sssd-tools-1.13.3-60.el6$> bRjl/.I9>2?d   A *HNTbb b db b b b!xb#bb%L%hb&'9'9+9(,Z8,`93x:,GbHbIbXY\b]Db^4bdäeéfìlîCsssd-tools1.13.360.el6Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP password[)'Ox86-01.bsys.centos.org CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686+ɤKSA |5r#1FR :bo3^ 10m:+}MHOt ?tH dC A큤[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)'Vpn[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&[)&6e0820314ea3ec7bc18b1a02ec3301dcb834a52ca671d60e8bbd6e8dda29149e10acab9502ce2e73014692130c887714ab86d0c8455e3ca3c60654dd1eb87dfbcbe626e51dc7fdf478397557ae7adf0452f253bc11ddad6cb89d4d5fa8fa20087f9c819356c2781dd47f9abe0138a5b58c00d63fba576d13b27ca1040181516e865c4f8b05fae82b77e7c3d36a6b73bd717a761d707845344c65ad8b31ac2846074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e4b5ce8776a762c744f1a6baae5545d31d9d4bdcfd2db99a12ee83cd804192a1a38a9daf34044a114e85b3ee4965a4712cadb8857e38b24ca88328bcdd9c8941958dbe4f10a9270f7343dd9d7f90bb6ad02b51363ea969a23b8c4282e241ea075d09230a51dde5dac102de3ec991294200bd38d2e9a330a9bf9d551d987b0697948f560a1d2c5b425b6bc3cdfb439f6ba3335a7210d772475b29fff80ad4dc2848ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90312faa0bc15ca0607109277f9e39c1d5b3f8f870b22ab03d9cd843dcb4937f23c898d9b4aefa781bcf8722e504fc5ac11f5d42eae2fb68dfe61122b8f98044a5d3d205d14a01e31bac7159e1ba9e65e1cd92e17b72af1eefd70fd8129c07bfa32a37e4f153c7948135315a93ebc523b5da3ff74134e37db1e58707f69f285995751ea01896d4b36ebfcaf460822c8e1fac3591ffb8062729702047d1feb185eb0306a72ed47048c15ba94b54fbe85fa0488662543060326e892178173483a35c79a25c04eac19642dd5c1de9c5715dca1978179971b917e21570b05010d9a51b6cbd6c2adb56fc77c0cb0e14d4575c99b507f6258409528ee860d6608f5a5f4e68fb90fe31e5abfbf19ea48c634aeb350f5c77d359556d5bddc40dd343e3210c50d992b8829d02b047b0aed7fbdeb05437563cb120618042e1607c36876699b64bb8e9a900564768929f88d57e798bdfdaa250ca225e051773c9cb698bbf9cbbdfce91ac10376053bb29a9e7be4ca3d0b44a5ee1c40066c9053b648581938913e6368ecccfc089afd5d2db3d4a993d685c9e24df43ba9b89905ef3da0ee317577d7359fe269dd50ceffa06e6d8b31d815fd3ffe14624f40d30bdedfbd186e803c731156edbde991952c524cb249c9291fc6f1f32a72b048bb8427ec889c6c3be2ae986e869623bbd719ab0b78d7f55a1c56ecf6349e6d4bd126636f890b355e35139fff8021748cc1c1f839ba681f08b2574bb6c7a5c95ed81a2eaa4f92cb927c5eefd7f14a2fe6dffc5e3daad37726aa63767189e2c6b14db2b80a8786fa81166f7519010c5f1a629c2b526106f60aa71352c22deac55026791058021208a55563394c60ede4701240cb3f1ad645d2f050d3fd896243dbbe21d0f918c1ca668ae1442c3ddb536dc94607fbff11a1653b979831a1ae879514a37a3b2967dc68bfa063fbf3e17dcf7a075908f24983b99d9a29ace2c27dc536673bce4f5c295ce806e2e3eca024c9d1c81c9ae926e676c74d2cf28f27cf696877a1ae201716e810a34443659f203bcc26033c99f1f44f636facad0a96186f185c4d00472e1feabdccccb36026a8c926867926b2f2c7a905415c3762260d12af95929b9446f51a1173bb88ad62e35bdb2a27feaccfcd7d8a24550b32aea3537e54e46866edf7a7b325b4546d68e849c368c0acf4416aa1683d9316a636f7a296424912a8943bda31b812282fd97808def916ad5340ab1201943355c75a31b4f60adf5bdee206dbb704998e25bb3b089fba27be6304650028b61ba8fa12f9bab1b7bbb5a94afa96ba8c6775d4712280211e0787dae108363ef3ba1d60b97e78a532362f0ca7f151995fcb93b3d7179c666a6f1ba4374e98880f3999b0d4c18be0b8c5690755ed6db5ffa1f41dc2848390ce1c1adc16d936d3bec7678d75df512aaa8c65ab05a2360edcc4f8eca8c6c7856f81172fafeb7b3fac9f6d2e4fcd7d2cbb3ee71259899900c70a0feeefe148e9380948617378f68caf855a74c6210ef6975dc2076f80092a54cd54279190b70df0e6ebafcd73e1d78c155d693289d3cade81c583a8b861197472ab6727f10207ec4bba8e70931c3c7fe84ba84ebcd657e3aa3058a8e4d1c9d3e47121dfed2cec72d72ecf81cebdc0e3c304edbfe18e7e03a8c92485d1b4dad2edbd20d665af641b9bb99993a41b4706733028b299fbcbe78c8befb5ef5395daf0302535a4b8b38a528c2f5e1447f05fea574c180504982cda4f30526999f9b097ae202cc188ff261fa7f8bc26dd13fc4e5699c549d4b181ded57e3c0720a9a6296ec70ce1fca467a8b2366d359e5f58532643db85c3896c5c2c2d3b2c68a41a713c4a4d055f6b739e2f6e77cf70dcb4307e82ae2b8ad9334c1fcfacf837e1de8cab1147201585bc8ecf5be5e1455af4c28bb081336f004cba4aec2e96ba5e93a0d6e9c554d9e7ceb6b78d89972e86b2f77e4a47c248930958cf35de382e8dbf61346453cd71b6673abbe15a9b68e0e1a9ca23df9475f8a49917be1474c238557624a79130062f62e9dfdb579f972293dec8ae2a4f083d349d624bb2ed68c952191737112f04ed07bc723c327a1cb950c81ebd12eaa17a35822e9cfa00211406f322dc890b40a04379300f907e65a8a541e706503102f4d8a5af3254f5a6f1c3c7cec4d9cbad94da713b12a9a70fa5fd5546dc97fca80c9f3115be2c4add4cbf8f405db62bec3d0a323d50892b5ba8ffe43407551dbd8be7a64fb1e89a335debddc88ddd59e8e10bb135e896310e43b55570617f0a750f8849740a7ce5831149544e5e45a8f85569ea29b3e521f27a3cb1418e8876d29be98db14b44c0e74c4384d2648368c6865b7de8bf97e183dbee9b1728ff2d7e085276f99c941493af78689d832a08118ac282947260339f85171549f5e1100155814458cb6ccb5e4494864990e6c2563b101fae7d70d85bb6dbdf2ca19d730d5587ce1a2b573ef44cc773338518ba1c10a4931d658c8703064c62c50d49c1dfe8e9053e1b7fa95856453a88e1e1cc56ce71772e1f8305d88fd591b2e437681a88c3f49d3ba9f0eea405562aa031a6fc9811410efde0bfb9150ab93167eb0c9742125a7b83f66615b57dc7c57da2d15b1bc49d4a2cab4a8f47af7ededd50cf8a6cf6c809a8fae4098a5d6d24a551458fafb42b3163c130edf0bc9424482ee50fad0ef35016888ee1ca7048d44f71c7f73ee5a535970fa8ad4fe6168897d9cdee7c7fc629f6c7ebf6f91d868aa237fc7eaded2b930313137764a5219ecbf43cb34c44edc46f9326f87fb8486c9fa7474184b14cfbe9a56fd3d94e453c3ba02c7da36cbc5304673d0b710fb0bf7685c2302ef9dda9600b606d122e91feb6e2186fe7b23dfad9d4119bc602b63b8fb841e07302111c6cf39ba94446af50f58e9389102129288b081d8e1273b13c622d958c18edc37fa36dda60f9af3cc4263c599c7b035a514407053884423412536b3126aa677c3994edf5f55e3fb0c4f1827d3ce5fe136083251bd6f207128f4919b7eb764584baacf0346e75f3467f9a1e0664b128b2ea2528ee22a48c7d1b360bc1493fead5f8a43f6a1d9c40bbf656c34abe221fd89740c6da946685148f966c8c378148f13ea8b2353d7c7737a509eeac64aa79423d69dd5e48e3d1ce70b89c012ad0c5ff21e2cc508d6cce293f343a1a9414d42a5e7ba039f982dc70c8c003f6a0aacf3215914efb1f85dc4ad65895b2a883be102f5bffd4b5447d9ece7b535c19112dd777d4d068848d84c51b13fd220519b87d8379fb8ad63d81f1f3a691e1879844a81229da8aa389b6e7236ddce33b6fea7acb7750642ebedf61beaff107e4d53e93592e5d84b85fad07f27bfe720b52deba680abc81b1729a6b6cda7f08b92cf7a7d61acb16d925390d1ce0a2ee2cb19d3f18245647d8e43c69c4b6309ac78ef674fbba769120dabce7cb535c2b0cf880ca163296d752dad7e464d6ad704c850b3804c8ec5b4355c88d8fee9c8b049b55558229481c0f7ec0ff83f557336738850452169ea02047a437e71c085aa5205550c9c5b54d77d51ee2f4e2ecd18c39550b260db95664b1b3eaad40ab0c33dd1545e3eb66c787d6fc4fc8a07428c12300db06f892645e41a5a2c1268c46db363ac492f3eaa69246ae4f4e15e6915f5e7648ce96721b7cf53f7a3f9357e26e15c0c58888370719041f9c5c098919ce2a37957d10a735a02e828cb555ee4b1371fb1e8f2459dfd94495534a2aa3529f515d066ff6b0051d70515e53b3cb52395128c684923c1a86de81bce6f77ade86fef840354705b578b2d4ce19e6df1becdaa80b818c5bd7236frootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-60.el6.src.rpmsssd-toolssssd-tools(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.6)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libselinux.so.1libsemanage.so.1libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-60.el61.13.3-60.el61.13.3-60.el64.6.0-14.0-13.0.4-15.2-14.8.0ZH@ZH@Z2gYyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Fabiano Fidêncio - 1.13.3-60Fabiano Fidêncio - 1.13.3-59Fabiano Fidêncio - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Related: rhbz#1442703 - Smart Cards: Certificate in the ID View - Related: rhbz# 1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6- Resolves: rhbz#1326007 - Memory cache corruption when rsync and/or tar to copy owner and group info from LDAP - Resolves: rhbz#1442703 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-6.10] - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1421057 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results ini failed user logins - Resolves: rhbz#1487944 - ABRT crash - /usr/libexec/sssd/sssd_nss - Resolves: rhbz#1489485 - sssd is not pulling groups in a trusted domain, with the Global scope- Resolves: rhbz#1438360 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-60.el61.13.3-60.el6 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH6 ]"k%w+p}:w{!zB7 0YEyЏ;k"fq׽5۵>;S0 b}6'- 1duoclhb*3){఻U/jcOAŔU%NW)ȼ] xj%d[O{!|#5mA!K(6 mZ40@-b1{269azXס)<QEDVB(gxȌI{96)q9$gL%a Gz7Լ+>ƞvRh\{TRkDlf5oUvNm5٧,-"^?+.Q_GiaLi~ t!4T),ͫ<5EoE'Wq>!Ο4ۺ'OoeORnnh3 rcD|wL_ou&d*6D HBAt"d7RQI~9-CBZ(J;"2$l6;'C#ⵉIsUuCWɞXgi^:\)Xlj7E=13F0?׷~1+8@eyX >7?rvL¬Ey]UPj`8_HJ09oW?CV'd:Yx+kh9xn0K(LW%.(V&*Vwe -I!pv A3Fo=|@:"v fO~<ʦgTYEOi*"Ԭs*$bڢ5}^LeW1M4MB Ev H;Yvq^;^&Ӻa;f&2$GmL2t'lV0,}!aWh.Mݼ%7/Al+E H_s3o:M _~$R< k-mgHmwy鷭bSHU  գ[Ghx}[Os8Xa>"œ)C6q8=n"yѝJ]~0OԿ65SsFSݺ*jC5V3EQz3? kLQ^ݐ͋)"m.(HvB  zTz6i֡elV@~ (~nya|D{p]r_H>\܆v 'D}b$K17J󝒐W #!lPQ.PsK̒AJwWK!lǪr>3#Iť,Tm +ݣ:GK`m?w_4lJլPƜ×b4:o3Y-o/c%ͼ*'I]ܚF a`oSv[Lj:$//^Cn3!Hu̒q𤜈AǺ>4ƢoB6{YA,8Bcw Aif KG&(ϫHm9㌝\_Pv\m B>936sB4%|~w3կ_hF<֝ ]v3ć0{x[䴉~K_ R"$2>'8ϴWVu NoiO'^Xgr|/2C=h{Wq[ kFdydmŦ5fz5 gs'NTabCJ y[&1S4zFlNvaB JHV@`!eNB~hY|źLF *S0*檓5;o cd~O"d֭N-fnb +Ay0[s̞7nl$. Q-,$%Dq#S_Kqg2TwQ 3~I^~oYAtɡKJmLW[@yWLx90CKsCI\o&P.HS|+7^1ڀaJVd bl }pƜ҂گa{6=b@X= H"lh/Q'U,W$«͔Mb t9;SUS\F8kl=Cijp,s" `AH3mL鞤lmcë=;Z AX <W>\ vG/g6lx>lDmAPJ|PE\r=&/(.#2(+P ءZ$@UbK~0#22a?$*Gd{L DTMv@DZ _O>rFg./gΉ)H__-D4օ`e^u<⪱Ō*EeQr[}|؇C2p tN KLO5;nس̏>Ca T@59wݾ./vWY(W.è!<\poȀ62ovicG5rĄW;C׺)Ig@݆ m9,;jM2U S~96rGJ\WцUV8oG=F9Ԓ+i -OU(,;֎\zwe~66HN#Pr և6~A6Y^a=΀ROgH+k7DJ ">oHy]%7ZFca q QvSN'JؽW^(IYwD6kjrڣ)ҕ.D7LU4o5NZRR1&2 \N {jy$$~T4l7 ٸ oB9UM@~sћ&/;])2_)Aq.Z( @̚1ʒ,a@h϶6uߠU$/ҟY&#dw.zukLH86Ƒ8/߫$ƏfMѥ-$% X!?u٣GB@{|VDL'%QB$D R}[GIT-z./yM6ic6HfyEDxhd mtzaU< ngˡ@'XS/im@Re+mRuOEScWvVC|6$,P֊7{l2 ѪpOMa@8ǭ5i̡) ɂ7h=1g⶗~VS$r  Eox5* BkdX8xr#:9 P*E@#\?D/Ϭ]fa?I8B+ۏ4$Pk%Έ,Trzĸ;2i%b[dQi&p9w̡|e\kjzh2Nʸ*6 yPS+j꣋=UB 6a۵j6_P_sjG!!>$Ćq_5`ju槷[r uM2e =mʦ $WuDMB k0"X÷X t# 9Wcl2s yx8:C,?H2_1$^xmN[X y"@z~{Atp$kV*=rERG4]KuU'/lQ@cN b&UDRK~0"0nDkL| +0t ;hf$F5fS\_CO\Z~#u abMc`]0vrP$l-@fGC"0^H@0Z/89VWazLC){ⰢC9&כNʈ(4tC :ؗ)gN3໓Z;c8Ԓ&F&m$Ё i9M..u\` 1YY,3^{qY| Dhw"#DbpqnL֤NkUE嗮;TJF[Sö`(PұtZTvm.o!<5&`4Å(a#;}G 9:Qnw >s"BvB`yBH%&ȑʝE:i$őyب*,jWJ-/pQ+<%~~A'z t^p"wS̋U$:w:Ǜ3QX[9 ]l#Eʺp>5Ku cXf{fA.]hP|ɱiO(?0K K b9',EMEfC_{{8B|J;2I\K#aF٧Ї"VCD_ ~U"rŮE6MLɵOĭUUL-k0Yz}%#J^KFMGΦtDJ8f7i7ЎA3`vm{H=m~gꧻ5p ;eI7?(5)e/Kh%5ˣ>~$ :XF0i`jm:D4 +;吼*c5GW_T h~z_*Ɗ g0̐LZӨ,[eF| gKopJ>c5>%` Q Rُ(.& @Q:=+(bz["5!Ut\<ÕXui̒BIcJ+֋_ pXܙoDq=ȕ{~7Mzu4Z(51nr>*#% â +w}~u[Ĉ8oToɨ֩4g6G#ȅD[gVi ad+)_H>&˲{ͪt . VWlv7HM&ynN$[Cf&Ea\9 sqD*H}9M,eQSYnH .v1A8 vq1 )ٲh:rlwO*I] (Go$MU= s]d10y7@ \!Mr rIqfX\rξ+]^qsA" Mp11ܬqh׽tؐF:9b_ BT ]_D#5Mu\KcW˕%1^T}vr"%@߱;)e6drmx򤑏No[[R w#_jodf]7u0p+eˬfC ƴ8xN̗ѡjl5/-a'IbkgAln^ _ohdU8{MwWQ˵#s;2Yn-V|Eg4r"Țw#PQB KìրGtםN;$z#]E7as.]x}]S <`"mN1WeI)=[gmMcR޺w N_92o;]#ȅ~.Ɛumj:_ K 9 .ĩKFi:,Œ7¸xSo,pv>Qo㢅#Iտ2x<+3{" {- \BZq+AeJ37DL/7ER1]~B#F i9⥯¡.PƳULR79v[ _.@P/yRᇮf| oJiw,OHF*8I^b˜z48qگcX_OKb.OIw4jN/=oЛJ_gCS=3o1ͭ([,[lPx,/TEO5>nL\w 4 Dǹ0u,i1%(yx\Xgsgds4|~m̻;h ۤo ǃ'涋84@PXUHis]6Pm"ǧB\`=+ m|4UƎղoUt9Zˎsy,Jl_l=6!$ٳS;Rʎ"}_2Sk^|[iɉY Ԙj+8% ;]ݓӀ)p 9S-^w>>QcPsɕ'e]DE>ʿ&:jvp[ I:cVtmh4nlIIaF#H;PCR?\-\蕧AHNT֞4]d@̟ؤ- xR!: NCd[e\$5\ufJ'p_ }U!"驿,vePv'9qdjA[9*2@cgƗЛ\"VoXY*:.,c,z Q5:6gVO+F*;z&NJ`}mciQ[o?<@<俦38ӑ/Us@5|b=id<IQpIɎ=k:~VCKIiLٵ=hRK%y\O~\R.*z}-7t?1{.nؒ.R}m'9hξ %ט#ڧd7J&EHuQ( *VS^ RPKs>k),dd/(fčlpy"|h O'5uJLX??\UKD9c=\uDܾcW51#EFdEUkDz3.丂\,G蔙6&k/J`2HzE I+VO|ıe؀QBio fydc  Z0/G%m1:\}L,/ 1i"@S%a>K0B_sS{GXޫck9 s顂S D/OTzn>^/] n331rkHFRc9SP[ႺYzMv5Wgg=󎶣<.c8/BI9]Ca 081-,KfUz5ߐ3dJ-h9X k.Ύsʿx ̞Nrx3Vj6,#tT^bE/B%Kf#QHҚ 岸&<ߤT Ð1 l@-o0.CQ+e…?뗖@:-R,^ɴUQ8h&Ϥbދ0Wl߾CoKG-do+6x72"( p 1B 4յc+4ﴝL!zJr #";KǮ6feOWq ʍ9h!*CE6vWYY!lVE5g g~@dW+e0>JhEak?hn$9Kq__ޢyOȾ~bjTQnK_#!DfwZ0ohKt4||S 6qVCQPɡ3/6ZʲVX)(WF5ZA.5(]l} Ԕ;TΨE~0aj\jLHj(C($3e+(ؖJF7u(!gg>G_@AU?VaôCX={Ȭr=<'x73dej]|B}l?ϱm5켉&8hŨJBLd\~.hl p̌ʰJXU.eY9_֊飯f= yf =(x:猖 Ǒ:r$KZepY584$p@Lm#E?ǛYàEŊ QH$sq ɧ֮sVG@~b|eF>-fx јb]oMw7\*e,_j'UFLD#z7d٩n6A⻨x? ς/gЛ Eo W: v1Vμ("Q:Y98%U.[Ye^>5Rk"e|ј< py Jbt$IzUvrE؞\˪6q&selOwwm ܀PNI<~9jt{(`V #jK Nv -mm@0>x5!8   +f904#a\L.9oѵ ީN| Ğ؈fcɽ%_,Lۭ@~vg,;>x#E}j9 {el_LuIF>O>:b~] ZL꿬7I%E(fpw*iCM&*w }rwRF 7>iwc&z(};$4|C!=KKYvp^%);XM5W*2a:TݜFR# l D q7m wsP3о"f@Ӧۙosو`Lt?ޜ霔ѮC˩nZt;yFhBhUA^ ft`YfÚܙmq2yb{#dqԱ @ƟyA&NpV~` R06k4/䑧#RSk.l8 UJHm*;@QՃl]CLE(OO5"]]!bXU)μ#Cvqڲܙ- qtS)C>_>"pfhr,ި\jR`r]߫^ՐOz qPןکv*?ZcUW!@&0bfUrd\q5$Z*ĭ82呭r$*N칮 KX!]4l8e`]΅}5ςԸ zh%Nt'ǿmIl,\"c)[[_<fzIY M4-RM] T*iA} P[s8u!r>`kTdh  ':@y'5/ f],ZSx ds;]R)Hca`l8zLYA0Rʼn&aBq,c* Z/cPclu!ĩ wwo36'$ O {pLKK &/ȃ;>Dſ cԛ~ˋԥ0wU8V*DZ"&:ȥ%ӣAd1Y@{yR^B;"f_O[.ȥV"7v}$i|2fGǞWP5BŃ.,6Imt"CLJ+ G $%1\u|a?VO43RrhGFՍ;ʝMv7L'{IɁ4sOзT^K*%HT>$sLg`"QD MAPCp2}ZBj jٓ/^>W0k|U5xv| a|l#(< b1Nřu7o O'E;IY)IGnkN8 bv\0hYP4bKvBbV'+:%6s__B#kw_$o3?5ƄSal,7Y2x$s<6{(ex5G,<ػ@͵5BY 7|쉨WysL pp Q 0_[wBx趭d)b؝95@ˢr.38}6t tLJhہdb6yZn8buyheVN*KϜ6%!ťxl;.Yȿc`_(a~QHL^s94 읾ؖ W~* QN%7닿PNs(=+&>{sq{Q= B$SFqwXz/.t7ūDaW։f3sRq^xs!Zw!c&wK2Y4Z ~#N>"E58GxEߖ$8~tuJ?$Ys?b[rkw~É-ƭ٣cIhĸdA6 " wb 3%[8igl (nĮXU0pyιP&_~H"U{&g׿Q3ȹ4vHH YdY SPZrE_jdg^SNi}T8;>YB){C !U~Aۈ=E[""H<~2_hv=[=PhEcuE7Fﲜ6e|JW'L\'mJmA(>|ޝEF+"LJщ}u^~rּ~.KRva#㻇>"pܦT4 Mkې~(λ90S۪|B7:4#yO9.7tXok䡿Ϟu[`0mP"z1m&A]Hi# :K펕CYovԘvHsIE'|7  Ue\G_}Q{/SG)v ;ŐV.~:VY4mzg&>QJVi#$٭CbD'^:Y+?&坌kÀn$nrzA'5 lQ0H09$(1ϒu+},*/Ʒ`IxdYS: * W3Q9v]Fq~ٷ|2Tm*ςpC* خ.5kEK[ف2D>Kfܼ!sIbm ]HĜr8u ɻ*>2kb9O&, NŦTӋ(Qo 9l0Zűѳ+p|׉MDq|ܪB9G.HA^g6);0f]]"SKnX~`pBӏqTt=}dP/,u|>u׋Tb_vk|א&2'cp1-S M/= e8JwɶפEnRĮ%b*>aK mإΑ]AtbhAI} ~\EJ + [Jff}KuI'Q([9B##LzÕ`^\5 ̬ٔ;Lcicճ8eoE] >ua^ ٶ#hA_/lWAA=9O_DNaX?Z]n9w}xKIb ZN{eg6z ĐC;^,/\lfI-O%T6dl5g*z} .v?Lఀi _۝UـNM31<73 HD$tbg+Q%0[{ߍngk1~`zrSA?B!#dܾ/3]owa=,F$U`6W΍Píp!ѵ5~S_.!s=.Esq O*`<-U)25]Мj>~Ysb#FSbQIIMV'T](nɸN+y m>KKO3w([7&烳<Ѵ.KT_eI YBW֠>V}>XdH?𵁟)@lQ9_p@l1Eh) q]s&4mSr [Abu3elGInӞ|2@"E?y.hA&`!=6 8`\}U;,j2A軬/C(5$6y4o#Y~0 Bm-&%;hŜF5W (;]ИtN"8i@ {Tj*3~<^=}vAZh@BpҌ W1!:q,2)}fȉO*Vے"mP*O1(jE dm 74*00'nЗB^w6];AmaҴMm9y+C|@~5ϩsY+v5Է@U?WlSf@an`G?Zq>U# nxɾ2/>yNڵk@qiBmgm7:(%yϖ`Us-!42`_([vb3PpCςTj~TTO0R9IߗIБI<7&{ ~_!l;:}LF3'7W{C0_!Pa,G}9X|%4TC̿.[.a6*VXq 67$B] ;pLkM4"DpJ/|L@>[Ǒ,4f )Fԙ޸>‘6 ߮ʺ-ŋ(U0@8e }JMC YwQT /WB5o;J9gv '!R^}n7Zфzp(B>͛ɦƥ6iF,k֝3PW?ݶFn DzJ@N7#mEgm h)4>OCӥ+f6}lŦ0m1~ D l&G`Rn;CA1( w¶9pI:%eMs>p5gd 0~bj8cpƄVy[RݢqݕP3{ΪW@Ob6C<fn{Z CnwUvv5foT-9a7!8UP B -B$# *ثYVUt0{GSռ/j1zHOmݰ03>.q뱍mczfAB9Ae⽹ŧJ8)#z-cVYGKa{~+ E'L7Ŵn9t#j{{rPۯzkCG1IT0%^cs3bC.y;j.h8Ha Z@~YE޶<>_!1hC,$p< .IPGF~1CU'FLF̍3iU$2AzYq-0CY]/Sқ5?-nGmMimNGcMlJ8;0ޛyFȬQbM&Ghziusr.MIgbe!V6wSvyy5PWN1LT;SdB!o6+`^5GIhmM E^Kc7`Os;D58M`D[5 kYƝ&䱃>M5cO OYn.R(y2~F3ܽj-ͭP ./)L9t= )9Q>MK0^![AM(QL)/ Bq+N:Xщ `$Y_Z{>aW)UkB7H%A˽Gk%,c9پ:bZ 7flQ/CUjw]]BLg把 9@Ǒ:b}50%[馱$뢺s ;/;K s[86;X ]yA]ĬX}FY8ʗ&|xn g9oV9gB);FDOayK_ !JHlu~-17od/UlЬ޹;^|};ՓLQ^{d̍@!lL嘈dV ˠeM,[J;tMNb@y; ,@'8W(jYoa;&O JOTx=3e꨾f JࣚNQ8̽RYvu)C#tk )\Q58ωȍi+@J!E_SQA\mXE/?"b|%h1 b.kEw-1(=T[o9l:۵V2'K7ܯydĜtT|ɄdFIdC\;V ĸF pvaIUѭvbckQ|[- ׫(K⺷b(e>[LٲWCHhoS^5R8M#LےM J6gCnlAjP\{ *I1.QZS,84cFg$=27etgكY-\"Qm| (y罤]zGbϖjC55gQҾ9}+3[[E'NOrݕ u0O^pvj[`1 VO]$Tk~Ve=*Y5+2̟d[6LG4[î\6{d:M ]\da9yU:IT:Θ8 Q1ԑ y^*e){KwbK&1 B LDa1bcP5Nv-%A :M~^|VAOaX@.մъJͲ"Ѿ^4PEʌ( rM(MHtPߤy)A߆GK}'N Y%Է@ة=(zC}C3ѻgiv6su^$qɒ#Wp\%FE}^L ;,?7hZoy50'\ &3&*`:nz/=MA~|껑@mfߚpg.ꮿ;?gQ֍V<3CB?I~k~Ք7,Z@ͧ_Kޑ%gTwzgHlIA2Y4*(7o6)1'S;U-ȟfRa5=S{aUH[fbQrkhګex*G(>P2zZ82aE44Ec:-8ظN*+q\Ɛ^ˋ R9-$VɨUۉ1 $vowM C/>| dW׻G l]Vmx^8 ΁Tt^@jH|J I-5*hMRHD mM H KgX*}ic^} ̤JЛ}&nC>BHcu3od*107$-FEaRr& zk2NPgU?%”YnMX=άj~ {'ąfNLJ]Ex=*v3E*SVK QÖڹVf|#Fixl{#3."ܑN~%_}Rqc=g0[PxZ1HO0ɃP9"V̷AXGeHpX\n`D\U I~rý= JїlR(yCyIf:>,Fe_/ ^h ([1qϬ7$CI+zQƒQYk{V=4 -_1'K2U)RUd(r1HXx ՟P?BǸE k~OAtHBS:;y~ EfN 05X T;Gw0l^ڎ[ͼ4 KC1;rU/; ̗r ) hf8d*lU@%>N~"&cؽ 2(, >C ,N鼏j!2 РN(.fSeS;T3zF3 b,U9[v'M )Ôj:ӛOUHJ[Kx'9bـWC->-BYuU/M M5Zo;M &![+;vNGV@Ӝ01ĻbRZiAj-ۼ?"i/31h@G7-ˎtk~\gT]$VN=!B!c!ɫ]kPK3b]Tߒf< O^)"U{@F^D0+Of̢]KF)d*ךr(´s` ~]a.0I62un>gR¯(V}l}&m37:y:y_a`[^TDɣ Y⨑cj \;p=Mf qEh9<[x:GׇrV]\Q) Di` 0"915ʃ1@p/d A5L=6(ڟF)‘LxѾR5 0wMGbL0PѥcǞdXoщўuznE)JN ,MrVFlP}pjڰ{Ndy), iLfh4RiENjQZz%js`3AC/Re&uJnNI7!W3;1D $W :jξ KFIlmy"ѓ$Z3 UUq9 |45tD.ETCÐJ- p?MWgQDm8,(ĝY1K]Idم7H> ax?ÝGhGZN-.\79pu@6Ť~'y<9,iJ/}{lz7bEXir (u&2NUyhj*HX0DcYjԗ<+͞)H˭iLadC Љ^LJYGi,!YcwۇV p=C2wJ ?|UU'OYFIC7<^sLc7gu|DC>Ӌ>YP *ynU7$47k5Lnqy}sOͳR4A%*}2E~@0"F_Ýwn6j?[}1`C_LB^PrZID)s|ė͹_~IRM>!]r>Ѣ1O_I!g9@.Kõ/kJr`M]vlk^ژ4#ج_@`R~93} K됩C8.*c[c.=Yt޺5#X|\m}?^;GT S\襡#j8Qn:L8IJq)<$kLP>I8ߪFF 0gSL[擷ڦ4 K'Ltb{6s *z&P%_=%aud?WV#L)wӶbp걩R@ D9$WlנA8jgm~f)n| wCÉpv{ $2VJO{U:˗m5KlN%bpE~VOF}`LǢԭ}*F9|* ӅF@tq pBU^{~4& }yQV/ 6ήvRw8ؐXԹ'Z)4?bLp9 yZmG䀆VA7_0]/+/[};q~*cEEH relpۻԩM_sn +ҵ*ʩy/=LoMeG6msJ:UθIX;J[^uN%PeRvuٖ/"][;f/%za%iuxRV]+sr7CW9 4wMd (T`''_jӋP5_ޕv bS`TKBԺHul.!Z%z\|L6^N):zҮ xmJeN0Uыw- q{P֕ߦ\i֝ 2cc4)pSXki8. " *WLdg_-d }m,Z}JNƗPN,;~`W/~6y֗.?}i<ϴ&Xq&˕ &<Ө2xsKFC~Hu7t+UYiEFgk-d\̷۰ii6n(ZW7+oBl`kH^#Wčg jְnmο}` 'kg[u%2[:/\urb!S?m`>~8xtM11֝,:(h5}P&=/uwu |lT.wݮIѩ]z2m+C["lOQC%8,Bq#d5K4b"XJ:o=DU&hi`Ru6kX5]sROxØD5EaR3y2XKרlr/ZY1?+tX'.ܻ4- ٘ft5ܪCyqP{oט?2@JB3)s*LoHQ |,¦1R@;"MII"])xs'v䈧Y(\h|#>;b, @+ѵZm[ щqxg-z-/VvQGZ?rx*]~QT@5*եJW.3N+Ki0L{B-ny݆C@,W‚$洼SrgkgZ($ۏ2.]"U4}8s-kyHUO:BCޘJy!#@@Qzo|7:9Ky1W0JoGrl`!)^Oҿ#e`)mUaJm` ^3`V2< y5P]r)fhL_It9e1J^t !yg. 4x]8)&)ȴ@PIm5M'Q&JP=yho搷wzw>|o"7h7Nŭ:mB '1n[S(ͱ:cUW.8B11 Tj )*x_M'`zGou)B/W>8Z0f8RU̗:m+Qq×2Z97'E6I{\ΰ6ۂ䕌=Ds>d=/jQc.Ǹ Sv_b6m}0ob'^nR(RmOpq^]--IC} ~,OϯG|K X4*+M$7u-4J#ɗx4y;P[_֣.Mj5ffvi1{#w2v2LrryuQvLp?FK6S8c*БA0k|};XTr!POvF=4Z pZww%3\?L2 u2ArdG6(Ԩ83:v഍; 0*V$Q2XC?S]A6%bAxESprThK6,IG"7Ekm&O''Y{+Y;O,M$ wcs>b` ,,@Yyvjc vf8$K{sD9cYRgwBU7MBlx ex^K.dTz-*ZT'%\Q.\q5jqR>oh"{y>I0#y|X[]q: Ó ٥\&BbIi5n`/DGb<Zpg0'|݋CSjF˴^Q%1k~ToQ'}N񭒣EX/>Kϥr\ MO/r+L@X䌺WhljiQ+Ӯ O7l~QE0S}u?ch tX+(do*}γbKJP]Epɑ^(x>(,9%4ej4W؃u:M&},k1%Qe{UpWK*xբ|\;v(ʩ8,C ы_ 咘5LS\AHi%sVFyPډ羋\q:""3>`edy)N_c6w#UAOJ/ZV 'Jr&I>^W]1*~ٕse%3]-MJpjp 1 )Y#!&JwyY'd>sFFH]%& a+scѱTmB1!*9N]J%hL;yO_?E%UfGEt^Q\&I9Ts);Ď{Ǐ 437i~g͆d!l߷>7‡(ߵ ,3m2f>DyL'Ybm?Tm S$_tbR5A}vJZ*8lX,nyT{ͲюC97BJmU3&!Z ԓ<~({A, dح^J8S9nS I+1!snsȽdכb/5HBV|FV`9 ct3RK@Hi1__sF(~ KHgU)NfrdPG2 g+33b; Psk :ȝKVE/K-`FMYxv|Y7ԇ j _~7 4:|L]pη-6?uNS HH_%; u3j0Zqg\khv y_)w{מwllD#0|v TğH<r`@h64| {'`ȖQĭ]sF+cGcw捞_\\=сBFr%dP)%;p㱌 /˿Z<[Z{g{&5 -op;R$E|a_&1;mmv2҄O7TTRʙd$kBc OUMk_3 ?LvApԋy~RfYbPY;WJuԹ.!ڜ [D~[M einwbv:{]m ֣/ pnI/, ]N:뗽vSEB"%-]/hŦH遍QB\pZd"ڈnꛖE&QZ'040*f!~x|QXZKl_:9iD ^c* Xÿ~$#?΍w~ɏ#v0f.L4K*EzBjBx`<Ez~0iz;Fre("0ԥ NV]! h7cvtβf{E9*Aɷ1H*c 8_"s ~1o:P_; ֿ"Ab)m̺[8"jٕ}(dg}CrZPHph,3F꠪`Mj-ޚ}E|ls'\AapbHnfL \0 P+/,AgWPhnqi'c*C`tЌY) 1WEQ ~ʮ'?uGR-st3lw [ #iAkLNRE|7*rMբeaRm1c_tvCh7=NIoM'OFt]%ԡ;9"폖u9M-JbPϚ`n /j2G:j3M}8I|CUDZC~*[ E؁LPPeֹ8Ň OD@pjwaXb *xq.f,4/ƔJiA%ڿ~U#ڌ `3\WQ$0|s쌼<^hXocwZ.va呷PRZS9R1!5 ">BD۶g}0:GrNN]n6p.cŠV"jmŸ);Wڎ&g4א=H{ƢSHNwXalU$ 8r &q<0\3 xR:0PEm=9A]:ma$Ī[O\_RgH+Uns@0Kԕ`K;RKn^4b4fa/z0 eaGk_gcL@+e%1n Id_MaRO-}1C`Y*!/<㽉|t~Ż^3I$3G>!My j'jR*:Pg1nߖKRiKhTx7@M~xs?6ՐI=$2n8=w_TDhCƿvyY{XXy.p)o/ϲC#d& 4i۞ mE MڕTWWJ%2 ĺBˎ^GI'5*-s)x|"&Ml.ѐ>'[A8v՛u QJ{oY[[ h)3QtCB3w*fܔB'w40;o~pǪI5y_^P?@jƴr/zVSpGDR,V}χ6/f%bY}EEXS36B5u6= {s@m)ƞ' 'YG)xXBfY8p\ ,6_,d½Ӳ E>Y}iw*YS3U4,LėE V-ˇl4nL4K @`$I!H1'Gw[vg':7q^ZԠ3 pf1Q"BuQ)2(s U%xb^uFR~swCB QDV¾L7B=;Ў Ih⒱liX3؃{&i-v" LK~~DŇp;qzM&US0I>rzUEh\8XϮql[E&1 vF&Hrf2ycF`9NZ2'+i~mү'RLE^(@xL#ʻВnB"]m9YekIi}%1ʣCOȝFYw'`Jɯ!A%ҫR-ҩju#7R" ^=?;gvvV؝n'X#(;+៣L-UY2pPu]{wC/3/fl &S譏KZr>@e ;wo>9!/k$NX-]@e]͙n$Σ^@@ߑnnpia:iI5(H ZH7A~"h㠒9KQ]et67ϭ͒-_zE5Qn5~mKz ULnb]g9D5n=2WrLĉ] Yxzu#ONV%{!2q teWgV\bUՔcB:y~/h\^U 1Whꣾ yn6*GɁx2  #Ѹaa2 AJ[:lmV&+W̟F#"J*:NNxc m݆a@,oErͰEt)|Y(ly 9W:EId_Ak s2ԩC/m4KTpZ c'#-*Aəro<;]؉&`18\JkuVdewmIw{쩙.eO+~O5Cv."{Yޤ%U-郻6ٴޒm$="Dwi)%#d5%-`:Jg,+UERH }C5kRWȝSRMH0XC-WԬ:MBæGdȇ[ H#Pwھ#$wL愳^,#/m70CW!{똙 в0o+v"{7Fz"1Bs | ׸iq:a~VB і&gX !H}܇Ci_TWNgEUC >#enn ٞYSE"'n@V H@$!{KYL8gdiJ9qYBDtVPG*ո6v2Kcf@[sd-#op,g9M/aPb86|qr~bw(Ѯ\2^}a(!UhEy1yS*Vot E2 'XOʦ:}=/݋`@>"S^n.l@/3ff6B)$d8ҁ4~#,qԊ^Zi> wa֤aY4tiWzcFINo7`|θ'{@8lL4qHekZ@Ԩ|6xޕGRݥcҋ~9/=Y?2LETXN.>Ҳy \ I=+TM|1/luK:˟ֆMeYw4_hjfS/{~[ Qb7tFmGWh Dmt+Xd %BDcgl߶ &;Ȋer7UՀ^Ԃdīgʞ԰Wc("R-z#-! ET3t`M*8ˆS稼9,@r&M2;ȹRӨ Hʖ^Iw,@Ϩe7aߕBVBnեTW.&OjL }7|ŀː]:W!K|b5irܤ `r1.߼Td5>ښŬ% Ԑ]{An,6%><_u<&6 iRDrL X12aخ V=Km ?z88 ġ>݅ [: u[ ;>%iҵ)A+JC7q2k_1Fᩜ`M*)Qd |,y\U4g'B b͙U-8ubFaZ'Brhʊ[fT 3`u BXp̍™+b2_ tb %MϹe#w,)x=EԏVk \mkR߇GCR۽aI—U RKQf/ʺpv\q1枞L:FR1- d2](. %Oϫ1s7 V) OIptO.7ɑ7JLzPSGg UX0#f:)D*\bv`iůƫѨHL=+RkBW}xБpil惚Y#u;!)'48@ܲhGTd|wVG.W?7Z5_rLI1?Sަw6F hRBZyt՞Ye:蒫f?mpYR4`0iA@v-@SڹւdٴG-)y 0ݗ0d}E9[y-I'TMOB<тq^ţ@AO=V  L;[9<ࡳWb0e2E`yMjVOqeѧQ ^L{ `طB&?TjPn8oGOs(C [Ďb(Dn$͛]6ȟխ9 G[&&5 J$7^,#H}ŻEH@u5k,nиb]#^ .>ȫI%0h,Vbêh2` zj=rn J z~MqO܇(VpøwI!%TXSQK<`ӭ S1*)_q"Fp̐@1@ڞĢ~Kq74ZXN1.$l"R: wGDʐ!ڈ@YAʚb,9qBEG契[,ұ俧QknPvi,eu%+uB2`nYpV vUbrewk F8J?lJ^Yq,T!!}GgZ.d9+ ggC/Mo7$3$gd4i(fjCOK0wD Ս!1e SqElCvv0`h[ @H[}r<d2^ϓ] RInޘ'wVId+`k/M78.3/ {9}I}@ufe5t3)`;a 4!(Jj8HJI2g'RIZ'UoLd0Bhy8 +Z=-gD3K>d&Kr|8%,1QGRPv 6mm[$%Vqi=^ [r j:'Mۚ4m;N">O RnAGǝtSD/B&8aH)* Dz::@qXX*8uɚdn|Q%?EVF RhBK"'Uy1I2 kPkٿBٞnN8l]PkB4>r¿ ieVBVر8k~| r,"T9ʾ+anJUn;^xTm6fԨm'ƒJiy'IV^Y_YJ4W]d;J| 9q݁oNDs. (8❼  {F0-R ?ziNr4{o8_"ږG1 Ԗm$4fc-=I]^#RR.|ղaK ,%!u 1;^i(JJ8l@\2~=rafZ0̬hFMA=\('T.Lx=<$Fq謁o.2MɊxR>U>:p(ߕ4)~,XϯUfNj.-?8Pˢn@N-rvz6@~syk4+(n ~ c Y3ǹ)$,ē^ #~eңY@/>((ɡ[69-1L53m!`K& ?@+K6z,bgxّ3;fؗiNl_Q1k4¶@s>l+#摿&_^bp6Z 5=Ȍ/AUhjs/oOok>o" ;9@X_ Ojғ~@CȎ<]O0YS   sd(`.-*!HbW#MaAcdB{c_G{,/!Qo{d5I5lMWᠿ.QGzM+_ڱAbf7LE(:BIr9DQ07s+c-(LL>AQ,=c[] 2"9ag]/S:׵[U0u;9iك񩇌\2&NbEJna=%Y[ ָ6&`&+ Otx F(q]%s5-ˀ6_=ުB$5w4Q1 |H)oPҁzr=s'}o k O/uv:xR\E-`ɞC mN'B"FŴe*9Kg>d7ctGm:}T3ժ2;ze4 ̷ǩ#k{IO1r9&]iŤ`C~Wp;lx5nDZ{^7 NR>Qo= ][L68k%֟dl|BeW#泬bLm/:7}xӟQ+K]$ +7|.mQHz~xIc#\aZQ0mug؆+ߠuuZUeTִ@)6Q}!"Y_MwYf_dV%JJvYMʆw7[`sĞT2h7 b>hڶ#*^.d@5]?\6/{At~p΁e>AWqA(1pz@+s;[Y-/ #_¦7,lIAB@6)P4bʇ|J* \DIc@yL,oe/? ZDwM&\rp6 #R$ϔ['Q ţ~4'MO 4KWw`ybU6ɘj4;nmJג \:W̨Xdo.MLA"A S /<˨.uOҳO`S,zFl)uGk2hIifzZq'Q,V ͱNKKl|"Xfg &^m?A"6mGsjO`g0VĶJ%ZtCю[0\9hkSe{GcS6唏lC %@EXd2%򷉚1$#ZfQ.!81I~{Rq$"j} ! 䧏/ltӻ~}5( wAMZV*?;m1(|QWucZBph pY4ujFi5Kc[bsIX2bj0g46-IQIs\? cY䵴;?\]H1_SohU;q)\MLJ}-Yn|msRv`$A=y/|NLsR `C>?Aӄ~Ү4+Q"`z 8)V @_Mc nJh N6+cZiI7ك;DQoP9ܱLL9U>sɗᔀZb%[<}h-EWوЫ~&_O+>Ty(R9ljIXW FyKd\jz $7P9tDovʱgFtj;c,;HbW L)Eye؄9_đp]Jl;,W{+f1@ņ Բ<6 SY9M> dG~D< L N$ļi?_Sp#FΎEfXG<4D 6f=SKmKS8L'mz Ɲ[u& rAGgWPf:KC|Hᙅ^JSSU6&B\˼و>K֧q@!jJAѹ4-S{$k*0=vX^٤Ja@avl"ș8m4c<9d%rqqbK3H6'pPGcHPj'8W#V.&a;bz"jn zm n*7^g#K Hfuo?@˯KVW8Rn2IĺY7/E6 x#g&1CGX-hY24?,[5%Bglvd59(׊;UZ+G2+<gO]4A.!#O=E Tag^2ᖣ2M]n5u7 Z{P oh2fj V) AgD{;ߨ'u t]د?͟Pfz+ { he=³Үw O7RE=ل4wN",*7w:O!+D Bc[28W {烏2(>:n^0UE'wXtG@\ ' 9ϘOc!{GsjPlb[Ā{"?LކU+, L"5r$SU agZݶK)z98`p%lؼi?,}=R_4XU]v$Iy;R74䕞=D}BXiwK+֮:JYu:پ%?[ƇJq, EG>nib^JcŸT;jn)&H5K PM~%mBnChZ?PY3Үp8H[g-OlͰNA$._6%SB&tF^.e40I6s&¶Ս>ܿl0dJs,by]Ko1Ba`Δ4Ϥ Xа\ƽ>\JB%fFɃc]]02\ﮀJ\]Ǐă}xѠGSǾ2)^`LE(xBʩn Uws4MƚS;~WhFmT"JNsj $9%3=m2,.,qf@ks o]j}(4ޡr 1hH(486B 1B15MLH7컯DM1_W&JlĢdM??H/ĥ\)D2,@]Hl1O,3XmI-.vx*7ԙi7?+$98'!Z]_*@p된1n6V;A,% e +TPCHLǟUqa0fD"yq+~53|H%&,Y&kKɫvQɶJV⫾nߋJ7QÉRZޑZcZKI]c/KyhR WvWW܌^B@,?l?.~;0+ΪfcXGY4dk/"Wv~%əb HF?V݊krȱ! \q q,K DXs@Pg{zj=59TZ0$߿J^on{J~wbo{`_J>Fne9u#? UJ(QhIcXTI*bJ;P0Rw%GB_̣WmXOTA _'n?Y_9$nNyhu"G/!5RQ"fQbhw`ӟ9Owri(z/v-h9h95&O#TJB=aK 34+r/Ƕ'fXBPy\;| #UN7 )3K]ɧ49zPdn/ȸz'n~eNǬиg fDzWMUXt<ٕ|ĿV`Jȇ IBSFIphc,<[P,NX U5,$u.Y˂sߦx8Z,~-fG>UzNʪ% wNW)W,/e~&ѽ9f9$Gzt5%iƺ0jQ2}@:cOlUғLF&j G59Igo|X=Vcںc܌1-EJn؝2~ qyq4 IJ(zL EV93v]'Q4͚Kb{1xK:E M~+eR '#@2܈mXMb|t|# M0q|Ds$*YrТ-%z ,3!ѹ㧋Q޷=K-NM\<nPVZRxGs<;C˫ӊ`C(FAFD5g^P|rD,HY nٶ SNQN{ԼȊ oYc5rXf۸5OJbqd9/:{ odvýQ{LΈ)%U3=CDqa b,Q2M H|$W3.O=Hy؃:`bZu.)<6 GFdM^~0W-11(4k+*EygPBtNiV0Qƶ : yVdI>aN|U$r` ʽr1YspK6xXx@$.f'^QO]hw%(KCF+uq;z쩉GS;Wtz֘,9{_@DM%5jV K,>1IHяm̉g>ih!ST?%Z14Vؓ8?\9>5#5=ILJGx-l&xu;c8AC_Iֻ] $3]k6Ru?6*ʷIJMJ0?ucpmT9Rjq;?/uXX);b"$߀o6TD ڗ%A(kw7y$qCg%ܘ:2j<ԣ)W1?sQwXHӫJEqEV  ]{LeTPL'z7>k8]a +?xT{_}(T҅I"P^R,+r]h.̻ώ[ʟ J=5D["$%XT|.A.BE zR0U?k&Hl"`8 z夥W%~ 2wA^f:^?*byeӐ9Ҵ^u:&z}-XCDwvŧr7,5s)<u}B Psyni? m:ֿk"z880iyR`мݾ}(5G_]&jA\'BLz(ʈ4nNȕiU no^&I7"H) /hZ{`poޫJHJƟQ GIIZ nM #*(ffL.^CX{<$#`&-Ef~,mrT/w0.aͷ j4ҥtj/[Y 3r(.$ ڍ&tbCvbDH߽ j!Y4Okö^E,cèHm##9^s`u7QGG:VTkbغ[5I3h.0Mҹ&ݸ7C{N'oI?i3ju}W8vYRԥl(5ݢYY1w{B! Ayn[7d'qNvޱ!6t c9. {0(_XmO fi~1EWUkŭUƲBSx)tϚIy5f0bXVam^|KDg 8A,Pa~HFX(2]>ލ5*ELf e7m lhW`6(X=Pɭ49z>.L4 ʺI& JkoM=|g?ρzЩ[rzQ04?;^#NzPJDu]ZӰULK,OyhZR&a|"&@gOIF| ڍ&zB4)g 63ࣈ#oP4}:ڬ^sAanC:+B|CB Qx±P?M!,Fڄ}l1#Y'Ҭ^a &BWˬܢOpE{y{ 5B0cVxCE7MWաYHA5b!se¨t yP6ee_-Y~-`3E԰¨2͡ 5z]n_V͕3G%X*Zuade~c`] ΪgxI;@ r_Ǧ׷)1Dr|ed8 &s$}PG]`F3f/s:^pzA,+ Q7}jp*;bc|dLOQYh-b ]݉526!`%S~J(d@闵x=n)D=uZ77 l4mp4tG,<:0;3ud&jE,' ӮhȮı}?tQG岏<$ =-5P?6u R<Cu7;L Xr``AǺE\B 1t5c@n!gd1LM#ۋ2,p Cgʥt2$cBEw_ä*A'["e-RrOG(_V_qdfjup3F4~=1C.(IaѺn|>#Te$3]+9{յAU  ukc8=Qk0ŸsW+N0x]! oj׆6Rp,G֜BMռBkN-i1O"12gd tMμs ¢ 1!{Вɶ ~Lg_uDcGfN1…[ך[}I3Y!b)#X4"Q[iaWȤV~,΀2w?"&a>:Lܾo"Ըb4*\-+aFmn&88$$yH ( 0P+L4Q*$WΏd<^ݟ'XA3^Aŕs9cݕޱz8iyj;ɎW;Җ_}7XH>7ck :?h aMU(:ZoFB2tcq3!ߤ8D|cTt(WxWf ƪUPb%1)viȟW^;x ,kB??|%jbv,p Biֵヘ|vD(Oxh9J@݉#75D|QxK1л 譡*q'}8l>+\nd%OeeQ$}_&]x_RL_ۂIl֒?1kۀ+B0J^F6qINBOfW/&n vKڅI[˾XwZU@@H޴Xkܜi y5CwK5!3JPRFpIybƳ(v1lmSKzMCP:$VcjL7z!X?bl) ]#<bR+P+@''80[C.Ñofm+v9?ߖ IDžNΈ/-,* k:tKSWG5lM`tFRwPXa>"yGfH9(fκ ʢ,O9; B0xB-+$5=;6']{4+gf%XR)׌#t8r?;gߥccN-Kճ6-F2crwr=wEI̻s>'YeҋH1Jַf{`SF1 $u?FH @QX r8:ֆMqM1/#|lHCM% gPs O1‹0ɠ#]uu0h&ɷ%VuK:üZ!-I`vJ]x9ǥ F]F;UzD$p%nsόda"i.NS,`{/d *nBG/;]`EnOy5qm~[<鶮=}b PB5$W;{YƴI$9SQ.OV[OC R9:u@a`تӽφ4Ѩ71h3,U@V MYF]6ϟ,'( $2 A;`E< rO!Z/r&w䦴>ݣ]g%D<[|Oi;N^ffu/- 9NL2偸D}\;m ־ui0x1,q$ odn_-CB"͂ T۷UhUĂͥ+w5 P hCVZO\j;AIlܜA}p 9ms-ʨ"e,œD6c$"ѹKh4ƙ1 .}QQ*(3| 6 ;펴JS ڼp܍NqtƩZ"L"NR61rR; =RlI=7IakR'J Aۄ/$oQR+ zgL F7ɨM;kb5w sosv|wi9۔mx BJ1l^" B]*cTH:/[_CrO.Ew6Oq [b1}]imߝ7,xrNG Ă۰ޭAQ޸@J0) a-4 E#٫|L1Pv,O[m;fh3Y?қ:h'D=/.iۉ!" /[aZΕ6X`"wxR~ebJ&#!򆈪dwh;2>h${Gmc#Ep+QۇxwCa V?"a趸L%]݈`E?ċ< [PF ,U+(*p ,n# /P| UXc_R0@K.'̳db#-i\+>H"gA iIN4Ջֺ*:GIkCNA2E3efK%*}z@&S?K$e;+C &4pGYϺXJr&wP^LWQ!F LOI';nAm#z %B?)\+ ;1L_VƩ(SI!ZTI+˯|v;GXkQY]tDeSѺc)d'1_gi_[tʅq'R &z J.AԻѬF ] <8PHd:<a`+8D E^Ks"2kf:4`hhMʳfac9l(C2 s~CnVу|If05>m9VֶJ*蝌ſM)iSըaTE-B0<% ,A13ڄT/`Ш̋?e(ϹC2 :s+дB-8hG&YxvY'}D_Ec5 u+Y uAؐ>;MiMVAҸΕ$`#+$ΩL|Kn7)K =혴:_ >W=?tPJZxf> 7_l16XՆvKSNt42R+-ϔ6T^Ы|Ԡ-E7Xb:Sja2*{FUr+U pB/_}mk!pMUCӼY^JAM psJ%N32=eeT,.M눣tŗ^̅(ʻ|ZF2)VAPs_`lIMʫ/Ə0w|@rCȞ߫­0ki 7 &oZ\Lrbٶ%&w"^#]d_opg :寚+<ǂ {—lOG_՝>RY&<'߈['5{R ȧEp&݆l;3~^b֕;$`P~L껻7ʴ8{TD8pq[.QH5Qޮ Ec$tj|׼&-"QcJn`h?9u)ehϐ 1[Mjj :bܤi~)=N>6bm2]=nGvBTYOPYK0wd;^XBHFnQJ^W %GiU֑\,d1GH><Ŝ/`z5Up;>OߑVzʺ{lXh]ǘteޮ[kq]&mjQA#["Md13!8D1^\-ˢ+}~kjweJM4J.* EֶsG':r0@eM*AUV '@39Ql>D7ƈysvO_ 9Y[6kׁet23vm!Bh1Gܱk?7#{:Nx}2 Ub8֝StS1|8[Pd\ں.R{Wߪ [dvX M/!K >w-ςc^'Ε2r5r%H !b\ d|\QbRtGdrdPQ85SXny3^ uY^SZ€4 ئVcvHn ?x9 ja3k5[a])ku5q5uِin!֣ުVŎHJ}hHa2]vwL 7O62%0⟎%ڜ:3ӅunWlp-ڻ5+oV4~1ΐ|8Z>VK7G2mVĥU9v$͸=D9u$5e@e#O~H+i o8.g]Z 8l cl?!?`b\ut kŠͻfLs g[t8y)ɿXjR\^8<3"Juş5ʽU%E%,q5w!+pCĈ*{,ĚۭvͭSA2W wlF$XnTv Ņii _oÃX ܷ!ׄwqũ[ʒZ˧@T^}E+ :brd+ 7kf2? |hPpR2Լ8ć5 ﰲ~mn4N{<m3;Rhmwz?e=CW" zg'nX :d t>~M"+O_ 8; 6-i#ꩭU쾎6Vnh)7@ו(#`ʙ|U@2xxE3qE%w#e(/yHƒ,.V5QQI )@z7ЙULډ'y^+- (Ev|Y5\çc"5_`䠷cí]XF*Ȁ]5* yZl- ΎJ1 |;;UUkΫgyomc!~E}TB&eLF1gu񌝧 (Nt^{'.6P^{f"sze(VlĸYz{&@t'󋣗 1/mݦIiDEJrЦr^~wt5lX}wM$ij `1(ۄ6W1 ϥ=Ddr!p1O7O~k5 zO'.\pNZKЏ:VI ?}~|MK) R?8Y!&$OAPPc lpsϝ́kqpؐ><\^^T7UTdfyw[1J[ޮ>\pb7b|Idi.ojYk [`(j$ jGkx 3ةQXm-UDWo^arJ"G:`zVWk3PI۱  @I%Ǫ@A00a.ܟ3’A|C/DOݑ>8c\'2l<fJ'lgE%>7$B\?8GPweѤj JDpL,3eߗ ,kڭ'"e ?<zaL > &:I6,MZ|9-`8d[➁ bZtH[SD"j]M`sB6 %(2E̿\^ Jآ}]n<}HYR_2r-낖YF>"si6$8 ho7Q:_ ΋*;zMɽSj 9 JГ eGt5OfԻq*1mDI @x(}WX+BЊ!bC:l6E|:ɥ=4+ҥHs X%Tu_H*Wdr ICwr!J-McVqQ~a}!@IB `17l|<@ғVЅ˱%%gyj s'r#CfT%,[nրHTM%hѬ"CSG+n3[5CN&|㈚pmdٳAmR҅aNPZzS4@Jn彔W38$H;%:m.^*muPIMqmBf3'%p&HԤL^vW_ЖS5Z̧8{ZT:BY+|8==7]#l7Ǘw vsZx̷|IW}Ĕ܂|)+ߤW*KCb&^j;5>u D7O\INE߿k|YTE )&Z5]FL,|u8=?ѽ6"t.; _z Ս$wN,j3 &=S Ѫm#3_^i`޷^{!*7 2 ;K5|c\UeFKg욠Z>xa9qn(CYP @5EBe?"cxK~,Z7Ȕ6 Z2XP̅00,^.ZРS:FvR|A q0gvT쾞KTOs*t~܆4gL}pԂ/ƞh(4=#U+Ȣ_ !wc͑4KUZ Dmb $M ^5W2g^?T^^մF v UCb|R>cI=96.3bzvBS1Q>Xh'խUD;Ӧ\@[~)|Q[A[QpZ+e7*1o~Rʚ3m&>rQE|%VU3JAx  T=m+yM^RWT;JC ?3ÿ8 i] +3!Hy%\Cp  d>E`(Z$PQEÄL`p|ųn}ΟvBJx:&I3ZA=-(π<3G8E'Q Zp^qIȫ// .}s 16zc֙Up;z`:c-Xϊi,Eo:Ձ>ˡPu.="7K|NK j>'m|;#{Dmre-] <_X̜jNL)jItCUi0g'h/R[E .ڣgׯ[!b\){qf;0^aXqw#=@9.Dvp^!$~o!OĨ/ #H$!liݎitFr 0ML{h=T)(>:"y"n9&Afm>J\99b@ܔxiPFnX}zwzGTũn<],OۏrG kR9pS9r soH[̙|tE=7݇g~_K^&Ix|!#nSXGL%^ 2]rHCPrwH є^$֠x_Tr{l~d Yŝ>@h;cU'Ef5OV&i{4wḉ")Y.h6Em"xG7l\Vl ^!B-uruo|m5MIDb0:pC'-Ll\ףvnLwFB kOj4W;Z+*o϶]f3wgaf~4IP1՗JA%݁.$(#P0}WM^#m.iVX(م$}U>'EuxcPd gcR2y) !IEI@>\AZLj#F49?zs23*NH`->قH"W\ 57ZMP6|Ycb,0뎰־7;NmT+%]@eYz_a_¢-9pU(ۘ~=, %V`|xa%! G+'Gay,(<Z?A`b~xZ9xћH_$ĀѐXF?(cI90CPGˍUH"]]OoZPђq/Ǎ0:V<*SDj'}$xySRDb2ƺ>3O3!Kr) s0kƖod~dX8OG0rq5]c`Q([;F:~Ns3(Ky"T^QblٸL0qe ?]h,3F3.]VB3<,u}I"ZU6: ȥG {Z寑 =nmWյ_0!2;\Ce;N CFY!cI&Q&yr 획W5]x?&_*Է/M{. A[ ̽MGL_¦Rhv0瑱m1#ciͻv?!=@f[ܤ{|n6 EE8ǃ>Vwk.X9f0upEo-R!!ےh+\U?C #Р$nioҞ=j$h8CJ"">Nisr}VxRtL<B[MHD wT,se׊0{߼]єxBKS¯bsQ%L}ky,86 $nn.mݛ5O[/Ut#m>5݂6I5P ݥi{=BNe1R97,!e'X]#j o54Fݺj|5Nket >h7/ KO(oz(#61뎪]"a1OПOСd>Wve9=[/:%@+0$>4םvp.E i+TK4oՀyڲu e%-N%)ϭ<~oED<}?Is)bE+v3t rL#= r֫+ F?qS$Z"z ]:5^[qY3i0Ąީ2i t;M;׳6#%INvve׳C)sAc*eTz#,: wo|y;O ,N ]X STx:2Vi߃T#wϱ߽r-mfzCq׀`#KMNF I geĶ4>5N圶XOv%*QʆpJ5"]?muB4l.Q\!dcu4SJ~7'HlAWs>kd,b#S$^FCihx7MQD?ܵm`hhcNѢ.󞸡d5,E/ȄI (a]V_@l=U ;2Y{YH+VCʺy?p0$a) ury9cُO{}#0٢%wR@Xۃxh8JۇvE{ ӳ:w j^-Kʕ ]OYc9uZ~/ωqT5nY'ǵQ5^ln':֎M_ ^Iz5mOMѧv5bݐLŎ *WicP0 `{<~)O* 8zHŦJY9*[R*gD@Nԋp01}=-rT'`*/Ssi54di7[8zna/{!6f. @caf=l ::ZTRp+AV@'',Z}ʁ*,A|h}pOnv݌vDS=k~C-Z\ߙs]jdy2똣-U;yS$\UPī 3@zH.ê)׎3i/~P;}6(c,4e9-~H*QYv {9`'8NSPV@۔Ţ25n1/jw7I<9NEUvybpȿ?OKn` u%mC-^Dv^<,8{X' ў){K$+4n7q16%i> xI1FU/:GȪ7 C( j#ɦcNΆ>5RRoaQXv`,O_eOQKߓ׮jX, 곾.6䭲1{k6fW"Oۺ{(]plAG;*…D}ް$3kv=!QՔ@#I`9X!Gzޒ~)epB?SU59!BzcI,KgPzDK>R1B2Jءeq'- b+oR{XB5*4DJ4@ڿճwhҿ:uG~*/"ǒQn &:5>.cS*dYYUjo6q8PsˑئMlUL#kJ(7s -Qlڈ'LÈᐩtGKFY>`Я CG¶R_N: \wS {>d3v~wb|aW*^0zC6nǸl팃W/s. ۪B/m]/nuٿ<1BGhrjceyj/f;tvB|J6zrVp%PzRC’tVjodmUwqCSeoi…CKۙ>#MZb,g}\DE["oI`A;}pLۥ\8~Gk9ن-{Z/mʍ4bHTøi$t._49#ŰܕF5۷zci?L]U\(zwzÿs3[*^H=X$#F~O#K܋*^Tƒ'Cp:Bbc8/cNzU57`K){U:$D N1Zb+X]ƆS9}\Gyƶt(Nߒ}XUwe&31YR+UrQr],&[M1EZ-ƾ].Aw ru5=M֒ĖTca]1"% phBRH'E(qc=a~d?a![%V\#W@3D)n)yج1DpB$4["Ts]GDT3TMCvrnFXA:R셱"zueH,$#p}^mbSc!1 gp̚`KZ/>kN) m[l$4d3Ley륾%XPR[ >M*gzm/E>BD.[*9w@]&vRSy<0$s|ܺ)GQCrHgZR*p5vLJM//O :)2^_e` !J~h@1#8 KO̴`[LRޟ#78sk{h_H}e8ůo62Ge؊UlE 6ݰ,pT;iW3D&eP@I滼>G2QKtt@U15)P);ȶ^EZ:jw3?3x*Vڨ=NxANdn _f"db1y ~ MwcH6nyaH,.^/vC--\X"C!hUJQ UvzMf)_`&3 XUtQGZ.F2yl s8DcY)ɯnq_븖YX9# Gz sY# E'z$+yd#9c\d!xkr;T&P}(?wcaS!Ls[&t =R{QBݽTӁfYYz| X(Z=F a'G仌ڝ *_ !77F.&+wWSĂwX##%֣?!ל2 -˸w[ͳwc67#j%G(= Q3H0CpmE)0pH˧5z5T1Li !eqEwQoid |}&d?uokYNjM0%iZ\C^t?=x :G!T zn#vB"RYT)0wQ_D?3 S%!\֍__==rJ 胣fCHMՀä#Nx*7Ou˽B 27@ݩ>5Nžmdq [ӝl?k33 b[>:dqcF!ISTsi9{g|[sg"hHLjW@ Բִȕ\O60ǁpZwWMZ M>z1G%xy+EG GYzٚGt:iʛ?g!RALe7264I[s]ɥT2BCkT[RzـɹxEtYP)tt0M]&u]`|^Ø!/TNz(8]?R&EJ};1$ xB{<E_z(lߛ{yhPñ =o -So"#֋KT^H>2MGnLؗ@LԑI%T_X9|֧-Rc:{Q-O)X7a2ʾ+-\Yd+c`IX4^ Ɓ05P4bxtR*Ò͋{efa ڄW6riR6\^k:gy['~w&`%!8F(*Nb֩(Y95_L 6%=ľ@߮pu"|nw;L(6&kP2>oynxl;<BePxfs3[ {>o1Y.v(}ۃ\RDnX XqIcfhp}G$Ж0)|v0sL0{gKS爭+G[d%$`|vag,@!| <4g02xypOEE3 a)I-k抇I_ lrp`9O(b(+'Ι&4>Uyi*ţWq'krp?8J 0c;5.a{J`/Ѥ/-"- `,u7SF5G;g;uC NDe$V.` ՆO>!g;(`m%us&ZnZ~D AFX€r29Ur[Cm(9րNYz}ɧ1\GHq^{(BbL2{gi4Zp@"EH\4-]]WkRPl'@A& |:z ;Htx=!rYv> *P`Fivr~2Xbۮ4O{NpThJA5M#5v>ouI#,+G'K1{Ц?"wQMo#nX"Qn-},3ڊJ9IL.yMxM=a^:č&0 8_\-c ~WbpwVcqǹ3f+Ȝũڴ4Q_R:s#} >n`t4 Kڊ-ж'g#gBjPxopʫM6pQ +;0- w?P2TS^iPT%u]\lQdޗ^ɹk`0#ƏV:"dc!di1V;:.;rÐOW;<raZ^jqP _?0qɕw>`ЗQ>Ȃ%gWRb?uZ?`'}OӬ:Åvh l]L Bșz5B$m ętޛZoby+{` l2RV9 oP+ FZ3ϝfIp?(QqEeUnJ ޳=(b#PvtԱ5yb&FX4|ː C;Č9, w㞒wU?:p3J8f^e`h󾑃I8"(*8ja RG&vU:Y)'|,J{uiR.(gaf@?ζ %CB)nyrtEaRnS0֬TT˹_:1+܃ش21/_C/H&p I4hP8-),ޓ׸wgR!3 9#$;AWNc@f9+QAED %;=FeNkAс@ UbÈL<[/H T}5@{jP\댊Qػz–$,<.TR 6Nщ.>ȝ!& 2I–.Ty%̹2]<\Q$fDwxrAߕgX!i y"P$)O[P*ZL̍^DKPz%mC:as!u BUG5l&I!!h`zۑf\*ޢ]ksHP|i6).2;t1¬sjq)vǗ!;V`%4F7#kvUTVb,5R|3>H)&P.G%Wv*I ֛%1[ؿ0bJjPmrXZ:{yU}=P,d\]?nU$4>,@R lKRxy+BH*'W[k5ࣆhs 2C G@)IF5{[ oqr),k?Un#>$QSs:"aVr#oMJ=1pB5EŲ!#h [ JNJ5a_Uby-Lzvy-fUYz(AS=Š o@ ?yۤrzzf~|N5X$ z<L0MɲAٹ ;>B[vi%jHAO )_< mBYJd|)L۔.q]:By=ǂImWo{Աm99K&%3, FP' ֚^Ԩ@4 HQg$gyek D`i~™nn#% C`('7OevܘCH*W/#n8>ȕ:*ZDԌ# Ȑr41L;;KP=5wį7+QGY 2jHzt<9wyV5gf3¶3n&/e.e?.da ;9wS@mhi2jw.ka^:*\#8xn'2dҾ[%~7AWOGç񺔤lJ[-))C~}7"1:X82)9-2_օ$&+=c~<\ "f}jq3OF9Hw!'Iu Hg*YlֶY y1G#W0 tmv3aY("%úknIF#TVąV0Lrs>He}E p}k6B3Cj-p8Kǐ׾k'Ka]~0! #Vab=@d8b$hs]M`wlv) fFnj4φ&0a_ 4*FYiw#C?VE7Zdee4瘨'^-*yKȆ|!L,޵;{ےoq<ՏO3l)4MT)_!l4U@̭I_ub" ,,} s%ȷ3Tڌ]ɢt- M4פ e#LY&D` :&L]k{hSMy /k~k~ 't/iDbf7Ql,?` +ns*A#ǹC  \iۥ뛒;"[r=&T ?Į>5+?q@&S[jt)]w:<ᨿHsbV^"l.9vh%Փ@THz+W<71n|j.|So62Uz#L$Qr_8/g_]+FE]3bL &tn_/LSe"&#"w6֐fd)<}-X<~x"Ra:L+%TփEt" ب'5@٪+6ufiΈTو_r 6ᄉ7TkqiEє USe EIT4y PʮMb#JhgmR $"E*nojƺ>Nhx͝Z<+{& JrO]Pbd=WEsf)f[^CjoϢH9׎ϸBqԶzCw?\un+TbC^R/'d`}0`7VuFP<ⓦw ۳Rnop]? #6r?Ȃ,,ݣ1 ؄9Q{:u϶ں1KmYka-'?h0 %/gjh;# A:?MT|~J뎧YdeaVIq~wKQ 2:Z qud0Li~Q><:m#B@ "CgrԻc xN}jaynYe'-qo 6?%BqȰ{!> <~:PYSO*H$E]+[17N\s.Bjy:Ij\~LM1W;x3] GCDJH4nZb)EuH=T4?C1j9{”5 0:F3G,8Tqǣ 8hѡ#it2+)Lj^dS= ,R,MN3'r']q3*#,qDo~Uܞk㎥`}(^%N햾-o1=JrdvS~Ď4e7|*igP&1.q@?2Gt>/!һτrmMA؅߷Ӣß!$ڽVw/4SFr^LF^4yǫ'Ù0ؔ1 e9Lz]vi"MHgX-{rÚD*&:@ڊW^K5(J__e `3i‹{8 -'Bާw*v*)XĂs2L5;@D[' FL,P41c.. h Bu䏵B.k][>ۧ9\ >cGfգn.b7_V`=SǖFɝG qw՝yVFE!H)Gur"(dm xLvX? qy8=בܻdM/g_O( n:(ˠݣjl{$%{O@R#sQ˄kA2MQg_d]G5A TW/& PTSsz>#Ш>^ٛD.åxsXVהi:H R&iQ 4;lsS+JQ/dKVkjq:RLSeR:%};}Tŏ6j5ev88ފ^4lPEARvW F2Yn7)W?{me5i 7u7oe׃3)wS@@6Ԙ?7m0A/+[H ^zhc`Ѓo u[1R>= {E,/h=:k:5!SOs.y+} N3U5v@,;4zL?upz5ǐzi*$UrÑPRNh{ vjt"l4>vdzM`?9'6cYTi! FyX@hIzVof5K'$@ɝ5,U|0n:$>QG܇ۆz"Ybx8/j/BB:{URR&)9#1Tn^J YhR9>*2`~)}m3o8C]F#yXTd ۧu.HT{{zUIr`2Q?,\>x -c@'CJ)PbWb*$tQ-uSPKXk҄S8tH'[ Ov\wu0NۣUNRD zXFO{r5cR"aiQ 7Re ڎNp؟Z`&TF?#3zF[oRGမ >/wSyG.hbBGmб7=gDpilcn$<+zz7%kvpQ.^Ș)͠jĂ 2{=Tk5F{Z)ng,\"sKr#L&JZ@ @p2=yP!K{Me%jOZ<*{7I,00sԂ\Xy_l HxXPD9ڨFGuYe0-PiN2 nvOSjgγa9L\j!fX04:ewQNPRAU)G5 |IsT5Evwn(h;3ZY$[WdJͰ.f],F~^29+K#w^[G\B6bT.[1r`# QvX{=dl+Ewg ҨǾl4wEV^/`A>Z'3ˮ2 /dUIJm'Z4Ԍ!w7WfTB Bt0g ;2,Wޓc%O77t5UUtj 0R65%*s%jɹFz&VgZO/ů0x$*F!Q gh|_}>&]ORNrrHDuCTJ>#,"gy-o_飔Usr$ҵv:RdK1pMMxTgv^X~CAew:'NL7+_?RQנ]Qv P%%dC9n\TUpb| ˿D\󫐆JZ={1Aw !»i:#]ћ\He=ղ}U7Sd2IkPW84vdvDU G<3gՏ) `,}]53VֆǮ`Xp^4.yeGYjyLH0Wa_l 7ufTai`txpAo@_L.Sgqf_qF!Inr -R 4Y猄\|3ԁ\6pH6PL,:y{_dB˒NA2f]P;R 9]FYಧjN-[&5c_&NM/1cx"'åW/ CN 0_#V}dDtE!fh۵p_ qaźLc&R32I$D6d1) 犼kYz_bn̛Ps˳hnbb"K0l2;E1'Wp.f[p!0 4poϞĈw hiޖr(]ۉu"mctx#?55}-T?w@4Sk9?^Z;>@^E!_:^5[kBҋ==M3.'h1R=efՁzONaP5};oz :$M>5,9a5 <XGZ#\d\n~Դw-RÎl_,ЖRVʏc6_eܣL+6jpO^kAVFZO#L^+Q2j_ x* OL_ FrsN_@; 4jPAcs!4- :}K njˈ{}2"]9g$^*op5/wZ]|x } 1VIK o'/W$bӢ5b@x+nTîjޥrYzJA|Z! QJH툵y'E7Da܂A}2ZRCНp@)%)xH.hh@Y-|/Ȍ(fqjFD0edh' ! &Q򦲅.eL @(p8bZGB!#]Rc2%.[~=T7 7mLT{WSOF]boe@:f7-jLl#]g🾚BhYm3QIyHʚw^ϟj<3 XM;|h\qw %_> Dܩ\#P< -.G M+ܫF^ OH>wbd#yw[d Q$j/]`e0_D~1ny˽{35zJR@3pF '٫4R+5;WIjd(ڽk%ⴤy=\UC!{*t.\7\`^W{_1.E;կƻ:ć%'˓^7w +zY˻k{ :Nn=B?\kdUn@&"k`X|FXFR<5=[Br[Ka% 1Z .nSیŤlN/HЅIcFP f2z+sNcxbz-2>&3TzE>(SM:E>+Lz{,5F wOLl]Щ+B` o*K=-Mj+.󯪖hRo E6|Ӡ@v V* Z*xg!URty'o3R;0/0t}h=EńWWi, ]۬c{RSFb]6+Tϋu*$wðd(NL ա:CV{؞$TH衧~Py56_IӒ 9êF tPXBҜDeG~3g-yu , Sh府FSKۢR6\m+MWyEyX$?c`G8֤,?B8VB $*5fĄԬ9g2a0C ,D"JBd~EPwhC(C6뜬PN.6@83:xde ~3zmX!d8f4fAJ#!?n`hp:LYep..P!66,̪c ?ޜUJ&1$"&%HZَn$Vt c 8H¤7Rl[f#e`J'ԫA$khS:ֶ`oI!fܤ?]Ե y+_$l:Gحo- 59 J,ٗƯ{~N}穛Ʊ!]D Tp4 ր3U-*٬ͭWpksk=u' Ny,v4 H)(9rtA`oL|`Ԛ.Gr_:5W9 tOD XB9-hB!<$]!ikoHYN=C?e%lGZy uRoږ̔\zʒ<'hruh hެn`;Gz7J_\>~>?| ̓#b%9hV y5Hi}2(6瀩9:cx+1TKJ_c!B 3N 2aI!|-s+s,f⇕~# Ju 2jvw&bU{퉛Rv# nuΛ&=}H0qש (qZ]0d]RZ |#StɁEbFPhwzC2KW'őxO۝ M1њ:#l@HjZոߴl,ho/3);w.[Uu\KzQ? m$_o(:=hĕ hNE??;)yo&NLZ7?f#Cw3 ^KKC;Diݵ͉Ԇ6Z0е L8(773m7׵ aY|t\XZ<;fe,JcS2BrocKđ^IiuZ2<ZLOG8^1ZOa!NHجH4}rv@/"DFͥ~aϵP0-~wGy@{k, x+]r au۪Pcgq\޹c5N`8(|%Kv-B( hʡRM45;E7,~mtƆ3h]+ke\=:䤂]e؆֎(~R@aMwO bTDHio1gŅY&m}9=m[1kʒW.jzYN4M^U:|鴺#N}^p{"*b;0[*GEҹ}0G2|SJ\stpCԴK_2PѦ6߲U=|c 3I,Bov j^r!f'LOJ`)p]z2)>+(e;:1u!szF8w-(dBtsL7x=wFp }=s~dT5Y<a,sɓpRt%8 U@D#26J߆G9- &qhvBAzL&{5ƽOzU\f׸t+^ PӎjPRjcOI$MFf'{\͑<0<œ UniW tL? I*Ktd3QM HUz:QF!~'ieDsJTԡ8R0&@>B7  %Cs6=䗊fxfe`qLD.AA l㧏. (o!<_(yFVT A,wuGBw< !mڟ2-ٴ9SPh^k1W~FLj;n˵v T|Ab:;hPdb@ X^J.1Ҝg-JzۭfxɩC!-qsdksCB_t<*m2+LHIKfۛS_QVt>ٸ&-iD_Uy؆tU;CX$~]1o^)^ڼ7&*F/]W4fi2.as׽K%]Ëm 2@v 6Ai)VCڪ M^`β!gG@Η{BT' R0P<ܫ+jaqW,Su0X,rdG:Dn ցHsoNzѹM?qd`6!exm4:q=%=%[ X7Š!>3hl17 n9\@|.QjEg Pks[2 /0.y &F$l=y̛>o`Q~]T, ՑXpUG#)]x N@ <]6Op_*ah ˒>0ye0,M: "L%6ZQ?&W_e;~wx5kd J՞ܯg]bJtޠTnG'W~+ + yg1 EYN.jѵ T2SŚfsk҃_zΗ2TΞ !3s~Ʋ%a+N7 W:@VH+O^1Ch1@Ʀ ]S A5V-sY6tD6,M(!PZ"rh`T%`p CӸ GGK,w3F'?82_HdeJ@ q^ѧvI?mzG?acU)˭{"!W/\!iEXbXB&XRN)ȳ﫨gGA  ^U XbB<}ZIӧ@L Q[SvTXf|\ >\.j6 ~l{1Σ`BWAIe8CyLAWvGu?.|Bl:^A,Tl #'י`NϽv|T0i$tVT̻6C1IG&)^@ K{aH|A~G(cT% kJ{PGï2qR@ jmo ÁE4Z࿟،zt6GZ_m6 ~# A&zhbRZzU:z :5J30z-$&Z'd`7ۯܗ\{Jw6)1W'p+p4t{ QSo1937p^J&zbߏt꯭Y}|:Wz Dle~FrT| "W|ǼLX.&_X$A\ /UlWgNHȅ0}TNKqP {lO[&tDmQIӲl^a5:fml n{ va4׳vqt4}e~u,C%=:-`Q= V&΃~z| -_{viޣ{ql)5} lRL"bzD7Q ]]@ cނ* ]֧)Wj5,Zr0h3_̾q:(SFc,Qƈt8'+Sނ$0M''_{Ð7ը$ aS*fjxOZzM} ;}fsщ[=l"R4t zQGn:ID_)JB@`Fc SH.l;*JF0c-e<@/xLc f_^Yޜ-u 9I46HS9Yo4K_er 8=X$l+F-{mX6Og%-0;$,fj?AE=9X>\bY$Vd#Λ5q _1f,zQ:Q[wlV!*P߇{Z;bĕN[(G=F˽+^vMZ\n[W $`+-kԺ8|TPaE<(;TuWՏβQe}opGrs{ oߣ>ȥ ʒ"'W]يg{;La`yғМ CݷYe:lڞÆFVܚ# (ZmQϟWfETl5z KT|k3=pؗ_$mGl   <+[  R,CLO:/')}l<~vM{TcZ2Qg Q}'<>6KAK[|X@SLM@:DKYzFmEg *0tGUm n߲݅|e%?z0Ѩ0}Jb7U#'ę{rkuN}@: + MJk|Qo8K4G)1ȑFz\ŗ"SNlnS3.{_ ƉJu*6Hu:˒4;Ǔ  *`h>W9 c#*inb_#6X:A?0X枢V`*Ht4 `}˻Nlp]> CNnѬrovZk-ej;XJKͫ䣓 n0h /Ó"Öآ=kQ \]aZ> iY6!`AHRr Z\oCc&>l{q%BエX2Mt+PJ&QyCs#,3Q,ccO~,?F0 ȨRT պGX= S B2Q?l[scX͇=Zl+O~o:[+34bkiFvR eq0[{-1޺ x&Xݖ'nfʭ7?[,t )YE_Vo ;W2r|}6;&shV-T`_MJ=^9*NJlv)̓vXb ~6rB͑sݽ$iӤ=L=)7c aZh&&mMAyHR3a b%Y$,blep نlòņ`%jlU잺;pYscP'/Y\U|Fi~<c=з4E cZr3kLs-m_p2&'aS|)::ⴚ>aP0B>DF(| cNPt_,ەDnIt S}+%%iHh2_D"e^F9]q聽fR@\5XXA>5)Gk\lJr]O WzsWDc>0P#X_x4T[ ,t#TmYeh7?nn=l)iM,Η^8nȴX0'p9d15Ȫ2#5; Zg੐&CV8 ˁp~iưMF}Đ8MtpΧܳ⸍+SJE9p`]{ʰ?u} x''7Ly$Z{NhS AUoV U^P@BpbOJirWgjĠTָ>"~wņTʮɼī>-EHH*h6I|WAs3 fFG*Zcnފ'V@RJۣ/38jV@NB hK)u?hx}D٠â\[=A7,ƥX;E#i~ʪ 1\lolԇUjarQĎ &]S /NfL@:r#9d~ ~B+༹Nf"EvM5ofj儳Zڞ6=МAG`Y;yBZ֬kFy180nug¡dBU պvDlɷ'#¨0ՓwP&jG4NQdkO9"J-f#wϝjQ..A+IOފ=}Dod6; ̜?q̯Upp( }?r `jHg}k|RBaI} a$6Ň۹+U#VpfUeݿ^ ˔SF)!%T.}^EFd6t,yEkP .Zy5R M$6(K퍮1gV38_#&mlԯ5wDSt`"3c_GpN6摰4?ɐI?oj.zR8 \MC]/\Fg㫂HW}sߺeM+^x 3|&c0sGNRD4~}Ę7Wl I!_ :O ^ΣF@# =Q[rKTZbɹ3YTbkb,`IƇ tfj(_fvqިx-?0@ŢCc".6n8/щBw!5`{+=HTgC_`vǟz@OTRW`uqL8<cV Mػt=yI?xUx {BvAiOO|i{ʿ]|I 6=&ylBDgIr4'+oqċodRlȩ'8T%P]W=Y!xJGyҞt] !!ט/g-HHX&pht uNgњ6vp5}WaeHۚ"Vwg: ~(ͤJ#n @Y9'rTeIAсat#{ Ȼp i kEW3==[nN(C87l9wQHtaKy v6Nodd<$p &ߒLI '=7vg@\HjX e{KU:Ah )lOd`UԜ@:J+.=|͝C0 g 8ՍG!wQhʹx˒{'y͟LC,`?©,Ow8 /E `9\ ̴wPB-25mmIW(R%wJRv쩂Mv~# kSGMUWJuFzu_0ĵ09/d\{ j`F=bH8Js`1,,k jޜs0&g p8<|V? G)3=pʮ$ӳ8U*t"vqg@!ʼnXt٭7lQ kUwLŒ ٬o/An̵f 4 FqɉD4#[mu;ȠP&w켶Al{-Kjу5 N_'yh%D^)"Ga mM 0Y s,xf#su4^wsQ7"qS_8Dm|bu 4/Rq)-4#ǭ_(n9.HwlE ) @U99dUtҪ Qr~I4fXc<.,CA=(!*n"ŏ >oף(7?sb^K09c d25#.6Ɠ͙IgL=(v|vWH;CX,\F"3sJڒ_[Q$!hmd `t*2U5q~h^\EB 1 p͠F˱nٜ<2iI*0}څɨ]`"YӥTM[>2پ~ӟ օ?)e4p)_.kʓ0X*#% 9~r:EA^6U?Wwp?<6;y.G^LI#<5MuR9{Q@ @ ;16+쉛gTJB˷R* g4ibِz}2>b6F5n4R҄ KV{4h  ZT?1FNM=Xt8hb'XoV{2*7^Z;;`[]ds{ucHwӞ*=H(ʝWE'Xf( *qFN[$ZTd K؈GO {ߠzcF{s&MG] I,;iOTjW讏/δ|odֵyl 8@uo6 r6r>@r eűf ۲mPvoGd/XC %xkU aG`nu^N{:X]1hS.y-*.F\ ݃ߎ,b4@ZK)f&ac_FeVvߵA)Vw^'Mhĥ|9yf%߀U媋6A0 b攽>C~Ck7%fI"`c虨aQ$i93LJՆ> huK_>@<݋cZ6ɱW(M_Z--gDR#M|/DNB@GɁ2喿 H̡3(Ҕ$¤q~zNjcl`kLu!5.Ğlm>%D ɿwbj 0|{©!NPܑ3j)u~] A) Ӛיk MՊ{͘Ay^z*`'(ӱNݣ[޴=ݰjk[K n!poIXloVAq6}sk( gpM*p.iz?AV[W67&< QNe20?n57WD-=n,OK//+/K Y6'YPƯƋF6׼ R9k]~i\-aփh&9r囒"l(| NG~:]Fb\RJ&u `3sX5"PVF/q1M-jz1加Wp.zft= E؃0o{K|I#^ ]hr`ŽO1ףCJTVtxJ5A&=ZuBԮ,`:(Yhr(W-sGտIB)\)qWΗ@k,b_1N T/g2Wh:|Ҕo ?FYbNqhvY,vST UdbZ h,B)蓭fdsF|B|qx3(oNNAѸlč؍׭I.p.*U~{vX"X&Gyp;nӔ!kg\SfODyPZh߇ϳ':4 Lw8qG-O-pY)<\H} ԚȓtsH~ MEH?Rr&VPQT$3uXL !.-9b?NI^ښ!o;Ԕko+@Ie\޺wa*""R  ?a{c`r/ DDyLNɐ|4jC7&h/wy2goyZ*Ah'?xQmz0:/OPLtƊIjg?eg$LIjh d$峽ե"sZ(6 C$D4R9۟&[U5E8Yv ,0qgie~fdf#]zǀa "*M@uPaoAFϭXAM3=ϒJpt6z{pZjѧ#ԤL o0zPO_m|{5JoA#m$j0Oj6Ė;ϛڋ\`4S5,{ѺXC|8R% fc!*suKDvX(ն@#E/^KƤ9v%HR+H yl$Sr$ck8s_&zpJm!NOY;l˱q@4pK9~Kfo%1(4$Ԓ61Iy 24< V)HNp,U/͞Ar0_A>i7J~GSEɣ}(ldFQ_ t }^WbU ZCQ0Ƙu[V*{ G~[PODt#XQ8-zn{!TXd>CFuϹQ!ScWH&)":2 z* $m^cfK{U iئnkE]&6d1B{ `ޢs9H 9og Hy|@c6~ݯ)ˆ\xDnFs{ #;yˡt:}!zˎp% R0,jLl$ŗH8$bg]Fg%zGZTY,n ILޘ1FDLxz J{ ˵~ZPLH_RmnKjO\#`nɗ0A8s"OLq T'Ԋ bp/.J$Ǵ]>͹`)p(iǣ| lJٯCu >i߰w3/?87Ŷۛ6=yDN:ҕ LZHYL:A-wdsv[V2؈y}ai6|g\㍁S-w}MF/>gTm1td9_N,"qߤ zHlXGk}&d&IW@O͟/WO6O!%ՠ_[S)s_1¥2o槮-TiiQ\?R9ӘE>T MI4nTβ5rARrͅŲ#kf >C.hdA/*26$'7i|T9k&A_En,W}BؑZmWtȔLqRta@ iV߰a Xv9=Phu ٤ER'OD9Tw˫zc@pҝ,.rnb™ " N=vUE[Ouf|X#2o,m_ Lf=KeȊCI4IMV~44kTLWO? 4v`3)&ZۏGfV=p飙ʋK|VZ#\B{oheAxL~DH}1Eʴ!88MܗHX+`晛iuc$)X&p$ԶɛY7"O (tqJ$a*31$}ȨmDB+/kz!hd_xWectԸC}輢?Pr7k1kU h{QF(n:Nlg?3L*$ YnXa2c&8 t1<$)iD8, BH%=BfF7.g6W(QQxzV9/n|C?k겋ޘ<1 K0ь.kwm4FCo2Ph?Rn>򒤯R{0p'Dޏfc o]M!‹)CD.e5y)@7ػSr:8Q ZFɛ$KDGkqEVMg[%I/+'ކ"Az&߰zoezV$cۤ[Ab+l|&IT!`iZMe*HQͬj&٤$2姄yne].R(†4l(}|39TE١eE%;T~7!(䅕8eruSDHC<FOE2oi qY9H-^/"ɵkz^AѩέT3LS ˶UFǴl:MW%aFKYy:Δ㍬q[ Gԙ^cW"G"1i ^ :W[#^FGG^\2Ž18kɜs 9|I?Vefy3d>5B}ʊ}vwblgRMb~%E"&>~ by`#}DGσ.x:f ECcHk.NV7vJlu7H=w<D-.#lm M"bWy]%nn5xo2˅'U&=a5Ę"r~ mȘ@cv:z;wT=\ UxCߑoO, rto%"3D)++<@r@Da*jݥ}ci1*{!9:TPAY d63L_WGN.K}o,&{J:?3T* B~5_]?>p{4vݾ;x\~pY&쨚cG 1l9ΜfA>i{MfГr, e lzErepCsY~7)_n+V<i!M3|A05:?&6ЩkR69IPZ(p!RNk.7U|I|7 ^g!ڑGU 8UF%f9,X^5UFbSX lv^̗z>UQ(,l[~{usiU~f Z=[7Sه RGRJ|6 u1C#U (8*(k~o DoI:zw iPA(vcO" |Kڧa6WZElFg؊G52 ŒMs+u/$DG=۟i!@&s 5@cDtBy,P?gS\8\((t\@!L?kq_BsDU1C]T"ȓ7hx@-`%|zM0r7+T3g)AZ>6_ e]W2 Jk{(~Cr1s {UcXpLh\6R= @| zcs|y8 AT_ CƷ&8`֧k$s*M8[v`y&_`SIWx}"6))ҺV"o&l[Bn8<7gӔNPkkAUY*'MA`^H-`{ζP~DpN- G8C_CF}@4=ѵsB)Սب yAL޵z#1hpSwc!1,x"-ʼnQvaaJ ^\Da 6ɃRbm y=d16PD7X\hCz!7\K"I<-oC Y3qDO%-g2:ź)mHKrnNBZ80,O]+鯅=\'0Z վKt4fu3ҟB7 Q5_|,ZfUTrDH1RJMBNu=šeݥ'C&ԑԺ=$sfu5KQ@5&u>ͱ2d*ŃRYJ&wqG}-nӶJ0Z²@&_~)Dؕ&~^-޺r5oM4އx$t0i ߏF3WYk>=%ZNL Q/QYOI)7 ;(+":HPtBJy8]@%rSY~{}lYB6 .fgs6%E&ۨT.h,, JBF!렫vaUsM/}|Έ P8( ww '`Z,hd|ۂ^cSrlKsi8GX겿k;}荸x1PF?Jo[lēщD )K˭ui%uq{y5r; $qlTYDE (YR&d%lfkB=l] ̓5k[e3'5.bh4T!?@E&P׵n$S/,P\^lߍIS>j :mMcb @߭L8&#Dsw'|٠J)1|v﷔Oilڇk`^O,+OCv$TR+t5 ^6;X$ᇫ]% LQXo8x"VF[)Ĭ W;ykK=Z ,l\AuW}9u5S'>x$UCţTLo~{WPeLpm1Dy0섀Qٰ#!~+~b]g6ׁ{ ZғMRֈl ybmJ%lvҏIV|$ o(c,[.[gN6G\l%%J y~UBX!@y60Yض0ÎWsGLRQHiOhW3mcO <V%3?LbY ԏ=EY(b]xo9Iæe4&آ.(-&z",`[;b9s3h(PǴ|Gt1VTy/Q׮Y Qh¨Ji"  WcԐT|WQ| ZyJVAR9=W}92TvZ3v1j m1+eȕ)K;Cx즙3;ZݝX|X)tf]r-,6+L=E8H77&U #Q.&R`KȪzDjX8@Dhqֱ#z"af޻m <6΢Vd]W :-;0s,Ms砲 s^AЖd`*LKQEM7!)t&EIͨQ#?~#+Mo k7f|I ?ǟ8Pa崧 x}5TF"Ly׺$8aN%l:meU$Фw}8۠h`W1W9.Yt9ij/iMHZl=U$e..zġwhipiQ/-`6 yȭ=0(.u(5[R>fm[J-6TxQrͨQSnдC, `:iTmC0ׅDŽ+*uuKPP\W0קA(oLjS--),SHlVHÔg #J֎$G؂wn++m_K& U- ]:ٮ`GBr*,$*UY_Pܧx=Btԛ ,Q*t[L+:|u[nG~$y%:Ϧw Ql^u'Sxw V.$qDEI-H!uvp !s:{l Ñp~ ^V:R MBy dSRSCgHխ,SZlcZPbk|ay9Yj2 nR0F)˯"1P,*D䠽>t=8rDj+d0%_U$)Qֹxl_81ڌ: NmbwniXE::Z@x$+#rA\ķ D.ج`eB/c(;Js,>Ҹ%@H+ (`yɍ[ƾi՞5{VհND)A B*hm(51<{Z2T X(nBEB[1c0&‡P£ȺءDmȼ`gR²Q4׹'!B0ދť峿 NvI^`Sd },ch5kjUU3㖺r(yZ}RwuGMZ0p % e;%hOd2chŵ>Vsf bDi>LŠC1kL =T O[G"Ai$Ju}Zlu$y^c"5O㤦n ϬgGjȁw\1ktEКۢD nb(|!CYb&!\,ZGVg -m{WtqbraʁTr35 Clc nH]ZQC"J//bHۭp~kafJԕErfE mZϭxesJU$T Ju݊F*?ILXf`B<[K:aR3~X|6HF(8)ԧߩni"곫\ȟkUu XshU߆}e;J:%ܖI} ~bz<|"o"F ?%<^2Ծ;!I(,!hH<)Dҍ 3~E{=ow(`26'V_ۏ@zޕF԰M4c-$KI ˧ ZkRrŨiA Fpa?- ؔh:Y{6䋎? ] hRsv?C Ix~5sPcFoN!.u-jnw8*9  7-;znPF75}99:x,^eF6yӁ2||2aKTgZ`KQ}exk1N"q%pާQ=u6ZkMP N=[I5 3cE{i$_<&Xyȭ[ YАR]WSD9 KQ_TxKglꙫ/V7_fwcɌY娐]}Q%3UzbWo/SiA| "sUpx {h6M{ࣅurCAuU W?IF>>ϠGUAɳZ+8e٬TqO5$|UZ&NH4\]4`ݒ~,loG ?_8-DrhaK#AEۯ<}b7*_9`gK cY5D_eMG: B[LW_0짒>Iҥaʐ%M?ÚRė\-RC-<`?:9I% i7<8)3l`jSRUk!*}jC)C8snkσKk 32eu څ8->-j>o`2: ŵǥQjԦz-[C`MǰT<T]%Q>G^kJUJu}o}ѫ+m0F:p`nFA $xƊ4Wo&b :k^OIH6Gd,LUB'QG]p`chVM1%g/30Awa,2OwsfHyVGǜgAko|2>Q%QD {.mo(b`qD-Rh^6p4dt5WFO歯Gb-857hflz&OX@5(Rm}tr)D zDN/MW}ߒ~QګC ,!Zދhj GnjɬF,+ lco.I@D]IsF"S1*]7-?4-~SR"3t8qp4iL'@^B+|ȕjMIGᷜk0*v6RrOiԅ?}/:{ CBK@~!W4k xwޒh殢b`hSi*T~W_ @3ع{lKi[9\}6c4E 5E˲n4N>ץzf׋C-VeX[8"kO _M_/,\g,| =8Rne &{\ɂG~xH7XLaQ4A)fyY;t};|0f W[ &UI(z-Mӳݰs m3YeSW-I״ծU$z!eYX|\L,c%rDSLaDQYzҔ@_#?J 3cfXzX$GXcyh\{5^6",r5Fƹ8ڷ2t,EE C801+ D ma"aex!y]dGjܙjF|_nQV#$;wA-k&g  dcoOs芑P9'^̰e b|aM`d:k:,4Ey.rqR' QOS6xP7qOA6(iK9j\J%JBݯ돳 Y^5qzRǀU/!y EKxڡgIm|Dijj!y1wf z0F[9U2lop=1HYU[;>>ZzT%yC7e{Rr&\,J?F}ZxB,~yDRQl{/2@"[pj9WFZyM rO:PowEObjM;d3l&r@R$TAJK5MJKf/8 iMH!بwnM4K5^Pz~EV \ݝ3H2>b xP5.n^-Ye{mT!rv)NÒ.gYgstG x#WhUAofXqI}XMF›mJYnb x[T<hf6EʱCdrTUyӔ*iC=-#*yUẍ́2Hy8f!` '׫ErvECvYjτ;<%6?:~ʴ&V /ĶcH˦k::aޖrMzjӍN85v_-ǥI "sK%,s}e[`(wlVxb(;)FͿ=  ګKxf髎#!MJ/%0VF(!z4 âmas ́`K@@!~g9"ﭿ|VUJ$\ɨ6cŠW-hǿqp7%ZAc'qle˭XQ H jS84 ' |zQ :$JS(A)'gVX q[s CnPBi-F;2V@K=|gp&hie0-ESѿ4ʮg swk&Z~2DaŨ$\ws7PAG?[oN&%J!^do+^ZĽDzc' K}03 [Q5rb/dߞ7 Fjkj^$?\kqlm_g`gO< J\R9vSieۀ6(G%Ty`*E_[rѪZMM ˸!FދY^0BlYW-\N!upB>4@Q>ӛȅP+088< n \Y0; ;xg7Ͻr6Lq͏èܪbE~^y Nj:>A{974[.&)9ɳt:ڷ0Fu?|ǖ =ad[bHꔝcPH䍓ҹ%.A$x"z5Xp|_]qD[.X޸&٬?ṋ[kI=A5]zZyRYpU=$C)Qq|`obbd 2Y} i(jxmHl_diy! є(C~~mloL1P~"oR=ڍ*M=[y1)הDaHmn}xDU0 Ehr^L(yv1!K*+#KȎV~ "&$R]G lK| y dJ7JLW1=|Jix+E%ca I2YR9XoNSa>f0hu㢆GZgPFO@?֝Vo] zsMVO9,Om&qĄc,C L<,qz (0n.&uB!$}TF* *D={E'&'4;m+C̡|ƅ`jNWy2KXI@Co>^{YdmTͻ8![@*Vtc;@#mz^͆#Cq7@%k@j+חf,%4Oߖ1U֔9ttt萿M6RYQ&J%^Ec! IJlx0sA]PZw*cKO# m !%uXQB<}gƽnymA1Fp)Ik`;f9ʾ@QžlQHY,slkFu+q!꧅Pp3O3>BHE*EKą op>_,'d!i][O33*42f-VZCx/B*gy/bh}k ;@I!9PtMpֲ7kpCB-AyvMR0{qaR?T$_Sl:z{]}qcy[GƑ Pȸ {d;TƲhPGΓtB{S_ X.,?juIa;,O0i7>6b*1`{0 C5 i]vԢٷ\5=#S! ;s%;Z5ޱrfԭI%.p(K6::}T@ߋ%#,w\Ĝxyχl2*,K4-+[yG|llY-ocsg&lDu2KX.Q]V-`a!:2)U2Nt,4A";A*Ą3aJeLN&.YK0kÞ'x4?aTcfxS;VH6:"鵙jGIxZ; +P"UH֦(iH]DMۦpL,D`GP֑\m')10MIfd_h֧ eK* RV n%7~O"*Fw5m E@)aN~+*Ϥ v/͑3% O8 QW]EMȃă|nCf+QO:ܐIgANykr,!ӢSē CL_ )~E6{zHVh37xDuB.Xr_U|k0iψ(zX],(!l] bfqKxĖѷr%Dku3šayT!U8U%e8fnf$e`͹hhǒ\i̴@jy~[$?ǟ'iDXvej19~!_;ñ _7Fc<ԝ+@C#|;0N3l`WRk#wH:b7ydWͅoWn'Z߀*WMK 0ܿ Pia"Z`2O5{غw b&6vPs-qB\e:Kɉt#èD:1%;ezK˿eIW[||ޗ5o£a@xU*.Aibo.w|Hoyu򥦂^%cFG)@rEJۣyL‹y!M yDԻ.n', Ꮪu2ׄ" !JMF#ɘ'~'Hc\YSК;Z^Ǧ5{6Y<5es80-Yt&_fyo2Kbf<<ƫOP~҃n#|booR0M` LIZjc}?HrR|^5Oq(;3Ι?MR7/.%UStwa=- Aꙮ6o]^vəpF5/[MucT|@bSwZp%F|~#D_jd׆ q&DxBwQZ$v{؜k r"\jDnv0žB)ۥުݜU>im{v͵o )s}?QdGkL[5tr?GBK37I(=եE`\a;بj:Si;S_BKl)mNGdfcxV=RZ(^%?йk^?Sg>:1}"2dgqԌ&vz>SF%ہhe{&\g+ѩMXfBI 3d6e,_5/^Xy=+$d@ʡ })1'}|r抁K.-}9Mg!͠pW*wS ~8QA3)6L[q+kSnJ$Si-#'n\aHq_/oCOCٞdcTRشf.xnl-KQ=~iS <ٗ+C*ےo 2ity9)fKv=5L%4x"[.b;`0 ר:M*暒^8W1b%A_ϷQ:l:=6rP)[?m&N$הּ51")&/Bf x)!u^DSrTHf>-$\Zy_OHK3ҤPM-HSO%Go$h-=}~́-2^¯G{n <<@+~Y[erYi6>b=*k[r& [)\f},;Yy'Wc7`GeU W0R-ڳv]EvV[)-_Ñq1C}I-Ź#0,49V:VWqpjzzh0T/]s.RpkT blʸ/|%o:\Y~&qAF j zo(v0c *-OL`ާl)W;":xnܔr=EB[dȰUH)V|bw㖁vd"[.sFS^"N',E$龻 }uA{.F#kb%5|`@iv2zJ}_ bm}OW7b `~]vK|H3#W}A6iǘápK8 R +GZ]E|HM`a;td)] o<6./AI!{Gk?eŪSYsU[6I61Mت^\Q,SwD!H=V>Juidb+!`ͱ"诚ݛ?\=|+"O ҈n^C?EJz%0ku :ɓOmio!]L@; gZ=6"/<6-LDHvQ^봰ؒT Ec@@>R_1ΛA »cJUH#YA֦+\)ѤfG$wGOKrJ2f0rkٓa4vY|Xl!qrOq9qwWw5680wI% G=o!Pf?w?q'dbszJKim`n-+Rr]ꫮ31\K+Qhh @hM]oJ*w\XPw9ZBF(A a9XVw#%p!Tл?EJT$` D3;"{oB[芨P/چԆX[v_ڶCglg!LyoB 'VTavJkx98 *bW8WHF /~|@ڲΠU`=0`ph":qifU'~ ]Pܗh=l1FfPeVvkZ'vUnZJa! jaթg~!ehˎN^? ^+9=[ڒP8Nf!u6\u:]]AMh܀$xVn%?),Xf"D[(1l|y@E0d.&U> 6ۚ :Lz@Sb.#Ł{DE%hRQ,2W?xϳ}Bb_h&>}#C#Ϊf"WWpw.n󵛈L$A} 3ή$hFAH.wACєX wABɕnTXz ,ojYCnH'l'zr-MxM&+}-}3_k7LP@f-yL 9~/'\(k!Gњ =MT *Hg^=5RO$'XY)_ +b+{P+KpV>/~:~$xB}Y ='0o>pG 1m+E5 @ S9'9BMO8h׶#Oo$T7$ZDYi? <]A\V]zGQZഠ }WwyRۺ؞!(6,qko1( A,ȤaBVEA p>`Xߖ? Oz#Ff.Ÿr0,y.Ґk}&e8,em^9]eF *0 kz昀|ś7nE04Reӫ,kC^CɊV[(Z.h \!l @M0pIOcplwA03+yd :L9GP!D u箙|6#5fQ,U.#Bݠ?~P **RzctM12_D(H&q^z:C iJ,6UE8r2<4'QiG R; sw[Let@Ͳx0LF¦&"ɘ$d(]\t{c[7 g.dY ɺ4 ̃(_&bIG;C@danisr\Q0$M BW1hFzBJ?;gꎕ@jGLZݖK%|VIy`^*Sa_w._n)'fҜþpVہRnO|Y>N;TTKBG1i>5-<2[ϞY7^Ojb 7v03D|sJ1<58Z҅OuL];1&=[Fk;H$0˕\RRfGMsL!*n}Go ;Kn.-6b{h_=TG-p*))2% _Rr{+dDzs^j-hdmstVs;PleƟG2yppp%)_BC,;Pw~qEgI<6n'.%b^Yn:NuoXhJSi(a*3ÝstH ʣSǪ@@*VٽPAHOݡ$o dK|V]P*?7ӗq٤-EhL_ʠH8VPMG`vlҞzP|;o-bKď/aS51dk{G7&/}J_ڵX2QDCk.?8I\Ç;X/ĄR|+^TۆP@;8M0Y[ Ht*Z )ieT=/3)ё#ޓ<G)`UhC W 3,oO!}zV`tO{V?V|Fr_9*t[?rOKD4Sk gaK01jr~ VKv4u~˱)Vրp1bqc,E2zGfSt5_|Sj3w<2I^@ #MIA#s6%rX>puToZM#Ϲy˺oCӹ&J$$H~$`)vF!%͓H TnL10lc :jň8s4漜5  73 P6&8vy2R1JLgQ-yݫes- ,س$sVL[Ռn|h˚Qoc}wu@U𚶃-OBɭ8dUU;=62LM(@Bd44-X*+/vBKJE7s2iL9J\ vz{@*FdIߜ׹ѻxҫ5+B C@;ĿǁvS9Yt2'C f^a٧)UMV?ɲ);3!qZ]PkVk&_%.<8=XE`HA)JGpyt/Ox+ր+8sז<Gj"B`Ԓ4_ۏ,z[,pSġܣy!a_/Y:TsVB;ub U!=_y;gjY@{Døn=| 9]|v"@5S #H`2iIJ/;`Hs;kVjTƊYb9;b䇵PfYPϔqe{k[QVO(0iˉAc F&("39UOygy.F&;tyJ`63Q& %7.Su^AA>.$Wj>t(rn@+$HfxuV=% 1y>J̱]QHc?w f+f4aH<iAuc;Gzܼ+O9ot0;ZxC8>Zed#Nbו8)*{"nw]{:uv3$γvU`R9jB}'\pdp4ʴ-8Þ=- ?K_rywÛK]xޓ9,j\8 h b-|WZGE-x3`|RG#TH U%ފ)rfoX,vět@6?Qw3t0b{ET:|n41fEeS-wPG9tR T e2IZm؂=)rVdS 㑪*s"Μվ\cLv1W'R3xčɗ"%]‹Lfmo5Xs.49\7a&~"rm-ִvd@ܝ2Tsl-ugN6ۻl  )v/ջ)0[D(nn\йN&ˏ{!" jUH# GLM|H'@p J5VɎQM{Lj6ACε\Pw^xI*+]l.-8oet:j|Unu:w~blKba]e`A'Q0s`D'8 ,p:$0/΃:lzGo,fcP׿s:@^@ľmUԐ3Q͒WmKQjb4K0ԳR{+dD:D^bhej㊸=wy,2ʐBpȡ扉X6aѾ+T H|cf1_|۫@#7!tiaAA.kkߗkax4Ÿl:$kT:7 9%ɴ_w \3 _9W ®U-k |rR+kyaC7EVQ^z`0{F Se'/p H^(,- V7 ^ai[*%!8EmJHU0"%6N}aM.eǙH$ GKvDqܣcNF)~* ԔjT"ev|'^=,nNXvމICw_W8+.TUf "mqS ;? ԞdzȋײH*rҍ?xCp(qCs0{[Y5}Txb=~%ViԳ`RI'L cG)]c[B5'87]Ƴ$[CԖ'z+:bp(WJF슪~V}[W@=gr؋.(0;+_ٖP2wPE3lQj7"9fzR'+Jy+ʷl&oxc^Vܞ3z#x7UlmBvR9x}`3yh*BŎ[BJuF-QĞK3:=3S>Ď뙗:Y#)}W'-#x_%'͋5%%f C!-'\N Ag=C}"gPⳆWqYpM/9װ7#ˀQMqe_d3X-;JOmӒ*<6$,p*Ȗ'i 9~Ҏ ЮAxw=pS  .TO>v@hZv4A;M& rnӹD{o||aC u&+-)*gp5q!xS& =kOʃp,إ|}`%$22[e#N|d{&ֵ8%e|W:7^Ss+>Ilp e_UH"4Eat'h>ݎmGV 2587ou& b3`jb{$dsR7QӴP;cxRJǙ^!ݨfxMkJ^>bP<"d*2刧u*}mu;S̬Tƞ,`N󭁱`5| ٍ"`1[)i-.Sx uҦO#PӠ$s > L#Xd\㫮H) yszIM㦱᲻,w|ˌm+:cF#quWqsP0p ۀ8}["yi&P!)eT] T"[^l*PBPH@ \V<ƛo#] åW'y?NM//Nګ19v^{kk=teᛑ]X&="Iaq/ mCA{BnȂ#(܏ګFi; mW=&_)$bZkW5\طu575p_/pTKL5f،o־2$*F-Vڙ[9|%B{3} nΗ,fCn].krEr?NlpcaWͣc/|h<쏍cCEZ~>2) )p^F=Ey c6`Ȱ| )*=(-'㈵rNQW$*',4 5-*H92&z<0!A?eߗjV<6B^1ߘ8KN8uq6)u3*#J-/(Zd!=0UOb߾,#HxɦQT>q5Eȅ8!gnmTS t&.ѱ˨t6VN;ZѢee,QyN«pol<Ywp4z:4%8̄&2-iʓjSɜTINGI! gTn~/.ƉnuS۳wןIBPҳ!'J,dnyԖMh0\uѓ'܋/Hfp[$3ٿPa'ŌsE,I_꼝_r\s:ErtDQM.N10Yy RsFt] "Lnoƿ~J8RǨ$3f|###>XQL;f4g(*E76WZA/vԺodik: bIgN*>q2sZɽ"mԉMI]SgTh>$:VU+\:Ht NAS4ٻ9u0lz `mY3{ld&#Cro$214$`0iNj,5o aHҘHo2-csjWӄǛEeW5rqc 3G8 NKap┕9أJ^M]akG)Jx3lV.ryveӡodeַ zc\FWAIRAW)2;lIΐX*hd6p;Obh ic)[(JLLYsi{Sah&cXod,WrDى>_Otjj2"CQHs@g>=_oubF03ΚrUJ=I֭;./r4nr(+!Vz ~]U;`=`{!a:l)Dd. ibU7b,DRNU 8'.1Ӹb]H k\M||IZy*+טgu?[͋~̨Wp/5;1$D`n/A Цg=Ù1zA4G~dZ!l"`byͰ1DkU0`; \OՖUdϤ xS ~Qg(L75j8.iՀ\vCAskVE;U۱|-AIBg#22nD$1e!G0&Aӽx5ꃱ5p(IJNBO+H3?u\}RZ1_PK v؁>r4ar*2n$A$(b``8yA$( cd,p+хLn<6{t>8\ۧ&v0ZīVpEZM': S%:ݝ3*1b}fla]p~"~`pKS YZ