sssd-tools-1.13.3-60.el6$> [z}ŀ>yt>2?d   A *HNXbb b hb b b b!|b#fb%P%lb&'6'6-6(-8-94:`GbHLbIbXY\b]xb^hb:dIJeķfĺlļCsssd-tools1.13.360.el6Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP password[)&/x86-01.bsys.centos.org sCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64P02H0KSA |5r#1FR :bo3^ 10m:+}MHOt ?tH dC A큤[)&[)&[)&[)&[)&[)%[)&[)&[)&[)&[)&[)&Vpn[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%[)%f5c397f38b0775d0cc31c67a713b30ac4c3e8fa5aa1bcb2b98a925080546fa83b94df0ad7e7e6f501583bcaf112d7f37d9a581e72ac22d193501a1f0cbe8b4434875ce29300797ea14c61a6f5396f574330416512a85246c7e01981a4197413242b03063b61c696a558cda4617e82a7c02b5e13948dc9edce397d1a7491e8fcc1d2010459a97c7ad5bbb048b86030355c73e0235c8baca4121f7841274c5bdc7074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45eb180ba6d581afaf319858c367b19f92a887d40697918e6e10cfb37fb4d3d5f69650d72d90ca2e9d64239f9e5500b2ab18a9fc9bdb32fc4d187140ddba6a6f56156350db3af3415feb9708cdeb7b07beaa673c8454aa23a6d9e27264c5fc18a308af39eecb3b573cb1261d1d1ff797e5fb5c461f7fa6566c2f2c9588ed52a215a2044d8ee186fa8e993fb3407381b7d1781e764b0aeb22c6a8e9fc193fbb030da8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90312faa0bc15ca0607109277f9e39c1d5b3f8f870b22ab03d9cd843dcb4937f23c898d9b4aefa781bcf8722e504fc5ac11f5d42eae2fb68dfe61122b8f98044a5d3d205d14a01e31bac7159e1ba9e65e1cd92e17b72af1eefd70fd8129c07bfa32a37e4f153c7948135315a93ebc523b5da3ff74134e37db1e58707f69f285995751ea01896d4b36ebfcaf460822c8e1fac3591ffb8062729702047d1feb185eb0306a72ed47048c15ba94b54fbe85fa0488662543060326e892178173483a35c79a25c04eac19642dd5c1de9c5715dca1978179971b917e21570b05010d9a51b6cbd6c2adb56fc77c0cb0e14d4575c99b507f6258409528ee860d6608f5a5f4e68fb90fe31e5abfbf19ea48c634aeb350f5c77d359556d5bddc40dd343e3210c50d992b8829d02b047b0aed7fbdeb05437563cb120618042e1607c36876699b64bb8e9a900564768929f88d57e798bdfdaa250ca225e051773c9cb698bbf9cbbdfce91ac10376053bb29a9e7be4ca3d0b44a5ee1c40066c9053b648581938913e6368ecccfc089afd5d2db3d4a993d685c9e24df43ba9b89905ef3da0ee317577d7359fe269dd50ceffa06e6d8b31d815fd3ffe14624f40d30bdedfbd186e803c731156edbde991952c524cb249c9291fc6f1f32a72b048bb8427ec889c6c3be2ae986e869623bbd719ab0b78d7f55a1c56ecf6349e6d4bd126636f890b355e35139fff8021748cc1c1f839ba681f08b2574bb6c7a5c95ed81a2eaa4f92cb927c5eefd7f14a2fe6dffc5e3daad37726aa63767189e2c6b14db2b80a8786fa81166f7519010c5f1a629c2b526106f60aa71352c22deac55026791058021208a55563394c60ede4701240cb3f1ad645d2f050d3fd896243dbbe21d0f918c1ca668ae1442c3ddb536dc94607fbff11a1653b979831a1ae879514a37a3b2967dc68bfa063fbf3e17dcf7a075908f24983b99d9a29ace2c27dc536673bce4f5c295ce806e2e3eca024c9d1c81c9ae926e676c74d2cf28f27cf696877a1ae201716e810a34443659f203bcc26033c99f1f44f636facad0a96186f185c4d00472e1feabdccccb36026a8c926867926b2f2c7a905415c3762260d12af95929b9446f51a1173bb88ad62e35bdb2a27feaccfcd7d8a24550b32aea3537e54e46866edf7a7b325b4546d68e849c368c0acf4416aa1683d9316a636f7a296424912a8943bda31b812282fd97808def916ad5340ab1201943355c75a31b4f60adf5bdee206dbb704998e25bb3b089fba27be6304650028b61ba8fa12f9bab1b7bbb5a94afa96ba8c6775d4712280211e0787dae108363ef3ba1d60b97e78a532362f0ca7f151995fcb93b3d7179c666a6f1ba4374e98880f3999b0d4c18be0b8c5690755ed6db5ffa1f41dc2848390ce1c1adc16d936d3bec7678d75df512aaa8c65ab05a2360edcc4f8eca8c6c7856f81172fafeb7b3fac9f6d2e4fcd7d2cbb3ee71259899900c70a0feeefe148e9380948617378f68caf855a74c6210ef6975dc2076f80092a54cd54279190b70df0e6ebafcd73e1d78c155d693289d3cade81c583a8b861197472ab6727f10207ec4bba8e70931c3c7fe84ba84ebcd657e3aa3058a8e4d1c9d3e47121dfed2cec72d72ecf81cebdc0e3c304edbfe18e7e03a8c92485d1b4dad2edbd20d665af641b9bb99993a41b4706733028b299fbcbe78c8befb5ef5395daf0302535a4b8b38a528c2f5e1447f05fea574c180504982cda4f30526999f9b097ae202cc188ff261fa7f8bc26dd13fc4e5699c549d4b181ded57e3c0720a9a6296ec70ce1fca467a8b2366d359e5f58532643db85c3896c5c2c2d3b2c68a41a713c4a4d055f6b739e2f6e77cf70dcb4307e82ae2b8ad9334c1fcfacf837e1de8cab1147201585bc8ecf5be5e1455af4c28bb081336f004cba4aec2e96ba5e93a0d6e9c554d9e7ceb6b78d89972e86b2f77e4a47c248930958cf35de382e8dbf61346453cd71b6673abbe15a9b68e0e1a9ca23df9475f8a49917be1474c238557624a79130062f62e9dfdb579f972293dec8ae2a4f083d349d624bb2ed68c952191737112f04ed07bc723c327a1cb950c81ebd12eaa17a35822e9cfa00211406f322dc890b40a04379300f907e65a8a541e706503102f4d8a5af3254f5a6f1c3c7cec4d9cbad94da713b12a9a70fa5fd5546dc97fca80c9f3115be2c4add4cbf8f405db62bec3d0a323d50892b5ba8ffe43407551dbd8be7a64fb1e89a335debddc88ddd59e8e10bb135e896310e43b55570617f0a750f8849740a7ce5831149544e5e45a8f85569ea29b3e521f27a3cb1418e8876d29be98db14b44c0e74c4384d2648368c6865b7de8bf97e183dbee9b1728ff2d7e085276f99c941493af78689d832a08118ac282947260339f85171549f5e1100155814458cb6ccb5e4494864990e6c2563b101fae7d70d85bb6dbdf2ca19d730d5587ce1a2b573ef44cc773338518ba1c10a4931d658c8703064c62c50d49c1dfe8e9053e1b7fa95856453a88e1e1cc56ce71772e1f8305d88fd591b2e437681a88c3f49d3ba9f0eea405562aa031a6fc9811410efde0bfb9150ab93167eb0c9742125a7b83f66615b57dc7c57da2d15b1bc49d4a2cab4a8f47af7ededd50cf8a6cf6c809a8fae4098a5d6d24a551458fafb42b3163c130edf0bc9424482ee50fad0ef35016888ee1ca7048d44f71c7f73ee5a535970fa8ad4fe6168897d9cdee7c7fc629f6c7ebf6f91d868aa237fc7eaded2b930313137764a5219ecbf43cb34c44edc46f9326f87fb8486c9fa7474184b14cfbe9a56fd3d94e453c3ba02c7da36cbc5304673d0b710fb0bf7685c2302ef9dda9600b606d122e91feb6e2186fe7b23dfad9d4119bc602b63b8fb841e07302111c6cf39ba94446af50f58e9389102129288b081d8e1273b13c622d958c18edc37fa36dda60f9af3cc4263c599c7b035a514407053884423412536b3126aa677c3994edf5f55e3fb0c4f1827d3ce5fe136083251bd6f207128f4919b7eb764584baacf0346e75f3467f9a1e0664b128b2ea2528ee22a48c7d1b360bc1493fead5f8a43f6a1d9c40bbf656c34abe221fd89740c6da946685148f966c8c378148f13ea8b2353d7c7737a509eeac64aa79423d69dd5e48e3d1ce70b89c012ad0c5ff21e2cc508d6cce293f343a1a9414d42a5e7ba039f982dc70c8c003f6a0aacf3215914efb1f85dc4ad65895b2a883be102f5bffd4b5447d9ece7b535c19112dd777d4d068848d84c51b13fd220519b87d8379fb8ad63d81f1f3a691e1879844a81229da8aa389b6e7236ddce33b6fea7acb7750642ebedf61beaff107e4d53e93592e5d84b85fad07f27bfe720b52deba680abc81b1729a6b6cda7f08b92cf7a7d61acb16d925390d1ce0a2ee2cb19d3f18245647d8e43c69c4b6309ac78ef674fbba769120dabce7cb535c2b0cf880ca163296d752dad7e464d6ad704c850b3804c8ec5b4355c88d8fee9c8b049b55558229481c0f7ec0ff83f557336738850452169ea02047a437e71c085aa5205550c9c5b54d77d51ee2f4e2ecd18c39550b260db95664b1b3eaad40ab0c33dd1545e3eb66c787d6fc4fc8a07428c12300db06f892645e41a5a2c1268c46db363ac492f3eaa69246ae4f4e15e6915f5e7648ce96721b7cf53f7a3f9357e26e15c0c58888370719041f9c5c098919ce2a37957d10a735a02e828cb555ee4b1371fb1e8f2459dfd94495534a2aa3529f515d066ff6b0051d70515e53b3cb52395128c684923c1a86de81bce6f77ade86fef840354705b578b2d4ce19e6df1becdaa80b818c5bd7236frootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-60.el6.src.rpmsssd-toolssssd-tools(x86-64)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0()(64bit)libcollection.so.4()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.6)(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.5()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.0()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.12)(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-60.el61.13.3-60.el61.13.3-60.el64.6.0-14.0-13.0.4-15.2-14.8.0ZH@ZH@Z2gYyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Fabiano Fidêncio - 1.13.3-60Fabiano Fidêncio - 1.13.3-59Fabiano Fidêncio - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Related: rhbz#1442703 - Smart Cards: Certificate in the ID View - Related: rhbz# 1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6- Resolves: rhbz#1326007 - Memory cache corruption when rsync and/or tar to copy owner and group info from LDAP - Resolves: rhbz#1442703 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-6.10] - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1421057 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results ini failed user logins - Resolves: rhbz#1487944 - ABRT crash - /usr/libexec/sssd/sssd_nss - Resolves: rhbz#1489485 - sssd is not pulling groups in a trusted domain, with the Global scope- Resolves: rhbz#1438360 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-60.el61.13.3-60.el6 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnu?7zXZ !PH6]"k%w+p}:w{!zB7 0YjyǭHC\OzfMe ^S2f%gI{7CٕGo7Z#ofFdTܩŽv]Ty[ך Iޤxӈ]$B7zpHy}ۥ~,/rWr~g#!E XTChWd?tyl*~H` >4S2f~ INdCdrv H' Qcϕ3oV+*uuEz W45Jg%Yfax8fF0/dP$U!'G"y.VPe>0؝y`!Mw#\,+sgߞ/b\R n/&~.1_'OgX 0g7' I/]XTa?be9-8z.,8jXiǽ廒;ZޱVӞ̒.!Jrg[Q: #ˍ7ܟ*!D| ݂s޹_ muOa?E1W{-![1h4bAm˛-,G071|^$ 18O,ƭXɻ M 1R?e13 fvߜB@YESt8lhp4赶?) BQa[ӄ:6PqM䓄j/ua$jq[H͠j%FI@~K*Ѥ`#]<)(J_Pz>$g)w 7=x(/͛j(2"ӜqȻx"0,sH="βG$7g(0'B@2:hPU \Í{ErO[ˡ*+…4[ $< a w*~6keTn9e^f SZH gz.rϿS^d>D 8uH`F.|y7wzCh 6}FuI3IKeyx\W튔0 [5APpku>ȉ/,[ߙswYF(%jѾQ`K-Q")&oB' &45nQ 4 +Ĵw/VfsBfJJop/a e.s"Xnbu#Y"k/ւ& @椪߱BxHp(U웚3#J n:2K4%v'dw&Å9ƄSe"?+Bt1b+J!A"9cSwd8jz"a.UJL+[ڤI4&ƛH$фWb6eM[;lXI^\?Ռ!9Z\Us"N[dIkml_]UALnN`R떱蒵A/li r(~7gNKLߢCx~3ƀEZbٚy(-g'o82vm&%y# nUlbR/LxK P?uutJs!7bsyZ:tSڕ\Pgw?gɴ%*,; ȳWpF&43A⃩(wQ7h< p\mQ2DCߎSb }֔E Yޱ5DEO2BpE0"b,á^i5xIr"IJ8OF&\*^L;;kFXaǕd\L \פ;.QgYõi (oB Y"OHM@$e uuѡv>]?KQ%^bF{EJM 7`}{Fs|Ƥ̼~AѢ-0o"G fd{ I_hfuKJ6DP_&Ay` @޹ VJ>`Zu\ƈ$bkHD>C"SD3t7LO˔92tD"3DA} {M]zV@*KJ;v2r*4ço"҉ .r;>+U'؎s{!tKMI3 YdAB !lVhw v;Ҝ?!xԞt{4mo'KPξd 5+AtcsVްإ(>= hz N; - ,&F$QUL}V,kg7m;xM6)KPc(;? a- ZylB\8o}9$Kwn}T ,d\0J1}c} %+9\]WdV;O o`6p8+W,Ln15+ۿk"stûRx$ibհ.屡]Aӣ>jK+?_b2T[e3ǜuKz"b? JYb)Q fn):>7D Ĝo#dTfdߴ@HuW1Fʔ}  cWVM._<=#Ԅl5{C_vqa~PJZJF\=;PS -ݽ+_]ZzU;QaR)q_ OYPWJUP ο!XِZ478bY'3D+s\:A`Ӿ)D#%JkF;qY< l32 XZyeYh>+Q*?.&yL hJ gvr]ie7BtLNzj;/$+a9`|q!_x8Y{صrv;QY$t SUw黤*t/s8k#Ih`Vێ-wÐ=WT!ğ2opL(1|`=6šMN([SOלHzN,*]6 +8A֠͠- ͗MZz*|*`x;X>$K>a}-;4Zs2[L1Jp$H")_]wq8i)|7L 'ddLD;dxPlK U'π?/52E:d ZD}Yy'n§(w==5P[hbH9kԦIع&yc)6x C ގYJą+96Cѧme-!pR'`rQ| W-P!fFB9ole5UGӕY> ;x<ɠx86CB>ϺؾpypTnؽۘEd{_Ub&r9zɳeP?o߁whv]VDbɌu<@ ^3+^MsV=뜪䅣堠o:p%KhX֭hXSqW"?sor̝g2 sedBo~_4yU%en7Y/C7ޫjEa:{Ѥ_rhuګ2 iG|ޞ/*P 3b |$(fNGBo=+X<^]v^ˣPiܴ9sWc/D;jME!XU 6=NB˻uG+Dz͗koHԱ2ڗw CÙj$%ZN*nͷJ{VӮRU5е =5s) cyۍSHQ|GԏV'¨=X' ď6YC S%{ґH# U 0V{J_,)8E zPdgw;$.V 3jr&߸~/O޳K;D9q(`k'#"J-0m45$tw|I]IQQ8+kh%u1(ݓq6?Iþhgin:%¸IMߤzQ痢?Lk# ^Ʃ9lʌzt*ǐsk(VOStD(zg~(UCsaw(_\cV6ѫ_6jɈiٻ*T@t'̳D0ZRҹNyV >>D'E :=D+:LV-Cto82aW(\E -xeJ9yf5>@,&k›o^(n& M D2"^w1cyf&ID .^1gCR uf~Kr5$Mt4H>vY.Nf#t_^3k+zݐ%f7"I0]/w,y[08p q%+a{LiM+Rq< 4R9#eȐHJ. k](KB'iy78$xI:Gn'[y Z#r^>qRg~t&AAAY)%,bXb (w*J< x͢RMP\E-d(=۪'igmr9V3ئB 2mr~# >QYeݍtv_x`4=Qwpe/\ٚ)$%]Wԫ/9"<^Za>H(wUer}Sl\"&kp34S%4^B-7Heг|(  Ō>}%`;s߂KJ*xsfxzNc{ )5AP@{IjnRT [98a*-.;86AӢh "*U5PBsp]a*0ZH+&._blO%L Ť/YA&H ZfVeRL$_uG!zbC6Qz+KȻj9;[i3K кѲn-Ŗ5(h,Jbz@ bK9Ʒ9dsMJ+ ڒV΁FChcyld+"%0fkNz&■ۙ!ʁZSM_Q <HK -4>o&)X,gM~|~ = Fm#UR:c-׌ۤ<ܦ%~\ "e'31w?Dndumܴ{k9mQ S2R)quVBsp. ZνraQ'2n`$κL/rJj> >qNXeo?+G:_|Nk* C0>e,F 21x O~M?¡u:3^4Pa.,EvSt"F$+^XszNf(He뵄;$~8=lbk8pT5wF=`uåM Jo[< Tm#ɹ[J}\:ɠbPas.&277coVrvmua쎾+~x${g"~e"}[|T%Oe~՞N"SYq$0gԩrc/;OVؔOrrc;GNBbfWKR{2(s+3(i\\$_@!4-Gyza6͙7?1r>L'&a6 )xj,=uT'?,(PT0vg`H2;]j.aa"2IX!uOۊcܟ8]cEU;M7܆y/X~聉5O+̌{5==?\ۯSKS2h퍲s|Mi'|:R*Ɵ?1g0!nYOw?\ic&aHnY0S2]p`iaԺƛ+: lC#B=l߃:TAYU\(}G3Ӣ>•";9GݢN:)s|=>Vy $[nN k9j4 y ?XS uL6J.܇CRfXtJh9g61?O\CKv<\{%O/nD\{$LZ䰡!ʹ R:m?7f!U"-j7bP3Ctt6pi|՚#d(e3가@>Ud5"qB Xgʼnd}יJ 2\+O EXHK*(c-ŀ3C؊ˉvɉ5q -VEhO Sg@|28YԈwlrm pb8~9,¬HG,EHMMzV_ oq@=)jEΖ#P—xP .=W{OxdჸbX!놳чXF$ƛCĬƇ&ѬW*eqg dBa|\H*LsW[;G7dC Em:/ށ'}bhm^٦R'C4 ,IK1uכscIbM 匿{h'ɏVA9 )NI…EKPLBDikOoI۴,8}lj|,+p XX:h'8D(Q@q΄ LJh,Rspg@;AJ | mߢx-lMʃΖiz?S*L"C҄餵HrJԽUn[9d*J_*%~$m' 5zPTiV | ԡU Xx?֌}z73Hf6fpqAqx79WG)&c .2"ͥx$gӹ 3TQ5ibER2:?B`q([ECWFʒ>p_!oӌHjVi4}irޛH!b=  ;2S7 =Uݚ]q F &&ihūuj512q1\gV V ga<5tUԸaV2@XY`./U+!pvb1#;Vh(FjA>Wq<L*~!t,os-eBo=l0xoXBrs`2h|-,(zfϽ;nE)1%|~R;sHffm9P:q(]?K !J]H&d0#;}}ܠ&vQDi񩪼O%G)u&lMcatHlYj{$jUnB :24Qѧ9/oh53X6omG.EQa! DmaR2Q~c^`=%dF/?+zI)}<%|UA9^ye̪'ℿpLH] OQOe) '?OEAMecĹ:<QmBmRYD'W.Y>=+3f*[>LjNuIMxCnhN3 8aWX1RE2YxStaIpefi,ne (~љ v&f uG',:CYUpr"H) %5õG"]xc%7vR6[ܒ0};o{ښ*kXD#xAlf u_/},:IƕŗkZ,^*dK/^nK[Uj-3v$'whZf8VcPp266czB~Ã9$ JTʮrQ*ĬdWQI(nDyTΕjM@cOWڧ l^9 %:@SCRC櫅#! tI.+q^#Mif4)˓!G9e P"DhV[ M0< x]a* l?{}!Bb d 뤁?r>#EUsx|U\"ONAʹI`tH1po%z 9buII"tnC96c̉sܸFqoL|24. *voFڴHP(2_ @ T)'R`~F6ł (pC;ה9-g~j. Toĺ5`]{n"Ū-6$]H)-DSRH?#FGp& $>^n cBKφ=a#PE*3TGN"7M;*N;gk(Ѻ]\d~FCX'OkU\Fdž!' 2M JQ +,_WjwP&*c3 /.ü~X$P?vCc1!dgd{E>Hk#9;^Rd֣ME~vXA d5Vv;P0֠ģʵy##P&CͼElx8 ˶-MAU1 TʳamU.˱֣1f` 6KP^&ZF}ގZM5DZcv NG3tLbLk"-+ 뵬~/sw'ѰS6[ô"x x퟈xvp9k/u-<}ke^Fg*kt[b[g5]5h0pP! `*Đ% E fyrdEI+?xÄȱ7s2š9ʱL$'a~jT5 Fx`qτ&cdYC2 F{1QghpI)=RwX߳;dktK]41LU'Edtv^ȴ6oؕf wqԡ|fk r<=UT(ւ+ATn&Kx+,:`ʁ…. u R"I@KҋV&iÓmG5=ӧU!q$gxqJ=PQNi-#cN,37dWSo̖E`7 l¹&biȎ`IѺÛh'"^=95jyގĴ'6xfy/ pM@ҝY=z8":a>4@CϗW?a{XÆUV,?7!7Q8CB <$ezm MvbY.hNY*W1GZߍCqksoIߎyYۭ |Jj}1D ]$c046 [<А#~GwwYO&`N9z!_d'P&P?z ln*SO**.\JTSDߺxSJ!3Sݮ@X4޻/yڪ{!oK s}t,-}>kl>2`v*6NgX1-f&$( -2-:8?2ZI 9C0޺xوEAlC,7ql  8lJAc7s9+=u$~f:L,D~Yf0ޕNrr$~L Od&Yȏ1ѕvlߞ3Z D+n; ˒ 9Sw89ML0`qfEwE ho Iz--mfc[}pO`l kRD{@x-X} 7I&jaBԒIBI 8C>Mkk攟3>e>BcsaΈ!P䞽!>+B@N/d4+a )T=)ONzd- Wqy٪'4{8!@#2ւ63;u ]tպVB92>WuXg=*TV\G@1W^ʝG ꝃ%o5:e#Yoof2Tg.GKP:쩏wu"DCl~le#2qe8\(G ݞunS19^L 1j䭰^=D)VN༪xCPX!A9͏c*I"yJ`EMfbXB W%|/qaAC]>%ͦ(.=Q eط?% ̫N R52KQz(GEv2-/@|A&o&g=  u˓ͅ@$Z`qtwѧXZ<{R>w:ZG-,׷$`TR֐6BTSe51uL٥ ONGA;bvBK)Lu oqݾ rih$?+hj6~!봱͗L֋*_Bnzדoi7 0qeD;ΫQ$f3hִ !p} v9iBY7(e}jZbf@|4Zʍg*dEsV•lUm.% m(ToNj@~jmk)UC"J֭f":,@﷚<6%;֟Y RDs-EKYmo%m +HOk҄VQDOb$Qe8Q2J R5G g(Hz?xo,D1DhUw_p<a#3LFh7=[ͪ)|e?hw)2ddT41s&J6f%bwKU|HՃMnz5WykZ-763[IonM4 Kb k {_»Zl \KU;gG|:_ lZ@h3-zUwE&I,֩R$̷K`jk5ʞ{%(j3ǙP}QU/j.̆krStdG[|3ZW}t9~5V5s &^)9urXSAi0T՟?& =`91sL}\.QIfc---0m@EF>FI㹛ةugʹY zvʏ͉ԧo/ ߳rƜ5RQT+.n^O?{*G"7Asلa.Erq|&q@W(9̯ĈWR2yWG~oyq6ے"`jVH6!A#³ 2g:qO6}9+ m1M~qU I 7 ~IbZph oٸV9 hIPyP ؓys&".eպ[JI$߷?n:OwKW a_vvIݐC.2z<g nv/E,?PhY4ۭ2[ @fR19i~{X ¸4vBk@Ǭ86Z N]Jw8<^MDž!{k<7 aעGA0 r{nC깐M tZ)W|],ٍNz}~!iN_ɗ׍Z!}=3xBƷ#l@ vz[Hŭk/j&} FZUP-.-s!$la퓛[:U (ym\7S2Ȥuw=-$'H;a)-G_|DVrǫ룃-=_9ǀMr>GT9ULP~u}?Z) WscX*Ì9R}K8qy!d|,D[Gq:A4,|NX)Y&*҃Eb7k7`9A0v0Fk 4 r!;sUB) e}Qʼ4q-|6Jkvϵ?aʝBݳG96:P(0*+!e@1vM2F +.P@$\˽BtQ)v"aA\W4 (al0aLZ 0]}ȕ. W{; kP:c w4?O() H!@O,#W$IoL\_|il .- ;Ua?Z.j/Dž6e5WFC]M:#Ps XmB(푓$0nؾvPz8]f;ʼn6Mڂ+3!2P y0C`Oz;bƞ4Q+ <WI6j3R@AKA>!~<`Si|GdQ;%8b54i]^=wy7c3pMvC>!f"P]#w+ŽZ(ٵZd5pi0\/SRU((覘JYGN+Vees4G_~@U,i†XoMsVmFR 4g&MA&%c2/q9Vh(8A? w|Y!C4& BRGrp+F7s*IλH{MᨦciNJq^G -h<:}>˰ I{Tu&BLؤ+3 U,89ح"I4xTc ٣Ce'Wq'FVW_g?Dx۞87tӱ zY/s/`{j߹TDxët٢,+%LŢMQX\G }Js `?rSr<3[2v_a{P,@Fj:FJ"f msBs`#4T-nOvVoiQ9.0GRsw4_@~vY %&Lϡ4jC1@Vqx˱hfBߡ乖ښ7>wOzc+;^T<&JWD>Jzw=<-YUlxYel51T3.{ܩC1Wu?2Oۯv""_xci)^q!CVoMEߤ*`Л&!DvKDF;\C>Hy+3C (CfwT/|N”A1).n\3C";}rwP1Z⼢CPRhY9b7 QSî?(ydZʳ=C̶+[& ۯb^9XDW]voH̢_nݛ}{n^:D0/*8GT'S9VK:,I+]YbMX|Gmk2* H/a>H4&QF"<\'e8t˔fܶo kTܭ?8=lcf#)%%9k$;r7QA ͙=- ިC4S Ԙ0'{Qeѣ,%XlpSR8@isxk8Y}Nkbwi6ErrE%![g%ʅg #&gmUn~nوl'/7~4}W$S\ 9_:: A;*s q$dG)Qec{Ӝ~x̡"{3CH%5#}o<d:U9 YW v 'U84:@U5aGZn l[l#Ñ5kpaߋ@#"=_`^~Buǣy'+ /OLUgCo" Ka3 le:K$p"w()eX PTTbl5;R2oA`&'e)Us8n ¢! HPUŲ6K@r:V×-W }2H+qQ!B 6Vf3 R(E}ED]#7h"8m8g b PQM?Qr(ְ3N=D0bf28OHޯt@%.ЈT;g;MqʙH9`q"V]:q'06] ~pu^kL Fhӧl?e rathCB阒nlŠGKO1zB!̫uZ>JGE.B8,"G{D洙E.]P0I%I8l $G~lF ޑ6Jy9B[(@^M-[ICu]Yg2BOL#&< cZ!VYX9ul/4&h*<*ͻSq?UrXt}{P98|04?m٨B-[knCYwf V<WUeK {|/Xn(oF1 J׹JJG ؃ĺ!!R&K>{ "0{wy)5!9(8vX/6RέHpjm Nņ7N@Q]sn~W{#,w`zJ:D`E9iG-{MJ'2wWQcͲo`wUR/-_'oF!B 1p܍g(aMɰ/%EϫG?H:\f& 0(Sx);ԇ¥`QCT~``^PӑOOw2g~x`&Ga֜=f6}&귧Kݢdi$@.!_\fG66*"џI.`chdٰМjr\յw96]U w'^92wt qRFy^yR -E1g In"<Χ?)-1ٽ?1)%툻Z0W4nڇ3d#-S bx $VyWma $#{ŃZwK5.FA.Ƃe7Ŷ[nˍK\q!"6yr&ͱB x O~OsHb HG@`IAll0PNd+&G) <,%LH91Tn#QUgYP/lhY,dQwH?^[,.j!\tnLT[WaSObvH 7@'EZ+"\ƬO !♋@dm[Qcl.1>%= Ij}z8vDj?$y]h'Õ@(h!P 1$_yZ"ryEާT-BNfL.<7 mҫ듗>~'HzЯ꣰?Mۀ0^;âyh&BHau "r ^[0wOIpH}`l1lTDn$sSoo 'wzInK`;xSqJD-'ZJ%llȍb]~ d8.a.71wŋ\8Ȩ`N5 gV0X+p<ϰXlXU!lίB&Ku?,_FQCcJj)+4H6W?dٶgA3?]h֢IwIgHNӯr,؁zË%]ȇ%Kc>0&崅v!#0#PWá,C܄^,Zȯ~wOE{[iȨ g[܂,oa%h֢zK/1N"l.[pfmP)rPgZ4<$rna' UUkF" u ׎߈k,NYy`2nw}](|@/S˼t7/%4h,ʎQߕ(,$3fv_TsШW,OzIFf>\,: pV{pa=c3а󮪸vu;jOq}JWjI?pb$hWD첽)سLhqe4ݣ()MӥL!F˄nB >c$NޛcP$⥇%;X,zC??.x=b!\!n}(aF)e "f)_kikwx_B 3b3ޛc49J/|0ƙҝGdU -=]V}XQ_Ϫ$77Jr pE$c( lQ(1FJjT'WI貰+TsYU 8+3O>>L$ uU aKjTO7yZ3 c j[ V IçevwA8iW\{#1.Gp'~ zW p;7\ [@i5ϖ?sԲS8V B|5=^>{v4j!sg[T']fSE#WP@C6;vRCc DG<8;4&ۿLv 솰^j?VE|`X@a~M<J^(s/l-wHvKpD(yLAsX> MycGr%nYګ ZI4&N_* 1pY9TQ[n bթ*x3nz4)!fXm}x$Bd|:xEDJ%EYr~ =R&+4J&a "PU3Ur˜-gda`G CDD$YyCRFca>s'|Nпz1T !D/k"nN_Oڏ=p9&cn, ;OHx3u),l#azafQEH..sͬ6( Z@v~eve\pv3Yx\tq?B}qAh8m@큆~#v L^O6 !t(NhA naПff#푸i gOE KunG0{ T/Jt~orPX鱴;V`r̠3ӤrC@XyC_5\U^e\[~;U4hhbP)Ru/*8x(܏a-Nq01F%ٜ1_>=Yg= :|oA`:p5`UYR S[UjRڐwE ~pse(rYgWZl.λFS8\p؃Ɗԧ+ji'NHbRѡqR8=5$ lY$|DDJx)l +!{Q*'\OZ:NR}>h6_f\n`CWKLƛ%ߣQdE}3}#> 8'cqKm@5.%ƛ.X2gmbRYLyG'ΙcX,6i!4>bvآ ctțCz̲ɷ*fbUEvl+zn?$(?HXWԖҩGzׄ_Ot%֘!Si3yc7K20 ]ͬnd `7 #4BV= ^1b>\>: 0O[ǼeJN@v%(NҊ,ՌU8źU =D%=ԾQp 3=)iEM!\XR&΀]HpO+t=2*%"hU6JcgB9=(2ޅE'.&*Y:/_?*GhgQs$>Б". "S2}pRK+tȏ * .Aq)RVϛL!KE|߰4yB@/^hˉW^xYT kgnFhin/sb,׭X Zj[׈m-R"kƓ]r-rbRYvڅl[OҚA(B_9N,(P;boma0S??A]sWοiE@ΧB6,}\?혖7|͈1}:uwx2Kpc~@I>D`1%E{Dz_\iN x|=(uŝ Js.^$c8*'1kWS+R㊐y)u ^%/jrt6F4\]]/MOVdxq!ݼZH\ANVƟ3(9~+.#UߦwȪ9RXE>yB.GؘkP1,9=>W5d4շsh$~m\9:8 d?e]Σ0"Lvއ\./rqeGWF0/aՀ̚11Z;q` Q `1(JXmy5ҼsK團; >Y:Ys8O+]0'{bt'R+JM;t@'5n3- H(S]˜+B8{똳/ͫ=qt?_W0h2 ITlJ+_UhC|bJݐ\o|5 PG:֝BFgÏMvQ<\:V" =UdNs+ڥEhs5Ec1DCG + 'Ť~< 6y9W\>wD 5rsJTq<7{K&@֛ů:|%MO|I΀;5+mtǕh#iVAI6%BsGE kbu"QDv8秡Lm-o"i+@$vps߾,)Q&kUhZ fL$,X^thH&D?{Q%2J76@I38J!P.ߞn%Ks 15 YP.j;;4{~xڧw%A>~APX rr[h ;Sv*kpvKr`ȪQ,,}Vo:O ?X8wWXDEDG(;PByqv(%8ŽՎlJc<075SOzA)/D ګ<M[s)bbbDJڃwuq"p<c=m/l GL9ӛ* Sb:Jg*ϥObSak 3se^OluGuSP;CH &[{E$p4UH,䶯.U4RΊ]ށd:r MS9ťHONߡzU<]:Z0D^f-,j fFpYlolԲq*[OK!Bu 5{+]$CM: ϑQʰ;TK. JN[ ['T{pcTtLώ,rN %k[@n!hؿP{,M܂wpvFN%8KXYPSj' e2w w r4$ iyR0F|ENif縰(wk\լp\7ޗ+vTy0%vzߪ[ >t,%i>nk |.ݒҋ9*,z]7e @D1 9Y>~}R{!,. 0g~);GRlKS}4(t"E#guH@]Nld8E8̏s&#vbdS^7$zK^Nɉ7L𖁻+e@n'&$KEsCHve$Wj44c*i怹cdo<&|12l*ƌ WiI` >DB)bwA(|uu? rf(?Օu[iW+8{L;4R޸@vXejW-`o;`qTCZGf<)_ۑm\ e |H04L; 02{=zgYE8a\$E&3:VӗcV;e  y|.a3Tq˺fi7QYR.  SeP QDSU|4W l gI?u o)ZuSgZ6t5b(]BOEN9q"YP# T!lT 1o N$-ⓟ2]g~kAmWw?ԍY]Mڎ o4C.{ 0JL=P9-o.0uwtx2w2ji47 hٺr"8˨TfD̈́hfLJh1.s.2 a˽l0qb܁TKPg)i݆8˹ɉE`[^ x$q`I9읦GU2P)ig“FV9E53o^"DJ&n=f=&1⤆y beHmG]>G@=dk{]{ԾjܜK6+?"U"}f9ËF<}bp8q]%G`8}ΨFgOxd%IDznBi1i$$v ?df$CE|I8M02B5߷SRSgʃ=tuVBJ S[mG/:Z!O )ĵS" _!jB }6vI(U,)glxn'A 3A/LA5XȅT@EW 2ݮi=b|"Q Pj[pMDuqfKG n.{_hgA.8u JX2>Gw :{)]wiݣi˭"2 2ӭBZ22[A?4pӇzZ}8\.1`F,;>Ѕlfzغ Mv(͏*%e0~x\OʘC2IoILmlhCs'%_O&sUKӽU>^p"PN3g O'`:rmfN8>fmrx>Pps <]nG^P%YJ.Hdhlv1Hm=I[d: H5t&_W{%؞ˁߦ<"c`,ͭЊk=bI5qL-{: X)amnewcfqK +,y⟉>NT`""_HvRn oLtjЅbߠkPjA`tWf/l{e{I?0L,kB Jy43mQeZh<{q A5fHjs,>P25&d>dZA``)!4"(J!:ϖ+_72.Ne5cu2Q=eGyr,J} +!ք8^Z'dpsWfyLZMԭGH+ϼ(GPXZwQҜj5Fpe.M -H1yfp4ˈ /J9"vdxXu(kKg B;")z)2r+Yh\U#%JXS'G vSg_TRzcx N Gт :@+&s>/m(zގ,Պ]1SN o BUDVm^9]uŁI[pW0rbeUQP/;7H9bdOԳXe9dSޫk%BвPGB "wvp6([M{5eo1o݅@DlWrx7y|h>3Y./<;w^&EZae=4m  r.̳!ɤv~m!wrKg/$$OL;P1`Q)9iciۦ$+V \4}~b7424O`ĺ#$`ͮ;nE WS?LE<5 7փa Spz8 WKynWb SM.?)HVJ*8e >: MUy;C˹,162x{iJB :hp9ɴ _'du[ g[ŏ_W܆)jté`(LrhO_Mrx̸HuNq~3f̠/F`8,hWH' \Ft,e{9 1}s7.^HN(JYKq[ìuT&\I2Kt+q|=2e;EEw5[vֽ3:hd.gp!QjDj~,THDKT;h6%n *3f;%_]CrzS1pI *(uw 9 e7JD= LV%m7zac;V[\LVvku4C^w+?jMT~3A|Zzٜ/JC@jyڤnoK@c  >eb/CRS~~O8w9Mg_r5EBĦwH0Us@(7EQ8a3zf2~I(Ʒen Ͷ Kk!'WA6r`KmտޗgKRc0@ NMɚX!DZҼV1>m0h.%A qқV$gzl&JzrӮ8>*PXQ0}ŻQ -X6l%DmY)H>L!DDpUUٱưLM,_}OPg,&)$BZvT0c-dt׊InyXA (1!bV%x`I#YwʼnDzW`x"ىpoR ࢒?by$k*.m<<) 1J;Ysp̝X.´W je6 kH#! *? SFSKd)>ujT=L\iQ̽zxN^p{jE ZSM$7 O50i&g ՘$+i꒷^)QVu4UDWSW| V܃Xku~P5LRh֝)%MI#Mn V؜'UAڭ^t뇆[A!LDH]}ΜJHiԑͳy`Ջ.3Dz2Zi8n׮ڽ"OT-b(-/Òg;2ʈ?҄ cכp; eTm.:>vsnθl,5͜?'PUӼ[*CfA/-=PYƢU2(F@<: Zﱴ/] 2&4Acb3C R[hlS ?ZkLo"1`1T}m%wij"LWC:'1VSLq׸aW^@GRtAZ )lzNkME2_qHӦ FD,tW_]l3H1mwi};링 UN\'~t|&o 4:k{ăF(0vx}j^T-S+LғA!9fC->#Rp] 1V?ѿ6(]#Ţ /I>BMl?l>ôN!ͨqRFlkSGbS+M&U+)_fc*o2 NҜx&F88k8ꍵmp|otVQiSv^6j3j Ŋ)t#UI&as2ռ_lX &f:7.dqE~@SQ+޾N\ =v?e2\U(2mj1IU@aQBY;e dIN \XlH1IƉl+\:6 {a5o3m" Tq8INz"cZ9m>ENL [qxsI G%W⻓7|L^-3;y ֲ4$?Bi@~m1%/ ~fb(Px}uCn= QfuW֠T~z |2Ă6 *\= +I%&N4$k1I> kVFċI9DR#~ds5/"gA |Ί V+{ ]4pNIuåzˏ:]]Clb ٮn Bz mgrfӇB7V DYA${._f6QD|J7RGɄL*T "NhWNلE¼Mo2r8\p]n4-^)RW FB(͋=)`WnHܘ@[Ir^9'K_C9Va* !:ְ(ݢr\OaE : /ѡ=Vܟ%`>$,uR9{hK:IxK,),(ՠ Y z Ӝ(гb`S9{R7p.]!K_ "DSJ#Aq:6It;[ܝDObTqeQn֊'j[rY Ͷb7S<#߂U;Ic:/*VIwEXPz,&b溧QF:;wT*/&P"皬+OcӒ4642= aׂ87M̆> vmYwv'DZ38:  ~goDl6/xs[6Ȇup-/폜_Og@kɲ՚+d聾2saDME\I(M)=:u%!v < U4vXeP2qhk#v?i&ItVFy%RC@ݎlZM92AY"mc$aG!*F,w΅Zk/a+w};nSKj =_> יБ[FDgM |o-i$eR`[R}lgiRZ-Snh$8~7⫼_0%;g86_c1sjg9ܕîXJmp #ьwI27y:lK%hܿ#`(N@&>XR P5> QcB #C+ro7kPL/tS6gw_\W1=9Zp]K4U3d TpoвUj6jUXW*n"'-"qNܠàTו92-ZCB>:0|{cSͪk,C5ëRhbGeцZ FOFrGM¹5eC 8B0  Չt8~M+ɱ5B98?)Wl>6=lGK4ε! %kDu,G$KW %H Irn<Ǩ2'_uSReR2r{ 5=\ч%J8j-h><ȷnkqdr)8 * ;خhn*dA4t룇L9nEcaݔhF6VӢOBu{9H@4&mm> H/)OO'8W UouLmkpcn{2hxM/wsVcw_UW ycj=2ʋg1QNgݝRV<5t94R&Oy8J-@!"*kw\g! M*e~XŻBQndcȭia?tFW=ߊbs:,'@q8 > ?v>TSϊЫ:=BpBƁWy=RcQi[ l5Pu mWɱ$.'YژׇRRP_謫iUMЧ`q(]C>-<2pk4 ~Lѷ}`)O0wsBprBEMLVpo(+vOۯcJ| {ښe˙ 0{oh\3FotVF$c4`$ y3SNڙ]vlC$+Ƽro߄N(*)6_sB}N/x~tKQ>Ͼe]aՋ{5%{uj [eb>SBA@?Rwrm`F~<b[|"jV1G9Ӫ)̋ZqbF={i:3iQҷH*5j FOxi0w+6_)䄾O\MIf[ XJׄ@cy[wh&G$, _J3ÓȧIpz3MGQ2IzMMV#s|UBk@gǠp)R#dR]>d/48a([IsNm![bJn'?1jG;ts|j{hP+0?Aj lWs~*%exaY GT8.oF՛*y<Cl`~~ HWռPQmOnX{P[I4CB7r>r H]tyZIʳ-»@"=- T)(]MpuvtBd-%^˯^y'^r1c,_Y6bv#tJo1j:z h+&m;kU|[щϠiL# FJ B-(cS`\#U;#dbk+URv,K)V0mBfF{@ *;}ϦxۣnS~宛Y5uRPNmTG㣍(FWsHU:g_4dQ6PѮ|Ӣ*3|;*iCj 4,G?㕈RUхNf)FŸaC˷w?D}*N=tPRR˒ ΃?]Y w,F. B?z6Ȟ壿#ky{djմ2< s K F?}}XU#J$ ckIফ(t :ζA]/X n!?i%4H\Qwۼ2 hRgeρ.Hp:~н{$NA'&ρjS[#`t ~^ o0_?",q³ Y&^o\N(H8NS*$ V 8:JGFQB)rԩd7x@E(C 4V-]:P&e+KٛO÷6l5פ};H%ܝvh ߹v_R(cI@^*L:g$!^ΖZIO-K3}%~)z0GfH1؈X7GcY4|MvoHVr V1{

e%c_d;`n~=#F,[UtVx5׸Tm L6C3PF$o{ j\<@fIkGF7599߲[Ȧir(HW0) f͂뽹:~(qi=X}`{"OοI"^/5G?ض6 vo!B7]빃kf]R}nξYDS)@]xK,Q/7 P.c&-CͨdtY\(x\`!Ij}KʧDًJՄɔHw}"\=)8z䥨3osFգ+Qa? (| z 7dc:d?%%fU:€u,Y]_F"Bz^|b٥x+nș[@aWzl`U165"{T.+jz4=so>ݛ`?Hu0~ϝxK)z榖>Io]<[>AL *l,"PTe莐g89)D$];xd8߾vi\U7Uj+AL.tϿY,ս^DR]xI,:6 ,%BvBbAfQ Te> 阖:#&AtCʊ%10G dԨߕ3&hG'+ݡ*wAChwm֪Kq`kl4®Ha5w'ц층;ȇѼ,J|( Z?PGEƔysdy#xѺbeU_k{' ,4W,ލH Ȗ38O^hq] Tx$K74rNWDRJ^Bg}vs*M0pGbs]zmA7b!nV@aRCIE]O`O{ XNسC+rzpXo$r*Wj9[lu BZ ^&$xp3Ùep2#F}`aѴ}Wk[7J4랻b|r9eU:1(yQ~ބ!z1V@`T˗;z`+S9S֓@ ֟٫:B$E)L.1z[(o֯SfiV9W%JU){j}V.1T[mPX~I)+DH,ޫ몲+*d/B6ft`ʲl| z@ݥlOcwbd'lP+`P+bV8e*Nxp(y~ }MF56N؃y,PyKug3.q!;Gbo6i4D$d̊xhXsrp֎1cŭf0ܼH37^AMg 쇟 P$R5f?ϪpKC;0MA?|+t k9T7qr oD(>wﮈYupW" --3tQ7Ley3U[/ PI9HN]FAUEN`ܸJQ-kY*z aj䄺ČX3v/ՆfZ6j2h"TreAԿ߇ !x`P )1%85\x<[KxeI$}}))*n;rI=fɝ׺)`7_NjYBGQtE=Qjh3$ą*6> b)IQnH ^0-$No/3GX_h8@ SB9)SB:(<-{- Ը_ /P4[!F@@7f7R͹y9Joaѷ+ KS aHNxSRCb!vht,w^b"2ڎ̩%CGGY5$}Gl$?]G8_ybCXjzZOQqg˪5I"kN wuqA>RHS~Ʊ&57pX 3T J!B6^ؤ4a@csq 3"w+^*5~%#`JP&\q $es{,Dg,yEZ S=aouUhA In-3y_#:$0Ybc#)(=Ћ N($tH [ ! W;vyؖ%o5UhXQ#z 6JP2seyJzotcr3p*+H(P@ַL6q!&d߻pj݋p"!!k} !U6(3*/?ZW3>qj d ^-ANn$G[zM<0_"8T\xvTȭ$L37L>fi]tkXG n:ߋL,w; Ԙ& XC 25T]nYHpNO\q}/ ŭ5N UuYk'"..#1$,sg&Nf? 3dfh*#'<ևHm"hvъ_g}P!` wه W| _ I^П /&cQdҏβ C|t$6$dpHPX7XD;RtgU{QZa '  |&8P"iQO)Oo(@/vhR&#VLT ,"; !aijb[Ŀ!.xţUEI@=#P 8N>i*M٧n /2:f MݢWŽf_gGnNZX2g^$uI;91KyIv"}uGhu{ofR os#f~J:gQ*A$B| F=yB`@ ;#*9'>\t½ox '>ÊA(飍TX{,ß# zsAlOyplnϥN*%po t|Л ʟ 30#܁kUP!uDp!J3ɦNz dLdž&nTl3].}uc#_=uG8"Lnjڦ 9hi8,YkH_w6\e*A"3ѐr! ve1,hk ߦKQ0}~/=5ѷUf`y~R Z:) +.E^A933+` pu$tש KlUQU%*a_"%Mz Zá0kGOv "?f!Gds KιTv/H);BM;-޼M\.jD0`(9PZ(Qby%@ ifK3{ݜ )sg"*dzX"ͣhIFa z>fOd;7Q.f Vg &X>wPun!gzC\Kl&?*‰Ҝk {g>zP-VT1LTvŕ(Q18m0H]I/b_Rך*]1H{O*Ѝ5(O(3@ɼ&D;|,l ț8.V/Y6L #&3&:i(#K|dkȡO)9` "*~PoPSPCUbHccEVfiG),) [8 T*=_3W ԹJ@=W|QMH/ +$#z 6"Lm/ Ϡ2is3`_EcػxTUES"$r)>+6zƆ3[h((ROWoSwq i0½U,WAppg5v`:q>{sO2'"Krz;O+רܳe۟k^4GO5E*ҁ?!FzIz>,!rV̢j`P:x]d>d- 'Xa8QwvƢGـM١^!/I(+wp0_0ؔ?V܋J;w)HML-Eu 4!wIiP8x4#}e"3GPc:Jx7pFw {s5mѰ P6eEŖ5 +XAbWjJig4wg3Z 2m`3&:͠Xp2@FyN]ɡ8`1s^T?>rEazC`UtFPpW #{ "0VyĂQ 6b^,jt?=P=x{!q"2]иc/]Ƙz nDGP*%Qɧ?867EݥI^u%aQЊ)֜e ,| 4vH D`8ϗq칕veQ1СWa~ bG=̩=1²rP?9$50do\`L]\Rݽ'5+x∸ňD|;u"la3"{~R \ ¿)G# q׏OQ]Jjߘ֬Qլ3*_ jk974[뇠jko@UhU^njݞ*xQ2Me w LI&b[hvk4>&ɸR| [K %Yj!F&JN+Jȓ%R.s@7nP"|ߜ ǴzY$$y8zD@ߚ3q"i}0 {Ӹ:o=Y{Ew7Qb^E;N4HJ#"7TgiCii)1^-Qd&1Al]Atj9b$rTk~5 t#PMԓr(GzU+@i^H0/yCX[`MG\n AuU{Қ~QAfoBƆDSS{P-V`9tf&_ehnPk2C4q+)L^r%ݺ2Vk!v.) _Z8Xnzf>zc4/I/o|֫;'~vay͛V+D\䵮SH5 TY(Ԍ$N)֑h/#lb]G" |?3R^iEҼDpe4&E VLԙBG 5ß9en2^Q"d uUMjI*{DsLT)Y&ɁP֮ZyJfG[1>A29%.v/>j2;Cƛؾ˦¥#O?f(Pޙv1tgxP@껳;ÈWU4A9IƚQ'_VN@#8Xtfۿ[eg  /i-d͙qT+s=c31!J)m`05i nMvׂF?R+#aouU΂G:ơfm\o]eTh;#ݹ)- r(a g=޼X^)/!WJ ӚI5n1+ќ[!Jl;hyk@$Kum`ZʵKf醴UsƯAhVY j@݋~s ;<-64pW_،&K5vKP3fWxWDE>4eD*QItZcWv_Y@dN)oM?X=X :K1qvmدpؿCӤ[ -*ձ:cr,T8!t+Tp~XjuVk1kQqL=(Ko'M0~EHդKv0(ꉤ/~BT~)"jxo'}.czw&C+n!:1q<h:|M&U]K^쬖X tdDpq v( R%Vn _yR%CQ=[3{-'h6X+Tű! 뙈Ƌ! {i<:% 0[߳e1^5:XDw@Hr!Fϓd. O[ulh`t[rl[;#}SA =V.L]Cbgۺ/©3rB;G@%J0?d pp!hf٣x `+F-l~uF>l[Nd6SUh_MͿPϨэIWyA~ ROmbyILr۾p]_?V #JiX|r]w=R(6P}νLnB#JFU(%J*~d3^ ?v JEڜD}-qꙘ=oxzw|17\1RIV"jqߺVm? &tC=/7ґ#ѧ)k/'w(&1Vt37L*\ͼW\emkTFRl) x|cf:ǟ?,T%|a9]y4ZOW>a3>H:Y)pzj8c dt5Vhj)̻G ZKB6uo(zS'iujCϹ؂xE[|߭:FE(hµNסl<)\wbL ?4rlqo!5CWZz[rby%F%!30GH:k~yXڹ=ȶ9 E_G@Cghtҥ+,Dܴ[&Y-c$a Kζw; фWӼ5>+ 'k# !~_?1@cw91kFPqG*e3j5 La ҳruӆT1ܦ(P"7p|VWh22?rfJG z'xT@bLnSW~<?QaQAתU/$2"TO.<ŎsKd?/F[fqz|&zH0ѕDI Q*#ŋKka\~) w7#3apl;[f{<-[;ƿ:k6l~" AL/YaF ҝV`-3 >hۯP-e:懶<BA Acړ6Q>,Hws+H(~OI9{>-rOtSIʡ,{0^g!Q/kV'K>s얇#b;K6 _tYOgVe/њht`'`&M{5JB 2EّdW? MF(gREU$F۱L< Hc◊\+(d#2%MDg&GN@{N4:`=_jDZ8xΔݩ֭&Cp<{Zh*wpܱS:jbM{,$YEԑmVE@":hH(>:l;\n&5S㱊| šrMCLh"xN'x@C1t{<$M|zqSJ7lZ-RR5u`(sd7esӒ(f$I1jt~ښyȲ~E}X 3fR(iѽlk/Aob U짚ef@ԹeM,IHnGCsuEYXٽ12hX`TE0[09H<:[j]່4kiZntSq ~|Gt=`6PtF/x*m=<^)ɀ~!'ut o5r>Gy3g ͗PUwlDzvi댺GcKѕP%Lv qK*"%_2_p82gADFࢬuzzb{nG!c?R/cـ_ [|by}؞cHQCnh{B&nЂ\I K%='t)8 p6>ʥ,]|2~ al,XDC[āZG{ȅHZ%BLraӚuMjOP4߾9~4)%TWx@pHp?#də_X++ 78q{#ђ˕oO1Yc`юOX툾һ0C3i?H>`kw$K%:mlIn#Rhv}5+=FeE{BEb_#j2!vT&zX,Olp;J7H ʄa`!M˕J(h%i [Ԝ K_M/x>2{AV#SˍDws~r,=pjp"Q,bլ77jٛo!" }3Z8+Rq?^lS]KVu[_AN{״XJ 8e-ml)z&o e>̀2c jF "P$G:Uտ[ĥWo])B+@j,>7P+<|!FrT*P *idGDy"޳apRf dR/%c;obP3,md<9XYb[{@3(q]_[BtF-mi6$SmUapOSa4eѫ?~p.UYӏ$XX'V"VD'4 ;&eL? HG(!z\9.a LaGKl{2Ch?q8ZV!i+!a"J{‘/&*+I,KN[o+fm>#蘉} o>`d@Qǝ:7'| I&U0> t>zz 5Wy"8xoaf-1lA,v;bY_NLТ'Hi4XFnDdp(T^/4r}tfyB[N>1Vl#udTyriyf2Vh*K>wj }!Ź߱F^%D!p*h#@jp6@ et{IUy5RhR;,>k "-oNx$pR|R˾l8%߻>>z`#l^iͤ|vPf< *AcBWքfsGxJ,.lx+o"-CXLwyJ&u_</Ѥ+NSf m54$3VN7Sy1$P/D"erEW|qjG(1S!g`H9Q͂>-6` K,T}-@Q NR ǠB^bߓ0kWt?wJGCVR#`7SoF Q R:5TEZ#{5W=tpyq7sT]Hw6.9_03&TR ]-\`H {3PUq~:[`4 5,oeX6FKZme$9Y _L^qph^裷BTݯhE4{g~aD wDaޔPrenֶ^ aam(. Z3jDAYBH\`ۮKBxv#o4Q c]p\TX(0\H9ښSD0G\č-^~ظ.[<΍r?,nHZk&I ؠHH_uC} +9.+~l*a7+4oQ JnƁo9.# K 0k >BP?Û R0b-3zᛄl>U)r\KdyBk4q'M۹? em3kByVթ x>yl.LEEݶI btDߎDɌ9 "`ivdKW' |&ǶeihZAtr3+,%GmMbu 1O!KPg۹lZ/w ՇR~ƮrsBA~CoeZ`Z-MMާ`of!Շ{bacZbl'mrU`B )?2j"6= e}-Etk" \9 .4QxhS.gAl2Q3JK(]X HXT «J"v K/aV;e}l9,,5Ne]P\7O_;xg5ڹmE\),Ep)į)7ĈpH7W7왤2Wܬwj"6x.|<aUS}%T;jx;ܞCUxq-tαJR[n#- mu~vQDoe?;BlvU4 +55R%dv jׅ`O S3=(MjSe1MOozLKP2v3n-}7i暖!cnVBW;ө~YeU lFHQ9gǘLᎧ~*ht  uJ:T_%9,rYŴr˙e՜?L>LO,a3? ~~t)E6T#G[=dV/=Li>[g& mZŀ{uV)aBI/ Le:`ht@e1\&yD QG@ |+vS5Sr+QN4cҊB~lT(#pI? 9%kDLژ1Ԡo OѨa"_r ~{?"$r$BV jns0<ۗ)>u&$mV$g]DpTmpQ_ lXlP d&u?FB#HMӇ1G*ZV7O‘.vPu-{Kn@ B%0d_TOps`rtuoNrO^%ašHO&|Npˣ.c䳽muqdܻLJoR@WŌSG0ت~RGύpXVEHڊM":aJwp\7..orZ_&AhĈz E'u IKM2r?D 5ipjoޕbo^nǿt j~kKpkNF{`}T1~mg/;lO p4xr3**%P)G5Ol[vئ-`  Rн `ksxɭ͠?tvu>\9߀%T1 FV|3`UZ DoRqz G\.[. g^E\g D@th\rI u17Ldy|+dA2#ܦaQad%. olH^MphsHuѥ e4ՄZt^}0Nqo__>/3ayH-92d{-F/45E %9wE)"FKi3 HWFd=cj  Vp]w:Xpݓ *<+I߿xr ^ɁjLL@PiT Hv\B#EC]~(ܲp2x);&La݌}xF_zCC޻m!]kٴ6W%Z`|O1[?nonI) ~>U }dm.9MT^C$̘A{tVҞv#j\v̪Rc[1J~^o,I }nLҨx-SO^L_}&-_ǰ]$)VQxx~r BӞG]4 -[ X*w-ӑQߌ0ϑrBbXn 't,v}E)ͦwrk-jMCZXdƖ߳:^S2 #f'![pU!ǭ͐Ė"TN"2(:I $/_S6IBZ7YI 4QVG0GXf]L"s^ɭ`p{;f"0 >)B CFakjMO9"u* /U9/]ۣ4cDW{Ҏ6JQh5eʞnL\-ӣc o!v0(Tc'˞K xۺUԠT/o蓤.C %GY"g16tld~Ӽˋ̂-\F\F^4x5G4lSgA> ͦ@.9oEg}N;<]446x.$ aj5U1y&2drUP:~ǣ)|=O7b2 &:nN0Vjߨ}QZc<~ BoU֛e=G XEADdW#eږaT_ݣFujvHoհ8v0;r L6DF$U SN[ .YT#4 (H$8 Nq OAs;Q>Ei~礡2l+ ")'9z"5ňh3#'T54{rc8\,Ҍhȁ`ل-_/SحFv~Yy`#^P&8K;~џW@{~Ͽx`88 OԛzbgaKoE5 XŊB"w8/>M[6 UeC~Ki)av@RR;=՘s:jF/ȲGWnR#Q=Egw^|fJcWn( ˩!4.#z/=S[TCl_X !0 : Z=I^C嵉eY[܈櫀8RGq01cy]#lpqJN[N+փۋB3=KFbgD8wb ۲Sq^!7{ܔ89Gfs~4A%H>,Ҁ`}Ŕ0w^H{G$F e}]M3%pLG\Sxq!@\Z^7\Hd2iV(uir(^7YGtX\PxK.%DK" ԓɅjM^^(KW> >I!˶{d fGaB㑀smP uIXP*mHNt=Bqy٬b>=R"*#0V2)[7-d7_dx?qraM4ʳ\vC`ZT3߫L(R#2˝%:v>`6'UmDJ3uS- +ɣhRtE+ƾQ9".qu\ w(P:o˾+;Э-[AX_l.É<#K *f_bCId6_$.Q]ҫ,!\ Qk}s0 ~DE|wB*R*u\ǖuTYuh5&W[Tp9Yo9Qjy6X3_,s7AN'::/6HWf`oIHIbse,W{saY:w-<<ted3L_>_Y/AH&&2wդm$c˽Ro:[ TZ_K!ęUS1JzdG'19c$}R^s_R=8Ҁ9=G53!z)3w}wg+]I&L~&j> ;eA5eB} lZ=e+.NV0?K^2,t2hy3P΀]e:*mTC@F7 E1ǔ4B:L6uxGQfW%3q{hF@Wkx##ac򺻇tmd$v \8cp/ڽg$k5t,P(ӅxE H<8E۷n߈QHI`86ƥ 4t+lW7gH滲3?Wu3xEEo),f-Bzq}w)F7d$wUvC&PeVKȵH'D(K4FF3;^zT"\tri$-wJ:]Z\+ZP+p7J4@f%(9P Yd9^b۷loKmR25GSlxGڐ#3H88؞[k{_ݙۮS_FD\@_ E2-k(zMU8+U-[\ ^HWyK Cٽb &)~"r4՞Я/#4 һ@_lЯ "L\>p0o(7G3g/ȿ jFkio,m0xEdƳE)~6BCŒrt^[}Rx3uN܋& =xS^~}j˭I[=:4#Wum n%_'@M*t֪:Pej11p/)?-?޳OaZ: Mtj1Lz5p$&~ CVhKRtsK` aķ|W,~q_]Bϼ oϨAݙ$~b >Y~:tLZU |rvX4S1s흊zR 7#ܴjI oZmT$fvz|J,B*~*B]Qz&04Tb<%}hdk4S|NիB-Q+~S|EALD.yWD@RͦⲅMiAs_BP or-v nB{f!ߍeqh\8u}2܉xa`A O[gd;4X8Ǣ 9Ȳh;!koƘ\IeUS\",u cH-]蹞vX4#u'sGTx*m6+OձcDbAU[Ж0@b9K%|{gqV1爐ɖB%<@8M~=3{,TR"3$ͲF~i{+yԴJ7X ^].)'AGQrUXѥ7@4q,{wPeb3J7Pl@@ͩH]c55V{R[/`'=q`^ npf)H< $׌a[W'2CȒ?0 }]ϟ/!!PĺK*JxJ(8bOٺ-Eǚ00.G(VRkǭhatWk[0xȩ2+=ylм);M KJ]g=6ZFLg*±I Q&{sbW{ L%+ir)TiZ쿂ĸHL5iODԆqU̸ ~+rY* Se3n>9,J whjAZo7vRq{Ws&5;|T&\re74;%r |},d5kҝ=bı! KX#XaWr n'sftd/k˘o Zԡ\vEaqFg澃pE邫Uܤ2(ǛXrھqrpZ\aԺEp ZJ87ßOeyVJܐdAq]$lCu .gqO0`5%`V7}FN 6b>Ҝ-n8o 3:{RcPWYžhafl\{ %&vkѿX&ܷ<2}^}T\_LfWN dFyD>ًwlMo}NGԣ|_#2S<?zj@.~IkuL<*f uDf*0H<<~ 00Sd.3ܘH_vt bRyr='B۹[,5vH[:d퐽}m} 1E{ 0sMpO4'HGu3k D*^L7,՟F]>t>T3t#RBYz9lP/D]TR9Qi\,$@yn䰘`sZUGܑkȁpX ul?3mivy.[azm`#ӕR]Oaג/.}͒yn.GU#iCط/\nqáA=y[~S`#B\čo@`P;շwoESq(bCu&͞R*ޘW⟤Q<;:~X6}@rzR 6}D9 3hDB%%(_gVp>Ͳvw}qɑ<ޣm #b;+ɒ>aM'x` AS sv$ͱ+嗻98gSjBၴQ!4(G7>}Hi ,U|$ͭdZ: [~)Pd\,i (ziNZVA[߲ 6ҽ V/֛߉0*Q,Rݱ[:}T@ QG)Gz)["Ы 2S׈ʗ ̟mwjd o6],) h%SB^9]hdM[ /0O) Ct@쁍h- 7(',f PԨIJ|:V` 'ABؕV|ʱhʎZ cխi2kusJw RB,2Ed gzКmsM 8)ZR0("6ejHN*|qԲ2ILPpN]L>a&ҳ71Ъ}2v5FlHMFoSyX4e}(RQS,uw&n݂K" QUe ^i@Z:"p|Lyd:4zq ЅsVyjq WKJIcl/ V:[rﲞ@7|&]X𪔨40p9#|:=چˮLDY_wLNN;4q_g ^MG?Ή]E#:D7;Lʽ{Ƒ~%eG^CPgƽTX*,OB9f؀_6k'PiB%`ֲ}姓58ceBG)u7gy?\D~=p=cs=Js:V,Hko ؃{y3ifY*KI-C2Ol-~pE!"рu;%x'](2,.z~mOAcDY([x ]<KPwX*n78JU0}%$Rr! }Pd[zDIy4AUn'x4VWBUS:sNeWMžU-.u ^)z|ssyzÿ@oRM{,5|FOoeʻDY5PE.ahvm M3zkٌ/z|9?AMNX(cރ)юR4*?[]R}qxc;UYU_dWx\3 P| / A<.YyL%5="%G2&Cʠ VJ[]~1e1MrGµ o.tE;lԈ !fC9kIQ?Zx+.S,q<9s$-`i(d r|p*plj[%qi~rz cw>kt ӟizkn- Nqh %Wحwa\W)`vW4PȖb(UcS+qB)z1ܞ4cūvY-p͓0606' /)I`ӌw[LyX Hxq =)@H K T@Dq4j;u'D rmQ/?1h&,B/L|W76&bew,ף7 QU؃OGRLuϨ4uA k6{<&,`RHn O$X9[![^]DiF#|hdPe8k{d ^m_In\ڠ"eP ׁQAF DAHU.?u4ﱡe~ybo B4B5=n[1m2b'hz= rs% kcƓÁHxqSZcW$GpW vzekDDPzQbı,AtmA ͟|Cu ivw߬$iAWE:Zp]ȥF]hW \+BsbgDq]\TiΘ O>'f\G9yx{3u`?),!o@\W g^3ox.2ĸI}y.wc*ڡ~#'6ொ0h_JRQC[z(k똫`ㄲй9sh $h3ߤbr$VMsQZXBʇ1nGS@u-'&Y Dgi @L`f(ߔV˪iP{CӇxvP7Drɰ_h|O )Z/kgU-$ejlۿjq2&>8{`ĸf"3kH*ijkRZ\ܴnCf9Mr&]HV3vHPm06o|/cYjΘG57OVѾFnW/гi3S'NMXx:Z$%cb$ 8:۔_HB.9GW8TNq\RBgrm@))z"ݷ̜״:&*ыkf)aM5@EQ).O=^I1 nDNpBz_[eBK v/sf`&M!|la™/N/.ӨSEfc]R=ov) B="fM_cֹ<}(JMHLUZmj+Q9T4F.:0#Ā|ICņ,8|RRv8jNB$ ^W:3keVԑ?ZM):C9rƠ ap Ǘ -ok QG>c)SS2zٳ) 8~yBʙU%[h45t8^bf݅Y%Dz c;J)v(߿Sx[ 1ZF2x;ܔk{㜷|C1?Ѱ .!'ׂz> yƒ6ch-X^91Mv8 ,km߯nP|<w$XޓjX 6xX>HXB&~dYȚPTSskO)kǭ p,C3ls5;F ?Z|'_[JhJ/&PU$&FݨV\ :qw }E>V5fO#x3&S)n0݁ZMoR= /tt98V;3KSBA.Ꮟ;E}D>ڢ/g;X^cavc\,RpVac~Hd3j$ HE C"d.hİ"qDS_4sdBNg-=Þ&MO$ЛMkN!<@m1˷}*v,9蕊8rSY` D J&̩D~M؎%|/.>&fw{UmQb#1M{<auzo/RewN@1tY()|X}g5bGŠ>>D Zr3M{eԋ%?H[kXѭ2cMwܿBY'"sG:ZYKvh=pd+y֋jN'E6ʳmA̩͘Z?;& ZFzپ kxt5! ~:tDm)zKn+MΩҋ'|_%7O2 pk(x9%iҝSX#])sBhŒk5_@ͥ8O-f_I_M7kCAO7^wW&p=.H%$H2('+wd\P}ע 5 ;dQ)nL/=`" .Q9UpLj+ӢGuêm}QW~Wi1+͋=B VR4+JvX0nP ga' $Nu2,?k}S/lfߴK9 =eV{fߪh4DqNJ 7 8>S};\º(3XAy!S72 &#> ?b^@E陵Q xJn4,-{ªlfp+ڑjf'Fd5AsAҔ."mܷZifv=]B ==% &hUg-ԣn%'$6墁V*wg {k&ӵs@B|C[-c$kqJ8%ES2M8W'4H C~oO)(# hgMRp2g G2I ?ܧ; g}kOLY2ذnBBX+Q!ɮFC(,' }P\$%@|g3$F,aNXhՇh[O!VvyH|`L@Jw"}qƯCŶ/4mPC|1J,p)vquFpH- >&_}Ó)ךeu2d$epܐ_.KZ{-ǟ +&ʇGप*g]Yr=GM.Z&PMNC@sHZ o1ܑ^?mlsfY>m# {M"m G t1+j3&AHdЏ1v~{Hiᅙ1ӪR4|DG$,}nj{D'ĕԳϋFd5&AgOVS4|0_-t2dI {EgMQp>ք9Tpefw d}vljW(ն6?¿Yj&}Y>\X J)o/+1Ov# P/i5E%Y}PcE"1^dn{C gi얎CRMC֬ d<=NH{Wr&I؈f@`y+y/`|GM(|?"?%:#ԥXQ'i2?~S)_ Fw PxckRque,Ss Ldy <*-`^ !v0-/tIWyV>gR"8J8'\O qCPOŋ.!+qm>AL»Zsi Yvn򆍟{x a^ kC˫BD cPޠHp9YOy%~$ E3؀|(_Ȩf8Z(jǮÏ=Lnr=!L7ǣ)c 3c JԼfNP:Qǯ=^yCzoB@lhA˳^[cse"H'8zSXf'&HxAPhm3VbkyM 0! ܣew_w:^0 {#[ T&|/ Ƨ˴Ku Uwʢ.*ƍ3B`-2@=٣!*JL}+'0)U G⭬m<IG.}?xKfׄ!Jְ|a g5AlH?ȋOv܊ tmJWA@ݶRgjuu-|m( $B0*KlxTK:~.ԯ9>qQb4bd8λؐ%HY7OzM 1+go总{ܲOgZ)348 Y|΄?, OڂM7{!ᎋ+y2찀޵Φ%'ygd鼃*uÁF|.uuY~831"y&`{28fGbIbl4îTD*#y}0ı^ y\Iy3t_F& /&#WʥZؗ t/I]ɮh+eOŽd Ī.+ ﹙֌g*JyZC{`;KteEcrQd#F=C(*q& z ڔ9 |)mJn69Sڑ!s(=G_&wR\"pIqaP@0|E^[WHK. =/( SjHz 4DFqFZl.w(|Bv=DYpQ5-|e;X/f;;L)N><,j{> hbM 9s iysB 5̀),,]TiJF赸ϘQYR 3tǓ9Ur.5%X1}!Tc6Wޥ~r1,^-y1 Gn:Dd[CF$9s oUKى ܗqZ``HZե-V; \˹ڔc_E#YwN1~Z/i?$% QqHl@8MRqr;JҘ z=>*&їYb0Sm"֊]&\H}0`m' T)u?O˹ѿ3>0 w^́05TgF Sa犅K/$z  7OU 8B*Yf!58b9(fҫVW#«.-l5õpG:MϗB s F L݂-uc̋8C{ Dʵlq.~F[{*C4Ў)X.0!SOŵ|+2]Tt/!3H-Ҩ&!ǁ4_[i ]J:\< g-֫Tz+ TĕYKSyme[2lT_.j|՚?N>=Xi!S8׼?Gn6C%*DJw͏_B&zq {*w>Ogh8k\~ȵ\ֳƎW'!Gh)jzx=/4N+FEhf*𲶒w-h:Gڒ:oXDvߛmI-i^ -к!G"[&y_Wx=t xCds4ȥ^+K7"4 @f 9! ֐L({ڄA+ WwьTQE&CMLSg9Vӷ) ~Ū$v5N UH sbQz8|%DVcdc+ypNX+E߰ܚ<_A?ڛfQ4v)Ei};^fVe69f0UDmeZ[5y񚃼'DTL̴i<ը*ÈYV%Ǭ5Ru5j0'tοi.{^``)ÐR=Δ#,N`l na0wהß1#A.B-̓FUs=9DSf5fYh*`'a_vT '05L{_Ud:;W Cվaܵz:V7|qE%BQ=gsq%DU8^Iv&HandAXEHnJ]-{?XZ pRj {tJ ba33ҭG4vD U{Xx ,4i 6]RPob|0iqכ `5S_8j4 pIth`N5::f0Q~6H|T8;66? 6]jH؉NC% )Kf"J*µ7S쓧LSˆZ&BLzJcEc/%Q˧)gY=kyb_Y⛈0ʗfMG^LmвLTG GV7d `qc&?I%ľϮ<ϏFC֩-4!weX9ȼ]xf-nݣԥjn_@ȸac#NGa? 7x..%>Ǽ 7v2޺FWƷ s DžۼMN Q܅OJl*?2jۡ]0\TP? Y= 7 SUvGRWZLbQ+oI2rx[ _!U&XOی앜RuMwR|Ygɵ0{ SَhP4-o5h=ApYH}_Sך11ӜúØژ-ݱY(e E lNcd#|?:mm YZCx$uE8keZOH3w/l"*y!/7H#X '|Yu;cyI_jPw  _tuxY#ƿNbCE҃8`;7ɦg J4$+~;V-۬Ii[ys\D]/ƋEǫ~,wc(6[K _.0[AemAIjAVm8eS\Ș1Y${H1Pb~ iJФT& DAm@p],fdvTyuG`Iy[!s}.mc0.d bĘ>?r.XFݗOYnwUUd~!#{+u _}`SmO#T^*w#LQ__zjN>C-m>4ܜ%f;<;֑Ž"s2.OKq+ I3{h@ K4rmsttnn uپ>+7wIlZpdbdIq'OQ[_qQ>ɗ5y;dv*PN겍6\]*V ZƷlwt˼ +暘ڶ>4 E2%tO1k2? UVmb@l9ئt]7ɽuSգ%3̂A{˓#wDQ,u-<|fƺ!5h>(98qX{_n;tک#˪QlIZy$u^i͞.%9g| ], -jn5) gS jN XnJn0z Hytbն!o~Bv)xLM;=S/=g0ʤ$t!ِ`5:Im ÙnQ]V.Q;q q0rm\e07,0wdKNC|˾6?}R7V7n9Q;q)$Wg>X3^v(&E/LS^$ W&ll9Cj_<О b^q`]G50: )ڡ#N\t/ı(OK#NRV\ J:вyRz+&3@P"jG{B\ۉd߾H Ju#(_PB0lF4v:%VEKc6`$IeO\0f]|5q4H {v^&VBF)_#!s&ƖMWЋ8~X`3g+MO%=/LX{Cwr qbѴй^hxxz>Gꨭ]q ]y ر"YU,4XD/?`SV\Y%G̣Ҽ%AJ\ 3!B{]%v0j;,57WKԻFeۛ#iG4A5tiQ>|ゟ~p#>go(n giyQ>6W-̵tBg!'a@$\0K͆HpĚ%2h x^:Q[ OpN4d?| tLХv7XeЈal>*UZݴ3ʒ;OkGћQ^{K}F8x[Ѷ007A ) j7?~0*,\9e:;%]ֿEX8hj~ dQ8g+Kw[4x5L5_.ث^ChZH 1'}\6DM'LَbfO.ZάaM3eCA:#a5':O &4EiJSQ_\ڣCH(KOh1 m!qv4Lvu,D4f|&,8u$~nLITA'\Cmy {m-AQKD}I]`h9G 74FXQ<2dHFh3nfjuNu(РIGiS9#6*U]@ycdO| _z+Ʈ׶/(xz8$C -#.OҀ6M@dNى3wɹ#ֳ(7Qm~shsa$mۂ tKNED=-SW˦tI"u+ɬU!ĸ wƒsiPm~[42IuE^ TΜRH2ZjkiAF(3T$@3!a;w[qHτ@&oF9?ڵ~?Md.g7O:_Y@Yq=g];]pz`XOK߉@)<'۽)IlQ\L۟SkwkjOQ{+ 20d? <"݉NB Y3հP :CAMQ`9?_UFgx]܏D!4V]4w%d|, XFh԰OZ1Z$~ۼ=>^w[+/oF,[bYimg&vݹ v~ϵ.֝ϕ\BFrO Yp[xIgzD'<|e#dæ.gJ {,ܜNY]R)S#\Jrϐ~W-O=^c)S=>xv>iRy[@i}w615* X#! 2{x~LDdع vBO'/XT̛E`ۄ7¦AIW@s=$;!5=sqy֍'\ª%ir△7u1sPxK~ : "MZ tX~' I#pp輾XSՃ. JWN $^~5.<5O1d5…Zd*X^ Z?6xqMw)x7hD4^ nڹ/лm NKnp̃˽Q+2\$hDIH_}f7|Q9mbbwcułsrx3+[PsB?'eU1*'i8qs]a e? ?J/F$u MOB7% yэn{ΒqU/U<_NMkJڙR^Eqק7 RObIK+J_SsiiAC *[WF=VEPB@ ʴf җUG5Rl0zJr=OL8ͦtkP!@>RR~iy&Ěvjeu9! D:u hZ0H?W:܀ oQ4=''BW^?14-+a# b=)QCtL槄H,`~`Ѩ JݴaG|reWŖզ/Hui󕗻8Rz&Svg^~?)/m _G[xJa/8t S1*{lƆ7 (;jʋ뻸WGv 156ݻ4 [!՜ÈP~#:[eS!CKA#xe|_lol+ݹO+$􋹦@E6 x- zX?Œ (>&@HD~MguJ[L-ޑ&nڈ1l>bd.{{1av+Dr2w89AZ!QZ: d' +4yЪ/F$ŏ/^:Uß8&UVҡl/u~]aLKK9ئdɕv@RYU~YIA6 f1]G-m؈Od5) Vغv%[]HRc+KqN7wg7:m- % ",9+?iwO#Ѹ[ 9׎g^S a;51\׆RbPbxi`5`VFkI?aWb1Yc &F!fXZyFdWj.(7X[ Y^&-/M/I[Wcwұt1XC\/`)է~H(dcE߃/ȸ?@E:5(|2.\E4Q2 "vrR:bi"nMWz^B?:<}N_-ooIVg&.3ov % ɓ@͝FU_ɛ1Od%)$u?$;ME"M'9'S.7<2_8'7 ãbWIu<^tQRX,Ƿv_,a.u0wb쯢⊕? 3u)aJ'ߣ}18y>hڬ~ _|Uͯjje7lhh7^1A⫝̸sQJd%V[6s[:C,zT?C6A-?q<2&PyV$MM1ɝEH>OKfBnFzE.TWK$\mtpC`<ŕ9nXnX&#U/NމF449I'(=_m-b]N'dmm?]_q9*3 G3.F G7PD}cݣ^S4/J yЊ41{nZ2@i5 | Zik]eM6j2 sf1*d)ѢŚ:@?}lfeJނr:LdOL67v+~6Ie6Swp`(?J8~$vGNo3pvZXBQ$ԑE7ڍѽuc{6o5=2YiJUASy%0 u[g|6 WޚZ_{2 dG3xБ9w<1)2164}`uM =_Cvp䓯zAutȃV 2uw 0?0/hûݓ:Dw4sm[Md"k j m ηFHѠ,RBzsGi:ē$#+&/ū'I A@ p/>i'iћ]T7>{97m9"&sx5(pфmK^F[6/&i^[j"зVQ'2g 5;5EӂNGwޒ uz=rXF1a}ۻmft>AFכV٧N%>J" x`WWDŽD~-hU}: ij(>993>~=] $lYىBW.74c縞j8| YdTƻ;h^8e\W\djA=YCPo AӞa<["L>fi+ q݊JĬSb$`aŪb  ˴v͹ۍ] %:ӐIKmHU9-K+@?Eo~MRI!i`H;}IPg[u+ݻ}T3:Sw&$;$V'{W'i11߿]J|]hڑCCFؾ~qHS0@%D$9)sv ~&d~ݻAJ̽WYIX{g{.c-J&+lMY \017LDˋ"^:,H g\Iv=e 4D%,LpبՒNYů٭e1IB]?fJSUͦVs!K/h^Ԙ4 I]aݜ9pUt^C\ߌ'0$)6QKn$p~mh^55LS['#iSoomžF9%`Ԭ6QŋHG#(\;Q"1ٻ$k@^3lI+@'",˟_ DI%ҟ3h֝wsbjv j |_bv{{Y1j=3u RImܗnj8B^ j)," nS &+c߽{aޔ; )KX :)Z?H5pC#+V;tG>,bVI!AjŽ (7 L uS%(`޳% ?nfXcUf#/TZ щ4>L5 sz~L46 wr,eiRMίsB䝰y."b&By[Q9 .^w.Pңp0j~-> t t@i, !4:-p:czXGOjkY/_U0Y.A7RQ7I+V;Ȯ]qfJƛkQyapʤp{2/4ʾ9 c-оYt KJÒlږ* zʲ{i*x%Z+~58FP Ӂ8=8m]WcB'n8`T"aR7qI'o~JP`W |Yk,V┫x :3zX+P%Wd-tͻ]pt[bI<>#nm%C~{y eO 4Zr$89q$"vmWz*ܻ2r}F?Q+51FiTL<=kZ,87EX䱥z7${[ސ,hT䗡HTS1H@"%_|izI/*:s^f'#Q΢zw/pdleL%L Y(m1v+g ÞB,H}uAR?n+"=FĮ2LY: yRP~8 aax8nCk> 2[g-bkȍJDE{7=Qܮi$[jJ/ơ6Tr 0YӕíK_-i+Aj63UF%NkDZfcef2i|ײJ4JI1J&L[q4_v 2uF8,!ϚiDu8!o œZ| "i@NJ*1 ."R *;mp0 ,sQ?ɝnkIf-4b\R3`!D(`~!Ip L ~dY* w q;4jU"Cf\ i~Jni3'm0lҩ^۫{}勭\Lo[cWf$ ̫9w>NjK|NL )zk}[y##!yBӻO6L{],;۾oM#j|fl(Z 3̧fQFYHg/"zRΏ%P0Rrb+{jQ^ۚ~ "Qu311L*H,EgRkgORZ0DE#EIJxS8Mi?N!㦾)cB Oό;}3c7S:(P=q38 SgzxϪw9<)vTULSP񸃳?/vf芾 #d"Bvy2Sχ t^!ݟHyEtTtӾ}5 ]؄! Q9?;|?tfLDC/!hǢVn&2Tub8n~ ~mUJU!_HxS `k)n@'v!fTצ>6U$<4;Gڹ)뜓z3 Ue+EbͻfJKlA#ѵ6GlnJ7cMd.U-2f"H~!ݻu#;`vk>N EX?Y\]m}.I:sўJ퇺 a5¸ڀR W%BmBiƺF%h >I&vF#Q3v=ePtx&Ysx͏DU( eh#ۨV5=#ʤ_7䑐;bɡ'y@1xi&:2;c[nvG~k(by"&4^UWs@'Ҩ.T07пB_I X *VbTviU^ /s',vD3E38(uQ4疯'|Kf6 'Sj(r8^21Ԫ-"QDYxy+"?J1j/%'`cKgu;3J Sؠ7cA~w3bXjG7.NJ%PZlwMCw5q N6Rp "'؜u:?˟t])̋X ':G"lΫ:Hx9wYeCa'g=[T6SG$Ob#muA^STϙmF'Td|V (ѰvMc ȉD@8k"3~%d@3򁼽۟%|6KfGd`&()z Od$#uQ1[ͭaف>aL<@tAIW!I.,nj U( Ùn]~p3&^Q+QD PҾ(m0阌]JxmSt"uJ]="{S>Zs-ٌ̇ĥߕoX/ hkЦM3PoN=~6zLߏM& 2{yF~$ :B `-' WAKѧ5+uxI;;P0gt=ܑ$\PS\&mbe{z«> eSg_PE%h@͞89MvH&f;!:O7NLdpY*]͏NQrRU/m*tе] '_8B Myv\pXJo]c\>$|P _ HRQ8`0e H6Cz$iJAt uZ\J<}Bl#tcS\ne<$U}Mim\|a֎fKLLݥ .4N ꮋy/b7 2_q;9 *9}z먿Uvv "T#Bq5˪=@bi*ΜqGy^KƢ >7Wfciԩ58R=FldDad)o6]1-d@5W*PWxoT=Y(t h.m e Iُa1WQ] 1oC}C9ΠETGqMeG}Lo +Ly@`9cKL"WjafƳC|g!1g3.hi]-HEb @pl1.Z i:BGq5t-ha3)7\6^=ex? dըÈ Z>{'iTMZp4UD7XBW.'CƹE&-@k{@)ǜ1-vfSޚ~=Jٻ/G3m de]P/E֏X˭ɕ䝭 [`cz s[GD9E{a!jPۊh1#{5eژWn`I&hj1]=2EWEԕtme=Z>^5ҀlhnCB<#6;۝?O{"m7Zx{ǚ_$ ;!ύ2_= $?V8Π*/^GXHד|7g8fxNNA8s[&\zT.oK1ď'*iT)tRYb]N-",x I.՟"A 漪8vG B1s%5k#:>AWJKa/zDg_r$聺#&Zy=j* +o5#=V甲xaXBu[_$0={ZVxs{m&9[%%*HCXbKS2MOli٦gZnm/F|4lmufBJ$t wUғu΀\ߴboM|]b0?B$3Jn@{x򷈮O:3A\3iIiBWy0:4& \]ŸČ`]W9Qb /C}ON/f:e2AJ adxȌ<-U^?q-NsQ5(4`_Ct5܇z Ǻ// |KC)IdCdX",?T7!h-?k쵁*&TW}0N"ϝY0&Jq*s!*#:\ r_]3E 2).)R=!J&!-~ UĽ ['L/gzӱyN'yNLG+v[BoX֗.e$f麀tRD$žKm+ncu lc )w.`)Bθb|l ypc:V(\+Ss3Dm`/.O{(vuwhma?^v];+A3.ߘ=YJW!JL[+p8]u$8"NȅsFlb/b~ǧ Fʝ@jO|}dfx|n`DB0R)r=$wx&#,WK!;,j?{mc.f*oIhduz:]{rQs)'9Ӊh+ F%bk-wxM BcS_Yzf%^3*ԫo{ ZӖL>zZm8Gks_Q,- =wQRi$ޅ]Ƌ$]֊DvYg]JH+=-YD{A`uEB|L.42R xޝ3u5:C0=2#E_1Q"<ktx1!21&Nt 0=>ϲ2(Q0"vʅ>IkaqS D\e'߃. lȰ@/<៏J|0:q|Տ Ѡ1<.Ц)wj؉ Sp>"P-E?^;gî3OV8\L`(B 'dԼcim!CU fFؠfBN=t/<*A4M\8i0{gN-`,Z{NqvTpqEFjV2^s\6雅4Qj6Iܳ]6[!:vgvWVChp,+Z0 *u@P1X%Ș`:S^WSvAsԟEN*cВ)qYvaypujܷzD2NBXDi"4saL(W_.5@.e'sM|ϾE?CVȺbu~Ay 'T" ~S/J (kM|hcl"Hh8sR&ir+ FSV 2_v uR캼x}Rj\TA/,w)>] c8Mdd[9Un٘_C3_φ>Y-0pӛO5μRfP <`1F*ԉtc"ˏų2uuW' }ՖEո߮'Yj0z )/5*3rG2 ݠ< %ct[w鴹~ ~I& wQP bF9 c 0t^6|D3<ƞf,ҭ3]fq %cL,q]+smBI_խ4JI8K7;ym UQ.WO$ys߼yVn0-+˱0ςջ,K(}ܝ Z>bx@(zLrs3i W\vBA! ~hTh}K}H _y E`oJ tᤎųܥo;缈 (]H "tCI`$f0 vT;Ѐ q eD$||A._"dL0TwlqKVC9) Hj .4[P-Z6dシf6dJ/6oJCڟˣ<ϟ ;-n)DSeޣ9<8K`a0\ DуQrQe땅_ĀCʽF&h(@@XO+U& *lXdY*Ҕ~`woCGEj[;̟M%D }yO9ae ImiŜɌdTᣒN`a*# 70*~ }|s-*qCHMb*Gla1TO*?#ytsUvL{9{nyc- PG@24́6FX»CZgP)*w@i!JZ@W#9BGmW5210p1Y)8#<Y{`v~S#i=Ȋޒ]2w_BagaLDa,KCO/Ī$]~$AGw;YPZgoy0sTDo${i * M;Į4ڀf/&ΧwqǛJ }3WId1MKh>(].zf>i {_pI3YÑ@dΘ/C Aَu8pSrǬ(IN?4>*WJx4*s'qb*ˁ|ؓc LE+m\SMn?;z1Mc)b* z3n=8/_F{2ĥQlh;iW$ Iu{H~ÄZۡ↟tUw=:wR󃅧² C=~^KF*^pS"f3NPf,AO<*PGzVrS`lCFN33\XC@'=۷s֯*)һлC7HcxJu!Ojw\zsśvOst՝9Q?Óя0ؠ93~>#RWTcIT 8rKyzok?/(c \@-2lV&P1SĦK4{_j wʆiA9ja4y&vs||#EqqEi}nc43zV\K54[8(PޤBm/S٨!eju =B .fAd뻯 !n7eHBZ!  l %,B";MsVL-ভ0n0hN/Ե@\UDt;p= _qQ<2SXo ZrTY:1+w] sEfuMH{5W`jy:Y>:QJ*, HCbC]Po潁>hY=ꦮcma̎0'ϕj@ݙdb=n[a;y[ L> }.:ʶ"K][VwѹJv4'zxW(ϳl܇@5;k\_0zAXvRmpUS9 \AoT6%bQDbcq>L9rM cd򬑂O L Ÿnk])7+}O[is=X )8 $-tStfH[+%?lPѭTVF ,\zpi|U]Q3OC3g3gF -z,ONjM5BRJ1)-Wo='*eCMLG,FȩE1Gm3+m35<2MTh̯(NNlB]7 =_QϘP:gLKMߢKd)$~5lMFmȇizz_,0'KE ,~{9ҁ;+7I% հr 09$} u0\OSBUNR^3Ɵ\t[ѣ:֕@; lv_oXޙҶ MOhZmvxЬi|EPStm49zZšJ2ِఙ0QL _zH_69UB[aǑ1o,x]pjok䟡;\,E_hq~jȦ(/9n|po2}c?y/u0Y񝅮-P៟ Xi2-Ls׹7c餻dzSߛ*Z,@(A{ ~_ѐRxTČ/1&K`\wRnH4æJv/,pEuТoqLrq4T\,;[)1}mŤJBtմnkCW&8&1n0{"%'}tjUJOTު]wu~9< ǔ=̒IbFw׃WT=oŌVB5 ڕiǼ<K)rmv]P {!7V?0]V~u{)U@|345' e}dP|{S s&]跛 8X.{33F`O$-f@㩳뺄4aQ 99>[7W82L9z7ł Dϧ<;[w5,V>cbrn }JF2*(Bߧ}ZMwҒbZU |.dyJmg⸎Gy2ɮ'[,~(!R58^dw n7|W!%y#e}Ĝq,ХGo,dNF΢% cq~|36' FK|H,Ӱy`vH.˦NnBv 30# M UH0 M6|X_\(儦Iʵ>XIF6B"؉ ,1q ;FLXSJC-L AF)'3r @ä7w'}N2yɶ6ȸIcϜUҗI>K; /@HhJS2[bO<#[^H ϫ`Ԃf1uvmՋ鱏'u${DTqljO fSdi'hhZw_l#ˈh=rg E6!K`jMo!nTz*ܔ.0m"dzCndO=G啱1_XVlJ_ _?;#ڀMemjlׂt$pцۻlҠZ^,5Y]Kt/wok`Y5fgUca+p"p1[ rb8U$uѲz\ƌ8Y+ wWۭ`-,JU%!h[\k`dhagw~>CuRTCZ F;Cvv`J#PP<ɗXf;Ī [I$5.=LA%K3n3mܖg# Yy1p!~02^g1:ٱIWm  7isPM5 py:Aq?bI(zWp~9A:S-.x+yS(o{O`! rzZJ{8*6qAC[99ɜGv0%}je|(W=d}Oخ|{N3jm8+ g,(^>yCR YwTu޸*Qlँ$K`~H=W*잋H,k'l|_NV*j|7ڇw[8_\7-'ԾPjapZeƜrH5KlURC/ !LsŽGuWڞ.>E 0F+P؈[c= Gg4/2ZDk>@Hbj5"bd)O෧D7ǪA"jJR'&k sr yK8z@e^(Qn>(Au\R%fA6t /Y@ & ~0_{ݡGì7 +⦸4*:$BE*uEk uL6ie`΍ hDfnYG &r9_mQ{H<=q2ow~FXPlmtrWIo# ǔ5|yQO>yϴKmUu gEG:%מ! fVNE\?6I@G\ɡq8]O'6tYV~;*HIct˹24}[0ןY@PDF/v/ K\ƨ[-ք_n2/$t$A=hy8QqTg!q#iO#^ y"1֐d팜:1eZ,ADE(8Y>{likaђc#$5 " jiL<=y>߫Y)\7Y@͇ؠri˖6kf+*Y g߂$nh S^=|NFi f1Wg3!Š"nyX&n[$!A5Ft<t{>YMSs _6͸ݿ^0AY^slxj%gg@S4%͆Ũ^tiFL1u/oO2i4 ooc{*J̖(@APbaJjYz!XoHt](̒4L 4g,aB24cAMX"3u; 7/@ֹM(N6D*'59 vQW1y*(VY쫜3oV_ lha) (C8lgQisHAK-kڲiEd )u0P/BrٴP`oadrKc`<^)Ƃք%p@ct-qwsҸC0,q5%eiŝޤ6ltoEo=u+u݂?[).hndZJ+Tr[ۋҵ60[M%LN=C{a+ Ă*kOp}{q\}ܞ.3.wK챤o[>cTymX"8 J9i)Ʉxx˿MZ%ުuN m.۩Vd]Y#~ashhfSXQ2ax'9m9$b㫟 s |A7A?)w\niN>Lgg!,#PJYSqdXZ}Bn(B>6rcC8 hź%JicϯB<z|1+;s;EcX.?XaXƱ"+Ƨ;DuS4(}"AQ~ =]#aH7$P˺*-at`>)W%*HMKһX>AM|LQN;<$U[m:;<:$r/2L91"J_58]=oߦ6^c::;Gp.fn5J0yzj\B1B>䭋+|`BdB&(n'brs!iSHg;8o!]ϡ>7-#Y:{g%3~L k"NBK!z{bi[Ao W),7.~3IZ+ B߂B# g#o1D3]'o$;Pк%3Ȥ9#zٶxj;!kY<'yR9i!6h]c%/JSr /8jt ৆X>d%-圷O|E"?V){242b4 #,fwVq-qG ZT J 7G[5 *"_(v+ ùi&BB3/a劯6vnɴ\'rxl1Tf :CtGG-k)jMTy ;3w q:38=Y+l!J߁$8vR2L!/*G?UNlf=SR{,S1[ WČ}Bf( UJ(ʜ7_UpYAG0T ;x'{[սPeQ羭F/4%n.EL+pb K8_m`syYː^7)nZ#ɤ# <"^Ӿ1r ED  uv` _<8xm P̷U=<^axESgwn=SÆku;%/ ?LGkS;F tg?LDoK#n ͒+kF*L>YQvZuM(Um `nݘ~Y'gg { *5OV҃^L_sf*򩣀YS0Z'%[ <\}8*ڋSn%< #H/@lٲ mYMp60@Tc%U6)"= [)a?#&8c^cTČszq(%S+zo#D4Щ2̉7wޫv@ I_UwSjG<@5#NCc+2~=[!hKwb9COfaG!{!yޤz#m ^ƒy<3^)JD.ʮwwr]-Ydܮ<·D$5{6騆b@x"dFE;y&Q=汔 ypȜ^oep3ˉDOpz\Wڦ|h*9ERva#Z( TG%? +/;\Fgl#{|5Rߘ`]x(C"3rߏcѥ5ܴ&qOA\6sX%& 톑O/=ro&#И64 @ 3Rys.p=A|d' pYz,R<ݢ`Qf[S̷ s<ÞZnŹ#2PbjҽmruPũG 6Z撯5*p": PG%RmQpVprp@#[sNC,ZJel1&xZq' b`V V&и11} dʣ'@zFJzHb))I懡ɋq!^<8C5ch6NEO7VXEGm:D5sJ$+.+X}K"o {yA&SKtÿˑ,!(EUDlu.<7'UVF/wq?nB Z˿ 崑mr\%|y.}p`wlq*h[6ѮW {࿠؀0GDId5vT`=++Jn(0͋Q΂YsEٕ xM|*rY P$ A6,~8_ƿ)VWc7'gn""و2Iۂ'xɾM@h=4߭amY*-f92v*aߑC}{-y 06j:"b 汸n>DJV9R0' D8q]BJ?VJp4vWDvˬ'? F%A5ᕷwOopS#cb3fymNqV*u9oKhfAH*RyE ((F;SK;Cz Ԑ>ΦGs'Ϝ`~!"1iqfǘ^!7łNbjD'A;) ApA`lJr|:QbVtR5WϾh&۔)rD?ԻuVϟUJV}#ws'WmY6+V-ITI6pky"R@utR{(lJ1t@@T+jf nm6T{580@ ZJWc"-L I蟬 d$~"10j*=k0ù?}U&<@5^of!5Y;0060%!fk4pz\g9Z|@r𖸿 in6%-#x8@z87i=~Po}F醀R[8 v TA94vnOOW;f,xuM͔9w< u5 U't\ hl1=V]N/cQiI #)*1SUäѐy(GQCMmZ2ȡ튉+=LNnHǝ')(R ړB{rރb{-?ݤYfU|-UM7> QʰX q.uQY+L~W ():$ďZ<2*@2Zݶ 1,Ƿ5M@X P$ 7݉sy/14 -bG*UY+$` 8|T-VCU@EQ)3@E-=SP(/>\=|IǸ3]W_ *lxV.P<=v(mY׭-u-RKyhV~Bi3؜'5?˗ӀׅyTBSـ\1_>*(n%t>+vYjF[u#:y\CH $w 8 CQ|x`Z|'=$ cZ8f]M>DR\x8MO4dH˷H%8ga(cA 6ԯH5*T*p2[XkH[C[at__X/("hvݗ>aV?֌xHJNL{f5GApCޅGٞBT֠o.vҙβ\EG EJ.5+c @X_yğ2$!b%mG5/'dG{XV{)\t#19n]RfR QMA}MնEl0}igj1(˪3R>N#U.ԕE3UY=͠>n*/\, {ν=E)͔:"J&ExЋ ,3V|G\T(8e՞CZ~}a׬Ӄ\4$ڵ͸n.3gxm=ՇO_UV?0K\vu}2xcմp:V*ƁO5)h{;_^`n6G@9 J{T '(=8:Fq)x.D ;$ٲ5n08ÝAGUw+OB5IwŷQt ou7ll[2{ y-%m9(z#n!UJ0D:<#v'kAkա5#]-~^|$ ;1пk@)_l6Gp6JM4=eGoYA]lL0Wg#y6'8aZe0 gJK,{qc[MSf!l+ 1adJV~/;t$oU%*Bւ p_7NzK\{I!Pp쨓p85yY?= d\fc(drT_2 9hˊK4 1 !\n?|ˈ ,~qb6PoνB C ~ ^RcpG-)\]}3(*z ^IDxWG>H@l+%R &33y/zg0~:i clPDT!x>>Ǯs* !gy?J/{Z!'x@ ˍ'~"u! ٿk;х#) Y=3c=uG*ĪUS\KI;U\ِf)fc/Ҟ;\@Mlr5o)%h6,6 Y]3=nr\~l1q-a{#9J60*k6jy+?rr5R}tMI[.(2Dt*~?%"ԮtXg~۪WM1 0 w.tWѰlOyɾG1`DQR}vRݐF3Z/a5E’>2C3=JԞy8|.rnoWBqF3܋&.yTaK4F)7[,zȤD#}yrgU.#n ohCdsmXNx6D>kJi\k$Y5jI:+-6l+J$Y+œ~;?nIP c*?(j.mLQefK$)l1ln*{*we,Ӎuұ@sd%2 o17.p8fR'7BP.<2&x-k| Bvf*jhb.J_ Y|y!oYթh m`)8!G0Q@ߒ'ž9@;;--旗[dlHbjEaڰg)ꝏ|/b]Uxﶬ3:'9Jc~*3{&vaFѡSj& .aAb\6I}jH{@pbc9)6pHD #bQ䴮O*jh1:86oY znI>:Ŗ!g,m?rI'bBȈf`22숛j;k o"[+xΒ J$2QQYV=DNiAH֣p'_&FÎCq?T=iN"ْ̛md|ۧzL8ҋumc`ې)=HBȁ,a:8ZZp+^)᳞xQFÇdqkrcvEv+YD_\{iaePQ&C=+ußXg,ƞfneR-4=IېsU\0F)3VfKȢ9l -cI2{P m$*F'S.qVeZ8+yьU5cƃJa|BFOW4"MJ:mMP9#Ju]'CrV!,IG eXYUAg$Z \j?9+2P Gi_.@!S)_ep#N (Ca %G^5&֍ WcNtZ w.T|tSA q]&HpOk#뢊+/e }6n&?٭3*Ǖ/ )6 l8G>'jP1NcD/m'ҟ0ƥײ0oѥUS'LT:@V4jK\dq^9>Q~}U=Os(?xILH^yRf:~A1:R6(TgiԢ/1Ct܃>>ATM[[<.ihTug>ƯbW*G*Xb# KSJ/JqLߤN&&[3W;"ႇOw2 ֠VK.aE ypGaos9 k\S4_͊mi ߍ ow"zI#8eR=2Yrxo8ϧQ)ș,eO붭c,`ҽ<ܒсY~$qa /zރy:K+y:XWOpJ~x7YOps*R- _Ob87;ތItKIb ϒ;C 93!|$T;8eU䃹ʺx~ )|}*Ca\L8aUjEzLm߲>jWt_.قoZ&a-~*oԝSħ7`e"N!!6>lY~}LrCXўP'CKë %[},:|k1Ŝ׀đmwf)+ty쀵p"ha@I[E;drK0 ЏPD@u;pk TE˱[7 d`_wk $,~JFz %ibepOXJ<͐Z(I#;eSgn0.5H%.2#\7hZwt.{=rYP`4`oN$;:$.Jr2d{"*J-W Nh3'K^HhqK6ٛ8@ 냺kX#L-.W4!s~Aqfm0Z $SyFP8]\WsUW6ΰ_釴᜚6G0;O 4%XFA0p]Yᱣ L (̴Д~,cgEWRmYc^}NP6 U9dhNf}?[O?{+hm`]l8ߝ6W P"8^U˿޻N2-WF: *8f:_R4*'_##ԁه>6aө*"~Ku`[d>qʂׯ_1R\€p'֡»!?t>dB߮`o:n0aϕ[W ̳MݯAR}R̻?ˉlX!- zxn2/0fri,#I\`W'VtFр3]װ\Kr AHRȩowq/q+!,t򼓞-<٫݆Ki63t's&55kVNUr,PQWc=Fhiv x8Fׅs `E!9|_8)yu&5._B1,^m1ic߁7]{ߌ@9i7BRM^$K]soHjyM\[C";:~Tj-={`Xb 8Jk:@TJOqk1j7Oqx}Q?,Q@5}뷂 %|%\F: A.pG^߄ t guۥ8l&|jU9y%E[pZCs|=Qhr%ZfҊB`k ΄(uF~u5Z kMbfέ‚lOkM͟ =-1"PCu^O=qf݋ͻxNru RvL@L\Z\P{k([bCc&Xij4Uņsl a\ڜXtGZHnw2 Mk 1[&haYCZpD$Y6 Q?uΛ!\_ͭO0Oǻ-'8r˧gU+݅Q7lfDgi4374Q{;y߮HgXRӪbLEF?n10=sP_$!5aphvsˑ!ڄ({nȎ(?9BGVPn0y\#kPCFH^tCٔ \H4I!I|S/Y_!HeU$;rJQu_ ϐͽv)3q3^ê7sN:2Mw}Iو !d9 iZlft1.~I֍^}Wp>EX!EZ]%PA9f{9hrIE$ $=͌y>pN{3u+"$Xh}]q;x.0TK2nସ4zqQ\bh%{91#>ۮ) a$nA֒1%#֒xg1e69Mr)t3b$#ơE{y2o å8PS?JΌ`ua*VVf까¥w9q8xO .l ytN,+vJBP{Y!w={0M(\aIғ"gmn>#Z EX`Ed0w8 F+҄#8\`gY nDyG[HƁ?v )]{T{V8^unf &оq'mM ӸWhmh%`ó^Y?%ׂ;(m5;5A_bϏ(7h5n`6,aiЭ\ T=!AklۢTP@#G7.d39TsSU+"g|(QR$YKJF 9|{gd]_S.n,Z0$ڛ*80w8$"Q#?{SmL`3)#ae$$rmD-!^@ZWa$R%Ee%$k tjĒuj>9 弧uχz J/c z77Ӵ@;jI! }-edB=&kH6vQ>|}fӏ4W@ n.p⍔h $Z#8< A*SǸn%xwuo{b5J $ ,C{jF |wB|'?$nqw[|vaw9uo=`Q2WŏR 3ʹ wŝU !| o  o6i{PLDD e?d钋EH=Hwu3l&qm1qF޻T ^HKE K{ i=޶Z6W_bPk/N^4(4?3} ZLbEQ7~6t}q%_l&4#]g)qfJq COe_ (?(6Dگ~d u[nǬH[xTU`W޽18SK[KJDM+aC3.0 T֒BROaѸS+P,F;,|/` PfՐP t`waP#a^rߤWϱՎJ4Բmߦ';`"h6NI_}t6SJ95ڀ`Ӷ j{y)%F$eV Й"S8=)޶7y,ڦ؎E?PBvLtl3D{e졫r%[#; dpcR)OԩS:hSy?Y_nH^obΉd(K'fT@!hT,v=ϛ[is S`4O m6]s&I'A>if%d[QN1^ȡ(u⸨]sM8k'JrSeQ#m VJΔ_ڀ2.MK!"6&;t2隫,.np}hȖ`Rw *w!uyH,c i15}X!Jdn~sYHRBg9Oˬ_|)|WN!N",I]B{SԜY|2CA< =ptě o|J>bA%T* 륵C4kGS9P@*R8b[ yr~Hӭ@=sz@]oO`ǫ]ld'KM,,u06{.pݠS]/7crhfG&:c,*v NV2ϔh,@?syt0O <WHFH5M?(ۈ.Ks~EUzղqlH4ڠ 5>$:2ye-}B +\~ [kG/udǯQ*"9">Au6C;<X'>䰿=HJ Mz]TGLLVOR9r3+++t7MAK5UKVp_{(qC* ʅ`x)"eq;Di؟T`g}Vܺr"חMH8K iu3S4S#Vbu4OwĮIzn`]iѶ s]+2 }`kݍR3)0KyFޘ2oZsB0 6ңln %S*SgL3/¢c LǦeЪfXjX k6kbW' ' Μڽ"+]ɒ 48?1"C7ۢB /3V,L aF]d߂MlBQ##s 襭ވ_AlG%LMRcH py_s f d@o3>Ƅt_&Q@ EJc>9;44)7"Rp} fuJ|e쭯Z,REB RPيYMcǓHag h|gLKѕ?ɆW < e{JvZ /T2P`lA+a#Ƭ"iCߩgzmŅf. s 0g1( P1hm#^uxT\)1=۬Z<(FgTxȏ^a^YϣGKZj}g_L丸" GEC[XM2 ϐّe2)4Rdn7}\zpJ 8|:B4 HBbe]DjeID ژ c(DӈtcGG>h N-s,J*sħvTv|6k;A'f۞/ǘ p_uTZ>7۠`Ou.bX(k]SPy- C&+,ISu){E{&Mՙ(AB#5o,h7lL$s`&bw䞁R`~Ì0`"Ea.-=ef LJ\GYX-mZ^ 2Rk*&;&%wXkS)#lEzK_.iŕ?y]T7/_"B2䖳Wh~&Rh9Fv(R洦-ϯ(s.\g*/swU0;XQzKW>0(M`n _pi.;9Ho]@r_{ĺL?@B?_tb~ȝȘ4PQ oby!et_8op~@QG?b*8~$r%UA*=k&nGϽјZ@qڧ)W޷:A)'c}ҟg%85]Nx` |Z8.$V]SDWHY#JOf)|׃f4E!΃sJ;hbƒ֯z8mI;Z{ef|6.R`ORA_3 F!IJ5 l_Ikw Ul1Vk݀B hdeDžIti,Ȍ-v z4U_Ks !gJժu,>7EԌWx!`x_T40әs2FXN|D'F(dǣ211!|ߓSVAWg"woh㏡ig^Q ԗ4+Fb鶟&Y0`x>WW9K&$55B{H 'mlq8T4/ W ZgYFZe 40 fuX_4I,;D?zO#kB|%$i;#fO*]6curuN*]b"R0,:*P0Ilz̑MK7~`d\= |G9>(ŔH̰oWjS5]-ޭOϫХN")T岽*3\U>v_}9{6YccW.҇nѱ6F!!*+rW6 EO&*뭶oM{z(W*({:njs;Ovr쉥d&-ה N[($x# oq?0~XU¯?ƙ:)L0q,x]eS: Cl;'}Qe*jHk3Slc@Y9Uƹºv/3x3QjKǜKxcu0ex`U ӌs/SKI|}xn(ƃ% Nf$|?Um/Og"!WDY/ݸOk)=2_P(4y~Ȥ鸉L&pfa]?CJR{Ȫt|?F_ʙsf5:NcɅFSwk&H͘3Χ|A]76^`8KԹ۟/>iƠ=hIJzoU~lhT'eJVTq&a(0JYRT'8ZCssF:y;%_]٧g^VbBؘx-طtԙːo2Ƙ9M771GѦh41EPqƋ;j.7 ٔ^#5:r5JPkz\b%GIՋ-D-ͷ8W"T`lHJ,DE B@* SoH%H8{简`u vN"ެLzrֻBwA~=bYJ\ɻ~W׆@JSr%d" m|h-I53~NFp#ZG \Q~ᕨ835a 3_@쳷nEdpع) xgl(ڄ[EPMziGX:Wg#.A**c6,.t/]{SbiH"fs TLW|,>U C:X2jֈL:3z\/%ịc%*D7O͍~p8ja|.(HA|f6cfbpOz?yo 2 fv{AQС`:-"~|G|Bo[m8#"* E5E:JkzasMߦv4kwHjlY4i7mЏ7ǁ'1j\p``hO?U/z d%VH-ˢ\'6dQ2qӘ 3E a~|j/\, /-(Hd@|+@"rʖ1ArIK SsQ3v < Pz?h-?z0H$+VKr`.!6mYgF@Y $Iٌw (9z8 GNJF Ug(&YO sιG۵}Qq5rv > 3&GiҢnEK4'<3`0 MI-aE3:=zOҩo6?iIu"{ Jiq"!KUO% KA=:h=vaT)D$p^BflQ,|zt Zğ7oqE~5"Gm/PnXVTzۑi\kˌH8~T`;2sT{`ba!0!?{V.Aї@8ȸߦ{gh P jge6k5HkCAun.ɊqWXL4"raf:nsXS~uё:ěw}<`߫_QA^7)T}ޭfPJoG8!!:TkY>#y cd'VYY!GNg`M+ l_E}*K (9ϴ' :JKgdF=FPԎXZC-UwA[`c[S Mnv0=?Sfgy6i+x$wYX*K֫KH0Mb\`6S| g3@8]9 Dy:WtXlR>5ܸ24T "Jra=2Нf>T6 Wۆ$m۬g{.*+i ]SQbƮ"خ nSBGLmA)HwcsCx6'6zD:C띤4%E|!3L:6{ceKL>GA#%<ЀCYmREtOsp(%"-=Cm5j^wüQR'C$j3"(?4kH?;`{ _Q~fQ1bŒf`bz Knkʽ;~mǭ/:: Raq &ZR*.Jlh:ۀې[oM^B{K#F/=J[ӛwS{8wQ?o|#g}1{Ƞew!Sk+"P6C.AukNM! ige0ŵK>atU2:7nElE墐3 Ц2h]Eb>ƒajg/ׄ??r8nbQ1#?o׹ iՃM]"m.|eҥw+1*MSBDƫ]lۓ^&ʒY1) =ȑ`K>igpI$TfC+XQkݯ+LSQE]\%hCIL^M1W~ v{+ \BT1ǭ[Q{ bSMqKժ?kH]I4QٱblŐأ.ruq\d(+8d%)^2t529V VϜ Dg픎ʼ;L[JBAqH: & .k}>Hb3znL$ZQS iL *nϥ3ߵ8C3/61<  v̄ e[$"{S Kw9oaf_9YE)c7XSnA2ˊ];J?'g/#2Oknh7IDZjIGpN>o 8P oHF.FWN')\R-aX -r.)㻛=Uyȹ "9IڄV.lbx,FAp 3#W*3W q>Ȗ(:l` BK]yd ? Վ~AM$~N + Dƍ=߆nfޤL [aVGXF$/_^'qE37q ZRoqӆ)޼,-9Has|H۪L(ƣ4ԗ2[8#(o >m&y%ܥtPPSyJ>a$RMqBgE/ttɩɀ"E"m2n8bA(p #5X**W9|0փ$`Pik3#!Q^86kD4uK~*zqu`^mq4Sz +.s-ڳ|\R ["hι]ށfޕ\!! Zs^[G6' )b?[CnqBqg od W' 75Qҏ8Iv uRU۾ٽk FFC9Km3mo> 9Dܰ'Wb%myo]t`d$E÷0{,720إ+0NFnmY-dJYץ`b dM"O knh%BPR欃IrG:-s #{RìTQ|V6.AHMƏ90U=.z8d Xup5IʻidC^0SdmC\vݎ$3dUpL ( WF,i{@B4T)Y{\籑]JS R͗g?V/j2ǽ o'$˧c ̥}+:6T ,4F Yπ{2NA/^S64v=:&W0`j"2ְۀ %>nxO[R奋nj50Fo~gEEIwXTnO nh|Z&{6r`UU'L_  L5/ż^{CmYzБ-2ޏBqM?C-NV舱fiBx&>`e2Q{l$]I!$(sEZ^s.ygX Mf,`aOI䉾H0lfSCIVpcH] 9z揞Z <(:ȴM)=6g lnբx+|!ٜkDɏfz58Hu*s1K4C%]֫Y쎐~6ZG@dwe[C|jJ(:]c:2K"](? d~ێDZRׂp2w0eM25 \Fܛ3]TvSlߖٟ9b| 'jr0AY>aԿoVcig \sW:4,KP7rT@H1L8 uF%_ٹ")7nvLħ_tyBKNFR<^F8tW2e;tNE]_I;~poU, C[jSޡSgښf Mخ?(9l=Na=GtqR3ii~klܵaT]EpiF9_Bxn[۬)(6(S1R'#Vc\}45C*ndjmSu2+(O*6;{?IUz8m#]1 !L^gaqm{8" aqy3c~[G砦ɖCV?ܩOҠmˊSJ,sǛ糬EDuӒ|)̓$t{2k9j`4_ \[, Fh薳/l"ǓQf24{aWCO)ps;hFa^^qrp;K__pб]0Xn..RmSƼbHD IY\nTC3`[Fo@9Ocu$U*/'߬YEV=ޙMƚkySF^:$o7xࠣs Zi@Q h R;hC(gI4E84*$+jc~F=n;F]5$O6Ig( CցM-+bJ;w>84"G$aF<~=B[1|YoT4._;7>B&AKI5MTtfc9V1k_Wx88STڬFHvs]k]sjAyc`a7ghe,0޻+0l~ѬC$M"\{O?prp‹{X># z52}%Tb걟AB8OsU:3H8[=o; xЉ 0{Ss=*G}EHͧ -LʷMe=,iENۛacD@Mπ0XhL]ٟECyL*$f <JU䵭:4GI#?~܏6dQ>-q}qʋiҝF!E]ZmvZ}ud&Fblz~ o9|n{{<һE:n!"f~>[n~1WWzs CQ3pN-͸T92bxS{V ]$ܚ[1^ÏA]e)2>1EC2-d~G/` 9բz~X@~^8sXe@"k9]*OQbAN<+mybs! bM4~t]"ch3i7G*Nrc*ǶNK KlC4G] nĉ 5;5[a@? 5t#"Y82۩PIie@p6}e0. BuLcU &ȁrLf6بC*ӭ^w'2~ ؜bϸ Cd@fI.!=|"5_[4guհf ~gb=,S:ޫ:GԊH%BmDEȖ3~]M彄 p˞\KU2} @F7c8{oP7s 9Ve5v莐2Ay9hXE%⟏tDӫZH!,>wH=jGQW_@EVB[eGGPWD4• @*כJE'h4 2‘:s@oePAyOجx=C}L|s\Hi_#HsfR !eIJԙ$90)ل-We5(CWLwNSE.*Y.!ELy@S7F/v0mmjy. qsV^Mri*Ws{NҒIdlS&dg>Mh#ڦf 0bnPT#|ؑ뒏X!Zba$k7"_PX6_8Pߗ^apd]9V#Ex923 Mx轒 L)?X_mW1`!kei@O$֍)V}WbT++8Ȥ1xcM7Ydi51-0t"IџvDq9uKOxzVWF$Iz"C. {5]"^<,AYQhJ14P:Jx{Wk5@ F|:]?"`%y:M-Mpռseo} D#(U~SDnwÅI7>JS:IZtTtچӑ{.j kݝ~Fbf9ӆ4ꔷ 4~7pbܱ=@q"ҫBmler~D5 2]̘G&^vFټf9"/mXHf 0ҝlE 0Ѵ vo#T*|QErQHClu^(±)ViٛV:R̓HsA[%љiuϼ^H}DP5i㣂BOz!+fuw:A KPs]4`YNh!<{gIJ}Bqyi݃?mO֗}:?[h]Ҏa keP̚HdOkWJ}O]WÆC:#Ɖ *Mju7ԉTIWur-:(5e,O@CUc9j|з-‰yGɱ2H4+e=I.RR*3fE'2H|3.-@N㯰K(OM$>oWߘ.C9tS|k7ғ q^JrJ '}4r8ãg`JfDP3/OW98~<j|^{AHyޭꌸk\ {[ՖLUɫIM m_ON8/Enz|:?pʻ=X"B[ĪcndAI@Băn~" +rgt[lŕ4lQUr =/4wF~Hʋ**=[zq<(:,0^)xu9sD?n/hi\*0xZܟw(7~)ǗbLkt#!i}ճ3ЫM<>3ɶ>a2Sa"B8uҋ+.♐)iwEUX){ )ؚ:BtCțA%VH!fn5SY7Jƪ% y?Z}V:Eav=r%ZJ^N[-h/7EPV. U}Q"sU?JS-߸d4Uj Ƽ,ف%#r3@\EBVXp`"؄ަ'w%(;ͬ3#SYyg|R5Ql~J|v#LK'վ>_5ؽsU:]wojߞcy\˨Qz+-~(r^cTF7I2gЈ%|*6ޣUЅ= ֮y2snߜO< 5C~Ȝ7Skkl^g~ɥ*f:i*E dG^QgQZI4N络wZbzL:PM[#fEGkחr:eWWdy6Sӆ }UYw?`C!E 4\ׁNFc PD˪Y%=0C(f=< PXYhoe1NQbˤdlQ̵0Fv®)Bte% XK-5N?bHְ 3a1lCvu_gԺ"_e?諧?z24~oE e.+߸j@׳xBTt%?jYؚVJPIFA;.:}.l1End2tNR `9SjVM ! 7 \|Q@]ǎ5 ʑ9/70THl?~ED@!Hi׵#Ԣ}+  f#vi.ŷ,H8z<%psMC]&Swq|C< ԡ]Nkf&UTLix YJ&͢C(z0ϝnO!6h.グ *N%*[mRpw.il^TL1+q뮬-E14Coѩ@;g<8aSUfnn'|  +j3zԿtھpzd?-жX#~65=*}Y-B*F? Nٚ_;[[@ֱv7h X\9]*b|>v̽Ԍ{{o?m[Slܶ繂yz!;OG`|q=~uʹC(!k,E\쐹}Ńw(FKIXUZ؟qlbp,᫴<ǚ\X3" -$M9hLE׃@rසaAcmN$?f'W!#f,ǯ>N8N'vMmML݇pG40Ŵ@%MqK{veR}C.0F94" u$a%4y, B`XK,{Yeo4ә7;( LЁb)C&H;7#(H0O- ?^(oI9s8- Hke@II? P{&.oh7[' *cvg;EW2ȗUZ)hOdcV !ih|6k~A 2%3n YZ