sssd-tools-1.13.3-56.el6$>8:l7Bٟ皽>2X?Hd   A *HNTbb b db b b b!xb#bb%L%hb&'9'9+9(,Z8,`93h:RGbHbI bXY \<b]b^bd$e)f,l.DCsssd-tools1.13.356.el6Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP passwordXҿc1bm.rdu2.centos.org vCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686*ɤKSA }5q"1EQ :bn3] 11m:+}MHOs x?sH cC A큤XҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿVpnXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿXҿe1ec854f68372bd0e1fb6291a2573776074e921bd39bd69a8d5eb8da2c44dbc38b16a09cd1dc9fac7c51768c27ea19bf1bf0178909122c473d60b317b832c936881b770495b8cea72067643c78870ca9a78a6d1471110d74d39710050bdbda0ce2b77b0cdae21a8dae1bc315ad375eeab66c01151c46a8491e86e483a753062a82fef17872487505c20965039a68b51f18b63afe029b14ac4b0e403703b050f3074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e21af5f3b90f9ee2037534ee896eb380f28ee4c8287ae079cca647e0c0d110f48686963a818eb925ce8bb0c94f9f14bcedf56014ffa17275455d2879a0fea2fecee8dc6123da04ed246a9e7d1c724ab7dd4d41c33f7923ee72052bc8a4b934763363da7e47f2c3c6df61a7cb83fd33d9eb3ab5c8931126e6aa274c347902583cb57ad3622cb9e17d2bc083e990dbe9c59cf2c0835cfb21210168a04188196c9e18ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90350d84c60491f81ec38582151a779c4e2aee537befbb0bfe275f4af2f4d91a6aca6699600e6c590db54624ae492e7bd5af1db45651ebcb0845e606ee559e903c099c3dd8a113fea8f43eb6155a4354bd4ba2aea406090f3d764f486c3e07556996ab7f4306a908defcace37f1f6c91dc4a2209ba0ef8dd7db7fbce0d4f11aaffa8c15ea2f38ae06aba6778774ec66b34427d8643e9a628e459fca2f53cdd141a70cd03bb230a00adfa378b30947b3c4e4f621421d5598642bf9562af08b264038b2e13af39c3346e820dd25b1cf15cddc65f83e8306b4d14e31d1195d193d3aea0de4f9fadab65b5df315e660634fed1636d3838895735028619c989826cb5cfc92d14b8141c5b61150636295bede5443eef854b35c22858d94d27d2c4cc1809266f7df05620679dee3ef453326967afa37b75389821088071bf478aa26cf13ee8246153513a6490d29df0340aef9b406ecf914d9fd7a8308b0516d609215b4694c32ed1653e72de94bd8799e968a4bbe1b8b2b9b4419c31cc4717c46345219f05981d65f788e6048bc9d1c4c6b217409a3fadc3c5202098a604b69c1049123183ddab8a97d33f0efd00515183d712552a7fb559d420b2382a98bd47a8aeeee7ad17ac5f114eb8c50a94cf87f49ac08f1f6a78c739b1d66a03156b16dacd14df3653c2bd588a3ea18eadb5c1395551ed10740fb86aa2a6e3424550381c92edff47d31c31c18d4e0c2f3420467fa2ff7f54badf57d2e9d03452d0315d4f328bc751516fc4a79bea2e43ff71b134457cfd7ca6f09d9670c757d031ffb545df1350778184cc5c85e2f38cefc1a5fbc5f27546a44f1b906dc11bf7847b6dbfa7347088c3644e8a7bb4fb18fe22400d07409fe8bc6706e9293859f315cc1df71e04a9ef1f4439be013ed636fff2def8917761d7121cb9d135a391457885d341aaf2a349d24a516186ab7287f5a6ab2c03e8afda7442d66c4b6735f7f2b2b644f0901c6555371032147c552448e5bbff22e4dab75d9f0693c61498a6a474cc1da399b24cf6e74b46a9f5b20fbffd2963e906ea123917cfac0a9a145b66952b273068dae0691872ff8b6fc1d5c7eb4a7e96dc9944560779ea8cac92be114f2a615d329b4a010f54b2e1aa82e5fa037daf771988bff39b18e50d73d11e86914487578f0a7d22e14bdde49d0276572df0c93118d7e18851b28e315cd0b690fb3653b48c041c1d18b55521e967929cf5519975d67cc935da4125c3e4031f740ef0691977fa70a7cd8b5fc5c5640e8f39293bf0d0fd2dd002409bb268ee5b7d5c8e9f5a2e4866e6434029b91fbe126e9b533814c2faa0a6eab5b5702367c212a4d67b56ea340dd44345ab427050eac3b66b6369040272b6395539ce39e226e0c922b03d49d6892e97853882c6ba50481d7743d20238c903199c59eadeb3fcefbf87fdedc2ee4ccd8d091076e2949dc5be54449913b808600697856d77d21e8c6b015c713657cce66a0b45917c3984c95ec9dd46b52bbc394c999ee1480a5da334edddaac82b413e6a972b5b871175de92ee547fdf979e6e65996bc3af2f4a47d1389457c87c49d9063684934fa435074f2f345e74b4381acdf58882d46471862ec1f4bb83fbc436f5861d9637216e55a43f3af1f7797aa78e950971e876219bfde4dcdaa55b851b44e3a24f1e6c13aeeb1245750e4a3f529e459b76904c07f2bfe70df8bb00c688dd10766a99d0370dab32750bb1104d0c7ee9490f72aaaa0fd37cafbea446666ab88a65a1350e5bd28bccb7c9652dff2bc19c305118b28ae971fca9a6a1c609bd4ff0118e29c72144475864f3eaf903bbd346374cd618d03aded0b9d85bb22b18ed76d7a520d73a7a98a763f502bc8280d5f025b1ca3d6cd38a1718cc09d1748fc1c2873cefb6307c94a7bdc75d597c98c038251087f2a23619b583a8b546086a0c9f418c4af4c0727e43a693f87c61d7c93860c972436b203a29e6a69f255559306bb17c7f1adafce4335acbd746c86d7eeb69a8f1cd845e74a05226de15ceea5e0bb09516fd684315b32690dcf357948e1648bd97b2a6664bcb857c1e5fc7be27495f3c2e99aa4bdd98a7dc152a75b1135f31dd5ba347cd62cb39bd94bdbcc84c3a6d505dc36e4fc685a81b8b1b79d9807a303bc4a5a9e10c184a1581e77bebc6c6cd32e0a20eae4f4a0e4f4ee90d479a774286ee8dea1851a877114f229cf965f4dd1d49332dc9c066e16edeecbde3014cec0ec6dbc78f271ea0a75012beff5e88701e02fb3e1e4dac8b9420807841bb755e2115c6c6e46b2cdd3c365407be4cfc0d9ba04335d0fd8145b67b045c23d30c8992acd37313ef3a7f7c9b0b703d143f437b5543eba373059805f2e778369398e0af93a55c6c1e962d7a6f476d66d10ff2622f619147e1c39edc58346d17405227e7df1e9f6336c813e618f826ea003f18d714d22e6d3cd717eccc3fc862b25b972d746858157b52105dbf6d37b9b4eb52d2a544e44ce2772184b4746e763ded39ecb4212ae61a05c254b1700fc47890ccaee2d08cb1530610c305cafe9ce2d38267ae622a6b7aa145ef999f128730ee832f3b04f41117e4c0000002c30d2e3b219c4f92c7a3ba309486e1874894b97b9004b2ee16c951aaa1db93c161e54a79d9e5949293b3fb5aca5394007c33971a5ad4b1e0acd537ca6358a3f620ae95b66b058ae3c3ad08e6688a622225d05f16d42013eb4be04c3761a66e93cdf716c743c02f68d39f71441dfdb2686664989e4dc0b629984b2e6aa0cd2008af061a1c3b83a024afe3f6fb073267a63cfec27c8c21fa473980e79371ef2b028e680567692def0429ed9209977bab51786b070bf54f8a69c5ea3aa03efd01f47e44c4d63ebc00dfbde73cb79d56e2d6551404f3f7add230b60c632407d918d3b04644cec57bfcccb0e3b7c5dbb43f8df8167f01ee0e32459dd00c9bad8c021647a6d93c630b21730d9b8d865066d58286fc1ebd25dc5f6119317c9749bb53e25179442acdba94c51e0f07cd3bf74aab44efb6ddb2a9e95cfbd76b4c32854a8c5cbcb7e4b0bac81fd5ff625330e230d3117b78a91c41095fb786fcd6509bad5436f2ea04a06301ceaab2f1490b76e494ab4927e340121a5ac02bbf151ad1fb3ebd42b8f5ec440e2c5a5f00edd5c0efcb19834a87e39d6f3a2a220d64272a18e15d645e576cca2f096d689d03d6898f0afe87ddaca1e905d8c368bb5730f5db2c102b487c47ad0bf8cabba8c91facdd4098f69facf4adf8494ddfb5179a7266accd21f434b602e562d6e11de028ff27abd1bdd4944258d5e246e2c2b056fe6e444ab9e82cfadc4f9b50123f031082ec69b3a844022f9f9b41e8f407d470ab533cd8e2219e5b69d8ecb20c22d514c1e15372e3d1e536a359272218cfa6f9e60ce38eb2539d222c9af9a192a73908ea2cdbf268e9d8fbf457e3eea1a45590ea8f1ad2bee83a70c9ffa0a528bcd61e0eaacb3c85bea64c1c286cdca88c6836a4252c16c48d7a9f2bed2ccdb9d06d4930205b81415331dab055906cae37e1aed485f5673cb60db74eabc239927f99438b7205875343e775d22d65cc198eff590257e709a4921176a33d8c086e1d419acdaa5b60c25afd269427220466f09c759167b9bb3c288d09733d9f372e17df19579ceb4a6852dde577c73c323eab60c92d8a977fdf6e12b1e6e36f9d8cfb1af29b014701d677522bfe6beaaf6739d9f4781c59429b51418e670fd8954e75713bc336838869ce45d31fc9d596cf305654266d0934f3e959c63e179f9ff666b2a79f55a41649897f04fab8e8596269de7f227bada85b84c04bf8214c716b21ed3775ae200rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-56.el6.src.rpmsssd-toolssssd-tools(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.6)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libselinux.so.1libsemanage.so.1libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-56.el61.13.3-56.el61.13.3-56.el64.6.0-14.0-13.0.4-15.2-14.8.0X6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-56.el61.13.3-56.el6 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH6:]"k%}:w{!vQ_99g4ڤ 4Й1Z@2&럁 ʀjIEzTg4a֑q f I7V;6U41HTJeڤ8=_6% uΜ?R'9fCqi؀T_uu'ߧ,jcxbO[8~1:6t/lCP'*Yh3 XF'";O+z/CHoyd.A6$A"ʟ8ȬxwWCpv`f\ާo!dK<_n&6$=4v'"MWRiWA;Iyaʭ>ìq jRy]ul fĎ) o6РŠƥQxzDz3nHy%vu&5*RsGwP"[ףF7bu&~-tY1 LY=L>Wf#E ZN9SS{խui?^ih@4`S&3STtpr Mkכ}iJ_3HwJ.z|=:(pG UۋMkU͖זgW0ltE*n T֙ab286 ?eii#Õ3s7RheX5t7{ W]f1 {x`56LEl3y2l?",`$@:A]FFusRs+g%7u݅I bCg:#T_'- "W Jr -uNz po Guymhf}>:e H`ȟ=Rj%iR|.~0b(VG2k&~L]n+ܬ̜! qH)mREjsғ.{xNX9^YZΣM[Ain0Z7RW{_uad9#Z9w4m87[GA%JEh&5"f)e{)fRϠᴠCei_)d1Aڲ=_7 Š|J)Ur7~^ c;gD,ʸkC{ !UƁDZX/]Ƭ;rM("6T-/LPf*K(U{:LVqG"EsbR=:n%G\LaxfEf"eW)sS_`+[=ly0 ޥy x\Jy1SDl6]r|!u6Nz}{X HYoV\acR g4kNY ;xH:js2*GԽ.KZ3o7y-:u]]wE+BFΜUaK}^ğ0[NS+=3NLE~)*&~ZPՆ7r͏.5Y.nEFĿ12FJRpM[i`gIW> !]3s A1Hp_:IXamz8{23uJ1:C,lފޠTꃢvdf8|r}Wlh_(MӨIe:3+w.jh id˖V?ف}+T48&Gm1ETh3]/@ax&>byep9hMsv-13Y혢=0}s8uhD Fz`;WpF6>w"d{4<1=Fr]c=. 1OGjFߐx4D&u`GYW% b g㏎ېd 7B_AYZ7Cg1!ͼI "h?R4fR.QQ.HfBA]iGzlPs#2@ګڨѱ=S!hV|tdu6W{3sM ̢+>${ WVn"Y('Y^d*jXȆ^iٷ#}O(jkEG?) ؉g>>4t q_3ց۵bVjb׌gJy,J=<xDܱlXV2bbN RqYS^mu0V炩ꆢ^+ yΜp% Ω>3nḷ3Ad(wct 2p50忄Qѥ*7[y] Kp8020sC`BGZpIKS)v䠬D{Je9Rw݈NK= L. vWn90)4X-N0AK)[\w5rt%?HgSFy^Mp۟ N{Q.-)u.T! qafӚ//R&8;ޗՁ7<Z bN!ElW %v$/Gւ#Byp#F7h}ى,QC779USbpN-n~\rv !7ֿܳ>P/n~t+/Ǭ UA4u*l ʤ-} }>}z"B! c DVT||L ѵ zI<0FaxcBD\RX[p\"qFb5FgBK- fy9xcd%;3#yGugghJs2WtGFF޼%5JO I7JڕMAU,1X}@1 8׷wq2uǚE-t$`7 Yu! ^_[dvuݗ=Bʅ8By[= @"ѡ1m6ɏ='?PUx"CnUDnZHY1W\ƳK=xOt^/dd`܇*&Z\;ݐޖ{CՑ}Bk1ןK5ܚ܂yAǓ>dgEzG1[ؐL!uU :1a0)&2cWC2ped׼ID#r?-Y# [+GХDK /۷mUJ5j[3n%yc@cWm=lk_`[l཈ɤ}]u~b[GpWT83 s |pp+ͦ߳q6 V2ǧd2 3Vk9$$LYK'3tpΔ?7NHxAkS3+#9gC")? 7#Tw:5aˈz!jr*8]ϾEIX CONpـl"b@חKl%FHu cC ZM03Sieri],_m;NX6H;ߐM13>l"Rk8@`M˲v2s2-(Fh )lCA烻联(wonxZC;P"\7{r?%UFV2 gنfLlG)~S~[S(ggjk%~1?ռVQ[c]8tQj:)ã? ,^?ӢTzv eY \j?:^e05δ+u@*w`O>ԗ0)w0e-0+M0dNO}u{F9Gv0a@Ĥu?.PTBSfZAc|RdɎbw^:WsGNG%G25؁aLNns40rk#,o⏮ڨkwZęzNf|uNbsG>ē$Bj]⥞H <.dZjUPCShB\y"ҲM%7ivRxy,4W;Run-Lkn5$J醞j_1g$ԞrhEs8pF(92}m1bԺ MO3Ni:yyOuLT koޘ6NGleH`WЍX>1S  |gJr3j.ˣnojuFlvM3\㿃_to;8}s>ŸA)aWj%TL$Vǎ@?OxƁ?yWETۤTN9pt5Y3؁1fk^(~hG m]12r5&Q6/(< lL9Ov4~FDwB5C*FLֹ F7.-V=BBx+/^.?b=sAԞQR>{ .r9RvU=I A0F#rwY5ؘu v}VԳBWץb TD,zmtdSvRf28&JӸ>!fz/EeN|z"hT5YgkW5dBv~,LuDT^W~|߷Q_D39 zE1onsW $힭R*p-Ċ>`c25>\g_8L?%JHH4z8c(o؍ܰxlU0dw($:绉g{Jm*X@(m~ ٦c6-0*-7d_ͧ"#O32}M℄~Y^vF3m--@=!_/kRZ}ۯ^^$wKe'kM݈)y/ \*l@3FWt^9՚:UjܐӸh"Mƾ +zP54‚aq\ Nkl_RZ~7Ӟ&lyIr-4ic!V KYSSzuqTDڡFYU'(b\&S`@۱-{uN?$znLA҉/sv3t35 ][9G~|%  >a|ǡTr9^CN8$KkDUu"2~vby},)Um ;2YL9XF4m;2aUwn,: `Xn =k!HR* 61J}^U{w1ØQ+vŧ*=QD1[iVRH*BOdBn3}1so.ljWLq]+{p|};Ϙ&Lf=kQQI6n񌱒rG5N.?ϧJtln|󮉞5p̕>Jߗaz̺=$HjsF`  qٽRJB&KT{V ?>Z$ 77 e Dkb%~/ʛ>@j-lPQhS;$@(16_O7af2USgůXHڀ o:E4ZSh ߇mT'7O|7x.;げ;Q˓7]`lnl7Sg jȈln|8f[a Uj1ޮ6Q]C6+)SgV37ȕH58E84&*q:Z4CH٢]%<`QGwCix ,7}͗M[$O) Dj*hG {o< Q:G^L_×!rs*oKv6cI><x|DNp2I` Y;Э:*cඐi;2#J)/S; iŊH-cmgvF*a|Xk7H| e ,}|^wlߔZ hC1bV܏"%6ό L]AV1%ht\H]]ƅհ`"'pʠ͑j%0w$wX^!K[=ƶ"S:y#Nܭ$5;Βwu*WEsDžm1W8ABL ]U3B2!seФicJE!+*xWNm0VoJm ×bDur68ރu` unݑ)%lj۴ͨ ,Y[i6oOa8!L u~dKgˀ.f/oўF[xoWTa|5#\>$Z0akg1ZoFKY.C3_?k/h%i>N7bǚ4p`hsdGyw]$#HmoX+tCuUfߊ Tea֫"eZ= Α '{\,*$P)#nQE%?oұȢgTtUAl,5_jt>` ^mtCo+Ebc `uR Pغ{.$xr P;K.BԊFuw|XyҠFgGtNv9nFN/eeM|89d2:I>j}9T45c+ hmtooDM;A=5yJK5}abXݫ!3߾nSZ(X9FR̊I\ $$tC UF#mfa\10"芜/켑x:_-Ǩgq'0Cs-3{Xés)4w]QkR 0 d^Yrt1-](T Ա*mZT&ia6CR?!\r+Yk 3BkpLJ9kU&Dk=s~q4[mmɀ%!gИ fjPP0?Vqߛ1/+`}@A:9 j.UQCYg@Ӂ '|k!˞|CϽ^.WήD%*I} 3N0P.Tpqd*gm# pVעWe Y g"poU]+) vp;:bX`]Xk.]}I,|*dQb{tYMOrW5oٝsRuzH:ss1VX݂M4hMOBʇ/JB_SA((@wڏj+Ph&Sn)Ml-~u*?1|g%.5xK7: wo$GnL")&>V02'2يh|\Y 2rF\ކ\xmR:*9骘xwA  U?9XR;ZJฤIt4:QG~x*a_ƷF^dDE/̨q K 2!Ax% T|=w=O79\y>@T^3Z@;B+(MamI72b9brn%.iN@%ΪS \QJ6m 픙Ց}܁qRǤ>PΩD^ܿjPxdFcj'-?;cK bV Y)drQL b>Q5J%-KnJyc{.*! @|ٔ_]T}z1T>鋮FއmKZ)UJ:Wnk{{=ߪ->6߰V6)v.тD*bfm(; “z?5/SL?RJ7{nI&^&K 5"v KnMCK6R_. \wb-y/H;2l"*U؜w+;HLڧڎ.q)4+H%Kagt/w,Am:W:~s5ӫ&Hi 4\=KVS|u= Ũ0Iwu{9ŷIZE^yhb&^97}H NaAH"y;`tZLF,՞DŽHLygCxvWDJڞVq6.[3C#!1Lv o`ݻ*ǸVYKN"wnI:t6iȳjYc8މ(3p1j<rbklm =`p,E<˷ Y<'  *?9G\emw<}ٻ 9: wPC*gI-2}um cOFJ8vN1;; x`oV$ű8c.aL>i4_f`m"!o?Q# )ЩP&hS-=X^1'"rh cC:O5e 1^B~h x4u΢ rc~i Is(V9O2:yXC,=!)"t#E<위 E,vM~5.+@xy_Qȩ ala+IPBhCϤ05a4CD5?0顑 [K'+& 0b73a_Q%2KxGSZ&_e\ \@W mA a k-dJ H U,%tᑦأhOiڔ34>jjFfP{H "u$*vɯAO s4ƫ˔IOW0;iKkI%\//9qkb]Sgtd" ag&3Y'm:R NE҉"nAb㍟Tϊ]%ԏeǙhF$[ODj/(s6WEB1Rt~ؔ2 'bM3J,iM?c՟mFÜ}@ `3j9e@/;* rHPMUf,A+cq1׈'uAh>ZX*)6>b&"oyCtT+"ȗ;ݹ۞ҥ9]rS$r$zD|pRǵV(JU_RkLj!$5=7& nRD+Jru p8MLs#WZLi|_橌\G)Ԓ-t6-OeoWr)Rab&tt- S1j,a<0'Q4\PTr[NSV siƀ}e5*8ll?4T޾$Y d]C K(T, 4RaJpEYhFOM"yZP^$eNn?EDܫX54@y$Û-v$m\%tӸdW J?Mi(r3[k&Z@/Cz5)O Ț x:ji#3o p鷩}迵Q,h({{!;?d)KUo9;CaM:W6Z؏bM+ Wy3_g29bV'JacJ>aT+j,#8ڥ_ٛ!SND_Ь:cè SSE+ZqO[p{O}1,1ꈲ_Va,+{Y?{'޸5KckPaӸUƭ ŠB/J&߀t! i Cyh n@+n^VgY%qΩԅZdPhi@i;(/m<ݨi2eG$8b*E{߹6I?s}Dy^P=a ,'!qFbKûS'`h w}n8 9J[)7FĚx#Adlf_z(zfKLCҟdPmoF$V)},QG8 '![Îci|2jLtE^o )B `j[i@$/~iWʜxy( b^c^ c53q]K=y;D4 \hG:枭|{5ц^:)9BMٝ^Z{n'ж:C;[v 4B<t1f8˖}RN{i.$qBFʚ_βd/>ϵbOpd@mPAٓBG~68!i7"ݰzd B9EJf79m弅7_ S5ElnvWVq:^#Ebѱs(.6KeV=j]OGf0whEnZ@C;Z22}?h#V@LRrJaFm7EVd8&V Pk #!.e9ć<^ MY*y.:~LiK2{2AMWajkH_ wwBz?5l_'‚i7u܌nN#LG2Bu÷=:ע`IFnYgֱ| WI%TB$bEmw=+u̩8cT-yM&{H_="כDFswI'-B[%eiEn ?c@A7yDY do-myCo'2{RMФތqvLϩ>uwA[[ C`dٚ«!pXJR0 \ؒО$=i@=H WFm1W)@3t}9 y>/zc|^ l<4n8OSIyBÂ&F>R[j(M[o1qtjE Ѝ d+e`E-6j€,DXF[~R| 0 /^C$Ȋ`$$ :Fy*PȻ i*ںͯrЍ?+:;a V&[Q# Lz9r;Х& bX8mro8g'wi2z`Ғ .">~l,[vbb.p1h٧V=vPdHtܮX2۴+$mP*q61+1 A^%*יP#~+n=BD{r0eW}~ mx>A -BVKQP!|H=G-व0K5wtHJf&INr%-Y)=ofXɍ)o{&BE<$bm,kX.H@/^Md|q$ҀƬbFiƅZSH\{}m!8M]EaϮNjAmr9@BP1HUZ\[jHHJ4Ni9,R ߺU ey1ЭwLLRl=6]רc yq=!ON #V^SUO3eY'S7Xk#%E*I(U%\:36V@JٯEkpӎh@ը1iWXI R1)h hFygFAv"\DGez[ؙ%$=]5N 5d /':eʭ-@ZA!ZT1:_$ %%N>ŗ0l s0Fb"9.ogo5+>)*t^fM@`!P}nR][j'vQvk1xy8^ k:3& SD#[LorvNi<77 2*nD\L-xfeG˂)ns}N%_X'SClpӋYFs;7чɱN{ (E Wɯ1˰ mF+xZ YHvJ( ]tDM*xay"bj:L[Z*ͰjPwǸ C^C7f!N#bP8 s|Nポi(,LF\:w)Ӭ(I79Iv,_dQ1LvbldLn#E TSܵʻmɦ#MӪSNH%" J?g&",l.Kꦑߋ: ˺@,4T3oPOc .k?RkFzti_BY0@BDAST:[H\ .7EOF0uזM)Tb>@6W!?@V:!S6DAkO5cd]8( mFg8DOGB(A`Hw?w2^D2Q@AolQN];߲3 5k&p+UyD:Wcj`i K$d z އwYΞex9 u%q8szሇW*݋~8CeIc1 a Јm7򯻲P0x`YF6 6B ^X< uL}3!y\^ E4scdɐ%wc HIg%x_p}Zv "u %/ ?F);*3m`bpk)HMГ2* bBd5A{`\:\67/9R1S49iBcFPȘ8e]]@ȟ9 V'8רݾ,}@@^rEu+>x:Kؓ\EcN\eU)c^4yt1Keս^g(ɤr{]i̓B̝(a+^J"DFdoB'ܽ(@} < ct! (EwE.˯ (N[\mR?l_ɌPqs04WRSܑ(&mU,^B.ʁ{O ) e.Tqv)=XA~c#+P4m}8dG4F~Z'jg(_w d hQZDKON7dơ<+th?Q%2gy*ӭ! (%Y 5 'xU W8+%~6c,(:=0Ks~ dfР`-Wd33z VgA.FXӲoHǞDFf"$" fb.Y 5[DXQzIa]&غ">C[Ұ,7>)_ F 4ĶT֘6e&GE?=(9kǥxetϤ )]@) 9op`2 s4x;cM39178ESk &ۨyCrZ)[5M.SEv]z~i ?t.]dV /4L[2͂2%z[T/]kׄcÎvՕؗڤFyBkĦRN%|y;&+SYgjѻF>s@/eAHXppF@5Z 0i=?mEA<iVް̉O|ԗ {Xߕ2h_ F?z)cPY:AXkoz:Zt]Shc UL"եԘW"lF˚i$#dN0pH|`&a_8Cˎhܷa'l;NF@ܖ~o'H/@eN9;SW(lX5<}{3u v6k̟-|ˌ872.-Tѷ4'\8D )ߟ IOÏ`S&'[͹Ğ#SLq"Fp2F4{¯;0R [Qi4:>Hmsἡc+П'L]Xpr0XB aƒ_kvɊ{d@S\c$/hp֒dCg _fOlio:c5aH1:'vQ"_"A+d--yjcT`SQS!*;) ; .*A/Bhq<'N/AG^)yt^O&:YqGwozk1yKMk/JBi܌DjCviz\éS'wPUy4^Ng+@uz mL^}(Xg lEf 0."[ǔ3DimفB5 DXœx%\Z6qD*8(GEi5駗'+͍CTG~H} 6dw^;[&7EWBi0K@ēφȠ}jRjBO3⠉Ga؂ߟ9e3PGl;@RzM7[@Qn.jF,@BcWU ڐŮΑE>ˮǙ:S.9/̓5ťDI7݇W#mRޜkYD[΄=˃!;E" eluΆ) Ѩ4  E!pv?nP/qT~{.9bXk1P.$r^Y yQTf獍Ī*!n8qD?[o>y@N Q8MZ"g),zlzy9Dz6?I6sHs9OMHZoeR|P Uy]FUx'7Cil [\SB5ɑ6r3!x]=m'N\wQ\@ alXS_;nzfs!Z2K)N{)fS8^3_I7R3./ad fCbU!}C(196'${+lwqw Gn+yQ%rwpESGRE:yG7 w 3k#98ObHntL-A%iƾ2QGRzF2|i `X|m}hm *R5nHlSϤ=\4k#CT@ܦ9ʉwڒHa? Ͱr7]$`o>2=!Tk?IRd kv|a+JjLNJ=aSs޿8Gֆ:U!0'QnvzukW|t`5`iRrygH:9Ǟ& D*gYYۈ.Xa S8rX"oKlSe_8$ϳ̓#a}TbR^*f;`!@ T Ԧl,׌A8-9Y·?IvqG:ğYDŽ&evv)F=AKtE(}KkRu*jY,a XuS r*xFQdԔr #;+EcX ԇJR4!7<__Wmr Kt( #=lMo0㮬O,ޢsiP'jqF,=Cl ڊ!+?v8I5U&J@:b\Wq9^]Yز} >4GuɃx K wAK_I0ѩ`˜70')W0Fߵvٓ\|Q =b(fOp@ʪDTRKjImp`t*mJ]AƇ(зj,tlaR^,@Ģ&EƫJf0 OǺ WrèS J %-CP/@41h|~#;i6K1  bԴMBn1a3O"r l>@^ZGfyc6Gy` r'zԄQJ+*C`g[n/G5B iɼ ش8EBO_S] LGG-+|mVz\? :7Vj*{QC^Է-uQ3_swΊgUp럗dF8~5SV c$$cE =28UTW?$ahRJpђ m-).091VuJi4 ^cU^m OXCٶu`,wdM/4YC³"B*ADoGc]cԋRԈC)pF3igWݑА `dYSຠ:`"Ƃ,{ &YЏv7WU:c8lb:;l2 !pjIIrA4S@Dwղr<C/=RK74h\s^;)TfJ];؏В4 k靾K9s˩KMd x"MFPDoꌚkKwL:$/ \1=.Q`zv|K7Y7E6]oz\7C6j8+94X 4#BbbNY<Tt,[%<fGY},)xe{7f's0 1P)>rićdXb41z׃*0Un sG{\ U=xwħ B(+?̐|n!d&z]@fh9^?,Ō 06ځ.XT YUowrf/˲9`[rUG4 ?׫.yLpYadzFV |Xdqfc1{,!_[QTB7z?VNm8$Dg~COκ3.Ӎdx ݏئ0R@m[ezߥե )nQ 'y#pN:F#0anƖC'M̈́TEڂ D+9h-:B+|q6^̉۟5Eµ1:Ϯuֳꦌ_BP}xy4K fy) 7at~~Zn)9?'Bk,˒Gѝ$:8?qu LT(rGTX==qdVGi*Q2Ygb  bDA)Z\cP>tB`SJ S^} Q?zw QtWƱxt;ݳMĠc5>WsGTx{.,OǤwI.6  efz/VS?{*ePN>xzöm x)jX&aRWQjIoK|sK!3q-$۹czsQS"c'#)ACIo)i<.Uv_ns]8z8K׫ oUtEO&Ab%YНX!›(υ QTr+gV3rd^e !κ^ھ]|0QCC NQwߝL3s )Pֿ=3:ӿ obfsz+ Iv}BsLC`dE !UW@kbm >)˂*?#>ZQ/l\/Au8jaruHg[VlՌ/,+P$Z?MX}v%2|bjX)H5w(m9.Eh,:;V&M!$ڋ)tؤ"&~޷+\O/#zK7T0ǙS?Jh:qr|*$DT'!vY"pdOVk S +A7f:Cc>9JC8h!!\ɨ!Guz-ܗ!灕UF{Lɦ߃b4 e c՛( /̶U\$1y7}OZy÷b2hvX״F; K9?ċ}[ll 7-껻feO%hcǯyN!KA;ζyB{~<$S]ш˧8*OKU;ԽgK˾rڊxWIGlnE*-H9~' Le_ߐ&$." I,فY&Zͥ6JӃBpk ֚GB)`mpo |hLh쪳SGӯA͟抃х+ "]Gl #K[+=9G=-ͪѴJ*/:EHFZ{?Xq6Q24Nz_%98e nvkBjFĴۤ[\sxv棂tcQ=Y3ޤ aM64vla z,z,iFbVi]ka2~A^uΛs+Aݍy!WzqAsaMJ;gs45 |[OK|U֬@u(?z~k9H:a7BE*yKwvcEr:nov|HșzYi"~WWT׾ɟPɶ6s+2-kZ76Z|"](SR:\~ ~-i]hf:u#\($ W  Q\,unIC7:{v:JId:Nɑ NDkh=ۍ(س_Zi z  v#.ͿTަj7PVbH*"xqȉ]ؠ|MB%XT`ˁPFELxo]-kj)uiתuz[4Z )1iUm :bi02~Nk~ΦVgdPHX,thQ cH;ً:8sɔޡ 2"r_q5Ɉ8eh6y/,$扳rkT/Í^"Hova#DM4Yy閑zZ40GmkPk'[,uQJ.q+rQ'PciR)_ܣJ2`OP ˋ6h{iq zwH=4:ﻢy 5&6(h@,^p§e3dӑ{ _)E}YKL2 :"\A:j+a>g]=N'O 8j;?Vk }WxْxJYe2|wtJ`gcqjz/j Ͼ&*L3νLSXk)7lڀ\YZ.֕XUat6fp!WZnmn4R{ Xo:>&=-r d\kjRz  kG{YD5o5SP Ʈ~t7<:/|9_C^HPQD<oUB(&:O|$"dU kG1͑Wݍ:}UYqVV,<jӃn5w:B`- IސP}o]jej نjO$Ṗ#| ŶHgh gm& Il}J7u 'dMV۹ʋ=Z3s5"DgtƚمzrjE|d56m/hk얝|'?+/ JuA"{bACTT+ ʤYGF>{z P"!Z}{?@Fkokh~97Vv?qI3&G?*JH \ml5ׅO@0s-$"&!8bda?gG8Hv9#K:+}J\PvDr>ڹ;=k^@gO U |2.f9bx}G[N=h'tjbfƽ*F:F p62gPR{k}'"ɻ#k|Œ_6*m$cץP$k^8UcC*mZ^r-.(+=M|r'-E$Ң'&C\4a`!'$ f۴7V գd'? .{@}@ &iZpVOCzw,q$"'ꤿ0nZbm4` hsH° QrZД!/Hn,8: 3#/њyWG1'su١tcKdat$cL!FHHY N[l"VƫFXe $~;B/&&. Ȯmd]U@ * ]ن [H1ܟ]R*^3oUvA^w_|Q[wT{v/6\׽?"1򹉳mU0;N$̆nOd;d=R[#g04*em B{ ϟ;}H _5S9写fa8 |ˏ5 s1(5F CŰ?2?/BuCpߎѹƉ$/#z m90s iK;F>MwiLWDRQ|miǁ6~'X+᯦U+5t"Al+UʄAPCGق]▫qWP"n~TVJH!0([T8"2-yHj֥CUa͞o`AsU啸D" k1B"dC&BrJF{ukآ^?AqBHbj⦩/p*Hp$f wx!F>wQZ7xˮ]3'rByM qyn! ]1!郴>+kWs/@=И8S1LCsHfT+W|HU?)!cYHmښ8-5,g6C{ zP˪扃灢}R:k?% Wt |@^!%YR`3V;P߿~njHD5E-lL^}L)`$ͺͭ%"~hvc)3}ё) m(ǶZXFE}=2~8kqH6G9 XcY~sS0$8O (E( lС=7QZCO4 &5b<h*^X.M2(O Zf 4wpJҺ=8(IdFo :rx*)hiuS%Vpw0ɠ!ߦνR(dQ.(u{ nI3S}#LGgv*rU\'(ߓF"'*+}/"/dֱw"*s|tF_ЉC)9~ت4IW^..]pS}W{oIGS z葚7HY`&h9nX>!.Q[<$ \f<}UL=NUK؄6O 2r}R& LC CS {8^GP^psM]j yc# F'aJbёnԿK?O=Ήq-N2:==Ȓʞ_TIx(HK~χq!.`bd=-*NB'\hF7\hYj5fk ^=OќGm k=P:bY8å>7Fj#BR*Gʏsk+4W98q34*L,eٯ-ty >6z1:(^8tݎ%Ԓ>ZQ<] 1?^:fZ8+28_ pO-F'ܳ7<~ËѪM*dbj)}R8i7m>0bɋ]:F9× 4˨aa1T 0襌U>ӄOz zB-I aA ٔlmekw#瑍Ƙ!irPkͷ`A3V$zݨ2nTn^JOy^[oȔ_ z?n9X'~-$ *ǥcIT"[b݁&4N+PKpw]0m,ۤuER!;;,jViiF[oׁ @ @oakvWlv ༅(]?Y>U,:2js" Wtwn"$g}Lwwu~műbJ4 tΔW5Uċz+]:w_#9Fި4@vܝF n.i1J j?{D0 \o+ o/ZZ5;D[>@&9f$CgW*IDk׎bfތN9bMwMqaI2@&}(P;`)ا Gmosڲ DBn۠8[7 Bx+S٨و*57qUDJz(i*?r%VrUBƛ@ j/~Y\ĵLi_#۩g*74(Υ[g6S:BU Kvھ+- 3DX "Vq@;b]Q_XYK.˚ƃmZ.C0Hn,0a 8OlܮhbP@Q$.eP/#+^/ g>h3I#(1f8,0&jvΡr&GEY1 ޅsTpͷJyy =[Khy v(ik0~lЫBTcxk)&bLzR9^õ!;*!/q 292$$v1) Q:! m`7+{^ ܜϮ6fPD17x4! p3L_U"'tya y : Ȅ 'U ca8Ci"VHBpxnjgUY:dN2/Dyr1KHA@ZBu,I1Y^H~iK ~Mojϳ5#B/Tp/9o!rQ&G.OyT[I)zlφZoJlTX`tƙ HtPV^;wCZo$;˹=$ҔI)4̱gQNksc/sOhfvXAF? NP}[|Gm *P%!;Pu1dN% /hY]VsL# _k$6\g/" `xiO6M[xZ<癏FÌz,1oJq CE< b@V޿fV^E"3J%DsQ)pGZxq*m֦) WQs{o卲f GP fuI%eoV݇>FO5ubgWMt>7yï ߰ PYO==7Dtz0y=(404/91!0h4&sVS26@XLt{hPۙzqd0p[йk@} <_BTB:GѪ]k+Tb*++_w6&k] %ܻ-œG]m[9x&HW8mUZsO p=@ZjTB/E0Z0؅4΃ISΎ[F)qLY hݤf;$@q/xa|/ ̗Me{=)^ΜtGhPzBEW{OszP~5"tw'3)>U-y@$o2ދ/_XVys1Qϗݷ,԰LAvWw6m0u³laTM)OJz\m\5d̼Q8 0'sf7IńSSz=pؤE(Ji ;67}~{&/"3_O!'`%1pўkMP싊'S_@f7[!((j[;YB15:5.½|)YlO,Sn./-Chbru2Z#mQcx8Lv3OGs&'CSUXԥl t$OқfW IOD׎"lGѕZZ<4 IAeP>Ug ̎a%%⪍ w;\Ėu ]6+" F !EA"P\_w Dp[2YϹ"[WD> 09O9Lpt9:&UWU93Z+u;y#Fe(;T@oNMcK6Ez"Xvn.1Dl2 C(Z1+)lL߾nN40RP,e)# EeTU|c0gn92Px)_lZPv۳>(s$z\hd9̊/Pdh`6yH(v-sq^8y4m[ aw<:29Xds8t  =8"woBrqzD>WEy˟}!*%-]?&"ȩ?R ^ڰ\I AReTI(#l:$.z?_RVX{? p>AH';瑷V}kk\lb.1'+`SY,GNPrhk)D g]ެH 曚W`AF{q)_ɞmЁbcpBBHF ҵIˮv殀=q/<'%;ht5O }ȉjnk6H,>\ab9^r4YҚQ_jlFqU.TX d1k 0~}9_]yZN(IM+vXCf61{rrmK\8oGSV1iMo{no/6&#57G88H݊jwe*:mgzqGȹ|<ɑ)2MO꬇I9m $Pk;@$j-Y{%4lZpW,G@ʨ)w߸Xovǫ\s9\U~l<)=-$ŌFvNg&TR' ^A`! XyhGO2-t\R}'<"s%)~J"YZ/зSFљBsK K^P:u:~L)r4UW`T2@OLyҕ(CQwjfҎ"(eHԡ=N{5]!_@| ]cs$i4 4Zŭ!BMjD+CyeGrc=n{& Dz CSL)0i":{(6?W B2s{[W~=kX"z vto f{\n1jS*'pjaE;M KqnQ4kFG2r $^kͱ(G,q KZη@F0a߈^&Z[m(Ҡ?JN4Ξk YWsr:k1g"Z@S8dX*|#P45+œ-Jh՞WCE ,iyU|;-B~Fj_DiǾmƉ6p+\\[c;96P`R\S/L ^qN7*f6A8Lh,3_pZ] &|[eZB_3e܍6jHcRJ'$hdSt?z')səDzӯ\īd8oxEf߮4N)'2= F!;@D01Es[.0. ~/Bxw)T~'3m(.Py*۷" Rm_Em[1q]~"|2L|B3ji›4eX#Dy,R3p 9v*feOjxfϥRTe/uXfBb]Z}AwuL愗 rg 'Nyrc4CO&4ƨJq6XiŜT?G7%(S]yifD*n}?FAg[ˇ ݦ Fܥ& E22+Q)/n u?6-BjR&>){O%ޠ+v3Mkiv$ngUL=WXrIWzAH[+- WV1]̦@; BDvH!\DtesU.(YdFI;AfnA~69` -] JbwKETZ!hwFG]PVU{eYG4@ODpl\%8Ӳdo>wd \ec|R6 Z4?m*=\.s!$QT(u(!)ک"ja)į5Zϗ9(8I+0lgg"h,JDttI /;_yZjC1 2.D7X5Z^h@.e7̌/,; K.mGf>ihN!|%C<)X2j;H)&z ʁSo j.iVVΙpgEiIYha^E[e.| UӤ>rS# kw0̻Yb)=$g̽l C?X} Q_80@ uQ>ɷbX[RSKcƻH5E9Ď֜]urIu=UyNXxλ2v|~OYKZԘ-uc~]ALR=$NCY8 iuG۟UdL֦:4`ǺY sn,\5ߩ"`OƞX[Ҝ.jsc<@^">cKB䜒TWR ra4:WY7loˏ}K5 bvkg"$/ңoqg,lj!E"ꊼ|T})?Wn\JgW,rekP߹`cWnzk x>*` bhG{gBL_&VIv9߸R2堨IE:dRhxPRv"ymnrJbz  sv"y,̻*6W[܌~(( FkdNd3\B!`n/%@q Ie8Dw 0'z[(fQ>>=ߚ޶-kLN[S[MQK¥o<ۗxG:ˤ+3 %{n*!Y%ԃ'Wx*_0NivE2Q?Jc#xlp5[)Hpkyd#޿|ћeE_OsfIcȉ9ڶi cZ=/&_`|Qᮞxo<5xnsA+C[M4d udfpgO}BY$J(-(zc#`Ne0!̡hK4y“H>95vBN uNyILKB֙-ebԝڧnϤ]<91œɸԖq"G]AmjhPg.?z#7 sGkmR {u;(a2Ӝ_X[{wim9.ϒ*Xx`6@i3=,b+2 fP`+[S*LDf{,1d=k҄tFUюXu]?컀腗 ]?܉ۧu}Ԟ Wۻg* ԚL(w&&ˎ8Ƶ9|y8,Lvm&`4zT#څ2~u3(D@pÎ_@9kW̛L { Ŋ[Yh;D_eKbA-Q*fѸ(%p.5K!MT].']CnVjn) #LPuB€So&W^M8iQ|V'DqnL5uV{cm=f҄L[JǶ [ѭ7(Q_Х[Ҕ3-]s'Y%:NīeOI??WDuE?AB9:^ǝ܌ (aPxMxx:q?pV% )WHҪ3gZ"b\Fb3z [==FjB%g,/-0 `} Jԑh^'$L*Q\ L$16W6(K^7g>enxJyUhj[Hrw9'!+!m@-YѳFc Plf )&r;C=?X6}`P| @~T`9Ts ֈqo0b)?_K9.]a,,7η'pvY8֥&a/wG~uC5%yO ԗm$n!7v 9M60v[tj+L('K^i3)D!|_nlu!ԺS*89+=-}K껮GNg(s\܇pq z\+6$Iα L ~V"$0 tc=QGŭ82!r~sn(mőg"!H_)`6`Q-Ca{N7R AezW,YyMk?g|L˂\|J2+| Bj8YO]oA qt$?y N|>?2-nsM6CX%rBǹ6?Zu4mwD?a¾\ƙ@y|p*)AUjqm'>  ,Üu&*9{ b 2Q"/)e+Xx 2,$Ʊst D jFr^lCl7jfE]иP07Qx3B6Oħ(٬Qç*=r*WΖJ-g:.ڛR5`s=GfOG(̦u~XM_[#DCVN]=Ή ׾:2PAjzWk9P&LnWBs ӮOk vmڣήHɳZ/37<s7֜c;?aeMSKTy yݔzobgaOU8O崪Qfj+',nB5 Axk >j}"H nxXأ EϹ={_߸@qz~2݈ |љS5w )QއחRJM%Є߄o UR!?09nib#^Kj*` F:iui&0Np&{ úf|B2ł:1{37-Oh`S_jvjD>)KTJ*ŶF.Y /Czq$Kk S:Y0Gq?k~9Q 1Oکy~W񃍖}:_NPS>V>ǖ6\=c~ro1+9QY&iZ.PA$oM*om7}Pm?aM8e {J[qLlyI:!Z]3A'ZOLzatT_;TWژ)KSc4{2BK8L{RJ8p)m PIl9_2vQx[um;bZw&M_,HDpvh(+A7(Zu_2tʃ" Xt@Y"WA5W'ZlY[3 *śe2N>C0iqIh&OٺXB-=VNT́}`"Wux$B_Qs s*qf-=,= i)hpiEt'nƒ=&_ur]8qMXj%传uFy7='F%guu'(L0Ē_6*c(&!!Jvf%Jn;iÉ+l3VV Qx]<)R7C1gqV ,5,Un +" /dy@ YI.& Oy`\HWhc56zb5YWzUr۶ eؾ(JBUpҫ4aώW67wcbh&:jbfϦ#<c>$DWw@lhlbiduQRTT;6udtp_H 8fc4}A3A X!BQ]Per"maf6=c3&nd3QVB9 I:+~Z()w131ô8{$V @ 96WEyVtсm yZQF@ehr{A#i)l p@e{ٿBQ 3Ȧg.! 3Ty5Y-AG2]ȍMR Ls'ҺgvOVߡzݛ\90`хw&8JjEgeRZ[.gOr2VBYO +YV9v|Q&ΠRԙO?8Gx.Qmå푂.L~%oA9$Y,jˍkd9vY/{!C3hP[Xd)6[mHe[MS"dk*/7< \E.nuα>gt>W nyON~g'81zٶzQ|}ċdPVtAKt>*&GN}`H #JIq1Mi3/eAAI/]O͡k 7ѥNW8LƇBZ"8}X Q"hgbgY1{ ?o3Z2 \,@ͪކ7Ibi).qx(4mG>: 竵ۇ-Om ^ LkFÓ=iAmP賉jm%N*hNI7C {V `~f"4b~b{:Fx)K)H9vϐ WN|9>zCm2yDR&m dd$k>us)N6d6 "uH̜ݻ7O)bJ *ZeO{4FDOO{?["*>4;+{~s67xܕ|N/+$~feJ%,d!{z+~?t3RӴC!f9,BT*M0BDS!OiƯъDbaF1=4]N̴ܶX]t9gO*$m%v6Aa*aW|MuЌi=dc}?J_ֺW:eweBR2|&w!_x>r)(OBuVB h8rN$]E 0_? o^ KKB`~_#W$[|˲aÁ7ns%J*l/ΑF|LILdGmj-~eZ reO%Wy=hh_dC*S{8xG߀A?JqzFq*ՔwWLߙv i^yeN6SSoe|vc(ރZޤU>OCsǿB.`FZD3@hf oݶnCEΈ+pg[BIi 'Ya)?sr֛4G}VDQ/9Y]Ra1=f.q*= prmW6>dAo<tq$xIDS-~PBq|B{-![fMirtI`);@Wx0WHc*:0i۩؏ ^)tP2zZj2 [yCk8y׈Q- Y^LĦ3w#^$+ ^+ΎL雏3LLP%WSMzـ+`J% ‡z1_sąsOrȏPNՉ76%1sux8,'LQj3e2O#jEك\MCNy3AJ.Ȅ7ɠM/#KI;8;~lÞ ws.oTM|$xEk&{eJɰGj[kjh*k ODMV^-iT`Hq~8$MCfFyKtMi;ePmeHў1VFN WlӶKi%w}:T-betWq1eRq(,2뱨e{bAG]ХAA7mW?Ŷ(8X \Kqn dL ~2?(XFIA+(A{,@X"&R_~ ,%;ﮕr^VoV uܭDV,PJg}]J3ʁOƳű/}GvHF)$RSϑ@h;D}8H:%>-yAk6< f59ˎf`*CⲍUz$3 -cxWIAΥE,fX!ڽ)ߝYO,ш m_%co|rLZ߹ B6[:2s#Z5c+/mmF PI᭜xb ._{S6hX\1j|A:p,w7vmD7jO%W+w'GDCģ/y(AD={*A.JS2q6e>+GFmr&Ƀ*!7 -bo1_Ti@qAim4 dp$Gj(9AEsV1 ӰAέWlTZ,8ffo]m1qz$-1eg,"< Lr uڌF,sVk<~>w: tk7Xc.l_\gyNDz /2E5!/_b$&җJ*tK p遲ψQDS̨ ZnȮyv]Rև$œs@ \S[r۱Lf-V.9%c'\U "9 Eyr3|ls+/Au; de*&&]E+PX8RӸ4U'HLdjrU5wg^am-YwUe/c!EBR77tuߵ6%M43~nQάN.g8\Xu'bYǸs.:+dłh5.7`(r=XV4eHc `"cێϘCYҕvD$C蔂j_ b)7Iw˳Sɂj[lXŤt ۆ?6`dn`/ک@i_E:_s,kF>apFV\ 9)0-j<7}[L6NrY _lLH \?@ds&F٤0IA)NBJq߲yZB6pfϷ3ZP;Fgw|Ў=8X P4OsR1 C2Ir3cϨtMW$uI"(5zo_SjN <Mx JH9yvږǎj G釽0q~^ڣ{Ba("]wf)r9l(0,CU,Β<͙h4_@ʷa'3J>xq0Ԭ0Dc1VA,GѮAI3%/&܅<# Rb[W 9'4k?n}W(Ed~xsR0rijM[SXxQ(]{_ : Ἴhqv䉑齠١ ݌Ip#dF?hZy Azoj;fD .T۴B}!P֙T Pl[ qeWj }%ē qFA7\jW z#oNH~^yMFD^q98X!ZfN^"&N+$^~#ͿW`@5@2];}QR;>)-v/n/S*<%f -'q>gH櫓8LAk4J4XaQy4|`zHb)~7mdlV 4 ++0F4B`Q;.U;Fh@Hu_ ΋}ydZkݹդw ݑu $)~#Z8A?0 )>f9dPU#[Q;*wmIrg ªQ ٿtC@A咾W 'cQx HoYI>ذeU91?EzW6m 9տ o\r(xM; pFX _mPWoCJytta<ǾO^Ⱦ$@ٚA iNW(+lj'ѐp]d>|4-\p[Go }0|y YhN֦9\g  UfVv2a11ĥoϵe_pI0 TDe]0^]^pV@_@BV9ex 2j\$;^g?A4Ro! Y 2ڦG#T6塳ؘ(U H0da5+T+;_I`pm:KvG,$'[Bh5 T{e +i sx=p-&(6#Z~< fœ.Q,u?XtoЖ ͚XՌ14;D xMm[ֱMdŚWqܹ{ո#p#Ah2;k/{n=$/e Z;7TguF9/y_3p0@\^o*ե,3A_[G-7b]u;i d8_<TLѨ8;y2-DRP$Ey]"Ͻ>Jh%_WļgB2QS$t5l(319ܠe7{!@=;W\wA Ka`[7 ɐO`}$F/*Q<2>y;Q#%L&I0~$Na Cz, !/O* Ohmm@2o~B}n⤰w\NBC᭘8g5DpĞ\B1}hNiE32A:OSL<4hMZcLX@<XY(f $1#$X]ezr"*pDB׊-'(%H4ٯ /-)5lG(6,^1E=8u}yMp[sN#wGJr+#~Wi zDQkÿݖJGp }̈́ KT*Uԉ]b[/yܯ`M;xy$NM%fl3"1OLLǃN9LUaLZ%eKfRmXHGز8{=5A8qNswPM>%<V!QO xnu<B$.M0< b3}3Зs$Ω NTu큫n3a*pnK?(/dWА v帪Wr ۱:4O`+@P5QЇ >^ΈYě d8AjwDA,B%LR12 5,ɋȵyr4 ^đs@~kzGrX?`8 }YxH-n 8w#NtAU+mw)رFhm]["߯zEH(rNOBQȼUrϋ)L>^cXnZ@ؔHAgnO"<_"ߝEr&:뙋to=|9@nϕXj@Jq >:PC#u^ب7ie}^5H+qoP]]c}@v<ϓH_aѮI2g&:3NBszG-omPWmR6POkJ{|sp/$m3Ē4ɋ-aJg &kNUul8gE\x,pWc> 1y 쐍1q pA%~D,ƚOnħAqA%#ΚrotzT|pUȭ6o_`%GZE1T"_sS;Ʀ|(-˽̻XJrW>}52D3[.=hSjSЉXXCӲ>5'n`^ g*VٝsI92@3O&q.r*"ًfQu94f 󬳰u9/HeD~/l^(NQ͍;zdʞl7ezwB+{t>;bmi,e2"Eޖv%"x0T)8 rI9u/K+@8Y>G:wO)x?/FP#š8cG|wf.>BM.G,q-Zj6p]oD{)hՄΓ6CJX/T֫Ư^3(#Ȓ2 bBBMiPѦsUY"ݐ QR(+ɍ1eugR<fp*7i{V7zk rٖCn#R`'ɶh1HN*@6`g6г袖9P~6n,*UXHA-/ϱ#.O&D]S+ ڥÿswGVI"3oC7]`CזQo?!l 'E4~=a<8[t6-c=Lj eXj%["؜(DO]%OtP_96ZW)gLFӻꘝA"fд40Z`fRTک/@0k(ZY]wX"t닦}vAdL Sn+{;H>1HVzE\T O25){ =/dg`nWϽJcHoĥ}SmĹ=ˋOuĨHm R= d90R27+8W}!*T~XS,b+ .0$P]T({Pe;_i;G=e&^i3AdPPsXKљ*WQ3G1Dl 1L# ]!P_Dd~G &TϧS $yٻF$i.L̊)\;fPE2vlJ9[{JcUJM_{Yxݵr1 Q rn9{` Kmwa6aڂ[pb#ZOQz&mv*TԳr_  ̡7Lo{$- 4"!qMڇqƋo?p^V` 봛txDG̈́O7e "h1"Cl ń3Uc1މCx+u>6.m"ۆX֔@_qוؚGR턔f۠PҞ`h L$=I+跭Ux<6cyX !Āt"tp;_^|ʧ?/9q"U|߱{ u\/w{{ȕ7-gTP`Ahzw;Qu9ғTԗ֍I܀Qk)"At.j|'g0YVF^T/ A Ӫkmp̙^"rh/ze ̙%.ij߉1Ct%9RYH;XO1åe8nFa]j5r$%&lj2زŵnAij[bGn]f"Tvڟ܁;4t9u|#z%iATKnRxJ!,ؼΟ%I*qwɈ.&:6>~ 9pQ\X b(fNa;z &M/8+[@m&!2 C2TlUԘ-{w/hBVf;'l3Ibr 55)Ň??YL9CNM°*FܜtDنAl9t'ie ʺjV-߰_ Vl\ݸSս鞉K.Y)>?4'K5c!^ia~qoiiawOm m׾w"V{ߋ"Ou3( u2tQ-=sQԛ{b //YjѴ|xHROp䆋 ~Os&,Bt"B `@wvƁkLyXk昳qMvx^x+oz%$B.'5ȍh2K12jkQkN.FH 0}z#_%?fye#60}kfEK>*=M0XNIr+j[W (=ybaʔ˛k҈8Tt.`e2P2Fnߐ?fxQPUPfo$Yůcmp%\ҸN~#@Ԃ;ց|Ovھ|pɔQ;!DdͰ\I$2Dh|þr{UmG W<][.H*z*LJH gVЏvːx*v ~t#`M݃fh=/tmToIpM1zF9肃gTAG &d6loH g&5xǎh <'kPf2}t'8HToԢFIw3<7gNA<$NSՋzeuI(A^f́=3m(}#\=L;v1-J q bnn:„> \rc>%̱3ںv@A4H0jTmJy 0:5*zXwViE\O+?m?{sF M!`InҀ[=c1zIF)cVR>ԹfHSJS<"5Ԥ8ɈYA,).ɑ:d-Z)irD߉n:|+NLlp}z,IK|n&LG'kv(K?Ic兌ntpC'FLmtD]=!&& a_'iIWΚ[4`xfM)#}N|.s1ǣa3 Ո-RTtk„ZL1o[ Y-5vsp`40}Ь :j3|Sg[~کsT*L_9O@Md:S ]dFGՖ^Vag6{={i-6:k E%FD_XZF JpxHg:{'J`Kެ@&8sC7C/ d JgB| WFKkw yRE"˨#;Yߟ*_ !,5;Vf6KDSX$*8,!nUZŀΚ>4~ӾX}_.OR#q!21keZ r*~شُԇeZ ̴s` AwqsS>#qsY^cQD'ذ,dJL@SPR#6\sW_WLNM!w&#ɮŭjVϧ[iZy w #Gb|-bPb] ]tfN%Ah zwThs[*sIMGK$3:<0.mL@!Mo){N ?ee+E#dG6V?sQc.PSҭ V'LC]u~(qMRoF; ^'%q=۫a$KW2>Ѱα2&#'EϼZm*8VbPovo E}Ш&S0m^} /P ]-`5f~L 3^XQOy ߡjStAşƳyee~XIG0*5)֒Lx3,ШFr~e z SHK%xeF9#u}/*9hEz.͆I#:@h-׾SGSlzkmBx?vg nLqߊ!f:^uALpPQud+"~:AcEpBUϧs}C|G{q!qp9ExiBw$/Nsr/Y~,2ڼ <~7ڣn |W8%qDU: ¤?GQl{t$᧣3-* [r R"(c dngv5*.UThVꏐfL\aKOxSs, uM2ӛwr=?fpNBilu1x&3ab{J3$tZV "yD0p!/7ׄq:/i7-[$- Ze`ᕝ91ߟDHW$ZQt،ή'{Ԯ-ZvlØ^|,Z|V_/)@9M׿ Aנwֳ!*qQMM΃^'e褳;+-a舮m-[=Dl YY?4v>wnTdFڅ|/+fpbxFMnNԁL7miS)zWrrmQ9 & UigF&x;96J.y%:;#@8P'4垇uv7 2Cd3&FC4Z5_}"ׯ*aģ~Ou~PIb_K,D* <1VŘ-UX>y >hmouI,r_Mvn˚Q g3c%DQ`\_ZsfcK!UM5uᵴ♔கnD@y @pypap*!?Oo[ه:Sc݂z\PEeB3?A6癎d9ZnYxc C}05W Jm @D<#х Av=v D}uu[6s[wMi֣HṔk_/ zySlrFg?iMa˹HZnxTC#f D.?$ׯ5H#FԽdb lW0"g.H*2S4frV4sV6| r~32SNfl v֕ AnKKEz]H7F>paTd2k-G@S oDx;;ǁ~R 8ڗ*NY| zΆGoY O_ڲzp>-THtf v- 9{7(w8D9FsU?a .;ȾJ8FJXf:[a̅B?ǝY=EA}zRl?t93\j% ʇ1M|B{i$bW^@Fں¢]CRݏ[Ipm5:eM35T7goP)>˻C+֓`mxj$ָ eIk Ce`lt͏|yU7wx s^ҘcoYQbt7Fn"1qoW߉.N &GF͓PUe~6P&`諦]Da(>)s6qDC{ܜVSc)^]U-[<"H2sY+ 1kٝǨK9n%b8T>6Zڵ6j$cRTx۞_ x-|ܶΔzfE1M1ۃ2s hvrIEQ4۾z[9 W@pij0}cB׃ [k)Z{I쇽=+{@Sp=!n`8cp"}'JxRt:0I;fRAqϡD%c{U8Ankl>w4[A-hy|ǭ'?.Q̄Wӹxh굏woF؍G]+B)e w>`_4Hże$굲V_Ul\ipe'F:?sYfg.}?%|B NN͡B8RxWu43k"K"\h GXIe]$bmFd[Ps'i=1*^i2\dOE3ӮRsW"Ќ)۪ cOjrq2(Glɯ) oiwn'vZMHEȒUtXYb~+sEY],=%2^p4SQnF- Bz`%U*Va;A,5a[%՗]p+c1c_d&Յ|uڸ 2&<\KhynsFJqWSaL"ؙĞRY'TEUzĄ D D֙m*eͲX,2&8&WLJۡq*8oGws@ 8]J zn흖,P ~vjϔx?<ŏO繠81uB)z^Sč4鴱AԸ9czCAF h&y T x^ɑڏx4\Zd* &WVhM*E3Nܮ -rx ejNWL(8F "д]}# DIBqo))_#yZi'XzkjO7h$?d,]BxTbDU-//ok\ҫw JYM"3K&ܹo2t䘜En@9|wH`߯NARʖuc.ikϊ[Bk"jxcy*j9z1mkSΊ.cY!ɷ3A=B,Ҫ g:G^HwV}I|&92)Ɲl8\0pw.c ]Xn[&-Whm-=l= &cY陭ҹK=~g (-nr9F[Al/G6.ITN7>Zw-,ht%K FyW0x"Afgt+}\**{} wD qޔۂ{ޙYق> f'S'q ]YgrQ<Fu{"Nkwߣ1%l\В0V=ӸK؞bomKI!WťV[/<bEуe"tts|}ծmd4 I3$.({T?̴u;g*f n9V 8'ϱ4M+I#NQ8/Ǐ /$E:!ѧt>G&jء䆄 u҅DK&Rsg_4)/r.NLoGUf^[8:yzL|ր{eWɆOI+;r#0ʫ[[ q˲ܹȡR8A1@i*FzܣFgJ ՘*sMBL(?o{~9p"r0zn (H{;a)q`7v|-j4/!e^\1HyBCn=й {¬R{in`xWA2@7}_MfS^g9Ҟoʣ]&d#*Cd|{V//LOwLhBOӬ@_?CA <نof=>8) ~R57 Ec$dAA@1At(c΀<?נsMޏjL\ꈯStJy s%i?ۛ;JGӷ)Fs\h\{GW2/ 8[HSM6WfZ sl6 yz '؞%!V פ@h ZJU_6^j J.rnÑ10Gt Ծ?H^W|kǓEۆgRz53V]ydi 7zVˏJQಉ!Se\w˩~Tu i\@B;F #yq+>8SBFh ; Ha/jAAǹod5%P-6}Ӧx eBԵTiuzhBrHH0SлM~Ҡ_NAK !QAc)55#=}kciOcOxؕ0GF3zI|ݰ 0W՞ٮVb T ?FrK,7av%<:,*fӤg$$]7pz 賁C5=*fP_#,KTJ!/ 7U`L!pH'ÚxWy"@w}S{Ȱ%U*/l, o bii p{H٨>޾5[ C ʱf#.kHD %J--qxԳ~~N8G0,0{dSVBt/%bkǴ6}:1J^{ FHNXYl}'!8]eWO4L۔=a]dQlL`@_OZϥX?=5|Al'7C kbvNO_ۨjԡu7ǔqMYBH,06s;v-?-`urXOGSj{HMی˧^ޖCRkߨ} lsp%VvxVb'ump|h+>N1¨Tt,崃?5(y{T1>,nΠT90 KS&s݃8tA:և^b&g H_ۃa G={]c"G*顰w%` I$ يl3My ^6M#g|(⚛;dYUnvlo YyPڛ>KX4wBN<4e%=8t1 1 )WHvj(7&kHXQY6Jn&k,l׫O@X8$\ZN<1bRh;˯tʼoUq_^.Em9T7눃9YgB~T|  KzNZ8 fg^YUuXM'L4N)j2y8̡)k S:PHO~Nut5(|l=L &+I>`lLv:-*&Eo;!|rC iUpp7s f"ldPq3 2᭒n.7/g󷇆Y*=f2zafaΡ!+P-h])L+)Rk'c6BL_Yy1׫zT2x +TջRnԲIM Ƴ&_Mj▲ߊ6Y3cާZAh˶{uV9(.C'hLzѱR /,Z,N0,BɧvT?nDAz] kKtt;5׀@v>r{؃X =|U3R騲@8c N~U2 Ajm/ս:r`|գj/jRIZ77S!c,i!mY@eb`͸1{(Z09sgH"-.>lg57cEuV^Q ,>QZʘȨ1^8JEe~A(\i R$ܜOUs0rR[)f]t&UMLѲ҃1Qw^ŭy"j Gd]`1L 0NOTMVyl[m3kN/tNQ̡jal`t 8 Nwfc_y1¶ު߼j w>efIs+?,&kD{wdҫfAUś}g>gM5׶~׍xo*!L2yKsʹJ.u.2Mם2= w_".~'3NBZ&oXD x(1K85\}ѭi>>c<.;L!]z}}e :wT6pQ4._ *f2ւe,˞MZ42?3 {vBֺ$D'8@?[TZ_id4lq!نjd2Q,F2[3N:@bW|eK{Os$d6 H|yx5rWkQX٘^Wɞ?AyDY-Dh's7DyMGԅp HfRyھ~%jIUPڍІAWVb%Stu4gsdSZ/z7eIcZ`i" 0.]ԟd!Z5q@(f<(+%SS*~ vߚ~F^ނsnw@d(f9lE]y/ޡCdrr$~9e1S(R&9'~{uj0M9,bUcyG#AH,(a!ok^@cLyWB2KPfyJM F?\1B?/`'tR}/Ú+0UUK-wwLjfJpf;;?Qq:2KKCF D3o{A_v;L 'p bWBps#w]J.,ȎsXnq1f%[]*hs笴ɏ^L}h6jKpB"xY #TG}ؼaLᴵJڂ70Nj|}~*DK[mJ!M.<-5/o.]dYkTC{2`?P ~[J綧Tӑ3(_@%>&IKz t=o`*XG)e O'^!>*fd.S#j/+"ixȴ_7xc*0+G۾.O_72x0*N2nJ( sJ&ɯvc# 7|ԢFDdZԢ27F6Cءy:D9NP)g4N(.'/ `YIU1\ bEIgd]t Ԙ11SG HWVI{GW c3׻gD6I[MaBթ+*Do zmuE?bM vJҿ{,?[E(+7H?DVſHBnW)۵-Z6sHKۺ+ \bb#v$ N:vo%dn봳x..}R&A_M]]Z0>6Ci#+=~73 t}bhxɣՑcII);lzܞ`<;)i_6woEGGuLXěߕWܣYT (iG˶7bTZ~S@ؓE>ybAn ~<# ]~aN%Pv1!#A.b_*F,xH̼Inɏt t7 IVϑy2[~M SIH AdŨFsD( 0|6T[4=\ؤ\]Q yf% 5yc{ Z_vc%.-tTZ{2:ho(qU%˄š-[:@a(0 E%}iZBG቉תAQoL2<;s}l}(yXV1?szh^/dI%FβZŠx&rhUs- 0acnN6G$Olt{[S(m\x׀kI@SA9sT,d[1b'N^^'o3 [β88R`Յ-~,搖o ZȽ N~>Vd> z2n'":|z *Fqm,9|fƅk8~=  +7 tUȱ; /? !Cn P1=v} 5STrPb 8em 12nڪ"Ohӽzv_лgCa>%|.sn9vOF1*m(];~ J!K! &чɲI# `"5*SNF{F{*Bp-6LhP=PR|Pg)i>!R'Ԝ A^-Lnm `j׃XGr"^+} B3]ʇ P| @_[ڐ.+NgE잤[l5i`]% _MYDTQ%0'C8Id+t.rm4e7I9**-S TAKqU+>iUBi!7+ $ZodJ Q>qmh 5/jL.waN`oWo"exBTF`N}h,$2Nk-*SWDX)*Rep5t ׬T4Wg//UëH +):e-Z!O I2n :?cvSUCř[/& o\TH%}I&*iS ځ8Gq*~ M v?E̵T(,Z*zC/Ga>kql)0+.CR5=O[Ry^8DrZJƎG0+%;Xӹ:*#[^opTn;=|}Z]A<ǰ9l IA *H;8F J(ijӍ7hm&>jCոnδBWv.\VBGR'\Z*** ' 4jx֋=)gQYp0=aBKWNX-{TЯج.Z<i;ny| C$yhwbCORM2Jn&ǪOJ=Bgy|Nqj2LASh>@y"݉ytk ءP;jcAĻ{A".WÎQfK)KxΘ)>$SM:t@yiM~deNFvjVfWo=|دYt$mpg E. mMANKS)X hzvGF~bX2>AnÄ`}:xgYEn^Q%=uąݛ-/59a-{bYlcNP^eAsI`cs`P8Ȟ1vAm; 7vuYo~r0f3$u\ S#yѵߡ_z 4#}KQLcX`C' `X3<֪$Ͳ+-YP8&EGg#I㸔? ?uhd[מ+9Yhhv|hRgs`H:(oʚVuUr?,?FGa$E H":J(ˉzUyIbHs~4'i4,1wC6,/}<[KecО67If ^H'tc&}j#@s&'ru?8b&_ @3+\@42:rIMgs,aW\*I ˇ/ aS^oba[f{Pt]U2x]NگV>(kWẐPk1#%T-YpMR,Dza =21 /+Ym߿%B2E X 0O_GׅdpjX;\iZi^WvC$:C \$Mo*\~ %JjO$vz]̣v 5q VجZj* aV9fwBtU:?kz8>7m4ǟԬo qkNiSbzPZ,~f,/OQkldDM.-ro뎀LƷ9| ̦Z/Y dZQMjɄEViKhL%^j H0e*Ne{4,>gqp&Tr). (QeJK)l@JeWqvQzzg5zEn }ZĚq._g?F@>N5*_Wu=62 l*רlebQخŶ^`ǀòjA^ Vz`(M0MP K%lݚn It§x_Ni?V 0y=G) h˻;Ӝn}?Crr¢ @$Um;!$oF4D.;-Ic`d{>+57Y|&M-bptb :kO9=Կ]8f>l-`Mv.->R/ >fM.*Q> :^Y\*1Y¤)M5Ƕ$\6]`[*e2[hρ0Tas5ᯝiAh"$`y.ҡ"kZ!{ }pk8%%eZDKuՃ(%J/XC, /W;Z6" QdZ 77k6/AF廳R ]+E4,rmScʋ8@w8NiyGoup]!:KF`p{qNbmuZ 0N T{;F.2m.D.FLιa#߈gݎ,'Ikixɒ GT "zFQE,U0"M[B!1*NbTrtBjBA. . w4Ǟ0puQY(/,pǼ^ Le;NA*"[(IF]L_{ :}U s2;5ݝ6BET4ʜ-GG-}zxm@-W>[6|pRy}%#)ԅK5fC#0zx>h RfDG{~tė%c|]; X0U]gs9nhe""W!3̲lWOc&c5Z ~1K{/4n_Fyy8^̟R&cE`Da'I, s+wNYW;Z}0kv+<b#Ɣt}OgOzs4[j.\ie6nusi^dER3s}⚁k(S 0Wc=&m=8ʐ $P&ʞy+?zÆ~$)PjDŽU!|c( 7" 2im iaE,- =LaX,%b_*j,/>&_o4ez;}>lk;d/ɻi.Bp흤j 01Ps2QʎJZ5$mKm A& 98P)6M%v<]NcTFNP7ZԋłENtlӌؽ<<O,|v#;Sz.&#P֢2OIaL=,n.qzHo{=;RDʒ/S p5F oTo:"<Ī.(d5䧙\.AB5Z2 1 -K`cRwƄ `}lNdrrM=san I=ȘOflE8=2\J5&@jeނ]) c QȓYQ0髁Bֿї G- 4* }=OzyȚ( p/OlJ@: {z3$v罜YӨ>hO4t9>} 4ZSzO[8*2o4~v@K!!TDAf`[ 1qNo@OnQnKOTϼeY8WE!dR;x~JDvxrx>@7sY8zo&,DC06 alzeD/ >'650 uW򜋛/zúHq}`wy5@|ТKxwG-3̋_5Fsϕj F#7/%_YJ!mc9X?E1&o^]8$>v<֜ferD"! rV&'trkHeO] IEZG݃KوQ}.t$+o"/>ԭ=ky̾ܓ~ &ΜRdcήlNqG ƕ09GE?nzծQ's^U&pRe!U5ˠs-2]Ub!X"u}S@v #gG)#0I¨d.V A ,tBmNXs X9h&p!Ho0;)~:hjMaΌ;BhaV0)W'%Lj[q pKH}5_d pIhuX.=@rjGR3K" nB&*>3 eӜ?Fil3&y]MSt ~щpF17[9 s#$i ӕlѡ04Jz-eD00١GC%]䁯 1#|ѐtB VHA .R3b:EU7;D+;Lg+B}!G4,Mɟ7vs8v6- zP S3uYkK]kٖ &1E@$%lFb,_/&<0BP87v89$}W-8Y>ݣߛjf'$ެ "Z[44V,ҥ5s7Vll;kCQ˨Ͼe'GL|v"Oo&p&+K|V*Q Jq+el-oT~HtUz Yd/Kk`:")MAG^S2{13g)Qk6 0- іJu6[d D%ƲG,e" 9I9[J"(҅,L@ CgmD~<e/`ؖO֫%e=wA?ܑX=SEӋ6ùhϬF$s]**}5)(גb耡#Ivx\Y/H+:KUY\^˵Nˆ#3ؐ7B?{0'a aDum.M +b Inzc%8s+ xn,A8 #DZR\UE0*4Aw1E0jXțƐ/8m4|(o^yt"kv\aB85ܙL0E{ف߲^_6{(΄Z^u ]J+ql-Y j7Ηl%eHu]!JUI` 6ҕ#3s[[ |;9ux%ϗ+b" *aij3O+5y|ؿF$5#+S*L&^^1^7Bּטƛɮƙ[ܽ|JM[g`e!NVK@^>kHfYv=Q { ^Ύf9FѲ* x^4ķCb-m\]ٍ G$ik)yv1á+'.d-#.={ɑ;]Hi#m͛41Q_r֛O%].2R N^eGdzA }"Qjل/EajP4=(__*,A6kRvs J-w!D?xvgH0&0 `g%I4:{@oti0ȀGV] M5|(4=tUѼ&򶚿 O}odk24_ F&" !T[p40KծBk/!o+n۬kz.R2z΁K^V?#o?QpW^`R Ҏ~ӯ>޴NEw^gbBJ4r,ڼ 2cݎ)~U љ"&:5ZAWdPBZY9˵.Kl=Tz'Kht^{5A1=t>=cn%EF o)9)vS9h [V$S]wUd(Rh PNn3ࢲԗpz9` X  UhcQjf)})yX0AC`Gk3^.\T0|}K")mSdMK $.bc|Sl"(ʯ;8_i=>2QҢ*}-(&[NuZbQAA|ؐvKQZ%E-cuLگwA EblAnwr r OK%0bo4p:=mOs:4IP'Z*3VlҾAgL} G3'ۖU,G |m'< m: ~&dDz@jr]8jY)1 %D/96`=4F99zl120<XOދşptcB9ք>=4r%juqphZ?s vBpNѽtR̿+O)%C $SЊ/',Bm?Zai'rȯCMو}&̓=&@Ơ<եU@l.w/8uijvS9yMbz mgB&t̟6jIQEn=fT NGr$`B5V:੡ ?/ KfpA^Jφ@$iwμ>`-vospsN9 ןnПz.GKȮcƆ\]'O"|$$[cz d\˜TzHf'BͲd1pA[" ~):HX#\ WըUānBan 4YO{ߴZ}͈߭S}a'DGȺ }t u{(iZ@:w`64]ut#efb}njkΝKe0Hxԅ̾6Ya^gY D0=(u/g™/؞[D'~(k,!뭥[6fOI]U#:iAY[>q  'BZ7㡖 R:.eԄD>h_j4h60qPTb2 sEA*Hw ׹V9?GؘPx4:>\ sqz w,x;ĪX+GYs/O%j.0 0zuniSr5FtTڞ].,rfzzCoꚿ,/z2oHHny;Ex7WZ:3ng`iB4Ĵɷ8}z1Jm!=ᠢ'~R86FSCcd4 @n°qyw?LLg5c kq+3\Y7:nlxEz~b5,qy`bJ׹޸N|8'x ҇ ;D gt _aqb_W^@,x˜{m,>f~%lMT{[ *j_0Ef.ȵRȫK2a6"78x wQVPԉY َJWomLQ" ţ2 x|+S ɕ ֝ZRi<+J>;ڔvֈ9Sht-?>P42@A+r&87d\v\ \8b#):N%+n֒rANݎEf&R_vG~bBl|Ջ| ¥];Ud7|XY1q={f+#&%s]J#? 0L:ՙy͛Lۭk}ZBzuC-qc{<)#ǟcN\8yLN4yDJuћǒu~{Ʊ=h݃XcŧW#ް)\ <ewaڳY.Hno}zS_(-XኺkuS쯯vHaj,žBDj4$'/T;V2w4~z~U^մK[v<DŽMx%pw(;AD ^9T=A96gHx?7@RTZʰ6;š:r@{h>t o*sJ8{YW7 Vb )$lώXuTߎ"Qds yjQy:FP \J s&0˙==NL5iCrlĈ7}TP6+Wb3{d-*HZIsX{w]O,{iq -\5V|[3,@@7@ O9q#0-\C4hhXvm6|R\.IܓHę4Dec1Y uZ-ޕ jIٗ#rOR +VG|7Աc2bC-> "py氄v\!)R&vRon(xJ!g&ٍST!Lq?'-s٦5[^mb`\^n= $q@[XfN6:eUVSnM͝/+zU92C91+?zQ8ʶFre%6N6f`rwNy d~GYHA* 4Fu3JP!y=Vcӿ\ezst$lqtYs~zvwpzj<^$AD&K&G}*qa2 Rc,.~ߍϴ:W'3D>'y@ F. mc3P Lѽ^q^C?]I2zT7B2{ j@ bDHoC1ļ`,5lc.Ŏ z/thr8-*E?p{%5>|6o6>Sp[W@#н1|y@ֻ Bpvb9O#nJg Im>䲰8{&Gs~hyhANϊNR:-SA&3v3YZI`(D7Lo1˭U@:0+q-JrO= ;vsU Aoi=WB1=Pf?WչP:r "SƊv^lsE꽣K7*eۛ zׂ$yUgg%XPƑe1U3ww;AQno>Sxv۪n:쏝n tMM^a.sXG"> EEnI3 A@b\^kKU"3x 4>\16)Kv/ E U{J2?1Abٸ i&N g Ȋ??;"aEMrJ`$1R򻏠g^A54AĤ5G؉c9¬ /l?jyX*9;5]!0 @$W v)єkxԔ5gVf9/Miz~1Ukf Pȭd$icjF\<#'e!^vK-)ͨZ7[zo;MG4?\)u7ܒFԘv3Zd9T KZb_xk7`o 2&|̹ҰxmO퐷|6]-^#Ob5r,%BL4"mNedߓ_PvRKbi.a7q+*r2.9jS-M(PígY-S,,E81:<6:aH}Bol2^]O{Tqy $S%2zen~ Um-f0B%nd?-|A/Э&}'Z6r;:D1m^\Q+ǫSTO|I0}uSVm|KM}1g{}<64L`>؀^ 6%E?H茘Ҏ ?#贾?qi%E38;Hu.yi 9Xw]h6#q粏(r!-F/4-#OrƎkөQk<_F?z6Q$&| hvLw52|Xlw*XlÙ`ok$o + &SQea $VOc<+hKzw@esl!!<|2ûvKq}+4clAE᎒WɱGda/ʐ'5d s+"ȁdolLVkpRKH ]ze,fߋCJk2 .-NlZrIJW)[^$VRjuElq:w@xe-a( urO+ 2 >#V'~d~p:Q @4 .ڪ|u`&bB޳0Xz(oZ.{V麃_?媶N⭖ ً\]oE&Fţ*y5ru<\[ĽؓI_1fg[uSm\jsH_\>n9תR J ڼe?GK{dDusZ35ћ#sb -#B4lw—۰KWZ|*LluЧ|vևԢLm[hsp.6@j$7;;=xUTgjwd5Mm$lmohEaf_\tpE5i; IH]l[:Xbrއ4bgl59VԐnOiD{ wLgZIxIfidpHU: ȟoTHE-<^6zywoy܄6@HbTQo#fnIڝOu+i1&vt$Uz@Ky?BR {DP*K'-/NHD3_ 3F<&YQ֐E4_I? 'Ryv?.5zd-3QKfNyl)jϒY+J7VkE*`wiVzBE[6Ah_JB,O}ooxdjl14r+wdXEx viΫ֨ sfp4ٶ+[V#bf m0t( $hg9?w6B͂T(5ec֖V $yuO@Ve9:`FFT-aNUUC[Zԃ4Dd30,Ӈ[.':۔o|_?I$\;Ĵi(]29fͯak1?!<ܶ,CIf3(Ku˪8"}f\OJCC1\?wp`2BNyYB4+Lu-*O !el!B 8'!LK5JTP=$ X_PSYv8pHņ?i-JR i6T&$f'o)iIE(^=G$O\πiGUT:/]!,z-kW?rht#@V6GsdaLcndѼ$;9# clsx}Cbԑ4p6B_buIk4Ajْ51b^Nl\2l>]gGY)!j~˵OStNjE荛PFߘ_ObysP~/QQyߴ3;<Ӗ[x(24Ű]@HBv+Bʌ'qdG[;]z}Z~UyϺE QŜ0pMBx"\|B? U{UL|5U +Ѡkp>4X` +ǺL}m.YceqEr>o=O)~'IP=";,ng;^3rIMAXZM/ѾmC,)+X}= Su{1UR4]mD`FIJ7ɕ&l\Ϗ[z'`Ěay415]biBD^k9|tB5ba nk'Q#g~ٞtaeIh58/9bL5/Jl9155e)i zCᄌɏC\QPzH -1(7,cP.nq9fpKHGo;3cKߺ019xzH2ye$ںs& Gn.pΔm*}IA7I/l혀]{H( lpw)gNpbMSE<16Ջlڈ3W+Z%ǂ:cd#WK-ڦLBXu5!/8{a 0_)o JbX9ц K1LB:z}TXM>1qϿ?:H^!AKP4IcYL$ :# {NձH0Y1NHHH}U ڦ@9ʃZw4jOJ]بv  :gA?܍FYSYݛ+jژ[)W)aD+&QJՍ[*6fcMX8p%ϋ-`D<`D蔘Gz>l ]4 ua4P0U4n_,9=hkT!1킁- oqdvq=y0IO:(8vޭ'cWnJL']n>FO*Uwk 9>WG-LkVVo$*sѸ5A%1NYrwm*/{-#Mke9kV8`/bXK{4m fIE bK3ZBJVq4C 洹s£9U,MvZ D*Q''YI.v q*2)(Oؙ֫|3ٙGxuChw(ĵMx̊j{bDZsp$"g{YNt'DcC)(xs.B&uI?@E\vW ]6D{RڣOYW/FXz` vž] Svq@K[U B9(Tm)H7.[!o9PZk1j(W NO y*P}څQlwyfCY[M9zAX#b/GVתUt ^U2,(&2%ʄdx"z5zpNb~WGW,BC((mthDrShA%$ެ X/` 6Z疁 $Rw $u,tK|]N绠ㆨ33B@AX٧xw 尓}.ƅj3mTNDFఐu+o!tz918/2^?=bLk;3! `ڮڱ{ʃ a5Ex"<[APNdд'VD+lDh__Q &8 53=F5:B6= 3ya֬¤POv Q\fL_^@8۵CYzYNR:n)+h\f\3bYm g| 9@eP Ay4O<\ԛv[Զ}/e3ZƆ/US3hi9~aV1/c>M,RZC 9$ፒ~s@UU˷pt ?j "?5CƸI0҃ԙM^d蜳<lgh@!#Ky.d@pP#"n6 eUԊHeu:i|Y[P`ZlMZ1G6"c34q?Anq5~6/ɍ@RHy{(4o(BaU`HȢx=!qMy"'y,D"61>ȡ>QAsߐ ZgQCN7S$QTg|_*oQc}=t$Uq oˉs3X( ;2C,4z"]J;2}.Ѡr4^!uT9@>[m1 B4qgį(zEWJ~G>L|fx3dQ0G,b AvM/ӡu;/9F;*I 3PR:oy}gPD9^Y_$Dn6 >vc=sW_5lΟȳ6B#xa5qM^LFoRF^GE6u",~{Sdv/B2ˬTVX4/@gqѡUs[A@[E?6"omi(dBG MĞ ꋓgpW.0|پk2>GTv%JOah=/>kQWf)4`|Kc'ܵJԠMo,d4?`<,4y:ⱳ[Zw7ad­YTj2^!lOa aÿVцx "p?gZL Ί4lkzgi,,/^x]]H,!+qDo-(h݉3 " lem3JTѾ%8HzUSn`30)ULUIto ?zR&5v,LE 8FP^<('BH Wpo0PdcݵGEvA"{GaX1t '9o Uƈ[[Pg0,w JTWȖ!4'"\7#Zӕ DQ 3m$cPpНunaObõ؎T5gx}Jx0q?u!XPp | #֏n4"f˙Xxovo;C gr ddesp:oMv!0,a``&sR4/:"1K~q+V!;OA#^K>ܵ#ª oC)߶UO~ )݄QGGXٱrfcG,v[ۀtfV4GW47 Dtr}_v'x~#d(?[V1RKq]iy40?%'.+NHv_#-wޑ,ٟ瞘ACKM5 vݖlmw1:ԛ N}缱in!p2v͢{Fs5YE%$T )~3Px =2uD;I1Hp0R(ց^-s4<Ʉ$N#i[C@ٮ=J>]1ֺFwA+ՊM~n'iƒ ϩ.[y޲/yj&rfٲqbrEk+(@W* hHLaƇ|Br>qx5Ly?z̯EpQw1tit(I +ۜX~{T, vXw!5 Yw5sM @F569~](y0y -W&s{͎fL8=1ZR@М t^4Jr'B# ݋H'g9@3 nYm pIjTB6LAĤ.V/y#߯pӡ8)RdOejg?S85E P~ Ȣ7Gyy<丷GQ.x(Ikz#ry'wrz4 =H '# Q-;NN'3hAY]b92qrRg{,p I?(= U g7'T%i.|39X+88)?}֩z:ڍSC.N3qtEY8OE;V7&䌃xJhV-싼9T+6WX N_%Ε^2%8IJ̿iA||r 5@l{7"v`'U L Ж}!+ 1;Ӓ$pG?yvZnA8׾A mq8t DsjoM}_U$(^pd7*`^AHQʹoswv3]f ghU:)ދ/gP,γ)K;&<.=%~o{oLSʣ1Nm+I"07Gt`]&`FVbOpFTYB)˧IxbTMJ#Qblf S"*Ub,dQ5U/ //l9%uf跾4H_-dbR-ش5lLr'oxeZ}C  WE"0rzLܾ>2) j?0۶g¾]iѲn00 3cyf!7W"4rrZo+ŭ~MzyH(^)[O+8T' P#S=t^~3ugjT9naPs0! iz% LٖCVsiQ*]tA=~VD^$q8W[%,Weu| V2"YT+x(_ 4wE}ɐAkUO# ĸ(Y! xw/PsژdktP^u gNklEŀ-P1)Y>rQC1j3Oa?r">enĞ)M)<Ԛƌ@[ru>wAMA[U dQN0jE>]Ϝ@GOYx"͎Dd*'c~L%?8ˍRO_$daL͜:L_-ٸ`q\֤!&v-0h\OfE@sٔRs$BHx94rMc@`rFjL5M=^ @")@4_`7&d4u.hۉxyIq*vP]Eع)~8=({y9ӡ`*T# y72)E!A*O^;,nNCV<{2ܖ.YUv!>HI׺PA 0pJ`P:Z?`^š/8Q+HtwgYufEЊIvЂLU'pBn ~ɃxhϷJSB摹(w:n܂pƥ9eVV4@8/i#l ASՀZ11c[tq'm'>OG;lBPB܉>{Ӑ5ϙvJ!+1$M401=r=h6[)UY+Yp43WS3 7,$k _! iaj;vR e午FB֑7k -to6L+0`p6n""iFMEnQ8ii:xq#ƠK|;ǎ"23 ? Z 6b ht+ZƈB(5mCN9Ir. ~^۝o{5V4WYL < Kҥ vi_~ֳ=x+}qPtdgMz`:{XCBrg*>K]H*ӍߍHse}b7v r:>js1|vX'-Ṽ/MĞ;T|Ê̡鞥wpN FUYD_fnDz΅gDQ^0#,v =Fp:ؽf &By:׊?T?L6tHmRn2?.'4+JP֜^zϙyp~ؾL"wކ4@J$5 m/\vhVWS :* }EQ4_ɇMl4l[[oSš 9 w)X\9b/*1y`bדJeீkKL6;4Z„3.ĦI쨚pk*+]VXSMs ]Ҧ@.A&#\rIKz @>]%Johb5DF V0ܴ NaYYf~%$"/1 iR.aα!> R *e^U+uVHʐ2f 2,>a릁\];bBt4^1ADo|*mLPO[cZl} UtRfqن<] ,Ý00Ǒ|,sQMn`/OdK_MTNmŸq=2a/KL&66 8ˠO9GNuufr9BI6飙E*!е).V4^_`-78}0=8^YR\ܩPGo3Ö́.74؂Ol-şzyA8>[ K:$K/ dpU7+<`7 A,ݡj6bʩiP<29Z1Ր+"b( ֤=֜ —}(ģC1 NnM6Zp.ZT@aI Y?WmܥP)l¶*^]Ŀ"ϣ33bY'\/&60f~-TO1#ګ؀jedL1cˁ?d~pև9wPůZChD%S%" lӝp<=RS؛v+'eik_s;DHG| cs?˧iV;wоBh6*7ӂP Beq 4z7oW#VgQ3ɒ 'r~ vZr٤F+_! :yXcI{N:CrAn ~'H `G/r>{G&&GUzF/~s:o A=g;xu6[VYNY|BE> +g9 dKjK[v2 ǘüCM=6w,O>}ՀW\Vy<6$uoӂkwT ,pPHfgRI)hM6?#xc V,)֭  \稑ZPRQbՒ ](Ύ?vmun}L:PLPM.ᰡ cڇk{9|=p/!DC΅r(1:4\qϺdrOP8{f2q\h(SOV>e;i:] ܅,%=J/Bz4a..H$M}9[f;91boՇ^2C4\,ރ^5*~4OfY:,R ?xl_-0>^ȀOŇj>c4$ se|[JW#.K< O9N u xֺ5lGd%iq;V@Z{c*G30C;Ԑ.NۓޡQϴ`e3h vv0VO Ī^nB| qmt+̮3Hٗ%ٔGjwr8 a>,Myn5r %33  'WP &Z}0*p`(e)BF)4N˦Edi5,+m=|p8{%x)q<|a.Rj}1 /ʪOūa}*o0 qe{krt߱Jh;_Ͳy `᢮e-cP0H[tGey^mX;l Uq\:+=+$K(w}E]>=/G{Md᎔cr}D;|M-L)`EMa|suFn\%Ӱ#DTHE)Y.،,(zPQ$!*D+>,hjFg ܀m`$:d,lD>K{[I Δ57 x-U5V̨s?W웅Ίc3CMT?Pi }ivFxA4 ᐆDDDT3,IK"yЙ>V6XR蠜9p;]lq֖+= $?xy)&+Hbby {-L%zpO]c^2{\aqO2"EX:/`:XYOig$Vdr}B^0Ji,oQ"5(g$owsY @S,na, ,V~7|dPIF :HчUJUfTٳa[ fjt1]qC/d^z vg$u>Oh`k&bxӅ%*)r_FMq{ +6 n`j Kse,ե/D=׵)e{ Ĥ𒽟%Ş+PMlp,p=Ժ =OC2fryfї`:2TNb)O./Ó?戦<BeZyZAj #mH%Uhb:`'~Znm thMA'ˡ QĐrMӀD˛U0 Rtg)MuE9/<'A^}~ oDŽQ16-bVŬwUN*3mKc\>< RԈ_]&c)A3,:֦n"1u~ Qq:>ԜL_|{'6sg ']WAyQ1Y SSՕgDbvn&jHƪCi4)K+=$#_HUh8<e"$klzi!eU j#JQBaw^'7L`@᱖7-V7ؼC8N .&Y,IyMYxWnLlMЖHlUwwE>o܋FkѣqF+M%lBʁ4i'/+ çDϺΖfECCUJʸ*qӌrC5{ٿ*̱N&o^ 3CƧI;l03VHg BIbm15ݛkg_9jxsS Doa-=Sll̦nI"PQhd?ǜ  M<\ VOJ!2j#T-aw#`O SYu Xv4 @w:|K%G'2-6?㑱a%Ӂ֔8N. @H1JʵzϤito[qwQŋBqNkxC{hF0`Ϩ <}uRF萋|ʥ[L A|'&Ut6٦r'M.a:z{~-u$`26ѩe^yM}U$h?"X,`.OKtyPw h[mD-;@rXsWߪ'׳bE wYWW,C^ӗr>9,٤rBxkc5% +Г\|^&oVؒz\.6{\2 UE5Nk t/s/kwD(R*/SbiAkE&JkW79i2(Ć&[$r wl=w\-Z{+nb6/U3w z[1|8y­!D) x=yב17~]8}1pw}JYA&S"̼P.LN!x)2}^^]zmQ廇` #+Kp+vҢNߺgDG AO, 06^6J78zyʧ)a/*AOuOZ/bPV"~=~kS,cze;.4a4donשI1yXZ$}=>9ݡm{A(ޭݿQ Dձu|q<}D`xՠ  x40GD3ؤ:15䖈n8UCaoj0[ǠVVM~n#12ؑExF y-(.;#=g#eiE7ODkuZ>+8Kn-Pw]w29qVvs¥C"P>E!(H]i gèzMWlnCm式5 zKz0lͱbR|femgW.4qL*Y!~bl1yב~)k0cSR(k]p 9bjILtd%rnPz%dUv'4:u^ Gbl/9`7td֑G6!.QHEs^Uz2~]*՚4 zu!c^ Z[E&=;A{V 3 vtd+ߞ]u~2#'xlUDr/jw:6q1I@!>wD{no[ᚊaRʿásn /yy0#eQ_%@&|Q)q|O_B'a S63{~ɴ̂懊 9~;-lc)5vYdԝ}golEq$_ Ro}^G'/ f:]|Ί"7L&jj +J]}pt_ wc?B!imөTxLAoze B%cSc ԏib˦9ؗ:4bXx'r\Fzg % &C>r+@B?-$_1핓Wm,"n2 [h.F~d6@,Z{KVX93r"kR`Z[1[U}NћX q5LBlX%EYQG^;%!Op l)=xG}^MDcws(:bLe:nN:<6ܺ#s;x`gD WRP!&u<)a-TC~#ܳt_58f CBKo~ C?5"{S<,\Ű5V9.M>P/b#<,Ic=ND0T5&׭\іԆ^wIr~mvJGZBա^  GF^v3#v.Dˮ+N CluCvkC f=d\s7 jc1omH)岾ΰOEӯzCri=֯iURK c|Au="Gos)[߶\ϐƁJF찑"&L-oyO Z<T\tt?"yd]kXNdV]l9?~Mk:s̚շ=eaKmo1r5DH>{6vaANT̖YёI\gcm z(dPPO De`@c.ZWwT=Yhq|`XWHr4T'@&eʥ*{R5ځ.kd2]"7T}$_BuJ҆ԠE!G%<"cl?q=1mݦftg{afӖHMoD[xD& >^EBbѓh2 ?o~'|=Gun35U: rulx z?@/ aAɌ9(󑮋,ce߁ hX;_,/r2h93krĸAx䘅,-f8Rw>]~^0i`6<\v Eŀ:;MN ˾WF-Eil";{*k*E::9wgbٲƏa-EPH4?05b[_3mxQ(GtF,,U%>݂+FʃkJt9o\C;Y4񯃻@./ֹ T/f/"4Q 5IC*;\M6#|!e)qLU Sѓޗz׵FD@tpO FPmeSZ"}LQOӼ FFz~/žf${0Ĝzp3}~_./3t=t ݁x,KURyTE%,Iy!n&h`ytR w<ᚭk̠9p|B&AM4k*fno8c8ۛΫp϶tXDHn8¬4ĉrւ!膁 $8{]*&*2l;Xa } *N71EuNIZl Q`wٛ2kytA_k)ɔg f3Ȱ}|4 8IwW6MKOԱXy{h|$ĝJu-BoHFYfGBC q?۸ qr*MTY3>~lq_rݽԢ,㴗⃯D`@,j-ת͋c7wNGgLKJo'dC% 0M t5Gutq:=#%Ԉ*]4HpER1:W'ZNBbF.V]Ot c_J>MDtA&w%@!BjE%d4pU Îh;HG˜5E}Gd86*+K&C=vFd(69e61ahAہ$V&el"憛xCB'Ы#2?(ļADJTXxG7A=qQ%u̡˜L.2.߂Cyd> G@Rxޥu _W{}z@Sq]>q9N{ .YP"IP8  J+`2^mo­|c Ӿʪ8>(Dȴ1{T.ECR;I~{5K #YzcZvY=J>F1AVLEGP~vO8D3X넼[K%X0@v oƯ7ֳcO)WzxxRA8/@gioG~}g(f ͪG ](JWN: " =¾p&<+)[CcHg*KI !G{fCv6udi|0VJ?R#2{biܫc$qUJx$M0LLug0.{#D~rs7G'̻:h fg" 2 U$`>PIs?{ў  .Xi`ŗKc"Uۡ-O9L.Y1W7} C#Ӛ~zz=NbULIk%PNy827Ljy^f]%1%.iVuQ=aZ~Ñ:lſ-g Q-?#r85mI&t&|y)xÙJSxh%' gH,v h8k[u:wlAb3ڢh }YJ$#yN%xG;$'@z jdn6x;Yf#apkԬu}={b::7N##ݫZǓQr:9a;7}:DŐZ\HQ'UW[jw0`;s$aqg;WI 9~Qa]Z Yy|}*ޝPEkWLG7iטqmLdJNmPfR{uCNyMÅSդؔz+DiB[BD?OzM\7fjyv `1)%#޶0aHD6c$.tu򒪑yd0Y$b2'^8`.}ڝlGU}u, #9t a5)F<닊oG+p;!4B#i]Q`/*^fB%8SPM*XzJu=82Ӓɷ֨w(k04z=.S:zb`=Pmwm@ٰ^n1[f簹* Prwe7,0mgЩG2OQ%Y.w"_doP^w^>-&Zeht`Fzg>s[UFK 4aA !ޞL)2o3`%2% .€ L:hI %xcU~'țNER}E6 JsIFy~u(n?:/wlT!vwгOOI‹BVZ焔 Ub'c tw<3אۍ"[:bʣR$yU[W ~ƨ&rqk2G&ie|#Z5U}OxIERȞޥ D<2{ 3B{)vQY'czY-7^E`1~ˉ:jr}>^/=:+"b%53ai [ߺ$P9c߿Comf Ƭ^yfI 90x! scYj3=n<:RE=תEB mWغdģHԂ‚LREE<_z,pSk4qU}(WsAA $kvQiB5ܽ8#7ᙆy9yW)luo֍PjTIWkKc5_?sG!|6JLJxy޷@S$O(7]w%I74*j~50f$KcƓѹQ 5 7VqT^UtJM&T9$J!wR5gGL9VG%"۟g(X?0BtsQub#>]Z}k)ګ@ٹҊVg1_ `ܱB=YX@YTѦ' Wʷ/.6<53,zjNH56tCzƅ 01Zky5L cHi=5=yG__wUaPuHWX#<ť1dqoު64Z{s0_1XZ K1 nFPܯ[Z7$ d#x13fdj @'z(ڠP υ)t'voΞ 7GEhiqaϚ:vm>6'U{閔oMB)+1 bȡFP]Rnޅ;@Z!dm<fhCP=t_`PM)$D'?}-n4O&9g9΂h'Π%fu"yz{(^ye'sRS2(֟5||:݋'8_tT1o1NQ 3n) zP}6C{Ɋе]Qjt L_r+ˬEݡ+%_ZH`_Mot*3p=PLJ'K)I.<.. /ƻx$p'Y\>Ft=lZGN S2 zqMkTP=c^ƌZj.J}; 9Dv۬; K[wgX_b@!Q=Rt ~/=37 $;_fU)eeg ]n5Dv%=}l_8VC^El-ߧd6AdTĿVLɿD*4yG{SEB7h54-dQ7ǔAЭ6Dwi0ˣFVqR`6%LZ t ׆6 !pbPœ 㵼i{s20j cFAɴX{UtΏg:ݛWXK3yHAWv_Eѐ?BQL<9]^;:m;5va8`E\ؤXI=9MY, R| cJ?pu mj-n[i#WO%rŊAv$JMЭPYzv>Z W[޿\LGS}FW)+Q# $KiGȆǩvEȅYi1")~v39n7vSf+PȦ{ rOj0T5JNca]`S(><׸cK I0"t*-m)B<Wn2+8遌Keh+ oS6 /Dc17מYVuR-%jC3s5v`ju5Dٺф"dB3Ec8AzegÉ,"ʷpZtd4o6m RCr7԰ApK~?6kCδ1bjQߦڳ)Et!-8|>[/awEj>0ܝN,E2N;2ԨOUJ=EP뻺vb~C%A;O!}O`:^kaNjt8~Qf6Wy~QΕ ~?><&̻0[ Kj9_UM991P\GзVDi' (NKDwҬrVOrQs r`K]ݗ:#MC1ՐQIbNlj741[JY ̬q}޾)'6Va'  HfrRK$pGW̿W]#o|\}2ejCOntЉ=$g2t~.`4fgٚdcGIڄ!o޳{i_I?IX H#hV o*ghցwk`R 4~́|98FBŽڀ)f>w.UI<_\b]X<\Lvq@ou-.lWVi~rL$j.k}:6&X+ꮮ*jM5ӅBg%) JZ|*uwsX?Ny N(@ @)p&8Zg;p@ GM.bt;l /`DSNZߒB *ZPY};geՌэՠ cC^~>Q@WӺ߉]GpNo ).T|38ugZr&C1QZQzh4.$U/@&M;ʦ7sx}VFnu(dl2C]p'Y H<-jƀot=l!9aj8'Q'``kF ޺ѣUԋHٲ]nG4l*KZM.a @eD30؞pLiL{m(S>9ET0kz-6ƫ0rEwBj.,"dȦ&+\6-=5tᣕMcf]K2ov8'Bu䛞")XJ"@SGIȥ8 |U%ޫ#VLJ x-3ۑcXCvRwq zAE mLm-Pu4{_:Uٖhz*:4HEb7KqH`,/뫓G !Tc #p"j?*1mx 1齌#ѥcm0'\Vd(P`>z_d 6[>ϛXǓ񙱾h M!ṞZW̔'Kذ31^%W.v]>eRs8(}EN"}G-Vꥲu# 1}OGJ(\nIj GxD;H @M^$RlIṽ7DI} p#A Bț\UЖh*>>dއ50Vg`42^΁Ի~c F ՞9$osr2*epe~L&+ njܪH@2zȒV6*5ۘ>2[A`z*|@V1b 3ONهdɺz<~4{1i97Ї+^5i$I)j'H$炯:׬FOf'wz`]֢C8ї`݈') JDO.*- Zپ}a˔vR ViÖNﮤc0ԤDŶW8gvЅqqNҁ˕ o+d$']sz *E>KiK*>Q:֭u6=LOw)㉣idV9E0h ]4ZfyaWٳ`IX#s!5>!=C2̕1(n{߆R]Nd]z{B&^JZ5颬ׅA[w /K%CT2 Zth*;K Z/[C EWHx̏eMc+i:}iZ\c߶Xz8lSn,g=j"u9Hbf+WJ-Zt ,d/jS8,DY ^#lT0_ [=8PU~u+[?cCdqHqr :zn!YTKJCͽ5tYF5USqK2Ucϩ RT͍4tYq`tؒ4o\t}!s'݌N, ಮ&ro۽e,̣$aA'pp6/d\莭cmĿCa; EM&?^瞊.Un$($ߏk'yFo)x4bL7[4bgT*λ!9l{E9^`+݃:te4 `+X,'ݝJ>jԄrT>%C-ԘF_@o*L ;-`"[6#E󽃮t_u2%#eFiO _S9t߲IJ_;/Yc{A'^W8ib ZhM絴KJWPK+wi>!^M~vU_aVK_V)*;pˮY9hD `e(I$a㪊JhQL? h}z0nIOH0hFcr|o !};P`Ӄo/2I#6I&[eh0Y_}ז<ۺTmkq}o_U҃_~`lRL)_L %.AX^0,zb`Tɽ$fѠyB*qF|w9Od9h|t+8>Pv|;Hͪsw򑇍'έ a8Fʺ֪.A$T>zƿMHX\<DrA] </S[qxQ3 c/V} `#Rf5BAd%uo> l&F4eZDצh+':94^IoL@W緀E֝lw!uvl(ny⋲xbMk*?^pV_,EvYR70rqfax'+_4FD;ʺnOWlѯ"wa?Du/SLdp`>6NK4yKb<̮$3U 4 lOїd9.w z9s֕ЭnD1~CSf $E}e #qpV[-bvc0 sCZnȡ(H=w+f~XtlwZ) .1CxI٠ f$;|[}z`-5^sA]O]è,wWߗƜ;A>ǑYm|lމM gk? g84HD³W8:pU㞮~ʄETKV ݈bFt"O]#(ڥLJP{iERTtNnܽ1SY<=ѵb@B֑@0Gm;YRRڍصl5P|NW&1B6Pij8u3R#]taT&P" ,tx,#uA}҉F $f8Pj҃qv;z2DNPm%=o9!Zx ]8J.n,TboөD) x5/1"Ŵפ4>X.0"X&Fs0 h0Zѕت1 e;ͺB6PBKbYV"($oxkάC!_y[C龤+xU)Nhc.& &ؔTPbAz`oW8Wy4ok:_t:frÒ+x%L3 KQ>Rzgw(/[+dG*ñZ\>EjpƮ!8ډ:dMo^ x=ѣMa̲9O^TԘ91N -=G8FUs^ln)>ȴAUE6H!ˬ ~^ b r>]NܟC `_ޓmB_^/C |Ħ5fH].4^$!g(e@='عN:A. 0Zq)`,4Ib@|Xv&:ɔ/8QA`&RVSRrBO̘M~B,ϴ!/MFMQycu~սq Qx8 ($֎ guA]r 6S-h3c8s'Z<Gbp=+ư6BH]Ƽ?9dGY9_L?*B38fZKXLH/'2mE[,\斮Alxb^sv?_ah&’l8NK[S$lA9Y}?+y`f%[PWѺTEz~ %c w uo7JT^7.Av7J/[:ϕ T T%; xܓlPV&KNihko%OX: gEz*m6J`t)t%wF%&fݔ[Ժ]^tF'0y#ȯ,4 @\k|AM!lWN%3A;qcJ;TeXYsB`/_ a!2&9_ԸQ#Mde壾*Nk R)o7W~B )ֺ;Z?t$E[OMŤPc1q.⸼l% s˯B*jl;b6:"3/Lmg5t?TDC;Q_OU0|y bnr8SwiosZcwxc"˝tn˃V&R]5IL1E݋cl9#χ'לJI!HyIVQX@o=PSʫN(2Kf1䇏 ٓg' eՁGF.<<ّ x5116j p6qQe290d|OStRjϻ&A)8aXx.82`R֊4^-) opz:η#p"Bsh kω;_@!!'nkJn n3gex4scëhEB*ySxs?$Y./OP++amԓd!QΥZ+5?"7I0hu3LPb_`kKjNqbJ6vSƞ5&' !00ZRi(z-*.EWQ%oRۖ;&R_YXjLc4N޹tv~}0&_&ۅUybӚMs2GB94Y:7رщy_d#iRATQ%j/Bͦ4SV_8pc2j1gE8Ol|u/߆ 6ŘYZ}|a}Efo` yZQ&jiއrblźctz``'Aq™k Ja`@#-d(4/N ?_EFT+IQPۙ?JQ 4Gb |:ζW17xY:ͻLa{ʍ LsQWmBl0Qu=syZ~إmhFM/lw/,I ]hsGQ!6:S<=dj%Y!ܡ4AvV4ԣt$]{l myIK#}n ;%Kr wV9杫 lBUt( 4.uG'g%28zܡM:($h:$HV?+GW ʳ]qKc=6VJg-#0op<%Da^pa2-LM"-jMp#(8V|oP"+#\cӼ~\n@]]2\ O4byRQqM%8_(5Bsd~-TdQȇlF8Q{E &j¢yXdUܓlFݍ`^S-{?G0{,.*(sq Ce2(>EIoޏ͍ġ yIL̯Dz 1EtG (4t!OJDV Vv+Kކ_3*0ĚKS.g9`)ZqBh8@7\n;F~B6`G46".B1vyq c,m|?/g"x0J4{;jpC#dɿN.)}<6:Bfw8 YrR2ѾW~I[: @ xpBl$͎}e;*+}B?Qd n[0ڕ#K,X@ 7y}? o(PkHJ%"r#{KH}rkU {ʖ[k?u 1sb.-dKj\KE# ixs`)'z#k{hV/h6z] X0}Kpe1:d ןtD \%nb"Ih5me" Էϲ^ qR5˷BYtS`Lh:NII%07dSU_yX3ˏ@ESfDyT/Oԙ)t^@k%oӂ*98{@ eh,MQݬ -/sa͉?ÇHU=p跎CI<#TA`صXcDѰx"wwWQuwl)L%}BYyDt!9_h #=}H 6[:)Z-|$mtghe}35t-e> ccKyTX˒ 73uU8SCJ DZm6TJTCxr3@m9 `v !KEUeKh1 `G8չ9).OC{0QabR39Ulz4T0[8i7.F.)-W9; mk֧vI$jL٠C]V S ?Fp?-S9>% Je gp=SҊ9VV}NR8bI(mY'٢A;~ Oˆvїj.묑~mO;"kg'4^e!ro%;<^:O痣6zeTFٵE>kۆӶpsbt=CAmh8L1+[O!-~ ԗK4/Ș᠏`KůHΙr?5gtwX6[LbuQr$QǺD i;ossET{S#V0n}w ȇiOH-Aow7R?ڸT6ȣCD76/: j)?.s|hXإCKܔ$B5p[MfO9O:xV,g%BDE~ C| Ak*Wץ됱($6 VbujYcYmjrW4aΒ.ƺ6׳O}{$P݊ Xx[;S~xbu];ս: 12f~WPQ#ucjLpl%&iy /P Чᱺ.Wx>8S`0nS*b3^~<ЍeN6?{>N>WʌUaԖMT:C[%>1OeEtNDA0m֘DjBegN*Ŀ^>ÓJI>[2A:kl/آ<^/˼4TXY l*5@$S)xayBG%QGL1MRtIbgc!GlOc#fiKxa\" dL mx>1a ʹBDzQ 5?X؂2s< P77ΊGUV?/cٹxAZYrlhgԱpfq·W;0'5.> ( 66ժ΢W D2;pI|Ң>Zl!ACmjcYjvň7 G@=eΨ0}"y}j0 H^F'OaHú>G-6ɨbS`O-Auб&:-"C a9m桚L@;B.;kqBlGmnkoZk{̑bbzUalCW?=G64yn?5R8:nL3ib Q'B˛͛K!_N$-*P2^$7W"G?[޵ C}H@ޠsx5RjPZ xc YnF@2دLqW N{x/Zg ( goU~鐐9lefAPCBuxҢD0{¤ J(/t*O%O2΃f#R7 qV$)UFi`v`r3/QnM_av[+QTmb`U[ޟ3w羧jυ}h"y"& 6L`7)&p^vgBo9S?_=!4R}vU W41[0Lh|Ň)ڿiCrQ* "%>rmnVwy 豑Җ7Q]6N7އ@i .leC2g $+]$ԡM߷n!I,E]Pь$Ih\#ޓ68jFPWK:T`Ge V>AD=|w Z+6JfPpr>!/Q'^ ߁rct.ꏺaR~tR>~RޢY"9dĻv ׼( v0Q"'r_1 'aq8zIKSlya,@E8cAz6)N嬻1^yHD|ġ؃@%m_ t<26kMG$SjǼNv]!HAw`fzIQ>+RcX!CꗚG.݇{q@a& Ց8=ڑoۑpҍ(>.] s)|| DZ7NAD$Q1PsZL9SCFDc871ΈwjBE::RCzl;G sp^< dMv>fu`Iw>!QN̼Y=?94"{^j&%b&[P~^fQez_"bݾ( |ǴP/bIۉL:M"kP0㳙؜G7vtXZ| gki I)E^b:"$:KHBb;b M"б>l;̗4{mh̳ iORj%-H= AV[Y{fGV{NZƨ{3j2ŊA3p8c<=l0~N5Ϡea؆QLR#%Y?QS:+956`flx9C|ב㣼a%@sMZ.˰s$nAjޛw4]2L%@M+\8j=+S+uFL zС'%".yLEX%Ld-^eJ{YtMz;~8@2H j2ͽr2_f<+'v{*S tʌvMnOk@/=9~wAQRBu @?Yak0Fxؙ Z'|N="S{&rJo6 n#{{\'HQ OL#ʘk`#yT Y㎒sLW<#,Cb o쀓<YoDi@wĝ,AbpqmȔp %LE (,CQ@18_y6|59ЯfoߠMQխ2rE )e+^E>pV E0 )arH7'Ny*xYq u˄!] }P@ x (-wWTP*xo_d75T`@uvYH鳹  6j9\s̛s٦U:Ab"^dCƠb8I2p= M[yWuL!o%1&/CqǭutzH1T˷H8wJ4+yfBUU8%xx4X7R(Ԇؔ&&fKqS :L}jΉniR? 8܆M ጚS 4*J:S?u0pHT#.:F`ISYyK,g~#D\dw-G,">! To%6& 33] 4ΤGh/T,e,JYv׫nR!m햜3a@u2"+l0C71d v|,YO-`Hj 2s߆V:[v]M;tAo% YƩ 8^;!LƂ6QҠ[Fb+6ފF/-v%gó"ƈ*?}h"B;x7-3TBj@ٛ)KHJE0V#O\])4@dBdd6'1ʐD޼$Z_@Zw2fP:s;#^nho۪qoq?Gv8ס7/w> \#kTxظ'w9u/oؤ8ȜoJ{[[{CSsE?IÎ5~~yGGX }dvDABFN4 B<7ϰʏr6+k^l0ЌH:"djl[q !y_x|g< UmTU:g'AKza3c#\~ԔI`U7>TC s=*"zci}:(BLN"2TNNtТ1'DY0l;cOɸ#3(ymB C>bR4 GװDuc_A@hK+V3\>ĈsW=h?v/"()A`a'PH\o1׾`8@:c%JE'uD̵R`/[4E5˚ h!3@vCMJ'6C;1Bԛl@4\K_GnɾgŸmo0es)uۣ>;ɮ.!X:F؜cbs v,9Z;ѩ1y$MD} Z,`^9Mgd C?s(ϥ2ZD~oDxeFd].$[yϵ0?/4W*dCDNL@$Q <(ymlzҏ_QKͻ/%C^oMSA#OQoCxOjV#EY3/dt=\@A]847%2$h˺W'q+ +nD4U;*2܈xz3iR&T5Y&uiRR 5{UZ9M$070vꒋ5rWs$Ĝ]Hꝧopxͽ'gd H+e2% o{j5E}(?sW\J&Kƒ-fV^j_E1JvM V5I53I+.5QpRA dZQA6Յ6'6SLaikwjۭMZ0e}*ZCwQ$Ҳc1> "} RQ]^|[h㯧L13͔E2sC@n£-vD=ԹEMo?0{d1+4<+o84`kpŘ-:;EQt$M^K.XϥC!LjTqC rˉ~SX a^O p2, K571u2{xH3$T˙cZ޵d.,*!O6.wn36rH4C84hXu$xrRtIlbW4I*g8cl0N6p9O/ *KƔe!_207a V&t rq@x.;7u2kf?Ȃ2nGx}$ g3OߕN@Zmbȯ@g }\WJ&&›_>\Fk?AsO ?fh7W) ?s W&u"Ӌ3] a]忧-.'e0~v6337/JOr*-B9! -j 4Ku ;(4~ ZP!3qnE{+r)*@^I14kP!YOYAy Q~߁qX*> Z7;ۧ_rO|*`6 `b"FnV|8)Kjh!,_R4\RdAC5N#An/m, paKd?9:aQwt9@Fo<E,v{[/xf0G$r 1U$>d%u2 0OxK \T~%]ՅxH֝(T;cٸC5kbLoPN@dvs͘/蛼ɱ񢼿bn8už͏{K$?& *(>"Sm\?Pⷞ{P/zVte]óBc+VF8Y][sJAk`|6{3e"ˈD,8߫)byYm&m(BEɩሷ>}[]l"'X+g:c mTTzK[cpr. ?T""ݎ-1*|YRל\'πcЬ̛/͸0ϣ\T-/ @)(OȖMrg7ʾekbo|VI8'R]?Lx[4UK"as e6Ɇ[=3sHV'[+MYxdĥ B!yq-͈i^imWbaMmz-CG{ !I۶{W۶]We+_o[\Yl[lb4#n7.|-fz2-z&€CCLv t~22 r͚LvBTmͶ("}ڊcIՉbD_LHeXvUfm6ut4goLv3TҲ]JK)m]?q ̹}؛N`td&-df[Y3n[x(d^abj.6# ki~jEg;ցyaIRr.:7wFtzznk,+,!ͷ :D[s]|4;SS\Bwٽxl k򚮜UEsJE3)}3S+$V ϼe:Ln"n !A}l0fnX&TWL1k 5tW@ɠuh3!aTJm 4[ؼ@(s P?s m4Oq} CNW&6I]pwwﰶU-%,{,g>5:0 3^Vz"I>F@ I[ #J)tPݷpg@F[J> SEIb(;?PڜeW6'Q3;lLY6Ƥ&,S_ v`qT_U|wI{seAv)NS9}HO4 (zJV k YWh:kILd:#LoGDebT\tf`xN5B05|mH$7]"4j-FO^ݪf8ߺW0xPn(:`GU}f)SپT'z7I['+IS?k&UA8 !~k-/pY3\3@l3ݳ\G&l?;`QhmFǻ5[u$;咲 kڴ[+='_]eZH؅JX;5'[$DNR]1dt.dHxaE<&yva&ȍu\rLZy[i>Kő6QzbG*yA}'#\wV; )m$ں^i$9e%Y\K-"i")!7G;ē% 3%Ak*CbO Eet7FR Jyuj [TU`ث#K#Pa]tQU.kEM 8tX6q=5Σ1V2aBdh[Dt8N}݈潲. Ve%d U7]pFb9u,CKV,y2cSK*3|TCl $A6=]?Whb BCyxOdl FxŗcP2xh3+ҋ>efٚ g C=to1n0f7]!7݂6첸db)̷ UBITeFT3tPp1ԓig z,Oe7 Нrstb(#ڋ W/hvw! ~(mwR]{9m"Yd.!o ÿE~͆l|&w Z- M>lZW%v vx]DxaɎoT<"7< ܟ̽ E칚ηg̈́chlFW Gf|-_֒OƉ^GtӰ§i5tlLjZ_`ZrXzÄXܓ#$kP)$jL3&BÆjmc7ouᦛ= WuXH)Q $#·0hwφxp}PI\U#lR' fzdǺ}PցYB[M5JL$FvE[,lm)bai1ݔv`S7n9n@m;d]i& DL$VNBnlұirG[ {H>HniJ!tE hdNZSWZ%ٟwg},7#W5*9l7C[VtfDZ{٤ޘ(HLo~'O#NլN^je-"et;t">~!/|/#)C$Y)N1n\(Pe͐Lyt;Ww"8 Čw$0~+MJ|zv Rp *o==CwGJES2\*Hʷ2gۺ_<`AyP4(V3xl 5Dz“_AH*ħ;Pj*xBv;r%v!nzGu~^K[Y(ᇪgQSqt;4)l@?S:5l^Ѫqd%M4ɖ/o/BP?,巫O:Ahұ1ۮBm"SU:w;sv}+r4|Ì(.dV#sE%ؤ!/1Gzs?#Sӆt^-L*bD⾂7Wz\#R5WD:.p5g6WU l7k<l۴dJxJK}E̛i@|l]kkqZP!ځưZlIk 1_\A/~k툴~o\qEfݶ&ЂleNRٷeO>Z)Bq)䜴{'>S;&ٳ}2,bLw9fB W6"ظc#8A*Ɵ|{GBP/^/U,Od> 9˂^J%3WJa}$971h {ʼM΂1XO2e@ 4:IWWuH>pq T2dO3 x }L\.^?<Ū],oޓ?Hۭn363BHTۜV(x:#pZvU qۜy-VNM˜&Ҽ 0s7GRwf]kEcƊ@6d7NJZR-o{+.9l%Hzjs) ]秲hE2zE2r-0MQHd}ۓɪN{VH=|^~ͷ |$E Zq/HZA%v1q {!ǚ{EKv G^.@36-پs xi֒;9Fuc Zshgm^H 8e­*u9# {^m43:wn1|/F} M$y9;Fqu|͍H Oc)#k}crRh<KbG5+iѥ!cTyd@=rjY@Àtkn.Hox%TFKMūKYOvT -g$Dfa!cD^A/4n5y"[!u6&Cvܭ>슟n Ӻ69uI/)`6KDӬB?'COV>>8 "KY}iS* WCPߴ&S~N#6>5*-RJ ).s T /!-L1qQ!M$;0mZŨz)I=y!bB}d3K.55e7f*I$$<] _RIc֥ZR]atG)@75ra} )fZF K[-0 PH6yMO"_"RnS|tnJuR||o)eEvLw0*-7oh,(V]%nVl%X ;//|lnHٳHOޗDC }](=R\\cUH6qjS"]@jDZ; vtz̼AU e̊l˽ihdoDv. lJv}+ۜEe0޼Kj.SeP"