sssd-tools-1.13.3-60.el6$>L4`_vkZ>2?d   A *HNTbb b db b b b!xb#bb%L%hb&'9'9+9(,Z8,`93x:,GbHbIbXY\b]Db^4bdäeéfìlîCsssd-tools1.13.360.el6Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP password[)'Ox86-01.bsys.centos.org CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686+ɤKSA |5r#1FR :bo3^ 10m:+}MHOt ?tH dC A큤[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)'Vpn[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&6e0820314ea3ec7bc18b1a02ec3301dcb834a52ca671d60e8bbd6e8dda29149e10acab9502ce2e73014692130c887714ab86d0c8455e3ca3c60654dd1eb87dfbcbe626e51dc7fdf478397557ae7adf0452f253bc11ddad6cb89d4d5fa8fa20087f9c819356c2781dd47f9abe0138a5b58c00d63fba576d13b27ca1040181516e865c4f8b05fae82b77e7c3d36a6b73bd717a761d707845344c65ad8b31ac2846074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e4b5ce8776a762c744f1a6baae5545d31d9d4bdcfd2db99a12ee83cd804192a1a38a9daf34044a114e85b3ee4965a4712cadb8857e38b24ca88328bcdd9c8941958dbe4f10a9270f7343dd9d7f90bb6ad02b51363ea969a23b8c4282e241ea075d09230a51dde5dac102de3ec991294200bd38d2e9a330a9bf9d551d987b0697948f560a1d2c5b425b6bc3cdfb439f6ba3335a7210d772475b29fff80ad4dc2848ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90312faa0bc15ca0607109277f9e39c1d5b3f8f870b22ab03d9cd843dcb4937f23c898d9b4aefa781bcf8722e504fc5ac11f5d42eae2fb68dfe61122b8f98044a5d3d205d14a01e31bac7159e1ba9e65e1cd92e17b72af1eefd70fd8129c07bfa32a37e4f153c7948135315a93ebc523b5da3ff74134e37db1e58707f69f285995751ea01896d4b36ebfcaf460822c8e1fac3591ffb8062729702047d1feb185eb0306a72ed47048c15ba94b54fbe85fa0488662543060326e892178173483a35c79a25c04eac19642dd5c1de9c5715dca1978179971b917e21570b05010d9a51b6cbd6c2adb56fc77c0cb0e14d4575c99b507f6258409528ee860d6608f5a5f4e68fb90fe31e5abfbf19ea48c634aeb350f5c77d359556d5bddc40dd343e3210c50d992b8829d02b047b0aed7fbdeb05437563cb120618042e1607c36876699b64bb8e9a900564768929f88d57e798bdfdaa250ca225e051773c9cb698bbf9cbbdfce91ac10376053bb29a9e7be4ca3d0b44a5ee1c40066c9053b648581938913e6368ecccfc089afd5d2db3d4a993d685c9e24df43ba9b89905ef3da0ee317577d7359fe269dd50ceffa06e6d8b31d815fd3ffe14624f40d30bdedfbd186e803c731156edbde991952c524cb249c9291fc6f1f32a72b048bb8427ec889c6c3be2ae986e869623bbd719ab0b78d7f55a1c56ecf6349e6d4bd126636f890b355e35139fff8021748cc1c1f839ba681f08b2574bb6c7a5c95ed81a2eaa4f92cb927c5eefd7f14a2fe6dffc5e3daad37726aa63767189e2c6b14db2b80a8786fa81166f7519010c5f1a629c2b526106f60aa71352c22deac55026791058021208a55563394c60ede4701240cb3f1ad645d2f050d3fd896243dbbe21d0f918c1ca668ae1442c3ddb536dc94607fbff11a1653b979831a1ae879514a37a3b2967dc68bfa063fbf3e17dcf7a075908f24983b99d9a29ace2c27dc536673bce4f5c295ce806e2e3eca024c9d1c81c9ae926e676c74d2cf28f27cf696877a1ae201716e810a34443659f203bcc26033c99f1f44f636facad0a96186f185c4d00472e1feabdccccb36026a8c926867926b2f2c7a905415c3762260d12af95929b9446f51a1173bb88ad62e35bdb2a27feaccfcd7d8a24550b32aea3537e54e46866edf7a7b325b4546d68e849c368c0acf4416aa1683d9316a636f7a296424912a8943bda31b812282fd97808def916ad5340ab1201943355c75a31b4f60adf5bdee206dbb704998e25bb3b089fba27be6304650028b61ba8fa12f9bab1b7bbb5a94afa96ba8c6775d4712280211e0787dae108363ef3ba1d60b97e78a532362f0ca7f151995fcb93b3d7179c666a6f1ba4374e98880f3999b0d4c18be0b8c5690755ed6db5ffa1f41dc2848390ce1c1adc16d936d3bec7678d75df512aaa8c65ab05a2360edcc4f8eca8c6c7856f81172fafeb7b3fac9f6d2e4fcd7d2cbb3ee71259899900c70a0feeefe148e9380948617378f68caf855a74c6210ef6975dc2076f80092a54cd54279190b70df0e6ebafcd73e1d78c155d693289d3cade81c583a8b861197472ab6727f10207ec4bba8e70931c3c7fe84ba84ebcd657e3aa3058a8e4d1c9d3e47121dfed2cec72d72ecf81cebdc0e3c304edbfe18e7e03a8c92485d1b4dad2edbd20d665af641b9bb99993a41b4706733028b299fbcbe78c8befb5ef5395daf0302535a4b8b38a528c2f5e1447f05fea574c180504982cda4f30526999f9b097ae202cc188ff261fa7f8bc26dd13fc4e5699c549d4b181ded57e3c0720a9a6296ec70ce1fca467a8b2366d359e5f58532643db85c3896c5c2c2d3b2c68a41a713c4a4d055f6b739e2f6e77cf70dcb4307e82ae2b8ad9334c1fcfacf837e1de8cab1147201585bc8ecf5be5e1455af4c28bb081336f004cba4aec2e96ba5e93a0d6e9c554d9e7ceb6b78d89972e86b2f77e4a47c248930958cf35de382e8dbf61346453cd71b6673abbe15a9b68e0e1a9ca23df9475f8a49917be1474c238557624a79130062f62e9dfdb579f972293dec8ae2a4f083d349d624bb2ed68c952191737112f04ed07bc723c327a1cb950c81ebd12eaa17a35822e9cfa00211406f322dc890b40a04379300f907e65a8a541e706503102f4d8a5af3254f5a6f1c3c7cec4d9cbad94da713b12a9a70fa5fd5546dc97fca80c9f3115be2c4add4cbf8f405db62bec3d0a323d50892b5ba8ffe43407551dbd8be7a64fb1e89a335debddc88ddd59e8e10bb135e896310e43b55570617f0a750f8849740a7ce5831149544e5e45a8f85569ea29b3e521f27a3cb1418e8876d29be98db14b44c0e74c4384d2648368c6865b7de8bf97e183dbee9b1728ff2d7e085276f99c941493af78689d832a08118ac282947260339f85171549f5e1100155814458cb6ccb5e4494864990e6c2563b101fae7d70d85bb6dbdf2ca19d730d5587ce1a2b573ef44cc773338518ba1c10a4931d658c8703064c62c50d49c1dfe8e9053e1b7fa95856453a88e1e1cc56ce71772e1f8305d88fd591b2e437681a88c3f49d3ba9f0eea405562aa031a6fc9811410efde0bfb9150ab93167eb0c9742125a7b83f66615b57dc7c57da2d15b1bc49d4a2cab4a8f47af7ededd50cf8a6cf6c809a8fae4098a5d6d24a551458fafb42b3163c130edf0bc9424482ee50fad0ef35016888ee1ca7048d44f71c7f73ee5a535970fa8ad4fe6168897d9cdee7c7fc629f6c7ebf6f91d868aa237fc7eaded2b930313137764a5219ecbf43cb34c44edc46f9326f87fb8486c9fa7474184b14cfbe9a56fd3d94e453c3ba02c7da36cbc5304673d0b710fb0bf7685c2302ef9dda9600b606d122e91feb6e2186fe7b23dfad9d4119bc602b63b8fb841e07302111c6cf39ba94446af50f58e9389102129288b081d8e1273b13c622d958c18edc37fa36dda60f9af3cc4263c599c7b035a514407053884423412536b3126aa677c3994edf5f55e3fb0c4f1827d3ce5fe136083251bd6f207128f4919b7eb764584baacf0346e75f3467f9a1e0664b128b2ea2528ee22a48c7d1b360bc1493fead5f8a43f6a1d9c40bbf656c34abe221fd89740c6da946685148f966c8c378148f13ea8b2353d7c7737a509eeac64aa79423d69dd5e48e3d1ce70b89c012ad0c5ff21e2cc508d6cce293f343a1a9414d42a5e7ba039f982dc70c8c003f6a0aacf3215914efb1f85dc4ad65895b2a883be102f5bffd4b5447d9ece7b535c19112dd777d4d068848d84c51b13fd220519b87d8379fb8ad63d81f1f3a691e1879844a81229da8aa389b6e7236ddce33b6fea7acb7750642ebedf61beaff107e4d53e93592e5d84b85fad07f27bfe720b52deba680abc81b1729a6b6cda7f08b92cf7a7d61acb16d925390d1ce0a2ee2cb19d3f18245647d8e43c69c4b6309ac78ef674fbba769120dabce7cb535c2b0cf880ca163296d752dad7e464d6ad704c850b3804c8ec5b4355c88d8fee9c8b049b55558229481c0f7ec0ff83f557336738850452169ea02047a437e71c085aa5205550c9c5b54d77d51ee2f4e2ecd18c39550b260db95664b1b3eaad40ab0c33dd1545e3eb66c787d6fc4fc8a07428c12300db06f892645e41a5a2c1268c46db363ac492f3eaa69246ae4f4e15e6915f5e7648ce96721b7cf53f7a3f9357e26e15c0c58888370719041f9c5c098919ce2a37957d10a735a02e828cb555ee4b1371fb1e8f2459dfd94495534a2aa3529f515d066ff6b0051d70515e53b3cb52395128c684923c1a86de81bce6f77ade86fef840354705b578b2d4ce19e6df1becdaa80b818c5bd7236frootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-60.el6.src.rpmsssd-toolssssd-tools(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.6)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libselinux.so.1libsemanage.so.1libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-60.el61.13.3-60.el61.13.3-60.el64.6.0-14.0-13.0.4-15.2-14.8.0ZH@ZH@Z2gYyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Fabiano Fidêncio - 1.13.3-60Fabiano Fidêncio - 1.13.3-59Fabiano Fidêncio - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Related: rhbz#1442703 - Smart Cards: Certificate in the ID View - Related: rhbz# 1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6- Resolves: rhbz#1326007 - Memory cache corruption when rsync and/or tar to copy owner and group info from LDAP - Resolves: rhbz#1442703 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-6.10] - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1421057 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results ini failed user logins - Resolves: rhbz#1487944 - ABRT crash - /usr/libexec/sssd/sssd_nss - Resolves: rhbz#1489485 - sssd is not pulling groups in a trusted domain, with the Global scope- Resolves: rhbz#1438360 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-60.el61.13.3-60.el6 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH6 ]"k%n0}:w{!zA&_8uޥ5Z, 0ƑCO.d5)f7M)%Ŏ@4޹JsOb@eiG$y w iQhVdZn_:2|N!P]Nd26CM %{eUZȸ1MPΗ+D-$KxFv`Ӊ͐CtB9ÂaNF#*~>nϟI_PǔpG AsTJ{q/NbwO8sI BVn:p 17jC#|JdO;_3'5zZ4>Ά"P75lT[AH W#+"]$B kL>'Dm$ ' ҂ش Yt}oOֳ(Y TgxkJgZNSF @3&aimwΐ T]9PFYFExcoabc4gقhH$3P5OAgq,NjǺ)jj7s_A*A_/=RpU*7RXkY^ɽYRxv˲DU;4&Im cˬ-;G*T2npkuZ7U"xwM7AI[$>"?gdlD ɼhSo1^?2Э*t`| Qq 7J[i uLMN0*iou'Z  4k[=AECWfVc+hMvP1h$$l*0ȏaWώy3BOEY>sw*ȟgn!V~ii+T]SupVj4@wi H/V,+4"|׬Tۏ40~,{ kwx)w{%mFĞP00L& -*ڇ D݀"S׮/HXïVu;RF4*tQay:5W풍Gš[T ,f[L3CqL !NQ& {D4MDN`d^qĤ {J[@W& pfRtk50GLn`N2`7(mYkQ[K'r|Ovz$FLpBkМ-ޥs]D]s N:x"ѵ@{~>,C55l0m΋NB:pNDL-Y"։qjEwݮgu6R+ L 9HJtz}!}Ǿirh_U=q>n'+`Bƹ-h [:/蕏/>hdzpeu%40?]?r4:LN?/5AKK+6Z%^׸ fOD-Ha f4~ p~ʦEZIXY ә[d{N.*}qAT# p$}e-j6C(B\=\߳me `9#'蹞<>wp!լ1Mxchk ZJ,'잉 { hYia1\Uivq[2@\6p~ko Zd_ϨmG X[Ł|g`DMŒ;]h~(i6`@SkWȷ엉1wU;u Bj %~j.oiݥ26. sKDb !Bo#呺\$@~D.ܲymB'@'|86_+5dpkfu/\Cqwy6uyY1灢sӶsPSJ%>< gnJ'>Hf%|oa[M"ĎJc㷮.5:(f 棴:ȝꚰ_zD-d4k?68a IC\nODiYϾōͨgE(&[@=hA8+c#)a➨u54eͤt1䢎Gڙ% bg&DZ51ʊ5nT4'!8YKsf# 􉂲t-X &ɽIdh,90 X@܏{LJ9ZgmM`DIc^_Il4q‰! m9: iQDv"{FJq&>a`;۠Xd^W7B  eTtg*VƄ-\88Qows'ΟhIWmՌ-A;%Z<ݐe-dPA[@-d\ނ>O&V%۬ W?~jje_&0ip>yKTR }&aKCc>^sm`!Uq+BV/Oѕ$ ލO>x1.Tl` nW'8A:I=3Y50!a36]^Y'X7_LV>sw^g1[$͊l:cˌ1rCm1fM08䏺 8l jەb >Qef7xHvs AĨycNWpن}hv"JuڜrL+JH&QrRWyبafS oytg}r|L/:{2M#rZHiڳ1FWgkL)UXXJE<0)(<~J%20mH3*;Hݿ3*h(>NTy.:KFaV;R+'̟LX?CUg/$Xrisoa{EwDDH_"ǣ"YIiN]OQlfˏ)TLΘ>LLd,ճɁe6*Kxhsz0H&/"ofpb" cd`3LPc:n#e._[]J Wa(Oi oNӫjVLXoņb ףK+q Z1ך}sHj)7 >zOi^-PqwٟglMbg Bm:%S)yWX`49 ^k'UuRl, @!A~ňV Hҳ *RnYd=9eTp+78;>ꏚ Yc? Ưf-_8N]=u4 p Z-ˋ4=bƤSP :Î;M HMD/$t|cȊ ;AD)^>Okdѣ]c`a#gdXu9~X6.d06د5Wy~D%NYox:26 l֗`&o/J6X=z:CJ[' ßj^{xs04 _ǯMj-mG-g&\P6gAlrHaPghn!7I[D9 U/6o 8]ammb@<͆Ċ* P^OuA)\UW Kv`/u^j5^rİΠH/%B%R `Zmg.{aa[z *g  3luZlL*("g8e90y*I U; ygd%Dz򻨈ZAcDTs|oqyŊΫBpʂW:/b}tQ*$6lsyS: /Wñ~B\Ķvta\ć}(;ny4f7~:wMf^k[_o3w%11}q1+G=@rj Mk@5j[;ϔ1(_[rX'G",@٧)zR }C]1LfiD-^zdMa͞Kf6-i*My\kѰ!&3ڜo.|ԮW | gxwY P]PZCS'iTܑ&C+-vexB*\ ԏ‚FvNbLqLkdՂ3v}{ε339|$O#kPF sƆ׿9 3{MI3ڔ3@}ON`u/Ɏa@DtQnѾF3,h5LWCz:+G͸9m}K:1Y{?|#36bWw R 5!S+)Wo95~FMy@ہ<ΊrU42=o5ՠ *{~;--}14^㝾~Y_jΚTDwMphշἱkUjcq3Qv0 7aP?;F&dQ\ׂ8LG,3k.@܈.]F)=S^Cכl j^mtvʺu%Kd?Q Ԃ S+ #lMTtm){YPFm뤃4'O+ϑQICj+=CͰ:RI?Vr|}*0j%0YndY;iFce*Cn  %WY~hڸX;r. *̞;.(PjT&DhL͟];Ra Ucu*( N[Ī!IkĀD 0fz6Dͱ)dQucQ#POFWt{IV] x^1~й=[\ȉX@y/`0Qqi:Ty> {~-('-*`̛ $.*#q+R:p''DST(kesl'5(=\y',A$j~MnjHr nnZp 4]ܚ}:;cmPÐ8t@Eq ,hгRxz0{ kؤ,NG}Va\FuLU<'HmU >"& Տ}/Q~A !c6D8yd ]>_DL% ̑g dJb(L;s.AeoX b'#H_ՔpxK~B|z=еF >IxʗaC{q}/"Yֶ$Y 0wѽX\OyQ`07MQ1'qg>$;M}di# j/A%< ^C1ܜf8uVm@v"& yA5/Jf>kb/M5< 4CdX#0;gļ 7lT]![x9-TuO^Ljl5H>g)Zݏ 5rZdiRGp'yZe+OAvB0m RN.G[#xiUmU%"W&\Tttc8c0\_ ['d8/Q- i?E ;Cbf'8}ś$&"VWJ*1%~ʮ)$ѫ_~0Wձ DJ+ǒ]E[eJ64 zEM>=i+xe(ld-|p`#y=&R2b+@)%O-&C]o"?kRiٰLbL 6QL{Asȏ[/á5%̓ttg͈s7␪tmmT PTv'ېw){h@FN"B+>v A˻/[Q7|SxRTv8~U;늖 N84WTGbFӷn_[y(SPe–h~N@DXQMj*()c2k6@LcT(o!ȼP PΜ"ZwuEEߡ6&fsJd9ѽ_{v;%ؕKfógP H s{xgߗInU,lU=E ]1$:$% fW$2_Iov* "Jݩm đ,&/[mq3Z!|D{eK~8^%bPl aYwn*!lOsf#ê4@ rb3&Z1fevJaA#!^w9{#=Rk<ݺ.sK[F =݊' @ƍ5<<Ua:hqEjb+xt!X,fYLX*7Q$UzumggՒ6K )P^5űrG>yZTºGck{ _+ >!481Q3M:\HEqŝx"N8Uo4ϡG3MZPQ u]ت33%yeik-b뭖ɜ21t(x~D wF4#|鱛ǁq5":Ӥr{+``ҫ]1I'>MZ/=[)ЙbcXTdףHEHz:%EtҺ&~LԪ o92g燉:)`wd+=J7@Tz1f]Uj1CӽRlBwm&Kw tD_Oi|9rUߘH 7^IyŸe.侷ۏ2]5gBi_#NI /h^MaX{9OCct]>jM'{O6YHX՗z)0j]"Cw=_ --jtU=V,5?YBrԴ#n]ʹdH[mYءdS}HbHR04kĈnQ.̍N`KWZ2hb; cL?mԟݹv8oHqYuH7x 5xL~Z,N&Z[ȁ X@}0QF +E//Ԯ6] ι2h_?zD@~* kE.G{ rlL F h}܎&6Z |GBӬ91uvT+DKe14hYD?׋ѽL0L|x%9' ٦7Ft ?k.R C]ssMƯ xӵᾊGkS(U+J3r.$sr&FV& )|TC84EW5cx 7:Wq)i5p)"g"еY8zr?\׃[ vtkogI L>}|](LXWTi#Y1}#!WuԐJ31H>MwjCak9A RSǚ߳NѫoK_I1O҅9& DpA 1ax[ۦKhקL. ii9={W$}\"';3e#q憓F.NʗZ4v/ *3hy\4M&pJcJ"񉠟, fn_޶AKZQ~(V4ΟGGw Kk`u yAAǿ%%2{Z袘É 9 ABBQ.~,r'C%ʤ3"u8?z26nSl00Z\vf.gkCDAe}%f|m|(Nȓng+@Gѣ'8] ȢBby W*YUo[] K'y?kĻ!$b$bĽzAaTt[ oS剬"#ѿ*.Ȉ"xP %s]G5yu}Uߋ1lrXD%d[ ea{ҹD\cuI9&IZ0+3(I$* 0Es+JR!QzjhFNY*b`(hetns,i-Kk _G>q,@lb=E 1LBd!g =s[p O!JRvóz9/zOKGa˥[)>n8/pHSC76{^=:|ڌͰ˨ ӫj8I3tEOvHR2vPxB*P,N$xiT;P,?#ro:a(;ϸ~H_l\]Cs%=Gqgj ]chaD';f*2 l=9 q 0UV/"ɭ诶Yn&7x?4j;TurRa03oaG0ʇ`ikǣvVJUgލR) MܰY FRФM 94^7I^H5뮰$7 ) L:>].Ʒ1^Z_# e M\~DHa{>Be.7?xUJ`p_E&DSY`wI#4jtp ;4Bar㥚.YL)*) *m^|IfwcٝsgLx5sMd|ٛն:{CnY_!FFJxIС. JMl'2vz9IuEThh׽.V?:W[Q[^hԴi a@E>lvҜ Q/ '-J~WLpD4= [Fa#hzlb\g(c1Ф6 x}ްvo=|)3-Q4VD~cr/],%~%tƮ[O83]U|lu=] };Q |$Nd솁  >Cߴ7,+cihKg:tz= S `747 ilY|q)8^3;͗P1.|h#ڑZ,ZNBBKGVyC7+o]-d1Sz& ~p$N РoVXO'sloy$wfHYz/WPх#煠9 M]/q3X :rkڱLUĈ%vHP msZꨦ/qF]`$m|/. o9-D{Ih 1nץ2fzAh#ZCF+mhgfp TR+,4pyؿ3?@՞k x2&J)}nX@ \asx_.<5r/@2:] r]{׀{W`J( mög&im ˔[2n?֮݇}k)f>M@1bR~~&|`/kӛ`Nh}Uzϐ/?3ƭﲉ YuiA¸8خЭDx!>+T/Zz4{OljZ-0/}L !B6K)/_=zu-Tc@F䥾1F O{u#>E[b=B\_D%Omv116GSnU<"SaS2v' I$b3u-toL`VP hێEQLI X;Aj X:Bԋö=-nQS5zu*$g?%U ֨k\:j* %fW %s=I9R~J܂)9Y%Y݄7[Ge:`7E.sMGɄ4PjS''3Wª|tm򦦐gھc:kFc@/\9&jK3:nFYiOSFޛv*gWZ!^۱J{.jP†Z4Nᛧmpx@!h%C}%h98tԮ{Q(7q{m *O>I/(Tqmc콊⛕3r)sFk8^iŨnJÎVk\=v)|x0/,S"4&qLqڰ@H?Uy=}zWnƬj J];T A{A?\p~#{ 4iL0iQko<eKX)o1{TmLz޿<ٔܬlɔ& l6#k" |r@mΌz3!wq^C<"xcruҬ*F ۦ4>[?1I ĺa\m=qO61C2,֗A#r)3RmyߤkQQ!jeF׿v5 m2sM*PZ!.щ{~Px)E(4v@V?;t~bxDʿ'= TƷkmmuDVɏUjv=HyM?TD6f2խo#b@'4gaꝛ@hbѺv|3LS+EA4~{84fB"5d%U%gkoW./|U7)#slo^#X!hV}/%x,KfIr$5D'!lom Β.͵&t#%2 gZ;Ը2?sOV @C_#0\# 8mԬݥ ӇI^EbHNʅ(`D!R"IJL\CY-:+ֲ,O W`}8_-0.̋{ xhGoM}<ʄd)+ٲ( H冠NY_VuX8@ȹ}{tRY 9Q~|) ܚS3u lt`k$o+ ~M! B9нKO -g*_PPAg0\w%FndP.v)}_|n#T+DZR ;ȑWuJ=%]*8% !TWc߼&Rd}9*WijLdf,M*լjsa@d Gj߂+%2²4LE!6аYmCvkaVkʿT!{ {roDmQԁxjOY?p Kx v%8-}?6$MTU|tPX Z=s*<؉%kU.,B!9 ;[,\UElU9`? uJ/.ZKET ͤ m'N9?b=da_8 cRy[?/Z⚴l{C=Lug|v5L_~,{P|]VqlҰoP Ȼ+yjo9c%9,;L +OCޤp:HJLgr(bY/OQ W:4c)3XBl=p܃`HG,iRᬂͧJ/XWQqN.?02x9W$*'W®)'l5TOt73 帟|g@;1;&p#i\r4B^`04KC 'vbx68ryκbϨVG 2Σ`V ]%| 0*MVMx) F2q5uOy _g 7Iɷ=V|~NV&Q1^DZm'6 @pJ=??y3,.P!j7YoM]w\<>VdyTٍNj wTrڰqsuLhETefDvpoNsgjʡ 9ڛ%!`_IŮB/v;P$*kɍ}[ݑ 4ص| 0}Psd%m_28Gn% U.T501X{CV8-$R܊d](BX$/EdSvjw=h35h4$ې/# 3\& ,HmjeA:{ 8NrX]9oEf-7meɑ:e@HbOgAC#E=+ƚjp ȫѕx82pRtx(/xjFdwSTw萸*@9bns.kO[[EČZMx[S&u0]{~sc |9eZ? Й\\-%NǗ>VU.sئIT= {n笣 6(pVW ~h `sC \C4qr4qP$As}؃ӎY_vWޤz#qoDEW\T 'Lțlhޱtԉ7 }!k(Y}f%Jx %HZqd36 ZQt!꿊8` ՕQ[[#>@C1CPW?f9h˒zM x{jݑ:&ìcb6n[:'M!wzaAGM|V Zd(目ۨ9(? q*Ա1ygF줨d~J,O &"_O4:^'$x@(c<ߓ[Xŵc*q&Vn 7p;uc</^t&?S)o w?Jl~zs-Ζg(3:`tO= OƉYS: .&khxc`9;gy/܂l7 ~ ^đL|q_#5YE]<5:xr2q{H3GMux`0*$AMRRgJX내4xT.o<&)1TWݙCّƇ^o0J.<'>Hd_G3O`85H/W0}+t(-Xs Uk2(u fz-FIF9Ik Q.wFuۜT&m =bTG  1T~v%B ac UuvD6Ie@}5[v#t:]#W9 TgG͉T6V{#*w+*B^9;-FI`rlҗ2Qd`!tJ-=6&hucl^msy߿S2q}Lg*fEcu@S 'ֲHk#X-g{:Xi&jOhQ+yivS[/M"ѭ8װLpj >P虲=p5fyVQLlɋN81%['N$V2ssUP7) n!+VD.cZjv%F!dLsUrnlW9T&"ySPvlQ*!GM-0ApHPEbB-I oW*zT"l*P挤tb<'j#I 6W(wj]@ 2}t!¤U#B.Ӯ/*FV̄BϠ,ƊG0@zU,_c,{a $fMw޲vw {ʎL?lXoYf,~O;@礪fOuxPhŴa{Ӕl>嚩8֛\𨤷fs`{0k^B>[zg}=wK"!7[X7 xkl~yEv؈iݙgm ԡOu^]zi|COk<$7 d@Io.B7mW `dCqAZM.!>飈sv؀.#EP bZ>NiHDAUb#>Պl6uφ!Si-ʤr s#W.W:Ny۱lA@2T+pyl6O'(񊂏Ry簘icmQ8.}݉vt^-y|yi4X~a{<s珶a˹g^(͸~5mAmU}7%֡_Y9o$9rc[jIrf52" Cޒ lۂ[ZEQ\ʑh0{]8Qs-_l`pr ةsCrw("A͇xؙ{BqЄXd2+QCs.?f%HzhuoPդ{ƽ o๽O61i cO cI[f!=`{˯hD[wP_2E!,@Y6 jvEɔX(XJg(jU T{>sX8>ɽ vDݲ!MX>{&q`Y,2 pV6:t}]>a Y<(5]WESmҥ&z e(ON8{w+D\̃oyBP6 [l˟B &Yo#p:(ι:tjԫs/kGS-'ത:vVkR-j~@Z)F#ݗt6QW9v4e*67)dvr 3K1ν`=чNO1d3ܗ r>fg(em=jBh0A.#4R8oG7>;SB8l( [$]{r>Xy~PE/[??ծ]UneZ@]O g{RkRW$/zi-cw`X ϭVs8W6zޤuUqI褎ZN:P#:d"&KZ'R]oov?G%B5q:PNwzբ'텱2}V3Y{1(2Ԗ/\籶Ho?A;T* pPPq콓lFhFFB*G@ *VS@&)3H=t树[-G7HfsbBx#A!ґGd1B Y: E>Wcam#yr2v:1KқWnJ1 |2+ec$B9)/XDxݖF0&c3WCZLlHhPkf/C#=6ݎ}c?MUc"-Vf|GeTW=ilvYa9<JX0UB,HBN+'k`;"HZ.\ņgt-4Y_:D&нQN=F0!j`1:lcWdPe:u/0aD+ sc+iHQU\C]{Az4%eHX^l$XYvxNހ]hq,g ,Py=x=j ]C'͚5SxKI/%@6n'vz5w ƽZ y{XV[{樧 ]_|p UlᬭjV5;"ٷ j#7: _0#bH6$9uv)*+?Mh}(yq/\8ώ(LOqEzLQ&-y/Z0$)_yKleqF:-|#4S6j^ggPXңȚЖ"sP Z<{-l@ "ڀޤ`xwI?rX'$'k/o=? |S:(6t8_m=\Nve89!#X@vTfO ( (d RAAd}Ы]^UYNtUsxSڷ#GPr'VaL]4J4[&; 1mkBy݆@܆{ӪR'UT43e&CkCP^d׳r6bibi( #7@~?`ܾnQr"~0tqPf9};AX^4ej sU. 4oE9_&kG7v5+7U<@C;68juk|f/J3ƏėfS)Cb`8k -S|'c  &mEbPs>i[BnMP Jvmt?iOUH{)Hnغ[R,}z0s1R߹Φ ˓~İ% ,h`wD&!pr,$)kp@eOmLcR&@63ɱ--e6O3jPe-GΒcx:okv԰P$4|΋ևy'N*meOjT5ŧ'oB9Nj$BfşhNٚsQ]beEa!wX#S,Xm!Td\"j*T m8Տ,AA]$ hDR)3=RcB'׳wC7 Ȍ]`7P}>(~m fP]3=ZᥭlFnԲѩUsWaۧqX1<7i[k+pJW)=^Whܞu7aZ|;v+/O@-HD"\WzZC7BϵR}Z_>qqČugzWb:\i!sL4Gj1Ācl]N|ˋ74/ٵ/:(2mh h5)TgM|޹G%7PۆKf/\Y]i91ueV%Ts9vL PX7lI'<LNU7yEEUG>Zׅc=A{i6/,=d@JXIm%VQEG|xĔ!}m-+҄X6Pn]{a}2H٘l'~`LD>>XU7ӇlNLX=\ZvVxvɭYq`OyJʰlVpqYZ ~KkuguםMN̒r6tfqK)Z !{uk "'>Uj-b#+xI ;~(xaD㝕~}u-лyKwfS4.!Hc|{\́B<{~ŠWNEb]HϰtX?cؼvbIcLY8"?C(9N|3{_' mOzg0I$%!p@OG^}>k@Exw1)%} 5 37@W _0|B^_4|>dC;;^O^pnj\ BrwNE!3 'mk٤߾M#tacN:$WVS\k\^E€ Բ0 |Mr,ߊ1pqWjr uc,/j@W:B,Am:)xPDhn f03(_ )LVup[E 5q> TRNYL?pl_:\F6v*ebFY?E)f͘ߤh~Ső1,w+CF-5iu\369z.3o&!}7D-7k ,- ݺiXnPn(&[/$HI[0 i:>c&V/ƫ2|GMr%Aw_b _8?x#7xCye ԁ5UՕR pph;ʇ?߈%Z;&+{/ELf]砶:ϖD4p"!2&i@ Kj+Cѭ+1b8Wjdsjx=pP᷈7#Ic:TEB=m2vR2OK0TZ֎`b ˞ue$HȔ@{N8 ŵ䃵H*IjQ~60$ą#RWcⰋ-}`OXȟ~vOo_LÜI.|H+f?3F A{V+k PU[1Qv×20Y^C=SċR&L$X"f:ZD#GnV|;j=Ng<@a%/un}C=_Ƒ3?!pܝFtJ%2M{ujrrʺPp|a٤eː9][m:vJ&Y‰vu0teQl(%c' aɮy;i1*_r+HR5T)8GZD^sWe$Rbl1TM'i+)g7-6LM8;k9I. O2S<=EXbZ!5ZrY[;O\ {m RHQ z%zа*4g(G|ZDD Li. |˼a11>,ˆL,NAev*qr|h@:R] ?Դ#2pKd*osheyYY*Ӥz/5;1LA;VS`9)Hl$#;Lf_Ǻ1y u@hnvs@HN҇- R-ȅ+X5o9(?T\ebAPE\F{l؆A hHyǤpg}2{?l TiȁP򙨤"ӕqCiuVU-I/e11xgȱGÑC4/"R-xr; Ma0IU=5^. ]GwtYH_ΔJ&# m3WS(dv \ÊUTwF^ս ljm6ckޒPwNdkHjZ8yɍʿ㌨ .'A=݁#HZ9T~NRlvՠ~Z]OB"A4pZM[6!(͚)m1u kv\[O&j9dpˋ\o#!OSSݧ7Na{pF t &Wke}[ +{O{sܱwe׍s-:: cU{J\3~|C@>\ {9%Soq,tߒ6uIdZ"+y[W&A3c\byCv:!Y/]ʀya&I ?J{}D~ dVt$4"n 2o=/799Sh;o,$yR?$:^߅""I7QKlըk: ur'%[acS 2RGN{7CP[qZQVeI̡WҞ[Cy{p;s[ңSo5}pWЃp-W`6ajvp&F9.rGﮏ.&ymea(Bwm,/9쩬 VQ!}8,JUR\?@Uyb6AWuj],ssZR x(e/CT>3\欚QATҷ%=f2f?D (Iv}vXI*T^3wD\4{^ܕ뻖aA~%b>(e)+*uY&WhYזŖͭbޤilXtK0۝Vb& m2i'axI +;.a4 EQT Bn|u90<]BЌYӺJ0shZ D-jfXTүX@>2-{S΅9dʄE/A!x;nqCu:dF* Qu< G.' b|O.Ł&vZ"0obsA e2Ġiͻ>/8tfZ=7YQZj`g q4p]$zĩag9d5ӾtVmO%!)G{$J[Q&X^ّm VKg'ez68 1 TIq;qbG!MbPO`yOf0cD!C6 v4|e4{0ܖws(!:)7O&,f,M="|)(_ZI}NR3) D%jmscu:RAፌR`Nف`LRTDe > t [ϸ[ڵhn,1ͬ8,|ٰJp2 GC|0(J$3}1~VmHtgEr/44[w#L[1Wlq8OCϖ$`@x9#fL. Yi&t=N嗠%<&^1WW4E H9?h먌r)aI}6i0*pOORCÙ&>h X01`>q$̻-V-6B!k㜨1 H1Dd]KJYځA9پa2:bYa^|\A%OYϦfݢ++е>X1 ؤ9SPvB<W8 rl=^"f/̜Jk< $\{.87܊IYdL4]_L)‚J[`;A<8@sä^'a]zg5|I}Č V[>߽<C~9(7Z@Z'A _ f0 [\I⒥ݶC5?y_)]&7++TM`q n71[ !xjqtœ*j:@[h-E UJn1lG7%%PLh|SUI{J.0eTl6y z G_<M2`8ӣW7kxNWOӴ97[35"8 @ P7;GCC=E9D5Lrx-Aч;/ h"2՞.dyҲ#E [1^!Ԡ_YŸ}:)71+: ye 2 ZI JL$nz m (!T2 GZk&Yq(jpkÅ ӜP >HpW9k3AhOc :3ob~91+q~1+t]q]a^V!ӡm^J4|ܖCMsh,Lyⲛ@<IDʊ [qN&JE<$ B{y- {.AA\./ю8I[Dߠ**,gK\3U0pkHuO O+L \ֆai.|nDo :aJU&01K"̧<[Lӕ"E|/Z FJ2r& JcwhB]P!O " {v`%_ǃ$5t*Ngk3lGn=qU' 43Ç]Kisy;S37k}P6e?N1z}c~_g'.70Md}5o{9ۣٵ/ElG1fh6 Uasd yOͥ`)7!?'CP 8ժ\1_6^RuOXH j3Ep:iOa#*O t rO(D/ )P"[ ˖>}DW(rAwˡ)5Aao9MKiXcr=s}!s,}G7X" N@ڣ9Z2#_.b/h(G^.8|!&tO>/*:2"#~xG~Iʅdva7QXUސ QE;qH6_sNکDQkp3sU-lAP@<{< $7ceZC7}šee~pA]lP$]OB$yzI>g#RX3s|LI$m~"3 X\^,4Ʌ؅Qp}3GS }.f#;Y\Z&qO5t%Yd1D'f[-I#BOK4FȆjvA -4%5C*i7"^V }Ň)wf3BZ *gb'y{fSq`%?'D|Kbk/QXUqׁ __Rpo@S\cAY$g 5l*1#%ܵ09Ya~ N6f,Dbsp; 9osSy_B®ׄbpㅞYCG+@h/ּ%h4O򜆠R3xhiH+69;ʱ ls"/ۿro!RȢ bDLDqK):FG1.6%V+s(9[sU{az*_^Zm7Cή` -Qڦ?Ciu䭟|c#Vo'HL ѓ:|s !PoW3|•1Y؏;ZEx>~M4YhR9lrQl^! ]}1,%۷J_  oXA[wAts^ }HԐ]9 E%(Em}>qwl G"WQSnS"ENTd$rW{Jb)U,YMn(vtБpfF9[<"5K5UZu}0e<4fj.?F&2m'<H}7}o:JeԁEEXzjҩZ^-C`:sġ]M I^7rl-L֊OKeڲ V yG۰ZAOSgc!j=_OK]vHP>񴜏1B̌!!?ˑOb/2('܈'uz !ˢW\_JNzX0mttN\}b}0-$'yPG@hr~bHD,mfFVexRX,;ި-]ATT }GrHJ +ҍ5s/$DA!QrH@2W _ܯR נYGv8×<>y?讞NZc?stL{ʯ~?o<c WPTa?(&|z5Kl0bitC|gG.Tjp帆 j q/Kk*^8c.Հ6aB3{:H x$F|bze}Y:AꎐY{*9;]Z}0Z|km[H ;>9pN3>X6rMy*3߳zk걽x̳KiDkz_=UC5QVn`pɘĞyxpAq5p%b챃UMb&(9S2VC`S1|2и cףnMhl] P$W>BIbQ E d]T3m6VIZ# @MiEv"˦#|q|P׿ehfWīnMR7Fɱ3&c~LeVDeqӿ ˭H3YWLUc[0OH ~2$~(#+K;i%M=Q`_4@<~- L%#PMM[/}a޵x{/y_ x4dJ:l/wTdEs*(!W޶f[& ┠qiޤ;M26+ύ1;{۝toѦ` =xPgok»Jr3 ɠ3GsRyw$ ^j?A[!>@}8)m8ІFlN1?92 tfMnU].)IkU/dIsp6TuՀ.<P!`qJ*V|K<4:p:kKU q3P \C]3sr$Gv!}Ǖ =Z&BVs* P4 H֑>Pɕ}^My g!ar};J riw>I r?t=VKŝJ*N2]DPTG?c&X!i0.yQH?$ 6 4pu`'?׺c"d`mTdqH+u*p|X3)>/. Pl#NF#o1}GLe@OV?m!a =relJzqTaF0}ZXg[pnihZ"> lNc2rDKMVgH @'fR{щg|ނ׷zY 7KK<%P}&tfDcŭn!U)!o_S9LDRq?u *r)F*j&jfB =TCJg fqdboOn0FƟ;l`dƙv3"h.VmVi$6*QB5.UyZ'Юܫ;ׁ$è㤏]埣)&&O 0J!; iϨ555@H+,ﭷ*Ù !]3o s$kY-'._/L.u9fOq ,2W&& zʺQ' FLrt#Ʃ1H3@BdH(YKG ll7#\Fnt-[( s(1֭uɛ$e.ߵ([X KoӘeJyU]:y-)^! O EIe@Xr}XI 2Az<"OјVNPQIj)-@ij:zZKmB:kSH&U|攎VlY~Nm\>$8ktZS(~HQI6#u;j͂ x!ݢ 8P!z`hL$md6xlb5́M7^¢[)۟j6GS+Ova{I_ﱭQ>'4;ZH6ۈ3?Q7Jݭ[ ܤ[2Znw%{n)#f1{W9pkr6EP8 CX xBZb.k<P5uE -. Ix22\ѷV @v$zUMiԄ_\'KM#VC^K )V^F2Bݟ\SY$Lȃ~ D!1$nE9e_&7ʍd"+ATLxZlퟹx7B=&z4`tBխ%&b6כ`$jzc*? /I>oe}/*"qUX:}"&=GI(|?"}B:Iip#k<ϨZ+2deF|<=K,4D6`/'6wbˠ9 AwZK 1 ?ą~Dh=kؙ%a_Z]J= /_F?6c-#Q&F&s.Lj*<_r!řȃ[! I=mie:&; eO R,T7 VI}b)BE_e1[|pʳL@9ofyʤNG}}~2{ q2&Z&e\Fu ; (b19@lre 'k=^|EaN-x^'Sj՜*ީIhdޫx 2%N^B>)2$CLƮ=+C?)Cea!%xN2c^9vpzԍ'!.'Ϋ@TulJYq+&9U2jnf5شNV& T46'Z'y¥sЕ[ݤuhzc׎N12˻r3}, npz!vpyl8}=}g]Eڮ QYHf ʬ7R8̰c%g+ 3UE4$EG3B!je]YːyhnfOCN#7rB{ 0 ոZ2TkМ.+Y}Tѳ=KAMK!ɚUHO^\<2^@+:Nq@EmؓcoN wyFVKtHx.8[2y+Dh'j@ w/R ^IwYeUɀi?/(y xV,{뢻t:W"w ]\ 0?iu#_#N@7ъ%/.'"迅 v֥OyD1RY:DȮ`IW.~^W])i7X_ 馭i1Q @rݯKR岇.4KNoyi4O]8Jp]:8|*g |UNń4*b?f:J3WFQu@طM늞i!@PGjM(`ܽJbz@H#_x|\4{/0+F}mT}7GR'1+n6ʬ!Z2!fn4p%S .Ujݧ ͊4 b ؄F-x/;i$xAAJvOWvg=/,DX2dwCf3i33 DN{ײFtk332)hHTxyPLhthGg#p0:JuT;*Eii>)!Ð WNe\RA+%?'i?2INѠ}ʚAX7Ьs퐯״Kqo$u +.H5C R'Y@Ɍ;1i )4 !@+q9E%V &IB+L >SZAW󮸹.MSoe{4^iiriMML}4h$1S%c ,Yqnŋi aӏʛJ1D;e6h'8hD?qf:H-`rjHq04Eh\#ot--,A֤qTU60Rdֳ;X.)^QL3^wu|-\E5 6y2Si^jٙL8@۠lu5 R;ɊT?gMO(Fu&rjIǎ\ɺdb̀`(l8(7gE_JBa ϯ&oAJ\+A'al Ks񚛊AgZ¬⣏(v] @=Vb?o`-VE(,?!;̌R2fTp 4uK7cғ)ٹ,pA RNqñ}-Sb–UC]|AXE vtn>װC*~b@'b!Ԡl%a'N#A, @%LI74vx'K~S#q" koYZ6gpFp踈+Nn<8BGA뙾jn 7jrR!it;_ʬ4w[Ïb#gz-Q ]N?So.~*|oM ݌Y~&kc jO!AES7)a9Kڗ78.4QC=Yk3>wÕF,u%Hk{~ \kwr0c8R&`ݬleK`]|;I!eWͺl?.5ʩk6:Iu]}rSEhKuŒ۝F17y>m,4 s_ y' W?\cNHp@j[],$,"*~4)*|%.;骃tGO֪ig8D| {B^l0PVixZϫqU rQtQ[1uoiHwx_I`vBGhT8{`tzrФv<1I7BŅ,êVE| r>{*17w'Ńa ɫf?1(Gw*)f028 Wҏ+ TzH%}DPK52uKćBHcZ4?^5izEaX p`'ҡ|X+s#yodZ)5ND9EH&Ln# v&󽸩ʇQ BݙhkHdC`G(Yl4%#]ns%u<2bSXLlf,z zP!U/w[8BA{WͦHf0Q=+E_PC>Jx k^}>z_ir6nWZ Xe,Ahm$ ߲i1U eεj'GNd< 8Il}jU)h-ZUAS.cqwmN;6mm]UWCDkRo}bì>q xBDn~# 3$;QM 55-g)A3ELRvukc]C. \h|#|}NbҸ:Ҫ`L9Lz^ X`G1* ss΀EyGG1 oH-PJIGڼ b& qku)DY L$2 *ʙ 9"kzM/2KE 8]#Hanڴf__:,N7E)kH% SN\NG/H0ѭ MxD{(aCvG8,OVK|vY!Kc9%o\,5ҡDw.H3P ?MeHx` JܲKR ŕ*C֑Fe6ԥ(1]cz['A{ #:']R@$) ocԓ }s4H6 %o~/ĪmnK=cU d/Z%j>VE"J"r(WjfՋP7R1d0.e>&1f#ODkkcfӝ72,mղ&|1汫 d73hq>k88p ()ԬݱjduA~~wz{Eu#Gqm<:*PȴOja3P3l3L*$Y@dؠ>JY޶amD8̡U&XxL@BZjf(d/y [.`9G?13_,ـI@O#R#Al[.U; Q 5rx p]'f}NӴļ/>4= HSSV|%Z ,E]fFd "L#uaHt ղXT< ȇ)0MzF },*Q X•2>յUĂLXd?{o/U]M^N?u7w<ӶKNg&GhUw@SC"x -t5 A3]KY#Gߧ/aWXY$.@ib;eZٮ%` Zhd+܁゚bDp5#>$ܦK}BtH83nVx91G9^nT %eU؍d8~Q "`G1^1EֻMTj zߚqhEwgVΣLE,芛*{ C/œdvhX|zy$I#$BFx_Ν;cJS4g 8=]&9L) >W-Rz 5J/ƌZmA"(0X!pU*NHgBv @wZKOTkUubTJWqF1R%AU056`,~et.tYڸfPv#>:i,c]B:`42WXmJֶ&8E wo,=ȼkz`Ӿk-? 'Y_M! 'ncyaf|/׋zÕC^F7B9VFPgzO#4eX1 iluB.xNI,e8\Q2fݻ݇I 5^Nj.Q{d,;/4NSd#Jeהi ?U,}z[)2Bn3@:z"XT[gF~?j( :irMRQ04Z@ qw” X~gRhZ%{uEJ#:!vQ! >vJ9ynZ3$ϊ&(1v`iU'iH#dIq) ߌ .:xM,]LUk=# +9Um>iKW|\l'P8ME? Ds2Tٚe%IS;EB$i?В 9¬W@z|@ތ{1H&)L^xARHWa-Xٓyh tj|k #tL{iIYu֣(5k7FM%vp秛>Γ֤V(,{Tw̑*Z=ְdd#d,efmF!czxq7TKԂElbt:^Tȸgx( s bUse zMY<~ ̦yUl/|!6*>BM9D\̈9:;5r F2+(⼳$Ќ]N<53ySV[46!|\WK.2jY.86Zk?_zs-PVu0zצwK$,!6zg\`q: ZJJNA!9M2pidb2p(nO%zؤnS=[z"v6 ҍڄfz2i#|azV]f:d˷Dey_ F/Xf`gQ!{8G@ݎ:DxycuRt,CzC+ojn=/Deޞؚ~|R oq CQa1GX^bm q>zYt/(ؗl <ڲFln|q~%ㆦ"*xPoBك ḛ-G>-5uJ\萒J&Jj DY|>,FÝ9!"Du/|{g,k'fɡ8QG޼ VʔU1-Nt쭘L~˷{_if͒ ?)MID;_w]yh:!UjUȆSC='-hVh,FaSNjcիH V4i<6`.pgGe],+z'z=ėv+ Jii,'=ltp"W~MFMkQ,H 7͟BC G^d}-&.o~fcVڷ r1LW=C8% ^B=秳La*0ld^%;!uΫxG^DR4ĠTJh E8kU'K?=ah=Di`9RK ӂ*/ߑj͖;ȴ ~gGpAЗ$S )I@F&[#J|vs)wVpTqzyt%&_7 {5j }lwo~Oqƞ,N+sBYB%s>1x-e͑j8ZoWe!lPḅ^>D\HS (<]do:^Dt8(*b#R|j|Q5;󂲸=1BNUF;fy i1D;5RÏ,Bca(ޠ#ݻ >B~@ryքFwې0 ZrpW s<ٓT0Ʋ]Υks-Obt8E`3`80Q5jˮ|c؝*ֲ?9 f70=;%M${DJEoዙCM9KtiMsI6gWDlwJi~:S1d=] $_?s]5NDJP>VSHşt sd_=jODtٗ #8#w{ijr/WtSbt;ԗ]  N˺i&=ݤ\ʖoW !`QP<;t{Rt+͝k!I/DxyWh!U&pQ 0(8O1`vuR!F v^ބ\ E15=eznI(Z>֟ f6&fj8@dIJ8X! MPnckHf_(~Vpv-;GyH|/ƘV95uRA1Κrs܆u,{ju9YL aQBl0b1׿oڻd8ud,M-~z)E˾INn NU|ۨ%d{(xty 9T1ҋ!m>b;YKd8k֦x>#_YaRM.;a`H1ubw96B,q‚am%] ^"v32ϼi'i.aL5B}_1ɛhpRDV1}ۈ $IEl׀'Zxfcv2<8^iXԒpy= cN:5q9CX]窐mV=d%YoJ`|eD%.͒8z]cfɏ+VTMJ1Hu٥_?ta7UQn*iHYmc'/C_+ċ8dbp$|[>y& rğsWO;ї={֣Nx$,@E7ڮk_!zc]rÑأ }(kJAvR/^;]iCb?!r:t9(dW9Hxr`9*<p'&FXzeDzm+R S/.&&`L'zqF݃ov]P=cS%{ήP }xBb$> )߉\,RuQ"#@F0j טc7?!f$US0 ݶT2t'Z̏ßx0Mt+j 9xQÂŦa"secUwYߢ8nwkn"F3!}UWW6hB2J93a@aebv= jG3rXg,>'|GWB} sQ=\yr^sEՂ{kX|$R5gvR^٣Lt)F;:(6ī44:GMФWyQ7a \> l9+q7H)"~$^FjeުI܋ U$՜btJ.bT`Au"La;QC6rO0Z2,AXߒ̳cva#EΧ~“x$*;1|'!YF@^cUy񜰧*6Bƅ/)= oJG\j3.cpW/ f :{՟72eC\KRC?JH)>(!0=W:dk? BˠblgR1>"3*JQ 0?[u]X +-jK_{nܟY TcV峺2KYwj;*1D !]5~ iOj0yU'<ԗ%+06#I : W])>gT1J7%vﱗ"E>ak0׏sɔt `ifpGFgzxʟyl.׵3o Q$,KVґ70oofEPۃ.?BJA)[{PŽ8fM; Ա*AT,dYk}881J܃ TD,א55SznϿ3n6D?ӔQjG|vLia#< qc-b'1;RfT/ r9D,`L60Έb%wfBzW00uIY0ػZ3/,J?PiZj~ 0_POk4LBVD%oa}Z`X k?LÝG+`N;"<C?@ EYx-H &iF _5?R{\6:VԆu1yy{<ô[ђ_tSDq!e-BfuQ$L%hYw,˯ u kFʍsM` wn C!gUGЀ 7؃2GtF u叨#mZlЦu~-Xh 쮢ֆ<;k-E- Z} z7 <ypRiL"m\_|fZ05 '@:*DJcYK;f+ٯ `ׅ=Ӧ%5^oݏ$[drpxedj9bߵeju&$N/W_fZM xAkg0}(A˔Q %m3}dX룍4iLj=eT4\x%))%*kBWM3O1F .}7MF ֎cwǪm L"@:H SNo dK|d9 b((>i 7= kGiXK=8h3(\XlZ609uUrD*ś|cF.s?SxLB$wDVQjU-(DeCT_ 9>OlSS2tJ,7u/3LҜoسJ,`Zltp5K'cVXI\` ;רaxƔ |Nb@2P}IrAS7FQֱ0}畏>Lcjk/y)Ȥ,( Ŀy} Z Mܯa%)YSh~G{bv u'@u.l~e)}y?>t"TysI՚Z I#)!u^$!Ѿ~W*H8QIS}Y$X9F8&)oCDr^Q֭.J,(g16H:Uj=I=)D6bM )3jPbױxy==pbC5OGV`%;}+E²v<7:Q\: "w6C]PWO{1cU?"Uizv6&0K~\"h〫~ ^Hc8dOqD H,21\Rʾ{T-l(U7p?yhIDh:N!fpyA6q]<Grnڿ{"@߭\Z+>ys+X_dH3I?%I#ߒghEQ C"T_V ױp8T)IqQ79y'jKnB= ^M!P}#1̧|&*rRlN!BQ"(rRy ȵg$MdnѢ{>Y+O7Aڴ@\ʔVYZ0(-^L1RfU)zV : Fצ7ZWdߏ젶3Ѿ1pt$[ad {o>GqjAݲIf{d> u;|i>}<][!e%:hʼnlW|QU۫s.nk .] UJk$nO՜LkR$"u%uO?YMG ,EtT=aw+\S4+s.cdbALhe>)Xz>JN54:)` Bً) a'U0bNF8)."WS"ov*t*Z׊>$ (VT0+em/ɨق&}{u+Jtg;~mFJWAl~PzéPhwo7< ZR"qD;2Շ:অ?%ﰾ}m}VQ7C& %|Jblj(m"QGlA |z\#[Vսd'7'MFQʑ9Kle\wIi?xL>md<ޞ1ܗjnۆw>q9<|c賽1\5HPsG+" K$GHX F'[p-&GIx}5KR-].FH #)(}'bjݸsIe5`arƑӎrZG|Y?:[*zO# T8,'Ik5Y%kXH|}^H=s4~V="IWRG":GSg}3V_,AbeI_*'&_Dj}iKw^N)"T4i_(Q(QϠYH,|[4u4X=`f9\@٘ 01F'3!A;kUKOY&BwFiȋT=ELⒷ=d-Tm}8eY$,w1 ̧tQ/!mk-o[|<{7vkk(UV"յ0! \`)1m2t;Q1VBrC0[ʾygܺС{ARk޾:|'4?W>Z f Mͤt8w#20x1TNնG#ks`kn (Ղ8$?[ }K}4SWгFu̯Q]gFH2 96~t²?qp =n7z+cB.T9g%rFL=G xLnzTNL;<|"ez素/E|Iܚŏ"r =Z Jg2ZdJ|Y.<̑htI;i~mbοk~ߖPOMOD^EP;džZ(H"`70;&Uhjq/iWYF ;@gSN RBOewuW;/m?HWⷭA wmi']E͘+fĤ-Z n6U#4l/s'Nzr$+ztwII|#9Ov5NK~ %H"8˄s"GĒږ*G <`GCtXgӋE>P$Mxtl=^ꑻMz?:y,Tie5`m?[3=|g"YV2Tgh1VWmqn"$!iPe#[$AկƓf)TynvpHA8+R:>:Q\BNXգ'jDq4,9B<#&l A?1f/%&sN. #NtF$bi[15f)v KerFkH!A,0%kcA[ϊr#!]tKC>Ӳ1sp1ۢ6 |!s$SO V2bn7ng-70kr?º4KLzU+>96iu@fӝQPe/w[a++ v;LYL\>W<!5Fx1:dBV6z/5% =-O<ͤefL:N[foYhwxD/9/: ͋]7Oحl|_b1]Paw:mD;13gDiG=eY{wCj2 \@ex1;”(~3GݔЩPqCv=Ͷ/{3PC ߙC -C䗆rL T5|P9y/"b}lֈ5HiYS$`! Ƞxe2-ϥ!z4X>^jHM6 l>6t5RbJ 2Ri|UM{ +/Æ=A+}O}0᠎ԺJimӧy>=?>ӥ#\!Ri@{7K |'/cuSz0wWiF0a|yмPT+,ѭ^SK/vU%*D Thm1vth}\Tۖ$0Wd`5%Л{wb1on)%\xq3bhXT6DyD(X~XDC$b7ȼ}y\5i]&Mׯ:;[*…,߰p8>rb68:FTrA,3mgT&>K&~ xOmTMz- d=1Y_mqKѣ'jxԆ,iF9h ZD7P~}=T[.c?SLzQ3{sn.2=L;;wOCH@=CލW2@p)CnQ,S,l4[uoIHAs?XĄ#_Vtw+la%g^~OS]tMX;4A> n'ُ @~ Xh@&C(2iNdh* X&ǜ)p# ϗ>Le{a)›^Z_:h?3d7i:~; hlpKO_ͬ֬nx1&/N<(,Ϋ(5!oDI֘]1`Cʮv S\0|3,iV'/.rB |Gg%P[s[Rlc惉SQհX8/zĭ4C,atя\jl9 v)Nw OiYG)tKP+^ !@#U\žZae6 9fQ[ᖒ¸c- w`ڠ\I|j6CiVU22.W3aTMbb`o/P ލ3eoAI;;C~X(CMX.|ZGϖKL?tY{6&t$dL>88u⟗|U8|JqCYZ7b߄a l?MW W ISw&̴ @tɨAM< ;(0Udep*Z-6zgTzim |t^NT/T14s,(s]9*C o~$>ϴ[e1 ^?l I7@pQXm#kROO ^j`l<4@{u~## n)Y>O%_B' iq̔}4~ YOH|_4qJkϔ7|c@H<(c$8|H<|g6#{_ETcTwIru*JC' ؿ !x:G)X~ @4_}֥U!{֌O|9HtҸDS\LP bE6) Rr=u];YDtTkс[*r"K 9ohH|$[hU"2"Fl~|MV^x/*Z0J8/x*Dd(ﺓyfhv Ǥ'_*' GV6}nzk<oAUɊAgGtɣ0%ʎMV/"CP絼1\^xQlNuH 0EUNo8܁s,8dplp2y>GP2PGqܗ|!: +t?(`_a~Tp+bH#R`L6RN`dxYw?Nq5`:ko@<9sPzv Y rm"y KȬwZ0CW dc̭U_G&c*2BhTb򗵞Xq.>=CU̴QRÏLʬW/F+I'ypTFYm q[>ף[j%Gdo z똕 7Tx#!&TRiz ypN*^ ŕ8cY:1H][]젪XGQAw esx䓊2Y[b(m'Пԑ48.bIщL+Fq+0ߔ3Q-YN_[[EF:\ ăM +Ԙuau= ߒY/nfyby4"ޜDףs&6h㷊_ ,TpJ(.NbqrzKM'-*qLlM<|-^}4oqxؑ?M/܏IVvuI|ѿ ݳ:Ic=kvz7ԾG?|[IIz|0e%\=shNmO0Aӕѱ϶'2ȉWЕwbu !_;kMYF,g@+!h]*؁Ŭ ECA5ù <5oQlyv0߁/i 0<"jMغ9P %6f$NZW$VTp`dv8V 5F}zJ*,w#d/g*QU8vT˥%>s1%{G .xߟ.+b dK i=Z"-%J1vAQCb&n̾`\*n]w7Xj2Z`8fֈİ\[mHidIQt$U_S)$ 56c{s??x"* 2)`H+_v"zln!m<!M?P!nWHު#: D#g 9u1Z!DҾ1X8.\8l pN4 ZcJUKk7fzb}-2b uΨotD<%[> @YTғ@ԴȠo!5x3!cu3HөD,u[L]Iu|PGWXĿ`J g{RnLq#[`s$PXjv>@iM1l2e}H.^oq؛Xl*?Њ9۫Q>$3F q2sxZPRX;>#{^]lӊ:N^ jly8 o0jtŠAGi4iVes͕umo@ "~OI$%@kg=ﶸKrJ7mb(+;9hw2ť04c??0%BsA`9/(u ;uZkX|W N+; I:(}}~zqJįĝA؃)j#':^U'6Tx ߤGx8:BlN(T@/?c ;a(֎Du<,SILfrʛF5lzAE\l?(M=yoI+gZ6ۺ0ōpr_LW.ߨάymDrH4ó=;EiЯZ,K;N ^p_6k<ꌽkJ171uj46]P4qpRFw2):`<}K[ i3ECg}~9oDAf&7;Vܵ!- 8Os6&jz(Zw~ed0lExo'S,pۍv&7X{)!\y@wTVjt f[KT噕H~ > F +R3m0n@P_7rWɝ@`̉A':):F X#qNg|n6 H?{<9 v*6"K"ڣ1;?mkvxUʴRC5'|YFr{j6v0cO;dU䍝r|l?qW7NGRf?Er#QybmxAǷDuf_d\>Ki rW~ R ~+}kLY=Ò  J[f SrDB]HI* W;NpHh+1`lA:mv9rTHc-)px(Bԧexz4wQOE.[ƬR@vWcXB2.=3!{. <<Xk(OYO6S[zt_&MQÿC>E1cwsǗ"Z.A? ȷCri9[Oj9J RIȇ4+{Kp ce%7`<P^ hrXЄΓ'@$C5טok XChn8(. ~V@Ac \8#"qo¬֝"e" O <4p_7YWeW!u?V~*1Cғ| (":xFtAr n}Ayߣqߕ,qpA_.zb.٢͂o!Vj1jPwmA3g'GX9?ͮ:Ji~(M I,J8u9W;SY6 Xc )#ᴢ/*ȏP",ݫrq |p 2K1Q> oNw-M&ҼJk]NK d נ/(OIZch;꒎V]JgE@s:|RwFd8QN) @Amԑۢ6mUsvW&mP`%Jy2f#ch+3g`pBYnX.u+9?dH5`o!`̽"de98ʽi]lyKn])xtCC`1 N rYA /OV,m}e~It \Db$%DŽЩ2)n*JL*Dxڻ@OXٛxVk7AHb\46?f_mWf)s-B0,͏ 4nB!#F9@4M͋=ޖs~@݇ɧ_`YR3YPWM#NFR3h$'buIg]->=4ycf/r s2S6d(bz!] hXFu!hPwD(I1W}N1Y~:,5~. |9>!OB,}ݗWa2ꈥ=1oHjy4>lf]u aeZ+jR$ g (flLprd,ȿR߉@aarEoXB.gѪO!-7x^DChV FA?jP-Ձh^Jnb˓}d70ErܚhF/t y;jDgЎ(?B$}TV9_zAk*WIEE%wҦwo5ɢ7gQUК|Gqz2Gw.i~ !%Jv`bP$yD?ݢQ7SԆwPemv-r޽ N8ͥ#Ǟy;4iEnlly] 6z CtfGĺ[r7OZr+zRE6BkKOVH ݶX%]R㥠Ǫvϛ=7]t+eD5^0qAƄa}"qi4c(ʔOɰ ph(@>e3–f y%"MEiF9~g](kۺc~=*N l #!ToURt< Pϵa[bA"Uz? 卽b 4ΒAˋ>蜂s#ﭟQc#ChO<JzdXeߤ =箖17?QhQPb}2B%mK;>65,$yXךOԽRvl8,B=-d\?<:$s?̙ kr{u)EG*rzD/e*C;_ 1?3-2Iv#;v'~'DEjj=&@WH;z3m+|hSo([Cq*,1"d$݇Zzx=^y@ 6luew QHg%* ki*'fkFRܴɁ8zq3 '=w+W&&O`x"JoʂJ& {.u pIvP'j}ȏCm$FGH06Q%S\Zaw@^Hob<9%T~/+uYM&h3 %OoY ;ez%a$]vޞ}C/ʊ? `,hn5MXzY&j*?5݂Nu@U|$^ȲS[|1!a~V8U2l6vJ<'T Ai|P}`x@{>ܞda(Qjd)H\fWϳ L]W%77\"Qlʹ@Z/=6lXrd:jQE3@/Amcf~P0Wcg@xjK8M+ ˉ6 b.P9r A. ˜c9nKd庚׃r ȱn>U! \E?vp3YHI3Ht#sqqF>G[ڹfsVv`N+n1co;/\N|)X%^c+/L>'z懭78mn K j\-U=0n"dE{ulފb[t=&Eϻ1)v[:sy1֢EXRcS,r? 4H1[k}*Cǯ{ç}^CqHow! <5KNb9\Oy|Rn\kz_1ن}b放PGq`1bcIpF?QTugFX$h^ NOs`7y&ov,?Ģ2<-?rr 6>m{?V+q`!'4F/K#q1s,۽.+kp S|P7NFvvZ]x(KbuwDzvҥ EULՕ5S3O6C ϛb!5u܆&-;x> FaKR$ւ};F WU]?nVFG=6F[ }fya%a<:jꆧ(FrsTfh8v\*9>3Ma2I{z&+TΐnۻQg:2N!EmϯaWnu E[xr^&ZVs VSo\mz :tW@u6nբ!'d SRhk! ʢyijOK\Hm6;͎a:`:b: Xf< 98U'V46i@@`R(`L! ;u|^`G_d,P-Y#ƽ@sw$D3j(XSйJ̈_<SЏS1drHKy?awo ֮9 [Ƈ4_Ý b)"Xl\c@6NLhsPIH1얺s?/tΨD(rZj٦q轤4FF9w eiʭWy\K^O7~d*!d:W> C& .,ZA TmR@CD '.b4OԙH ,ޣM<4!{ _tZ>ܸ*}ٕK^Sv}ҵUJ.k%+zE4UFcYqa.\RlG WMx\n}XWˈ,7Q\y~ŭALv+N|eF0 hs'lN'($}X"ӳ69NnS;_ؼ8e(h,k sȉ[ӟhKv?Ouƾ"/ZV0p`c_ "4`VɯZeUv NՌ]BA?Aj5"ͽ&2/6Sp:_]Ge*WrwJV"NB)M*kMeV KixtzڰsdBK5pH]-B-iŃ_GBLc3aY`kƞ qi'g1ho_Q.D=7^  r'o0 WI4]Ƥ?@ГZ"i!G=Sr\yZ E>v6qU}ĮIDô';:36=emw{.]@D+gM3zRgP]]E "[`$ bDiGǟi#} q B}LaՖnj8PR{oD4}@dC..V"}d%< QduMA, 9aF0J2ϫ_lnS5j:ak95:|F>h(kBk 鲏(#I$o?@+xV/ O,̬1H]h(,4 7гAE ${.Usq*(R~+.r` XzC}Ebm_Fv'Ĝkz,t>pM"`-~Ucqb9GSW!jVp3 {VvT).:Fav &5&b5Bv#PA+@Lr\q) 6>vQz{uTKS,{Z8 ȗFJTK - G֖TAAw}_a|%?D6ۈ-3-&ӢiCEbԮN븜TAϐ%)N=X6RzӰA.qX7-'1b;(@<91X=O& +n/o:ي_sZ?cI|`m̰]tJ8x#ͥɝ=}2\+!b#F,O!@@V_ԉj^rs4z/05FwFju;5'hǻ+n7:!4/r?JieIPE!wNqbRܯl(*'*:؋U/N+jg-Q|%-0KڷS7gm2%bX.XH) &BX\{?9b70$C󔠛31ԉadwk~Q0Q@9+a$Jcr]36!̂.$LIy>a HN19'_K">N1LGB#oydzI$E(pg82i/W3$$@3Y-;H6Otj=dE#kWt{~-N]ˉ,_TVpҪB`W#6IZ#l>>T+QpPa<~b+~ޏ˟qIRL ޟaQsʄ%٪LDtyE?J]rű)~:[04aMNqT^_M?6{{e{&Hؔƀ'JL+8fQ#O 7xpDF> h5Md1c^'oZ'KM| UU՚pr f^]_ڋ(20.D[IàHEԧ>QWxe##{1?ZNX 6mlFnEJG#ca,7Ɖܣ+:{ٴ_W8xۀf\(.~1\p КhD*`k?^Ui^TD9F-`AW x٘߳i־/I΀G'L`Y”M@ f2;"j@麅t@\h~)sj3FiiC!3%C˚/L<Ȳ~@%]$[ڸ#sfF/̫ ݎ~OkHGvٌ]j`PB}U mm^ǣ:OU$$_(,~" qG +K6Y55tiI:@ѓ 3nʦٸfTq`qFPrk2iY[EPwA`˛)\M"[d0Fá#& r˺ٮt=BSt7jt[Ɵ"xܴ_e{!AwO^o5xђ]<ݞBH"KJD:H4LY O!cMܺ:| ^NJzF{t]f߹;.Qȑ-}"k1^UWc$htc Ԛjdym TYWH('D"8Q/d4ݘ+90{*#NqRՍZaސQEүϩ|x X.<̒J/7i6jr >JcL{TݠBaE1]xMJ}nD$%|W$Apy>P¢)4TdthBY+@JPX$0^  =q` cGi DꬼXC``p2 >.[Exy" nj5?N﷘ڊ&iGT꺹aR]cS#t@w#GoIk<9 !5nm9qNO5d}v̟Anb08`p\!H(ɍ'=\*[X֩\6jx𥔿K-D6BHǶYj 9f>/dNs?s9|l;bO n,Ö.h鿡@ lסL |ؼ̌7 -cgп04$O -܅0._"R}x95.TPxs]&'aeu.eK/^\ab"=H*R7!5[ZqJ3ө2pV)IRUM]zF,ӯu)1.Wטzzڅv|#nNj C8 zQcn!ϖ55|" .f6tUJ֮tث^S-o1"Q.աϰP7hr-vwF9KؑR!Q{S SrsJeHT\]X q6`_t ݏk2#,8~묭iFg_P@,}ω+!ؑ}[^Tye]W-rybn[z.=CbBbD .WgdygV Pp3uXw87JSX7'$ cxikd9jPLOI KC'NY+ikL𚣹#r{b/~M{OP*t{ۮ:H$ Jw+a;V#!ںlȾ9ƹKtO .$vWLI (v!T 3[[@{,2Sɲۧ!c#U! `I[{ f٘ q‘O? jv#YdρD^zad b_]TA\?cp 1a9cڼ]PB:>Qzee?M0 6DM۱1O`\ƄE"NHsEt7U*#zkK@2y<$-8Oz+`W:O)Oh%<\Րz)EY06l(s;AwZS ,,8(" JTȜ6R%AXkUn:}j݄<*v,ӏ@W*u .,)ȔNz3Дy-wE<|}xi[%Oab?i*s7Hn.mlcVy:wr/d']V 5M5Tz dٓ ]ʲu Njxz:P:6nH$Q"Ϛр潽^ nMP{^s >"#^&`cPkBOn |ȽN/Ԙ_5Rm#{#s:hKgH qXp1h#(Kn/D KV^ݔ$2{H[mbiCTanJtk cJ9~tbaP~1n+c &|ߏQ"RR(}97kPͷŮoE=z&g_Лm{3[O?0=Hhd( .;v/uPD߈fKUAbRÐqFG}f62^m4搸K][o= )aա@)$z_/D,1c2)꩐l TU-j8Gy!S % Oz rF4t'u"g%v_E@&ݣFuf&E(t|Zp`gj =1=ޘ=uTbUiH!as~zЪ콞jo.;TEaVC}g>v޶AW*N]jjϐo^tZPI(I{*řlǒڧ&ێz5a`3!iANj eZkIaRks J(k1'361PBdAe&q >!^F+Py"!Fza)%k^jǖU>r[dpɣrd_N-nO:S=I=&)j kϞ~䋼Q{cZI@ X֖Xw_ hA{x>@ӪL&rhEdJ!uh7TSBي2 J>]ɟIHW$%{hzz,nGCDAV}B؍ka>sw]33MU~/4c?%t-5%h=@ 'tTH k:b fGcpFM͞eAr<(L'c{%b5џ]/$qKU4r"#Lphʪx@\\ÌӽJ6E}|<cL"A,g!-DӏO^,F5ACus]7W#\+x}4HmaR=:dϝղYL<U6Kepů%qO" Y#*l/Oa.Hy~  WeDma6g/[^HV`&!.J</9-?0QڵJ:(+`a #츐:rҋ:j,Ac}+k OXb\9tu%ܜh݂ɣSxP̳mf:qW%E2EN 4p` AR (;*!nC}g~x}0Jܖ.r[6kj' K+8N;9F4O3F}TϗakN[B&M ;SQ"^7]*M 𖏠EZ얐t,]H(+peȟٲZv`::Dce09p N1eHи#o$qp<>+S/l@N.h}>D{tՂ %k>B!pzj-P48ovYND-FzsQЩj1VxA+&9GtVq3$EѳӔ3BLC/VƷF=PS^Knh..JZ"i¿]GTPcoOmΚD!ŷB 'U bC^|x2Մ֧4M<򴈢X@=4՘$aw_]E v+(v&M I)ȅ"8mp7v/O$;_08f}GR3Ε;1a f~{eITK AO*LE,7Fh*8XV =UXַ~`+ QGf4V(^9Ϲ&+y^!G@ #þ? ѻܘbhEs\ ;r\""$@%FLk"9wWoOCs{UfSړvMfOOx9S:S.L!EG<˴~r̀m{Y(X4$ q/y7ӻe!_S\ Wr>:ѕtG(up( EY q͹޶Y<鰌vtNz7TJ:,VMK [;ũ?kU?=]:ÀWf9<#(:s,eK|]ĨGzQZq.E4&ld~0&`[1qalY%奴{H~`V$#u$VU896mk%ۛ$3tR>]p74AU6:Cst퉃× l\2:OMoօ䛓h>,ó&|Ʃ%DxuS42N'"qጙ| ^۾'=nn{\f rVc!@-=J8`ZZ65)-CX͊Nbݢ=RjGGp_$;dPm ~:]IWlw_+rS- `HoK aXL#O=p|sTyk mv\wD4˶Io{ͰvC4^Xti dJZAgItqJVjS[?xFc&9?R/`dk3gI_ӓ|4boɩKvZ;"H9̞+15+꜏46 y8Xl oq.vͭ%E 6^?aL&OuiW;x(akՂ 7:;ݗ\Kܵ…:15VFHY@ }bhCZq^2ݯ`}#l-Pdg=1dDkscA UOQ#2 .h~C;Iܐ8 o$G-igXNNBIna"}ctĸl¼cj9T'DX=JU!Bvև"R ?5~ݞaa/ Zr٪{4J+N^֡jڨG8ls?28V2mGVbotpSqTꑼ.󣼯PIu%hl?鞍z]|:u!|Hw +>le>)V:9.i a$)Ltb8asFt^L}(8Yen- ܜ)H -Ū?81>"; *%]#{ T*1  Ӽ;H"#١w9z6'}fVT)LDD.~P %*:>Och;1Z.`:=Cf\LWmR4L*6Sӭңe~([ea{L)RN~I< uX.*ꚃoT[]9PT'P*0߮0H ũ3J4` t} 4Z$>;,0ZݐAQaدgI/R$.%CcN! ?J{S{*X5`L 4a[xV)uݲ`,^PM6{-"W<S]Bx m‚z o &ZFf|kRݝw^ 0DrxϬ,h!}v%Lf垑ӏH=\jPʮ(F9[h|PAn0&vr3 ǗڬzuAZ0GM|,}kbPh+ *,*`mP.֋3G7.bڬ\K X.i ^$ BxdYuf_QD dCWvω\ҏ6Z`GoQ"xbv,%*V!}Fol XN(]L"\JquQ]FN%<g R܈8}!@R :{-ջ`/im5ilwL6BlH+s%†b޷{zgJ"ni/ d]rf;VUaڎZg'Ѐ)W'`׼"F1^̚ +W%EcL!.eۄC`5S+ʝS3(Kَ;|en[ɚܙCY(٥#@Z@C~m|k_y*f[Î?ek,H)PP^1pZ.vH`h٪;dIzm+eđқ9mr l̡ii?({V_:b_bev'p:Pmn4ZJC'h%S`Ws|0Grv?AA]l/v5ҫd6eZ1E_T.oN{e?qG@]d.x;ʺ(=J`LD| c-"?~\~S@0vxòF<o)N3b/.AXƔP:]Gr{TazY*C,hl"WN_DrDtNyZi޽G);nAH^Qn侩 ejPS=EecV`\f,7JUO l'uÐ>Vj&WD)Y=iֿ)L; aJ%L#IdS$gR`&~Y!i5 H)^]֦(p7xazlb<Zy!d4.es~[U"A5:w(i,k :5RԻMũm>0XO<-6% dm0P#auk ;s9)&0*`̸0Y$EO,9|Nݘ-SHy>5J߿JPBX]k>б,>쑨9ڼ.L\,1xH5x W[" N+rP?NU 4 CQ2f"Ȧ !)RK1JaO[Ar|}ǹJUo\h΋BN$<=zÇ 4x- $OoƉ0Z`uYVa[ QGx4 >IVmnRԨW=0utpyʭ.[tudRcGopI%2^OEojF+nl2V6_ rt}L=rgf ydaU- ,';|InGWGKiDa!t& P* x> P  ljuƇg\"tlCvmc t_^ijTB)0䰙/0!Y3B,ȒFD6Mae) ^Fxvd;gdR)Yana:LM?2zx 9,[p m NCGhtnjCF^Kٌ\e ӂ@P;4]/z$e\vAq ~'ݟy|&\` .zM<>SR ֢ YmGAYmaykyZVn,Ooߊc .6=ۑ}vOu4ӄzet&*gcc,Aʊy1mq[%eޭy.'z0Af'@]n:W ^6ُg2Q IB/֜]eS95IU2:7M9=0B'ibT}mb4!BknuֲS! >AR?AH{ugDȰmk-irޤKdK+1eH() T$}9xb|3)ZƐ餅 ?9V6aځl-xN%!>A*Gk%!z6-B"QNd۶_aªp`q'qhqLRv!)aeڹ\Pzy>~Ho}DUxu缼0ꊙL>;6Pׯ:Ŵ:e:]:U<lDCn5K^PT*Ksh0r.xk h(SMRlZ+#(ZkPXVč3$i1:d AwVc;N;8w1fg{|oFkj.fKA%"y̓>q0ouE!Sh9cDr=ꌍNWB'l}s|CJ{ц&;wHwoHN!~(D}~dg7m_‘V%/,@ 7'5rd:)¥++K Qu5\UUx)rX¼cos鿂k;끧)`az>S?<5h'hdH{ ZHB}(Xh uHSW2zɀ&UA$ IqҢn˄\\Sf|C%VmGK;-*96TC9Hk.Ed2BuKy vP}D$gVQuT5-^MBdXHc!]D,?ڂyn|J[}ik6*PSVEonƛ=w22覺<6MSAfU萓OV,>&Ȓ)ڦZ>0 6n<1ۋuU[uu1 dp]mE%R( ӝ~,Ut0,sa XK80G6ulȒ_Ȫ_`1\'s2t[w|LFXC .}2Ȭ-! i\֟&87CT4=XcBmBƆ<{x|\-' TFtYiyc+a&nwVqaޘHn|2A#ծbኋ\ftcRl2 nVT r,0/S|Ü~ŹݪӁ,gkD< eԷ\|t?FJJF Ms`L&#g%]fw9.eq JPJЪoB%v?+R1َcir<(ŝ㘏Oa\ԀϫC>Nv $ˈ8-PZ<dJhBiC¶p4LA^O׎r0EixԺk^>uj]$Ee# 2\M;tcB! pqYxıΞg3dPppjuS̍Ev^0+Y&Լ2׻~A6!}-!.F+|XKFp^z0O3Sfl+Ξx!amXr3Cps3aAI:[KߒSj(Z6LHG|xˍVg~.IWr>q%H!P+n?#"u.m5)vq􄇁+Eb$<|٧>:`l2M⶟ZL)95jѫyC8'eG:Q6oMǪ%݂*1sm gK(3>&zLOzw[d&`찁%Z*έ-Oh2HrxCP}iLzncm`Z{[JFQb:Zg9+H;3)Ϡ97Ǚјjom, I$FzfՔΌ ]H]ʧT_Φn-vhЌH 0۰qD`1͡=QI8 tsXOy'() y) L"-/Jt~68ѼM.)yؔ(<(63Q*l`BeZKtYGHeaǛ^ N"r&痳 |o<䛤|S\4|swێPU7L,6D(P?;v>6..Cy[`ɯ(O,%OI״ѝ}m׶X.ވs1_μKbQĜ6,bl5kKIr+,3Zw`\u\zJlDFD1d˅-A ܇1eH{t[j)&6;ZfHKf)\kV d(fNB1J_y6wG)BD^M|>GGv\G*#o관:#WSTpAM6vO]B6*J=+'_?/W' /6PHCRڵJu?&(OK'MeKq.-"`^ A #<< ļDp@IH' *b!Tpj LcI<12-͹"Y.uhAi-b4z|[@Lm*e'\St[ >Lc e*!ܵF+eaTgH"| ݬJac-p"9 lx,ܰV%sR- SÉ}28haOHmvU4*>/h1ր6YgѻF)BZ:K'qmط62 5o!`-RD?mݫ TGr9hFqY5J$p A\bjJK7"c,7H|mXzh { u|6ӫ^[ ~>dA _`N&&1r8dȷ!\]`~ I:L=:qoy,iID륣42z7G*&z4,1!ڵb9lHլo/81pDxMɒurx9+Reˑ4z8 jq%:]eԡBh] OgjCɧ\ )rYunG<1S웑0B ب$6!ώ>sP@H)Z/F5 [ŲНrQ5v.E8nY i%jOǝO^KtPn[}R]_R4ŒfP(\5[m(;T$ oc nv.nb,!2;Rе:$he:^AQ4ܴKI99$zϤ{ALdr¼UӴe> ?m|W$7}t.d̎Ƕ $۴'7fB_Wf]rHogӾr}ؔYt9Yueq-bO*7zcRvwRSVC,М.jb2q?m'j^&6;zhwo?Wd?OjQ×6F'* % lY):n #UTP5ʡ;  ȶpY1vz<)^^o7s0Rz9qΰn~F17=|$fM7Y]xiƪL%ݬ.8՛XoK~%@ޭ3}* "X4 b0-Os0YHREs nD!u [d>a ']؍ u :<3zz;q{mG!+ ƘM `ؒ ߈?wCB%h`>WKC Zo8FoA}(ιY+l~ 2Q8< I3,6F,7ruD'?b<Ǩ̩s /,<ɹߐWYxru=rq7- N.mY#>d+oZ|OQVzMxMٌ;+N6 _j;sˉ2Aa,c*w-Zy,M QWq$տ[]#-DJ+Wűkr0*ާQ'[Wa&B9U^v ۛd9a˧`\H"jZT7&[/m/,hX5~(8?)"!AoTjSEɞjgmh'j|_7;:cݐ)]gmC"W9K6 [IS2&D1 i"9.B`~Ū ӫQC ۝CMD,\o۸7]yq$: \@(`g֍pf L^b K5\ba%¾Gh,?ߴ7ꭇL\J)x$9/k|b1 fk/<ӕ9{~ Pͱ5rrT}Y_y D̾$PО'稡]rW̭nUo72R|`WQ+[{-†);y7EJHBg rsPB[ŎO#_!ԩ=80 :m$[h2B nI L6sף9OzwU􏦲 !3xi~Q\- ].4-0m>9wpƸiA"7 G{^mY8HB IaJwS%knK 5sΑ^|O9R,Qi^}; 7͈cs38(/t,n&LLԃ {\ cHED'!zRL_uL >[CKR^\Y54t6ZN+Hf&Do]ǻV#UONlL7*%+'vQk}j>pa:\ ž-̻{ak/p> H* vס!wڥڟWyA'Ft/d&%)#w8IVß$Iur2&`oْ|lx4UEtFY@~ U{ )e\hc 9xpݑa0;;@jUpƨ !͵+ nL/0 s l Q u~ qTVdШi&j@;mw]W%u@1ST< ;[ŰI| |}f.Ty2VˇiP-p$,"6~v D9̎ lfx@h%v[x ˏ)t EVs5X޳ە@=R݌퍣 Yi8QCٔ7$!Qɝ? (@sǬċkud5DB-P6M?&`nDBR,["z&T8 SgMٶȜ[=* G#h.La0Aas^rUMp$v3Q7$*b{\K3eҥk=d)>jLԥ({yh>7ØC`)wDlҿ! g(N@Ƒi}pT0>ٯ^pH^Jp%Eݑ3a f., =NI3y<[baE${ي[ 2(҇**,2Jl`vpvOZk(?YLJf?Dή} 5aGe++XvAbft!4X.q#P| gvu H]*axݽV <9p02Yvt,.rge{7TOeiKjA[oڄy2b_&)ccXdMeMG%%_㍕.!GwA>/[jX y h2ySFTnQ p_rBmg%ߗ׾<v 4ESLr=kV̨4fdM(}Ao : B~iС 7Z|&efVK ;?hxS8rAD62?~MLqXӜ\FcQݕ>MPyqnųz mpC&B7w8 5NmrЖT9l0Q6n8Yfb0t4Һȧ%yFwb㭞ƒK 8uHժ^ڦ>^VFh_z$߂WbIJ3[C JpryFYF0k@ڽo6-G@zjm{8Ra~f :aKx3Nhz2Llp<6OvD7%"DlE5o$VZL އXY F-} g{=y:@OMr+Or92M6ʙo%E4vxEVb&:ϵlax9ىc]\-P Tz7*ڧy-4ߴ؁M#_ -QTYX!-Ic<7}Ѓy9XDa[ Ti;ے%Qv\SF+74"R\^F-*`(HJ]2XW~*+>0){NvjWp*~8[[p."cuN/JybѸ+ 7\t7O,6p+_w7Z=4N7frN.ͷzV[>vV~F Χi 7&%JCT/T0=AnU㩅(z EL@5]z]pgb8J7:);x{8.IAՐx|x?!ިQ܅w>!4H:DF7ܫae4tX fut.*)fR?r{$lEsc5 8BYV:XRq% L . bi:Fu{.)eAÚ fMjgYC;va*ADhOW칔3_) AGv U)7lEcr؍C)_8zt,{i0M.սpӘrr6^gb ]!zRIT5}euB#!"| dn۠U> ~ \?4  ~zYkwOR4bwh@&dF=9Q^sխ+#8]p:S^ݴuBZ[g;|)[h`0,)5K)7tNdO@MK h" ;pBK:*I1 (#8~ߘ _ٽnR` tphG u``lێA4 ds#l=ZcJI[ '`|#=67)F8YCPݫCI(N/{_A'#&= #KN~aΐ} /o_>D.)$b#]GN%epp>B 3av {J"XJ pTvKF}Ϡ( D8~94ae 򮉻Iy X8*2.8M'#VCS܊ÉC#BrDM. :UJ*,d+:_rOւڕ?Te0?~fĽ:^+WomP#aײːXaEIT- zZ$1xqrzD t6v:^7eHlX SڊB yξXS Vs}fﲸ+cYZz.]뀟(~+Fo^KET G6=(OgfGnj9i;Q!-$⏔yϔ_!+(q'bM0gtH7c_ T,jfsvf6|4#4o|<P/GФ=sct&ԜM7ugzAZtm#1fFwL꯻Sv5S.R Sé[{i "A%Ll^ȧY8qtiӧpOX6bJNn7~c[)+7>[zP/*0ctq_ܘh>+f+&KL[fzXg8Wp JD7>PT5;*z+kqȜX=/A3{]9Ƃ9)dìF0:614}{ `UuT7'@eg{*BDQ!@[Qw ֹdK\jujv;hz))(Y(Jߠ'Ig zVPbBn8a&O ax^=_LFW!HlQBN՟4uf';mꑙ=xpq}72*¨mzfÕF\<X8MCJGSbYʭ8sWZo:Ar^F666ET禡t}clZo.47HV`=*oJT3XR{ `y܉fI;/Ye#)oPҟrC{9z`G„tKizS_O&259O'-\"k15;NW5 ϴ0 `s[L+JYHKţKs׼|{O; у謃\z\C[t_wco&hԎW 2 t tѹej2 ~خ…"D{@S\7.ye`,jg~7"/#yBhZ|B7G4{tlHa;|Wuo7ysh?*NwFuZ. 6lGQSXWg0#IK^-dطW'H '~ pH-$DUSN<OD1I"f; M(J@`8|n˫ly=4lנ,(3/-cX>~}?};PO> J> *)D&tq^*Ǝv`M!*@AE\)FE̍& H(m-P$- J\`6[2}1Ыj$9%*$G̲{8-2dfϼ2hJ.f;BTQ^(ӽ({{@〄=޽9!^ NX^HawNB1 ؜rn8:tT̚KTkx|c2ii=+D5";g~Z3ːmf ;n لEϒIzJ@.RT凯ظ̉j2z]~/)eocvp6N$_yU+ }r= \y<5 3ťk1G:Wb!X1 H(C;ETtjP7Pn4塚?ohL˂5"g`#xK 1`!'Ky"\Y"Gܸ5.]˿Ȓ 7Qa; '.0CH|Q˛"!`ׄ {yh+= 4`RJ9w>GR\$t 7MPuy}kNs5degz8kK| ?Ҕ@"k%+FQt:@k.ѽr/`Lv=+АSNpD܈'X܏ᴻ$h=04Hi~;HT"}|+OP,MfTB۸O)adg-2sV3$ߊt aExDR^0Ƅr`~& LN?6Ba){52C!κW:=uw>Kv(gdKsp3c1r69!A#U/Ӧw2L10~NJb Qs-^s!](QXy0e߶f85Q?[0\fY䵇+yKp/wGQsV_^d?u⋹s@-ĘZ5s WΘVEm/=ygGM2}&6ʼnY?HN&wa%+!c<贽V4)BM9gLTꋾb6u0pkQlMhtGYegƁJΨuO3'MLPXppz 洸6_k4TP|$>-gdU^#hsvF1kεñ˜v:;7(utIEy2n! hR|?a5$X>rV| I~(mhhCrW$SRBPgVNqt{7̱CHX@^d*1SɗɮȔI>&yg<š*Fbg0/ok8z<"Dg 15|F݉8:u gz6\"6V3tҷFۖu4f*b2TT e?JJ[ sfyn ʘ7X/z "N ?".%s,S؍.O ? hGA=['N7oӽ=on,5`+: %W\PO` Ƕi>57 (̾|yr0nhY58v/3\Ⱥ6q"*Ko}n&s1\DoG&bXX3JhDN^Gի?vT%[ J[z[|~POjG5: 1!E6بMQ~Q,Z8 `iί'Tu[HAfBϴw!AUʂ!) yV4ЫKt:n}BJCE$dE:Tk5̌O@1M~r! ~X 1Ź^Tk{Y]<],PCtFl2;g]UUb5LOXj% .egV컍hC0E>zj"K\%ت72=BPEBT`)|v$5@յ ?E,!paӄ3rwG{7KY(S7H͢0 Q%YO| gn<]A%VOn]s CgfsuA-!C9j#Q:ԇ{;(Aȗ1 G١ߟ23m|tjp*$e V#09> ϋkO~,;ޓi4t ۩;M>Nb(R~ U:E(gZuhmDt 'SҌ]K~;F%wЮ ׀-- s_;z'jr{&qj;JPisBW$}0UoۈDp#0-6RꪛUx[>bŭ[xiOaw~:Y2ϵUTܹձ0O܇Y"e^֘͐ʹ+rlc9l<5wsavMH͘%tTl]""JiE1zIH)X!el5*iI 8(ݚ.!,,DYJ|iNJ@NpMLzf]lӦu(6ǔHaƬQw4UgY9٠=%ʍXt)v=;}vy+C H)rC 5iΣȫfI2#'^Gh5H ZRAC/mlhE- cCȆ I0ti t]bsC;7!>m _Z'\8\W~;Fn1'0p,ˆ5ݞ`YKͭx}&I)06J) :(v*/F o ?U9e$ߩhguBVVK1k'i+k$JwJ>mͱwL'Ɩ|?M 0'yPkGTa8w4M?Ш`7o0wӛyMi=V`x Jպ JV?ٶtxU>S A b J J>VQbQ7Ksz/4?o=Buɨ٩ #g 3?I#셵ɾkJqxg$% u;%2HD;y)07D T)Sv3^?MrɘrTFDA;L8{i0}@Q"RVt֚J>jՋNE!-3{в&#ba)*ʫbZWVIט\ Zx<;Nѱ.~8g7 fj\?^=AwpVO)r: PS6 )7K?9HCmrʼ P#>; +lv>1&XjBۖ\j/(fOĹa"\z`H+/Ua2D`QpeRAztJU|{wt;?97;Gw)i1Q:*3$D) >Q$Tw\7{z fÕWŠ&û#c:}7HkS 6gސ`AT6p,Ixm)p|~+B)l&If%es*A"s Q0GSǕJƨ[. ϦJgӌLj" #_Тo=1FɼH#15( 9սqt 2|dz.IunuL;^15axxoy<Mh7{?\0Wꦷmd{C< ?0sZ6KB_;-O Fz_"=FhRCDf3?]$ ,֯cȜK%MͰ t{U'oAS_7mQ~qo\2(CP 4/P='I0Lnp\;(|K.qlOx, 'q4XI:*𦳀3z巪잎 !ci.+7ruFv@|V ϼ\lS,J`EM (m>Ӹym==+z12%ؚA^wG^VLe.xt#a41#7^փ+aNFN,nM8 e^Ov7J29xfYGiBF>}HHZf}?$;{7# iCl;!t"᣶< dHh_=WdȻ0O윖yYA](WBbޗvn?}oo<Oe ip fd滴hٓ@Dm@B)dfI>+m 15j?q,B K<5 d"Cn'0$nk&B"%);;o/?γ[A%Y}#D0_1j@hꍩ( hfqH-Yʹ1&]]닲t]8A]^A9]یc\տnbV -6FTԳ =L!Q[&9+jstzOCQa;]er^/2@ 7pQG^45鱱(H~:H'/v OM2hP;-D7 JbAU8ȮocXcgkJ!ikW|ym)ܺb#' 1xpGo^4d,:~FW%A}<X M(Ht/X@j)y"tΑ]h2SHYK~xkIKߐtu3+ ` yps}4m"tD"iOMKw2pl%O6)?{`nK?7Hgr띠6߂>cJ)/íP:|~fX7>\b~yqRE&(=#=}(  p4;ђSw`j_dqt6ޯS_ND>4- jŽaIPoQ8=JrՃZٰmHp$~?y;UwtLBf4< +,zbb +hĉ@] SR`"bShsr=YZbh4>,> 0Ūtv>)xgBaWg sAީG,;L?aoSv짇oRZ/DZoPAwZ7MVWJI _8J(e7~ba qI) L;OQyVG/Gy*NhXk3+2z08vCQ {<\aP9o'ƺOA}yOlU9/$`ҸZ|/w oޖM$j+p`NV=AՕ2w$5NA$~AȈ(S.H";Oş|^^%62?ץK23YVcC XP(r5Yau~bWn6|>6T'f'J8S֕3ptEIbg?:'0% F&B2z`N4$-wU^c{B% 8{ǮTBAr'=N1I2G} Ԯݪ\;0z܈Ί1Of~_T܀2& i~r&9 ɴ1 "Hsy!/TC 엔q?O[Qvrs9 Ŧ)ިdVlPsW|1~jdTFM/:Os9X:(/N{tnUHtM]-6<摬=wgA'dPA uԲ=)TNĹ 8?7֐7jvthjT^oU$`o,@zDLfϻNC۷׸3J ܽ3OVYi{J:/ZTe]_[O؃zUpVd-q1yE ytmZNͦEjVwzpͅ+<qط1s\ɇ^FH Zd[o|4" :8JIbp/6ɟ4!:㌇*]W*8m(jfDm(d\®dѻ7ɻһ='tbs㡬%tk'ٌ^paAk\%/UFt \UIZb)a"uˎN"4<@@8Ͻt+V>ˋ^NZ7ao4!Iu &qiIZDPq@cnA- Be9pgu󵏊g 95fzmqQ @{лjALrds㉧mojzZjs]\.QAQu{MV;U!L>;G+-;+ZmD eaqG9>ጫ3҈K鼢0c!2Aڭt혂yNQ5XptV[?̀[fҙTA,\Ndx˞N G妮 1hP)m~0O\/"yQ>3XUeDj@m[¶l@l*'̛ #$@.cO7Q 4L#&6CS7H|@yY{(0x{\K-XZ ``X<)lNԉ,2!s 3:B&l:^],ibPy$=  XZdg!X{!0Lil c6E"D(UՏ'ʦQtP 0#%2CChe -ku̯[( E)=-KIR%͠p_EHŜW  ܹ-R4_[#C;_E)-&,{[z s̬O}6VsnB>R>k޳~tpnn!4?B]&Bzd|:P9,O;i,ٮLt_^0FOB\6Uϳk9W`\iy |.;ge,)t M %`;EڜEۊ^}*.ܔn~K*#'c |n!~ewς3$1d+Saqtϳؒ|Y\0q̫V_LADJWH65 E0B*+G*< 4*(NoImTn=nH?n;A$(CZND|HGCJ 0hX^ZRbB7[s0z>92ci&Oݴ2Z9cLx-ŖK0쎉|Yj4P7r,{6QË?(ٴdz˟h ErCSsP^)6!*&!*I Y@S0]UN ;w4 ӈM-XΖ3'*ʘJi*+"9͝dVF{w[+`](aKn8kNNpcCwVS/l],rP82gd϶6s4q*${j~udeKbf8\Ă抵.$͒%??GMW;Џ9 ]{#u`ѽzodyB;[Zh5ݏUmTy˪g'ލH!eЂvF< %`h6%Ft;0_HpTcs O|\lByWH,,B# @ORx¯\-@"!PYAhGK ;/ohh\k@ Ed孮io# =-}cn`jӆ VAc9{K"0rEvOܳ>Cqع_wm$;X8KDF+W&8\K|1%۶$"m5媳b. `7cu XH;cJRIz^?Y25'%-qJǙn& Y,t~2;r5!wyXkTNӎH סȭq7]5{L! D(NQ^AW"O'V~IU<"slDn2pb"6*SU:$!~kmGȀ56QpL*ƎO6ϗЍreƂo6D/X#äWf$/he> "-Dm7%ڈʅ&P4#)(^bT`|xj #'Vceb}k(Y6\_"57W>`MDޤ"}$8 d?[,^/Jz~J6 *{d{c非$:: ]ystyy ["wNc4梖D܁ڜfiH3P8=wlAH+AsEĴR+bD:Zt(HWʗWk0XœjҏFnk]2S]49h³u/6#NXbS{E;(Owt"@ϲ1+{sƁJ/*CBn X"0bqPS4_)mF>v4~WX1>2:W'˼sWqBg⯏usM@GzKaopG`%v:tF%ujsgpvKүPf4ϗqiP>Hhn]2PG,ft ={؁?o6 @kRBИV=COz*~gEt$*(ϗ"a 7$/S,C*6%>x~EMt΋jSL ݻun@[)+Lp|Xuqaͪd|Jtd!aᦛp^ /6)qdW6OJvfmn_mGE?'pWΛoT_q[ TG* F-ԠȃM UGcUgf̭ e%hw-#d`0 sg͌ؼY_8؉ѷϤ Ou533UTpO5}l=:OL@n5w`pXFx_NV' V+m6MׂEMF _(pٻ% D5Fi_TmocI~AaK*9ǮFp*yjhPvWF6m$^mctkeJ:(]פ4| rȑHDXXj5Sdӯ= 6vaD6ʑ: :mQ߈UXF2Cqt r2GӞWb 9v??I["o.sƐ+L8LR߾Qs K4oXZAIHv" %))Y\Vޞ8_| Vr @OZ.xOy!""KIkv1̄ # ÿ8QbIx Gl\&RŶ,3@z+eqbQ5E{Wfѧifě7U wn~BEgNQ;^-p͢0}V~Ul{ ڟq"W+$+RAěGr ʀ&w-̍[l誎d&*oWR꩞oPD~sf@d\q[%"N~w*)WUx~n>-u>k-}&J= d%%wP|qsx^(v_ÒRe{lsiݜaEH"BAIVKu.%-IzDS? _w+BlaǠ2"W {xR8jlBZɭKhU~=씤'2Ȃ% Qx϶GQƛ"} ł=;2ZڬEee%Z2J<+Xw|#*0;w Pwv=`-8^;킸!:3x \ o>qE2Mb-OdS7FLD+[ %AJ4m` i 8xomQHվƣRK3W<9n!Eƃa{;e3( Sn”-ȸ-%R0o/ށCPkC omՕy"^_¡Uj"Ͽ:ҋYȈSX)&Rv5m7)'cbwgsN ]8IRQ=]C2 ᤶTV΀Ks"T 8>2Jd3zi)yN{p1|=|HfPϛ$y`Ar`q[lD]Pn5D{0"E>ybOK#f<{^c-_Ų&Xbj C[ k2uoY\@`N祙2JST 7IpL39{DdiǖRWz n* ` qZ_CR.}ѭU F+w0'S9LE2"/6|6z "ޒo8_NlX9Oc5DI3f2–R1@-,[Wae1sNn}8.^3[!k 4D``n:GȢ qbW*l''VM/m~];q]4ٗ$%"3u7*+fH ]ș렳|K)m{U诟&_x3(!XB܇R}bIRʨ6Z]lIQ( N`"NзE3UK9 gUYM&@ɭ yogRؒGe3ŕ26=yl:@fh=>mhIZ)52{j_Q_6FysF= !$(}J"g#B.kĘLr&]hw/ @uoW){<>2nI p`4ZKp@I¢LZ{ƃSw%Yb mzaASd a!EP_Me /M jr-v4g|ryky[X{+~-2"!׮ bqf^cyEHIܯ9臁cA AǚCebx (U-ń/.w? &`s$[?m -"o w!b^*vJmPHFZҫBĆ@ * )4bITWMF"! yYdE!8>X++R֞ '\܁0Հ }_8h)ׅgH^B2}wėIuWd(?z ufТOIR?SHfs ,_eYBmBIzջuNӯei_Eau`#dXM\w4 x 1r/r<;) s/,YA)Ի18GWfЈ*4JQYa =lC N;Y<9Gֽ!l !R\[rtJfW`p@A^H-oKDƴV >jÌN. j (R U0 +n}үm,,Mj:bi33 PK1QEߊ++kJEn&|6mwDjlRs)_NqD19S1HPRu2sD0n:o|kf.$}4"oulȈ@Ua_#NfA|”\nqs~v@5%)ra1>[r)SLfuV Qcp:JH=~HpGXϨ'V&5`d|ZNѣdǘ٫GϽnb5]U cc`QZC;]hps">顛U/$2Z3@Sg”QկIʽ6NYw$6]u?t,F݆8.G#;ET(N?7zobXn qpBudZ"d,JjjoE=ImĬ4EV36kS\{[|7Ie,. 2kEvx6[ncR\'X33H/0M!e닋dIW%|{[QBl^Mfl!Nv$\Sߴ]_/.u,m09XͥdeҢKPJGa $!'mCzqw.Pա7k0 kWp; nQq&KTGYAB sq{Tz1\ga,& ?^P oh^ bb^ܱp̸[Sc/@~^ 8C&{wLyHO. *kG,NW~Y3a#+;h̵&г%WP% (WF~mpILٲ?%@&)klHkgH^ZI{BL+4jWЖX;D=Q#kx:KCΡ /7!a3)/6܅ITǨXE6*[ǥM@M'PRkؾidz{&vQhyf۾+^޵t"i޽JӋ^i}9%^~jMFUFDLč\Glah2;d]'E $)sanބ:i%s(2%w9 o idر 6 L.2;V'jiG901NNh :4ruD@IW_{lG-?{bte8NMx!ſ]3bR|S*c,FBs=YtdgX3`bY|k,s~N#jI@`=tܮkmf3 7?-w!5Wo# u5[:' q3R|Wa{.JȸסÜ"xP{i ᳜pk@߹/jM잟Iv H`_*NXh:%Wa")Mb+ҹ*I/j'{.|UE;ҦۻHHWȌ?/6 wgdU jSLF*FHcov젽$@4&D+h d·t$`ɍ<ח=Vt^yLDKa-W|qY%_y1,'oN)(82zSzF`W*:M`*TggޕtxbA--*ƫy$u{KxٲwJhλcgC%H1dk}_ʍfeMwIjm~*&Pxm)m?CUc'w+(J2Xek6꠨[\ϏwBOJ4 )>,w-wbC 8߬ sx/oӒUu`rTO"Gv%M}z@-;~͠ Wm/oJ 1:ZlEByqe]]Ups_N47<{GߒDڧOe╋Qȯ:le4"NSCƶw..&Nk SQ5`2Z<-+훬P SҌ9(Uz0?GTY~~gOyގU;IC#6 =dަ[V.`!+KU & Nz 4dAэfܖebq9` wQ~m OoR<܄l^@FH=C?v^e9U0.#d0L)?m5 g=޶\ʤ]L\εphSg,1 L@t1 $QGŔ-ǧ4b3@C^>m@v*{u"`[$1@[k9ffϖ#k4}ӕ 2OZ.`53FOo0T{oQIq9WT$I>;~//HƘ3zfQIMW 8eqvK+J:) Y?L@0RgGnӘo ;=OHG1Eb}dkZ] ǃYBm{eBK6?IKٓhZGg*:ˆ9U2\!}RM!Q}R0!*d9!R~L~ڕ@F\g* 'p~.6KX Ӥ+ړ6Y$b4Ma\6uDf~;+ט#y{8AIC:w) ޱK_>PXTAh+Zo0vˣybhA(9xlq9"isd30>ҢL]܉OEEk6v)]YV-,(D*`ΨJS_'M(s!ƪ5`ꫠڤ̋QuZ$bI w:?N*݅H)5>HVHnӡhG2 nrNyA0C?sCKMcFWݗioS{:E֥=8`xZZ* HF o+a\,lʝKz9:i@zTT1V]/ w{\o [38t5+vV4Y;]uUH $|L0v!Bo6z㖦~f\f1dR]dFgv)b[DV4R}~e'a#\d(ȃrxxs><kA$M|lvw;v|2 i;bYk/ތj7@jO.pp{m Ih|YSqbPDwg͑(]CxdEɛaaK9u8+ p_Gqa:ƋE}b`l=k5qDsK&YDM'Ȉܞ -N -`%xO)1 ' mv= jXEnFF|e˟4G$FmL9n]e7&+#ht#p)0-سA;?}G&0H z]fL`8ee"'^ވ@R^ .43+볒I.K潆-@2 929S(• Pmդ{N8_Է`̧8ۢm᠌ ~Yf.%x'T$^mèAQ@޺ѡ8I7QChj_< iՊyNup7\:ܜm* bhUݰs(~SD9P+NE. CVIxJy02[jJ-TS6S}ΪG>l3@JVa=g#S. ~l0~ RU/Rx b m6V ?ק'־.yZV5Tk98^"T@Snf+岶`{xc)@em#;lT^qa(]h CԎEF47`\:FR7QћaypuW#tފ9o&ߢJ-[8A*b=={b `xBNt@*Cb8Sf3NBk3>4]-S<~ECmN%bf]oΤ{S3˝F/)K. $E;p<[6ӑOFf}a7_3T?Yv> ;y?oSoq&1V0Hڽ^.2.#$ &yw+31,VЄǤ$"Ԅ %FmO:UjSeck!PT8U0s3ސ5MKncFtykuMh"Ye_ ;$fyr~z@ ])ƸyPyBuTua-4w<#{˳ Jջ,SJW`l7n9/YU' `襤LK ,:̙8kMfKJ0iw̌OZ(+3^URIH7#%*b^>< DT0#egz0W -VjθC揭Vk al>lLfS'sXmby-eQSWAh߹VMv_ c2e.BFP97LukT{+zsf-pkʧjّ8Q*]p*Jc ҔeƎ}Pψqk3MV| [x* ,j_rHiy~." @ŶsFe-⸝51%R! ;S? d4iuLXySh;Q _yӕwGJN*jvE(o2Sע4OL7Q3Z{EHn!]tϸ Js'`O4 -9ky@K Ͽl QXuΡqcB YMs]`ko߮4.j{OqsaVv"Qs.tUu)#hRԧ^o0Chsg wW"(?{孅Dnbכy›U0$6Э~VDuIsm[3#:,z~8*:?I"| ݖ><%r3KzR"1T1?VE?ᤃi*n0d[ltUu "$b瀏Z JG>vE?2Z!SČM7NFwmr٢I U9(PO$"ړg$KE6"P\dڔ7a AHrq"J'=-vCC/Ym ~_7"F 3VtNLЍ@IցFױ h.2Y; Eumػpkak63Iĩ^GV^%ZRc{`$X&CL@👟@&+o<WP.5<~\Ee!Էӊ%$Jw~ _<0m!zl=ZZQ%_E ꪉ6\*ʮ9Xn<}\!\5XBmaMk,Mc(0g-`p2c^gdz }鐔@&%4xw ߹ Mim]St2Z] 9"!z=MryKO,y&vȻ;cL/ QtW/r:` m?6B [dz$Ã6pN?\ QȰ!9m ovF>^JTٍ C`8ON߆e HS;|<\x2VΗ+ hJܖP>0[׫we2"zOv:4E\cSW3AZwv^B8!(R;E3i'4-| l\ah`n^oiIe\O`Od iS N55)w&. h;QEҕ|0z _Eh L$;I/X̙ʨR%uq,zl—ȳ:&ԋ'G u߰Ԙ<Ų~Д{Wu34+E3>gn]}F?|.R1)T|(-JWC(Ĕ=F¥oI,60::-a\ۖf{|ETu Ai=|ҕ|b .62`@"/ ۬nOZF+.BU؍Pb]p^)\KLҚSG]R8e`@Z`㭧\٠71sn'j歞'<<$Մd8Mu7U y͜׎,x$oP028vH9*87ܓS 9}SqA775jlO0dbhj+y4pSnsmG0*7iKJtDX N);2l>n S?ۭҖkYܙ1ZCIj[Ku tdpaʼS(S`Bu˫ߜ{og/fuSW ڣ˷lwZPsielI:EiГ&DvNJ;!?iזTRxlFYMn€Д&GEBg,–+(l#j>65M!hO92Y1z`b8nR'113Cf\){onv ߕRjC,Ǚc ?]tOo ^%"'벯.Bf?vR!VK9xnz>}ŰnJa PѯH۹,j+63I*A9USaI {ַ1K3Ҍi.Ӯ1ID7m! {f݉WVn0Z$^r`J®u XDQġF;j ]-aT70;. WU+ bJ↫ c eI%sވb#?QYa0^:J¾-7M@#yJ$©[1 uL_hXIo*=;C8cFZNáb !^2W.jsWR:t)G#La@)Zf%ljUacQoIWdcfqjQ!HԱ 5HotK+8-h{ XQ V_ދnX;7iqOG߷MIl.ʗް$fyѥ- =S p z꠭ɛz3ٟ8(Ø4G4N /љ.=BYY+D1ڜiNwY~~ϕjZ*(br$(϶+A"K9Gnr5<}pdQf:qwtQwkAsҁZ#eXsXo 1Q^e0[ݡokK(XIpW=y@"b/Ap/4b,( c<WFA? ) 3.ҭ3Jrw/IKܮkj >ph\ը %:;7'Ydrto_?vGnʉU(dwWDZqAnB J"'w;]1$&O  uX=.،ns@q{˄iڪwr_҉ammv~ m=mGqQt!m4 ḵ_^L3Fwֺ,ZH$i7㤳hnu:e*SQ Ҙ,VJ" il%+5&QOeK3y1;Z9;_31EoVe9\T+GZ7N Y"C]+nH7Pz;z귾NأQU`Ȧ)]QdbR9[4Y C4um,8ghgXU$\՜×mҋ6K4@)Z#Ń.zLz%XܧWVDƻ lg!-Y6o`ք'ק 11 jDSEh 7T1ڪ"3ZޚgI^+2%@[nBܢ,-g `1maT O#ac1~h"u)da2,;P[uĪS? l9yL,bm6OR5D-"W+/65l@`[2? ѰsEuWSLϷĉ3e4KlL\mlO`2B8$/ncNf~q3Sd䅹GQ?l+d=ex3d=T:,oꀮɐ%142AW9ӄjbalӡqI[.zd1ryT;pR3&v;W\1yǀ5 |=s$L=@d,XQ I:O{֭4$H3$3v|3@DRtL:dKGP9rpbOGKc,GKH: 9硛?Ջq#񋀯Gx}I=,Ee&c/ \_Sr(`&6P˰Ϝq֙Q'#j _V S~ǸͤA-&2;ldž~i (a_Llt|X:GL䏷=3;2 z<7}Gjx A=DS_A- /5g^Ԩ ) !ATRbWӒP[ѠgHR4Bᡜ@oC R-rqd|A>ؐ](zH&b:R}UVu NC= fl?4TV!$bҏDQb8Q]Em}ύjWUόx?QN*"MoY9.w;{v2?>ׄT[G0Ak -S]0+UekmIӧ:H)g gT˘F25fV>Ly,dTpOi`=ESWQJߜl,Cƥ Nh)W\w\bfxl4Y^ȼdC]Lx Vr>+ \$=kO#4aVӾ ~l2U)Mbӛ_{<֕xڷm7)!5ǷRPj9@3Ha`3%?-~q>qd1`?`0e/9ׁ%xNM4fP~mGN11zO߉³U{{E bCDW(7 ւ oQyr$"q^&z_~&`2[/Ru8Sp<*cSYM{rv@4ZԂro$VU+J,&U =Iz]:w"i< Q(fVeJ_$TIUN3jqq|rj:;Ӵ}Ȓ۞%޹ CX'OtO Ta :)1RʰVcK _r{?bTkp,i:8nXX0ͩQZ7{^}0ᤓް#_嬟PQSEk[~m\ʹ_^jEtޡkda(MOZWjse4dðuya.{wS7mܲ^9L&ak_]c֬wv=C֝%z1]+.q7 j\ U&Gv,ne|:s$cӘ2k@#KnR͛]о+0M%`wtMiͮQI ),z; yd 661&u5xPQZBy+M[x0O6=~wު.HkJ('5mûӘm|wXٗTl|>87D<.L<ΨBv3gQ{ރ/R0P(4Q}ryC ޞ״YL1%qp:9Hїq5qxY[Hᠩ@t7zR6kW '2ǧa/:R&)< ٷA^蒗Qowb3IgR9ࣤT:+a#Xy[E(VauZtjj=9^f9;䉒ٚLNM5p< ;4p`aĈFăǺWyk,sIr e9@}eu_y'KiO ΋3BvTnzgi@G3nY -_94An-WYޤ 8l2͆%i9+ na3!<." ;QoD/:auL|tV(< 8. V3`/ ˝ˢI\r2I ޾${n**r@H0Fҷ͉DV}nE`_4Ҫy5P{[mÈL-xQeZ$@7 bWS}8[&)['9JA:uvnmr3Mru}'(5"?旈J]DP(sbMa @Q}UOG \**VTs&6KWEM^48%[w Epe|%;s'N$u],98)VΡZgwvkHG/pBeCp#6gUɒNpH55B,{SF^ 8RTQ.$oΨ<4zē10r naY B8M#V )=$B0RqM,zY\~KQث-5vp"I!'l҃H8Aurkjpco0̳uDtnOaY2a{U:#o\K %3-N_6ٷkcV72e'$3~; $]vnX ChἓPFYh7CkQ"YnפG.VvCM]G:kZު _qnv?C•j %jP_E:+xZ氺ߥ.dg҃OC1&;n\(i`m b=k3 ST# _vS%gzQ>,8*M՛jPH`Ku@o*WQ7w@b kwW?7;<ЁLJ5kLJ#`Xtt%4>LQ -+UIGz ]5htDx$^gH~b2,9a)S;8`ΖV)sqBeנf8PWUy۳kSt6$eugPkغ=tm>o!z"Pc5Ԕ? @_9Ċ6_*ZN72+kk! 'R)weV=)#B#2#D^&?4'6/fLUޣ.Ig573 ¤<TߢMŝj}y-YWiUfvT gprD|sf[$*O\her"P NG?PhKOy, uD6=<,y/;*-MlD pGjt[ZnB~PmO1ۥ?O_o6ꮱ 8.}{9֙F̵ncq%ǖbHt!)L~91Cn G6|-U̶bNAY*bv ƈDh&[sDڥg,\Nxd?l(?CgIWv|Pr.)D{ l~Iސ%W,Ţ^Ym3Rޫ+~"E/u/!pfK.WT?z [7E|mm4!.,䴫:.9MJLmciCE ~D6[2n+eYEb"Bt HYDش\Md( WR7G~<)UN8]g-cOϙ cqDv.~'2Zob>| ',WAU(12&;Y#1AF (4&CpU_0CrЌޠ-"gpr|%Hf q[O e*/2@L'ej䯽gw.L%ί ˡfWRc$ t+}*sN!鍪b[|{bzuBJTN)nkXGzkbQ~^rncEDMaL2g/ .M96咺﬙V-B+\ |jӏ5+W1)+ i|қ 0R}rpm[oIZmͱ 7=#NKA}1}#M @ٷN˳Q x O8CN*PC}sڀ<ؼw'i RV8[2Bv- x: i"oyӒrFQspΐP#L5Kh®3kGlo5g9( KwᖥE7B6WH59^qeL)1v؊ċ|ԠBo|^z-۰F]X&*[< {ir#!)CAwP$|aq}77Q3*„Uk3Qv?[!rrWȃJ_(xePUKcaV"(E^ #>M:FdDSG&#='4UTkz:fZ (w*|96sdBz'ߥu Ýx=eT|[{5wچXeoIUƑnLd>뱸bsm^JuOMQʙFE׌<6^f!\a]`+1TVǏAbZbbj=橉RCZZ+}N5v?<bQx Μw񁎻a rN8A\&o2`xWg.'Zjr|Ll0E:OV[XE5Ljo NA]9f@@ <)(iW?"W "gmq}v!tϔUc_!ݐˆ)GͫNz?vQ]?USjim`kz\bh)*58{TKFNDV+ ]4J|[TߺxtYK"sJ)I._U([6ൣ}^֮v\.YI^*X])5) gyY?z?Rl{Y.dTTE]Aʕ1].4>\|C mtffv(bȊ' (^&QӕȤ}GՊr0Ԩ@hHJ_`7(㸵iTJ Ktq͙U" 0RTwYߥ=ӄ5T~j_E֢߃FZg̭" I*xfJB PoXf"1'܋E!yKZu:/?+1ĆZlHK+u>yȯ0 LB6(ɓW8ڏj/!itNp!`~R ΢d$@tJ/%◿(ӷs|>kȎݒɆEV Ie>J{vNʶo!y7Z"]Y,='&a_f-ڢ3yѸF-Zwt߫oӈކbsK'|؞ZˑsW9."=?GیPzXET]Gގ\DbAhZ&};mPg9 \ ZNxyy`Z⷇R.u3"FYrxwExDA+#e hbN1 , ̔n_.*wF!'=dSܜgXJ"߹ 1^PK[hykSD*\EVFw_Qfjp\! jסՑ JxsxLXD1!e<ߖ8TD?A]\ӣ!0>I[ #l5*ӻ63[෻[ƎV)4uǗ\²o ŭC-YpSӃst"+9 si5Or!ή<9nC9 Ddqp\)IXSi[qxRV)"8;˜bU4ՃѪ#NqOH=KE~}̗#R>JxK:wpݶg:VQe̅rTu[F@&IgkoaZD@)'g :Nj-?`ZԄyV]u*I|_᫤71lgR+(Sy(&o6G.!1Q2hܧk[O0?uM1sU?ck?wHR%FU\х9FѲRb1VWKHUƒQݯa67V)A\3X)]TUV1|\x?WgL_4ݠöIⰼQ[j36ɖ5K[z.ɑOJ~Cفљ"&TfAO2e)  C乊! `|=x2cg tb! F|g]V)b@w*VJ.Vq>0 IB(~[?:.V~  R~`eRgt.{: QE@)BD! F,ue>i_rQ aA LUm -ao"W&?~բXGXawx(]Z98Z1=NDTnqWLP)K> }#J=L$#J"%kPne[sqrC]CGUdp0 TH.PAJT2iA%s)EEbĕ%ЗԾq+v}&d3ԩGXs<6)?Ҽ紻yxonyS㞗]IPI!1rvEH^G9Xl87>))^ ⬑4(dt#0=jEZo%.%q˪ ^.hi ~QTR<sͷo:VNfThV2>ftnj #efDD(2 ˺$ީxvJ\"X躢}?@qZG%nRDC0*l7 6}"aD롽m&q@fLCXUPeGykI?ڑ0[!=V)d7D{'Zu-*rB~1mnK5tkUFvoP!Z\SY{֊y j} Rus#Yss'LQI\ܷ^NX;&n یҗ_6<6j/9#`Gʌz<=;G K5Tf7П/ho^k+KANC(Qv.a#WKw!wtQC(gUzcT rBSUF tg{k \vJQ߻lM)Юzo{45TѰ#‚4UU1mpQ5\Q(K:3:ÖL6Z5:܀oflWsmҖ i裐x#1=ȼw޲t[⑥^o4vW#2qydhG >B]PBIZ-?T|A|j[=T_&r/t&Go6pUt !itýWrJ;n SGHIUY(\Z5d"*oJƻ>cNHX?_twb