_a4٪/mMGihX #;+ p˛)UPTpAS)ȋG7"|6 3ka-F)yv '"I Klj V" &r,  #q0XЭl_7f<2VV59$"r]S:tj}{de\:-4tPyoVf 9py?8^E=8'yᑺ+05k2gO-pTJ= ngKs}:Gv/ J , f(f^֧UWG\k^ 'c)VQY+ gx2*zJv>Dz 3F 2tu-$#9{ H-+G"M9%*(?(i S ]%T Fh rZo+鸈%L#WۙEZ <'Ԉ c+2ܐ$4I᳎%eGjYх' 2w|@m/2~[1a6nrq\QB]/]b1Dȫbjkeq\Y%b#2̒soh#΂'ѕlz)+=vwES&Ym" K:wY+ƻȗqQ8Ueea jk Ғ(]2TWjIx(Z}zfj,(BԼSk5]OWD\͓Fӗ6RqB/\0<-Uc;MI6koA{/.0TGjoK$j)l;-CVK* ]u? gZ͇Nʠ I-QH0&֌1n,%@zekV:;SjMHZb[>gozsr?N^(i{ 9?hs_mϴdKp)xnv?HE`9/UWNF\ul"W_r5pkB)]=SBڲ+W}O T4-Ie"Fnw\gЎ^N!V,\_1S$@P2(U ,ԫ|9|F0Ci|Q{,M|ǐˉf* 1 1W-9$ؐP^jH*_h"G#r/q^l5' P <67 PӶNS8gSKxd+똳QޑFMTmbw=Ȣ٣R^$~@ٵnv_lk hwl-N,\` ivb?jbT*&%$'ߘV=n߳ .z'0=Da36|z)1 RtH_r)i $i8%0Jg.k=+ y gU)`_Ԟ-)N7p^ ˖  YZ