sssd-tools-1.13.3-57.el6_9$>E794w ƥyMn>20? d   C .LRXbb b hb b b b!|b#fb%P%pb&'9'9+9(,h8,p93|:GbHlbIbXY\b]b^b^deflCsssd-tools1.13.357.el6_9Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP passwordYc1bl.rdu2.centos.org \CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686*ɤKR@|4q"0EP:ao2\ 00m:+|LHNr x?sH cC A큤Y@Y@Y@Y@Y@Y,Y@Y@Y@Y@Y@YrVpnY%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y&Y&Y&Y&Y&Y&Y&Y&Y&Y&Y&Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%Y%e1ec854f68372bd0e1fb6291a2573776074e921bd39bd69a8d5eb8da2c44dbc38b16a09cd1dc9fac7c51768c27ea19bf1bf0178909122c473d60b317b832c936881b770495b8cea72067643c78870ca9a78a6d1471110d74d39710050bdbda0ce2b77b0cdae21a8dae1bc315ad375eeab66c01151c46a8491e86e483a753062a82fef17872487505c20965039a68b51f18b63afe029b14ac4b0e403703b050f3074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e21af5f3b90f9ee2037534ee896eb380f28ee4c8287ae079cca647e0c0d110f48686963a818eb925ce8bb0c94f9f14bcedf56014ffa17275455d2879a0fea2fecee8dc6123da04ed246a9e7d1c724ab7dd4d41c33f7923ee72052bc8a4b934763363da7e47f2c3c6df61a7cb83fd33d9eb3ab5c8931126e6aa274c347902583cb57ad3622cb9e17d2bc083e990dbe9c59cf2c0835cfb21210168a04188196c9e18ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903bd56d49165be0f793ea9bc0a0fbf88c27c20d292672b84cb0e67952353c8b45db60546e2fd0b1a4db5a5c7e199a68462dfa6fc9d4f70bb6e847428225f1c6f494941f3ec9c6039541ce3b64bc650a29ac1097c57c034832ee664ad3d8ee9bdf2e101d1cf6b834c2b2594d4814a8ee49b2dd83f3cb46fe7e766475e8c16b0ad94a247e6d836cde2ff962ccf667d769b3d9efbce2f1f9398996a2ae5d687294743202e62142bb856ee5742b66c06e961a34aa71751720461f02dc4f6ab4feac5945ff859b4f742a42da0bcd5ca82b19eabf4278c3208d6fbe25922256e09d637f6b7113f225a8077dfd00b558429b3af533d564d0d3dc1af0ad2b0dffbab753eb5b1571422b01d7722370b142f0707c410579bc5ca16ddc3ef4c74d515ab4b1565b81e7a4835bd45cdb94cc2bc47f767333d4a9e8eef8bce3f5eeb2cab7e7ba50ee596e9230016e36c3762f835d7cc308d3bbf367d8629b3d7fca841e7bd9ff90088178b4351fd120291cf8a21c604534b974bff38336e4d16d1fdb7b8c04a3411e1a7377e97d32187663d74ed14c05c6a2eba0a13aa70b1619187ca8a05dcb479071b8350f3969ebc4160da63638f5fcbee6b6e4af3bb0f09c0e42ad72357d778d6fd567264037a4a4c081d4cabb5ae706d2e0fc2ae265b623320a5e2734b86190a772eb9dda989f2f748aa3fbf99df359b0282a7098ea86131d9232aebc105cf8dd96f4c3350f176c7330c5e9cf7c09d98f5bd0d91252291329241719dcfa0b9440df973197410da7a78b4d71bfe834d9e96447a69843a061e7ed624189ca4382324a35ab7cfe1475c12e50bc662685f18dbeb54856b351f9ba86f44c104cb95c7199386d7040d98912f4a9159b0d24b4bb54ad605d2c0f38accd6201d73f5a228e8cc0dc10bf14f9c4457fc0a7ff36ecf6ac0f9c7b8997b3e99e7b14bf320038c14bc3a74a2b5aa1dd09670fa25a5e78bd3781a26ede2186edea3a599c2fc5664a0198285dbaf1d8c84418d440b18902b4ff20bdcce840d9d9e54304323ea803696a0d5f50485247879dfe907fded7b808b941bf5f36c57052c5b6b6c02053cf8b388567f57a1bae9a7eb2583ef24ed2d283fce5ce51f8e909fbdbb3cbeb68359572abd8cb7a76c64de1f9ca5b2de01c9474f311e167573601e72cc8e96c39d65bab72582723070ebede1641cdfe7490b0b9b815c8f716863b4004a140579af919af012b19f32e396a2b6a3358cdabe04d4feaaa26804e1068ad2b9b4f06d14d568dffab20416dd8572935ed1b2202297a775977baf52b0d18ab878337d9d0a71cc23aa014f6ec5686b7e18185d4525566eb88f2444db80a6c1a90c4a473d230b76a9dd02379a784cc12d8c748eedca11523b837dbc5402e3c7e068e2d35b6a7a2dcd9a206b010ec6228248ea2240d38b7411df8eee8260a634dc1f3c13dea2d3bbf32f0d63c491dbc04849d3d895bb9b1e89cd9dbfd8bf065b062cc280c2b277bfa884e21ccb85442c43cd67e0ce27b030855220015afb7d7b64728bddc14b06e644234fbb01d0cae463085694640dbef5f1547d8f5b692ec09177b4153da4ed567ecf238bf9490b4c3ee4835876d16d67eb25bf01f31e288ba2451f53f857f37b21ad06a27f043efeafd2060e114fd21cfeb79da55a2f4e7c2461738b52dae0a97cfa6e4091c10f33d360c83b987734e1029d19111c1c94f5ee3b812f6046be8f060a6bb6473e14c5aca92526ab0b4f670636faf206a64e1c1e04f75b07f37550f857712a297c99b5aaa2d982edd5f70355e19105ddd08fd82cfb4a920725014bf9e2f3765c529b0306ef3666bc82d7982dfb9393b50b0ec86da5129aca10aacd24b55eac3376acbfbf7c42ae6b528aaef55b6c6fd09e0e79616c4aa1eb73a4b24bbaebca976ed1db8e4035d7f49bb188333cef045dd93ee401a137eb7e755dca3b9743887c87c29b86498b001fc55253fd3e67201c4c62745b82f9038f34ba89689da239fd813677185207225a121df18faef1a478ef1ec86c5c4595cc0b7bcf86900be9b0d7e9e3f90b7312ac036a6037bbeeea7509e39284396bb0b81bd9f0a7fb14c5a7554382b42235642b694fc2fb844088d619aec8f2b56f67dea6c8c7dc23146cdb4fb5e8c1ab08f34406ba4b5d81415644b7c0e91ca9d24d8cdf89c0fb341fb373de503fe2016354cb7e095b645c8d90a7a04d1c3428dffb62f1c0a3602b87df92a82efee38565139f243ef582ccf91572c3ba0de14effa839f70fad9dec318d40a00f0dcf8dd7d791a0bcc6f5a7dfa01e03535dd94d9efe39cec6c6b1a3106a18261dd9bf9652a0c2b9cabcbcf95d39770754fe14b4658e290bdf0fa2d16f05abc74bec20dc1eca7ac8f7b54c311b2a3d24cc3c691304eedd07c70712a9b23a17e41e2406f3947aa6777f1c872bc33dc80b39f647fd5a316b7f45e735e64b48e2cb56da6ab32e5ccefe303025d1fb78ea3e0fa8fcbac58faa728410ed7ee3d796210e1e4ad44629d81230f97ff4660dc87e7fb555b20d8a71e97b10ecad2a06b72e28c61e402e630a03a8292df8ae343aefb039be64273b5845374692b887f00c6a8bc836bb04cf32857e6e90d0986d9bc8ef11545c81d06419eecf7a1a37ccab90c96668a2d20cb09fc19a859648eb59fc2643c3383181b7183ecad97575561bdc647b261fb46fef28fd2890057b53ff1fa4b1f113ec8fbeb7abc1d5df60684d684f02fe589a40a01ab55b08d7a3b457fa03b5d075164a2a48bce5762ef8741c8f51083ce661309ce734f7dcfa64eac7d56cfea1fcd21694a968d28e0ffd54470b9f57687bb4740ce760a79acc1b4454fc36b1f136dfa40628b598c33011e00f24e6a129911669183670f32af088974c57b51eb9994ebe42a9eac9142070bb43189cd1b632a87926b745f207d9722864b389d6f51f60e16b4280dcc21e0603fa02a7e37057d4e7dd8ab556de75ba2be7f572f280bc117c5d1f795a89cfeb571e007d1a1840cc810e75e33966c438ee0f412a535c6ff776299f58b9135ad8b5065873fdca8b1ee9287869f052d1885709d65752709a34dba6d5e2ae58cecca23d231ae5fc7bb295368201277b17bddfccfecf37f1388b61ba99d8ca06fbe17338effd295807dd87b0df0032d066201eb8bdb2342a01939f0fc0feb0ff96f6f3a651cf642d6a3859c2d1ce20b55f41dde4c0506f635bef1e904bfd44a9acd0a5e6ca4f062bd3bd2106c043dc09349bc0cb505ac4c8eabddba264e16a3fcbf2a40bfdac0ccee0a777dca0b0919fea5f2e60b001eae37b27af3f79858f853fd6971dfcf3ef36e99314f1767426c294cc4eefc1cffce6f623a91d2e0a0a5f857c735150d8b90a7dcb2f46094a2554b9079de23b9410cab36568c842bdc0a1dac1767e42ce2160b1754bc2f2585e0fb0ed1195793e99fa22c649a4860672ba2b16a2702fcf15ee90d763bdee1518c1353fa8162224c85150faff078f6fc5902f5178f4c7a033d101a06ab04fb6e054889130336ac41dee67141c32db1d893bdf2afa4d2fa6be4c746d2653d0050be744d5a39176bffdddba2c220106940f0bdf7359bced4ad8f339c8ec511accc04fb3642ddf763948ed68d152a5e868c28eefefdd55a7d50cb766a9e20217b7eae427a517fe93654745216ce23bc9af7c69a8dd15cd283a6ada923cfd2dba38109110c7da5d3a1e60831624313809a33fc25512227f414c580d72af313e6dd8de8eeac53da0f925775062a87e0371ebc854484a80c55d60d285856b99148a13d8dba813c7ed1150c3aaaa866333b7d0c6cc75574db59a9067f3297483d279959cf7e7d68ec55616cf58f99cf7ee12rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-57.el6_9.src.rpmsssd-toolssssd-tools(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.6)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libselinux.so.1libsemanage.so.1libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-57.el6_91.13.3-57.el6_91.13.3-57.el6_94.6.0-14.0-13.0.4-15.2-14.8.0YyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1473005 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-57.el6_91.13.3-57.el6_9 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH68x]"k%}:w{!vQ_99g4ڤ 4Й1Z_k;T=Sh —\C{ s%^) -z[?|?L(UV^bս  u Z 0eƼpD[fp«W;b_]q~;-P"ņD͵p]w IX݃ nj΍aO!c>G, GBLU`iؙY|| WW*2/a:F3tS]dq%L+cF^ċK@[H!sNXn0C)a@U$m®i=o>k lz%ͬG_۶zoԥ197Af ݓMr$}gN#Q}  ;r7 ,T u/1恊eU\o<;9j-8/ lJ~ %)poЦ4(T@L/RoL|oB(. q=Zr7B46dL%PèFBԼ+(9x\V#vwH76`Y ڻvsw2ak`DnS>Bݨ`S}Q9,H*3Zj ق^U_E]M3\sS |xBS7<EXqNtN!|nv$7X>/\01L]~}:XV +]es%,m::kPٰF Bd k>l&׫Qk6ԐeV2x-KDR%p$(jCkyZ yPWE GE2SL⬤K\9.Mѐd~(]8 Ěh%Dg)l|8,\Z10#Uxm#IK}K,\egMk|g(VGYSMޭ,+3?G#8e~{*'Z7 2SyW>㪠cyæܟ?|&$I2_, qn'{[\"0Q8_-pܖ4TY|[1qY}֚!@4/֍Ѥ$JaַK%vc/QF]B7m5Ќ{ZY-% Rruޯkcj2"5vY2.yj$52 TXBAp +XM`FZ}9w+0-|=M>UP)t zU={<Ϟaq1jQlq|+і2Zx~y&w նⲋm[k%7*wHnib{`C\=.֐ў6ғLb0Dl{Vm_7v}Ҿ V_~RϪ@-گSq/5&r/=F$ꈘ~moF7)Sei c,d!EM'2=וTZ/w9&'1$u #H*.z7&W?xpkW'xQt ;E=6SM cUy$V4#ܙ9 NX8~1oI ~4=VŽO*z P'ۂS 2N:kTÖ!*IJd 5 ʢS*EI'g5 -l#WEQFI|--X2m„?+MBl5 4HKF1'<}`\L^cׂ5[o5U/y_=|C8tkm& p Wr^^orb.+)>lZ/^lj%+OִG@vwϪΤlt.@{8$,So'C9KJ :#0@2i]sVV{7][U/H̶dք1'mU.q`+冥XmW]7rC $Mw a{ep{2mf) n+c0J^iH 689|2_|^`4k$U?ФS[rD upS.Z|1KK{3^B9-&VoFn?l&e!'OkWŕbLMc=4MtqnSW`"kF[L)L2#ѽaxS:n!>T f2ff}u1y+g3OFb\fnQVչnh\=&˧z`D#>Aڌ{}+ (T\hn`0,8%) [Hv\ĜW})F<_ܞfHLiF[œ/<)jf5/z}LغeT,ȑD&(-RI.sYr@=0]M$< !2_'bnbaRHQymt)YWK#F~.GbY/-]VC#320~|W:Px30EՊ;?pE2&ˀ_ x3~J ndI'2CBm |P7B} 5[L@jsp<2L 㐰JAgܤ(_puj=+cjfZ _qIʱ#"v`xMRX@,_(~Rk| qѧ΋A< #jq痛!(bbU[H1,%fneH ޜBֵI/dTYq]o80 K^ G:Dd,>nhfI5r+M^`^e@IQID{(h["e%z#ø( 9z4=YL`hWO.ܯBTSYst'b%/{6XѬ~oܪijWw%M2%'U=жYO @)sea f>jზ5he<e2PCE! ^ސ%^1FkReEfFK2W4vG(ĵH0z@mG)kf5<_Cjtt>}\bܒlco'j&>PKaPmOjGؘ'S* =7]5CMί.,:Kk=YnYqdr>r~\cRoW*}u j:bt>T!O<)8mŽ,:+-;W+qdof/ U#PzFѤU2 ꯞŘtF$R,Xt;b0jc'e;\(TP/RKJ dy3Q-/$I"}p0483ii90TJRh{je }N)-oa[}Yƃ,쉯d RFŬ}*Bbswń2ѓ̸ˏȖd^%^zZH-#>$9 L5 #M d=aCnԑ[9<PEʘ ;oң5 I["AQ)0RU+h[ɏopgЎ]/d)~`kf^#ߵBeX{>-bb[fVὟXϋЭN2i`g`m*~̓+曔JyVw;~+b} 7igu\č('nU:򎓈Z$=džmXuk%=kfs dQ#H:vբ}3GYH  FBּ&\<"U6+{I2j<ߓ2ۍ"]RoD*S=^[;s^ukT^Zt*/)87B(@ }j^YD$c U'_c*yem1:n Z_@$e Oyya.C{˼%Sⱔq}z66(ykT H?ջ|>5fXqk/-kIȰtBIRP3 c#K՘8+_T{_Qn6ow},Oxcv5RGl^0_9/* Paٖ4u~,7w8}x|/?Y 0K,:Ei.U?ٶ`rR0\IHk!֜_M)טǣȃkDAjDLLJ.l)^(˥&(w蒨DV.H9iŮ͍hޙ txk!%M.cΘ¶]wP,ƼI !&'wttPb=z>> 5X1i]Kmj`&;-PiA3$>La4;\MhnJRMyV[i%4yd4is-!p\"}6Z D>; BZ푰c{<6Y#ȔE-.ǃYtw4*K%}\=u҅_PCJ,? <8P%Mo-%5gTB޸'#,9'}8zx"sT-2SkEgnTOI ͆rԆhr-|Ldi⠪xGI'<$њYE>1LEV(M5Y++Z2U͠1@h\P4#cL+M~=#. 9q(ٿ,]}'Rʸ'UْhȮ`/IIXkÁ۔9U5㧫aj SKF e 1Nl(2Ml5;NbHZX'NZ8S2TM׉ivr\&7W)WGKLYDK`nAEL[CMLE5D_d)tĹ1fFCɺdHQ+U ҩF e'VrmG"mn97*#h5{dx* _T=ͻ=DnWwp wtq~1Ejn;7I.Y,a^[ wx{un {~['ʡukBY-Еzҹ}^}Z/1S~M!>ѕ>,=ilx DLcv̈+Cœ mba sa ݈ Ծ9-K~cR 'ieօIoB ;|2NK!gH{iF l8҄\׸0%*N=*ǐ~u$kҌ}t'od0fdɱkb>a`՟2w\`̚[ )i_+:RkHė A weۻ,v}|uk(a[@25S;JʌAHڌKlęCQmvO^Sa%^zD&'GDh9xtV%#ab":*1(R"AӪZ.Q-CF60_/\f_JkJo:vkN\ t'`n%ZI@);Z_ʘ2&uEu͟K'޷Ё) ͷ^?F'= y5Xև3rKPyhN=\?틗Z^Λ`L^o]-'D~wl=WhSl`b*P#^AWՄ1֟BObV\ƴfi=;'7#7[Bs95OrٶE:ЫvM28V-#yilUO幽^uqԟ/A1vϗl?. {X;dy̒]S`37Byga1SۛQzEܙIE=KĻDOB_O@Ƽb(˷cJU bziqx$|vK~6i*J4arq45@ )޸4'n [ BaL-Fl-sENpêLDhHgnš&?3n")f3Ns䌨@9v73 I5eCbV=cK -/5Bt;S4\3H3^YiEs"(_jt1)5BXnxjRn{C_"8⸡kcDn#k/  hmn,%IRURĽ }.7OD4{UNe.jhR2h"5VX7Q[=+>3{/N ;w7L'J%+! "9?gR& yz—GZCx)!wڇARyrҥB ߫4m[Sm2IVaGhz*Oek~:~㗫 9¥ #MƢk+ T*]8f#}t93z3D($%%1#}ȿwnP/FC+ Iᙡs%*\0)&I}xkz\xQsM ꔧaX nE?,^5RTC[NVrB+B(6JÇ#X8LuZK; quG*L¢l75Y)p8^@R)Գz"*j LVn;s{ら* i8E-/9ӵ,Lm*Wɡـ"S!0l,OJETw4vܿB121ٯBazD3̟tֈH=p*T+M^| W6 v;f} {bwwi)W @{ P 0UJ \B{1'2b:1f-x)zcE`qic S^{%\+ۭl}$}.BAVB M3_>6߆a#ep%QE8HnZ'ы:H=H SWgクO$#7_S\7-j+^Z&oZ%ug;3X {/D ^7d]i8확Խ&:ub-bzg>^ӔH/6bDz %Ѯs\]ܢe'F o6Q7ܤq{mU8OeXx^A@Wj IܧXĄfr}Xͣsm<[X=9>alRFl,OC)*AOc0sugaǪB:Z/LxISH{ 0ƍ{9tT)5=mФJ~,jHoM^DC乩xu*MGwQrDy4Id;A. c]S[~߬ėF n ǐ]-lέDSf'UFmWP3dXJ2ĥ"1ԫ EZtGm)r;"kf<~I=jJ2/ccn[&h[$ V7nF5dIjݭ&Sǘ-:7^~%իSte)8nF\$9rUrub@ mf/fJߛ HzڰnTA&$%w3,ЍM)`c{ԸK/9'ziL,B^ wi)Ms(Y]sN CL~fvo3} {yrɾ oJy:.)Lꕂkua=]*NG3\34JBjҍz? Jw贯f]f FN6H1ZVp{\:x 3uYYoImq-F -9Uة&U򮜻gxЩRE!:Biw@D,y_,N!_պezNwgT[.7]Z_)QϸVX^ p!C8q!"12n]4߉x}O&dI;ppN>!gQ\o?o}D(`!?ۗN|n?eaj`'i9&SN|L^QVfG'm^͋g[*t, X]U Gkr!urjm] KvJ06>9j [3B(`Qu }_]xmdD%<*#9 F0fN`n[&ob)=:[뮫VǫE"$u*Yׄ/$J'oťQc%+Q:0o!̟'d i* ڔ@bRئc\gL:= aEkkPWC!y=miكA؁ ((>v6}o8#(la,ŏqg K3N(HTv#gҰJqa-ѺnxsBN\-G@-_M;v .oq ߾;-d6Ž3³i }r9"YZ;ЌLh$<:eaN=d<3 Sd:mavjyEYmln$ ?(a_PO @_̪wZRP8Р0CXrS'K(胕 עjv㺨t- 1w xShaT"O!S=N#K 3[ɘ%,\RЀxo2Ff x2̊ehc<(lں^/#rG5".C`)c9CfRhThޑ>P*u:d[1mgoՉ2%uz10Dg,,: xjh*DS Ր|ٺH~1%R(&P~312+41+S\/"_U [}+.} /4oM%+H{4`Vj~ա8ᢐʼnoN#)Za}| h+ 3ޅ8 W_RÙ;+|8X5)|kI'HJSKR>5I/ׇ1Lw rZZ+lfochfY5PsM~fժm#k4-zPRϩ Kc:ق(1ȱzz`VC$XvD.(V*dNjߏ'|[9]95HO,ھE L(g ,Y o+jA*POw\˺X/fJ?z BT9K3^B:Q =Z g7i: .& avOswf$U) (kG;ݻdfH"jة `[͡Jـ7*"O{B>5!.)2cIĩ>yD(xzS1sd~mu.fCa) "DݎͩŘ{!0z:oݨO9-+vnAG(}dTHu=qer,):Y.X3_-dY8݅WI15,-6fO{}xJ!zqBY/O !` A&C.B m>L@=ҜB3B6Yfc,L?h($UpPd'4Ar)&3x^idVDԍ R n J7aVrXF,B:X$ͬ^Ug7s*TlW] # $r. #%i#}@]R4D墺\g<0=2b/J{/I!d{K9"D4ԵL#k;Isk?1l+X]@2F'~PCdjw;-,;?-epLFި3됥b|FZԊƦ R)+eNTPB^%۹Lذ(]]Ѡ9qs~=ܼ%Nzgk$?hƮFۭM7$^Eڵ/;gwߗ*S/Τ|~l@[sP֩XΌ3.T@QH'fEaxU=zYHt0[IJ+|ݾs>yjG~Nǃ+R0]5_=15daܾƹλNpGC_2y*K 5A%4c ΀^1u P^SIӒ0˼g[ ;[,u||0[ŽtCnCi"mLk,39:0S=:!fȞL-1}GQh1oIe99߁dB9(k~:Agz]DvCMN/&zk9kԞY>Ƀ&Юnh)i+b kU$=Q#\B!ncMlc{‹7/l&H-g"jTwy8 |GX/\q RVYçU$'_\Ԇ/;c0~P10(ZP^ɶx\wy/*:~Ͻj垈~J(Nۄ(:=ôBk Mxպ1%q끲!Y.H%2'Î@l.ȿV؋j3oLh}(-Gs?бD  <gr1A ">K] ?r4-&G28`ŲɸiJ@gwvb9L,#X[Ɩ:'{u7Xok)PT9~U͎jE]wuj0ٔƯ^y569>qI MW"<8 F| Р%{),FϚ:AD':ϴU&$$D2WէD̜+@)HDm{Ľw 1 -%X)l;*QưF0/PveBʁAcZIV@YKo0vE^~MFfgj]ݾ Ee>W)f( 5J+b'OFCאѮ6X6}C4<˰WBA$F/YoSoP(D+ >A?6LQN33RS3qR_@eZ $,mw!?qVԕ8rp7}sFPaaAL,+~ǷC bVUMqB4}|Ċe 8L CTJ(0l0:4 ~l\5+J&.M eM |8gB}ʡH=@+ (Pb6D ^^!E0ZFez\z%&c,pu,Qk)}w9Y DT˚Z#}*^d*vGrWڰ)[S# xd<չmdz,`9js8z9E"uCxh$p>nKL^4]=$׵BnkmDB׽yh#@ud$| ,ukwWUy@ZɆI]][9N Ҹ sғlM1'+@XTԇ笴jbo &4^a#~{Is(A"/6|"0*gT!X꒟bc sIl[T:&˺BS!e1Kt,Zr=`Mo4GKD6S*!Sa|ZV  *N \" (ƁjnDx֡90GŤXAl&tW#`>݅ 9[ԠM8a.%xcHi2pp9&&RlLׄNyFpT!J}t*##=7} >ULO. 2`Ƒ yD9jXOav>gCX ܀q+ =y{\\P3=]{5q͟r W^/mj](d1oAj@cZ4QGfޱZ&1m:Blj^],\qD?5˻-.*CӍ xg%ѼD=у6j(DNvڠ-6镲'hlamVd\CJ.FKG\Mg%-*YEY E_-Jvl"2{ RB2f\xޕ!쮈XFqwCu@`ԞQIuȏ7VVK}$^8P`0 S{Gp~^$KWQfB.RX7WT'9W,jWe!M!:4 ai&ϐ_~"t50[>Z`0њ[P|Ey%n-YH<=(a0B}k+OOW@[g yFSLLkcYbI^Ǐ;R8GKWOKVZ.M 7?Jp쑈W!QbNɐ>yE)Wֲy d#1ԤGO.bv\EeNCVqjsO*vߣk0[0!&eXoIOd`qzF^x3M}$suX)ڿiw2g7dln6ƉGR'ֶd%S̤Ci#\`$0pkzLv)}aRZ#w1".qTᵷ]8v $x Go|KsX/N?Jo zL],d>/*icV\w1^Ρ:BNlY&Lְj4ೀ{S4{0H0D_)|m:Fwyu{ l4,ҡ2)IRY 9Eo8ēޤ-Z\TLh؋ ~,PiQp*\"0$vl+e3 l;Ng^#nEJCiw0J7Ŭ$%bσg1ln2]:}i=l&M je_mZQaӒ5 #\$7B>R3DX_3g"?.Újr]mo7ߍ=ln-}@cjiR (RcwB.! xHl/ȥJ#c j3Sƙ7 8Ю Ynɰ$V }\;C餥pE]iWjC1ӃblQ\,ff?s\TV*3'l@.Vv'%[/z"j7=#[i#2_ANUtBiz<ۡ(@n; =:24_/5^3p-x9NE];SW"`ѷ!|ĄJaa @ [O:ܤ0<ğa( Žp: Z±/_$&֮˲redhb[~c"ə9D/Ӎp}1JQMf)w:Y]E0aa\·~4F5GOMн)BdZλC$a8?-UZs2 iq7Hƿ{a8|ўeeEٱ<3]G:rv`~Ei`S~ŁW EF-hD@O䊀˲ʝeyy`@6xKB%ܔtlza'%O#:Qo٠ɚtBt؁n8N$!(ʓxԿzl5@f FpM`D6_,dS,w z (@zGV#%H ǃax2]S M}D Nzm-Nna!/P[Z:(pͦqE;38Nuo{(NuwHF=CSoW]¨[駛3bb` r x ցmbћUJ zP:jyÜ$> 3 nЄ3hZ&?/-Aد.m=^3ʽzr:rQ{Aڅiv ]Q^ϻ;ʫPQ.DR~!ʙeN\Ј]c( zJMx81w2{Нy1 -W`h5sQІ2!3MbluF̣ XKEXSXbUzh|8mX!jܮG(q',ήՀ8v ۾6B}bJI˔T#i- %{?Qd}ɟw1b+o+<-kU*ɋ/ʋ^ Q*;օϯݭ0Ç$.>Z?$L~ȸ;̣lOP5>@ —d\.~~ͱ$§[2:g5'5\H~x=wV~wyux[;P>oADw]#p9itȽVJ=NCvT!c:{8R_7& 6JkC燫}`jjիf7P*?3Og>bbKyοfabz!ioTN䏢?ZE !elG77p.lL|aP*V)% b=Z\JӬ:݀9HQ|;0ʂ%gps`G-wبo c-|5V\3)nP"s@Æ >!-b9h8킇|5⹸a; k[xaqKW%:eY J) eеqu9Ώ'>U톻Dd3vh9v27V.G²\=wwt7&"3!ދL߻՛hj F,O@wRuX&LjϪk6u*;x== .}PԲxC(\kR,Tj_2}.gOE|yoq&3S`|Sx4( eʥZjJ M0UsBعU߉!*uN_ZE@ao^jD4ApgRcw5+-Ȇ9>]@/q`\rv7͹|ek;G ja!|7ՀSY<.Mt{E ~>Ti=.~c@- My䂄X3JGp|7^Ԝm;M4f_/ )t74Ҟ=+1uNؙ>$ <_w#JෲS:jew_Pj< -yX y0#,U!"yƬ`qnxd΁~¢Pd&{JY_˅zhVS2c}aܵnL4=Ǽc+fr%.Iib0~ڙ%ԉ~lW ?O wC>E.W B)ϯ iv-¢jȩh[ q!AY#@)%:^DŽY7/[!0͏|Ёmkr|#Mbil҅n!vB#A [ _eX {OWQzþ|5CD$Z|OhlE-IIʳKOIa)hm(3LUQci1ƤnGsjdl*vOҷn$ eDhc^\3KB dDB B@O+:K2NòJa}FEGt Dzڌ)n; pvY6V9{S^%8)BF<-Gd¼fnd|ݙo$RP$x.cgY#;Z#͉Pp>Cl*Fй]T,8L_5~Dma/WYߞDZhX;-F4\,p2~t*lU~< %hmS{f=e$>pLD+VqU(V6?)s}f'w|zK[P *ޏ}!l Û(|ER_< G/It pYٸ=Z/3!].t:h@Ȏw̖S2H\yv/eDx>L`|v2 ~j W",Ә"G|2)[uH@3 ُC6)<> f;͈ Ė=1¿L|ަGjVs -6A8}uZiXU'u&|m_+[d]2KUרAbHujkdž1Aɸ&W1xiȶyfNfͿ6:B-1D?D+%zw>/d ʕܡJt-<u s$aW$6!mǑwI֟`4/~j鶳={Lʢ&02I_ !_+4]T!ĢʕOT e#PHfUb6]? S\%GmEiXQFJF-BCexV8V_*cܴKG,ԥޓObU_5)PFWȢn/n\1&_#*oP#@B+!X+=KwE!ܠS@~߰S"=vGJa:qZ^ťo4<6BJ")tVm[ qA?)1ZH/5GLzOȏ^КQ2J=#u;ۡg?/XbcRޕrcEHb1υ..* H2Hq$1 8햭zRqKo ֍?݂, >5Pju =oݭmlȎEUF'{+9eov6:K3JȍxC'F w8PhjאU5 <,ROXBv{^$7lf*PD/QTL`*u 2{jlvd0;I}ruUI0Ggy:>?x8vdO|dXնCX|8BWNfiy|?T6[DtP!<#v(:vn~b3[=yj̅ݸ/LWL<̴\g<33z$*#X mq!R*]~Ne6Qb/~Y\}]C!dM թ@@L)9H\S{z,~gQ&37a@fj+3XjrFdkDsqw+xQ0ñf `rTk[a7q1`~"L#vȊ#77+" s!)Vk x0P:5` zlfQ= .ɀ&ϯ*BP?7!~qӯA}laDž<0d/[trs̍9[W]:XF}Bئ<"Jn]rLHNxlY2㉕hp;cHo "4_ m4S56l NCyYKm)*?`YT+WzSr5rd|{pTY#^MkȄ%lوL3Zùa% 0U azK`^5ϭʤnIֶ5~֛[.vtgd@*_u^*)mY eC W5$2dAh6z yb.M8l$ֱjܝȱ }^pGW}Y v{޺n9HNfҖ,.xo`ws,]it\۽ g.rP~ev0wq5[h|8=7AMiC&Pa^f@S`vQ ɧ:JW/L5wl⺅Gzqť?fsڋDHK$X_(+X_YV~6}1]gm):/h. xkYKŵ)oX󛏌G vd4k * !V.rNO$0EػxiSQ%Q D@@mu}lъp(EVYy&[:$r֦ۢn8H,l m+/M3!!#ֆA 0I=4GNvtH߇rX4 ^p~t G9o>T䷂6& FHa.Z -Ou6C8Iݥ `>^%V6R+Ճgٺ$?čp}Iuy}sSHNLsQ@SpFM3zKOu?VI#vV]Jvf'Y]og\J5']h~2 a5F:[m5CWNt[:ӘrQUB<ɡdvOzس WPS hcX^iS[B#bVKִ#䒒|^"Af1*_dLs5v?NEWBj:mitP@,6~LSZ$-ss;F]i~C~5/N`kOޔiR5V `iNR2Y "j~LK"ա ž&R]=TWTO:>(Lk`Yq6O>=n2v9%sbN)AtijErr[m?Gc /1Qz~,+pD\LxBZt50=0K A;?We5%s7l/Xlm;[/đ)mrxI"K3}=zW⡼MfiwT0)#rM^^c|"a-TݚVuf޴ԛJ渃""0_e4Vs~VWkdlm ~H C?ypT?O {25 1{*JA/@[-n֑4)Yv^ϨX.i~ʔ P/ x#j/޽%fI=;^,?K;<3 "'d fnƷ( W9X0+^!$9!9 !oj 1 l.2q(w%z%‰qERP^ #%( ?㫋~ ɁO!hRTX*30ٓDY瑭 lsAqcAv{̗>M@zH<~ ȇ7&Q *!qݸ|" ʏl$r3W36dW|U'!|?cU?LNPW+FXULq룽ߜ]OW'G d<N)~ آ;详=-8By*U v,92|ZoS|pѕ]?Y 2x?FvCn1::;W6 to$ѦvVMٖɳ :zIFp)o C[ce]LOWPM0- b,~87?9J5^ܽ06jAp ]1i\~z|ZI?Nգ쨭WBg$P{\ӁhXSX{YU\*mG\sZ_TP$LfC[{" BA?'O{mzW9$<3y8AA|Pf΁tAsa{fV:;U4ݏV/G7lxWgEٝHu1wt̟!v9=\C^ؼ"74`3YO]r*0>$ mHS>>>t`Y":C4ϴ&1^5U0HxΚy$]h\LWT KYcLJ jM$0{W <Nϟ&0R!CCPab~ꍨPq♲ྕ l{ri,e8!& $iĦ IѲK]ꮶ,Z~7|Ґl:; B|_k#٩`fAP(½ ޣtrn"\vn 5 Lb_.%-_˲mpV2Ю6p6;̤͎D%gmx29Xkx`DW:WlTIn/cپ%r5{j=p`p X oV}.= 4c[4 Nh @  ~ѿ,xD$^p1B+4$əRx9i@+t$OĚۺ_a83EE6ogi_"W/x(Fh.{2fĈOt곊_uQ>ŜJBVR">XuM(,82SB¢m v2l+SfU}2 t#(:3žog&>.ҮZ#5Ld+bbdq$(N֨,yF>j(N]-iy=bPxUo7eN:r ?H-~|m>T 2յb֙|e% Gn}>kvlbUX׆ O#n4 8Wsȭ[vc_a? 'pZK@M]|0PfVI ^|y}3"IJHu ktU7AG&IG"y_h~\ܾ]G; 1$b1KCyn>Wؕ+40; OGx]T,s5QEfV?N8ROP4J\޴߱nk`B߹(3kG#blD j٨_ko3)F9Y"Jie{)l5P@2]BSra =ds{=Ö/19*o=B†PqkE/-!+EP1>ZI_ ڶjA_.sYL>}!7O 2QHla`pOdJ邘K_TvdDK3rf.QqpI=o=qIc /RO;24|*N^PbI Bx2MCQ1NŶ?jmWrU2Fl "kk j[n,:Ⱦ d)ȕq& 1/ع[%σ +];>x86GN#2!%S2!z:4wVO<GK@;͋Og!(#GW[4:ĥP[#+u`@7C1TA*dk 0,4,/Eڈ_o`UW)P} 5IgOl[\ =(Г|g%E?dI…>#f>¦IC<|*O ՞] LqB8pBS(PKȷA!%sl5GS >5.?ްi&"3 ` UjR_z'J?:Y9a_a'>MϐÏuN?Q#EQaeng֝,4 ' _<<.b2-?-oЇb*VENsҌ.bdڷU7+f3R{Զ١tg -w5RU3OMAb"X*f':GrhEs'`ORsCY# d;~l6s3' lb Awh|:PCI[? s^M'(ބbHrhLt|8îJw~)ZT]eҖmi4e7Tu{1ycp:%2z䅔Bl :N/>qBX.[PDQ"ClIiQ`z[oWR`6{KRC|m8dqɥ :l˓ $l(͟ 5&JS:9TK!sBJU>ж;fA'eJixQ.n]l1!fCFtBwP4I/@ڐu6e/J-N_g,ޯKtnM#e)ˉB~&Gs¢F XҽI6ٙYqBZK8"&%3UFW|X됤m] J@E(=BSxtluP3b@enעt*<.3tB(#,b6&Z\8 {"Nj*pk8-{S›9NMW87ovGXI(A7!C:7P=GҍBpоr,JTF1_vo}W*X8TkSVc~  Q8 %;չ4J>B 9qVú!yyM.xJݛև_h%;+ P P=.C*Г)B='fIpq%tF͗['=Ck]ݱeðs:iF ;o:5͘<x N];:l;Fɽ"c>i V%*۵eU_.~6 tFNFy )"(rwB_?,Sm!}4LYVn>aٚ=x>ip3M5'a8ʙBnHNo!A펛Al}tZQ;@T\T!k,- {B1 P&fk OqE$F ƒ*Hđ0dY3Mvp0'l.&;B$(ҺƵ aE}c=PڞEP#04՝KE#AE|"z qFf@˼':ji"+ De Nu{&ށ?h9X̬9!yH/0:|jsxOdX^cpfYPi|'@S$?A@tĻk1XG2ѐ)tqٸ!2oF^(L\rle*K?1x)"*^v2{}A(t}Pib=Oɲ,T_ܘ1+ >ZH^]sviֲF5 و8T:Vd.ܭ~c^Z^hYg?PK)Wz9[CbaCTkr2ML=d.YohPb?j̫pZUUH c-?J -30ȋM(2.yn<ɻ^, ]p%!r/ Ll / f*`p|.ET4MI3J$pVDtRG=z`93W6&~9*i쿏W>+4]wF;3R,oB5z(1 9ha[hp=7Z/fMt*< F۬Caps㯂&Ҫפf| ;aN\ydA>)]ͶEe#j0ʹcذV-v%Yr2&Td3wh2>$-@vse (5]&~uAdPu!JV6,ȼ3{Oe7Ql-xEb8$ ?7 J_ȜU'0̂X*!y:}.c4cC@K#aHM.eKR}tIuzB$\ 7L J^`Έr TQAu^5XӝFC{8{aI6_+/2 N1nqf[Ѐ" Ki KLb^G~<9( +k.٪A:DA!W;]W8am F = dç]PƘ觃vht>xNk-Gs&UaU8ju8)fA4ڜ4Q1L㍭ʩ=k>@q̪C28rpV|a6Q_%cCvnz_\4 @Q|aPF[\쁀~tfhK&Tn\g\=3:$3F/ %}S5V~@ߨasAt- 9+)8E<"]^ÔIp &{O{>cZ˗۸F%۝n J]2d7l=l0,eؗW=$;:6LV(W~n yD_^έV7m?Z,)ϓP^~ 4#U)E^L d+>kg/*m1z LD!'3#;Ƚ/ K-JK3࠰Eb:w)K^@X, n]::0ɠ{q~~KPu-<gFy @+Dq{r?O @-D®J'%:9WAAO$i 8(~EC.t%x$jp3aƼߪCDzl# 2&[`Yhv6𗩖 <Ñ,Ҡ] yC3ċFb[Z ~J'8HgfK]Uu.;Pk 臖 0:$7ZZXt\"/7u7v_# w[ 4->R;hhRݏEQJŨß2Xߢ'b߼Ps 4+Er1Rz^Va{1Td_UyE7iu0ϻ lCSQ2N6YZN\v71g.dFk9Fm|1!;-A:YTE67#,q݆*:O\2h RG({$ '3ٓF线㬞`*F@F/@m;į9&.())د,Tf2!8_U+mT3Ҹ6nR$adzCZ&ӈoKow~;j Ӈ _#L#sRh:6mt a&ȁn fX.^2->z)b] \DѬ)}/BJM„7QivB4zv_1 A<Ib[Eߐ^mFշ8O{c[&p<] P=rhIjFyXPIj2WuLjaz[Ĥ +^N Dl2aQ/" V9rvq#X uG9<;f- QGȡ"hBZ8?PCwXqϦp>yF[J{3o Q`uOn@!ྍ, kl;=sTAa߂mH0x”AWtnJb) 0E /DyF$$8a|!LW%%WVBw`ZDؕfװ;oe.3Z./=GcQ 2K2 ϼ0uʆؗn%: ܜǫW1Y5BQKӡ h @ HM`dza0&1Ct&RxΏ ser8sA= }S݈Ep,}>8UDP-H\kZEWЏSUj=іc2|s,ߧ hPwiкvK"uS&cmEH!? ~Og 9,} tJ4qDVŏK'0x U-ͭfnY1 45BȖl@a$8cn)M=nkD- Gu940T9sc^KF07ͺX],-Z/Xj@OmhZ\Ꝃ(.mxiP3gx߁؟BjEh&whHIRo MO.t_ K|J$p! iKD +)`3OxzPx)/XTYFk3 Sx}IF4 *#@OI|aVMi~d2Akn^a'@^hĕvyHXn XMz?zB\PuD!jڑk駞%ϙiY/kxk)W8f'-$;Av۬e#:_cʿg&\Md8VS-~7T_bAfXO_BULIy[uG!Jl#X{bk[)j&$k>1fCd8rQt~;h]cxӰT8و#$YM<70S̱̀{30*"3d-yӱnwm|!'͞egD:|2gk,bYp4y9gIfE]U k#z^{<^|*@>:"l0IObf< ?{y f93]4rڝ4wTG#qyAGX"׺(7I[]Vp16k=._R5< źi uQ }ډu6@;p n. "@yl(Y4YavP ҫC=x?`pnInM|,LQSJ{0^v/u%faD^yuʪ̴|as2Q9tM%~%dޘRSk9KRmfiݒ׊Ya T(6624ۺ&άR/7;qMkErv0 VVS%r ڛvWk̼P&O*믐nNj#clEƨ&N"d]\X?0+aQxv (E'H2-7jlE vh2Լ_I RBagfA9go^7B}(:J;sfT:1l8B&4P Pӊn7ɭq`ߌ^Q.Ξ!YV"Qd2.{6;.g@ Uh=yl13`\X?.^!Nkd{ o/cp LhMЧ/G*oi܇Nk v㍁yr+$fK Pj)i泠W(c{48*'VV=)kulIP=Oac# 2Gp/2z Hd^S6COl}"ZDE?F mlFZVlo?bBL>9:qcmfڱ{,C׫9W`׳L9 q쳤IO1dpv-.ql[b'@&/hte$Μ ^Fh#(g"lzgX^"A^G 4O*O߁a<ݻ (n$1'׌mWf8E1]$P;zغB.ٽg ՗+M+)$p%]$ӓsJ^s F2C*\ m\vΛ$$> bLH%jcJQ]:uj),OyGYw JERZ}Hn3r[7;AemLΨTHWѧs4|wb*j%H\ cNuQ:rc1VkhfRrj0wJmxTf݆O*4W .(-A7ʇmT XfTHd2i }'4aD2{Ew>EP ^9S".&kW}~@bψ O*~L6Zxfy~ɹiVD+.uTe'd{]/=o ޅ7o>F\SfxVph_ hbyc4!W] slv@^"?'/ HlyRphDr&$lF &˥w͙j=2SVx @p`@d e"׼I%4jWO =e.$:Y~-@^YR>fΰ\kB13IgMl:}AçqBȇ/؀C.dFҶDZUu2@%[М=؁}\|mSNcl+1Jy+ͨ$QJR-n{F.4}XgW$g;!-p`O)RСC&'tYGԲ j]eWx};aH& UUTo\ԳX}XE?q!3Vl&qbb`ECxw<.zXtz_FR{ig&͘E n KjnnWk/q-:p!,ԲJ[)D^ Lrp!Zv qPVԂblʿE16wZԋ%2].3Kw4s} D *_aX2 IPk2V™+菺) guz0cyCVV^c'`JXU]ljdxaz`* 7 CDԖӟ{ӱ(@6ˆBU"T>(DWV;P1q\qd5 omn/? ǣG[,mќȦU4s}VUo^;J!vZ$So%q"j[U(= ^ e'nt9+F$U:m-m^><"#ߪ>"!=YVB@S2cO#` /JE9ƨ0`JVJ7n~yO+k2S$`{f2d}ȎBrgb#^h]Tauxk7 /zv< <YEYz$k@la]W/"Ư83Ϲ$P㓥$ARm:9!͋5inc2RGg#Di"n Y]fLmHl b2|8HBQ$]ixF!$9=;RIS>O^bkrR^RV_q!чW^XO74j? Mjbo&yc;EbЭ|_~-E[/*K4Ifd݆\^B]ʀg V> zږL{_J \sӳ^vbg[uĄ`gj\7T}Ne53*QC m٦rl.LvK_ύ)LtIJDYyIQZ dky22{hZWf Q=8Rd1Ua%Qjfg} pJ.:XVR[>Qn: c* (HRVc"rY 8B⟱mRl%}wtoZ?bdmwOp[бRߘnGC%+ya9(.@ *aJ]Z@ rO=8\Ê*$PI.;W}-Į!i來qigv~{XJ|W?9OugHň`Ʋz_t!+2m?93gt'zW-"AtA23[`s&2M \:K yMߝIX ғ/3sNz:-~bz&1k+'ieG$"/|D:a;.S>D 3e /VPdB<N@B}f qOlwAp2%z%`RS8N)U!A%kgW!G|NtALTeI[f(yTwSOZ̸%O 'u[!H~qESH! hR.AEi,'L 0K]N<=SA5_6 yꥨ.3 ]MMD> (i3cdM!ak eDqv o)jtl\IX^A;I_z)ib! umıe|!$􁱢b,׺q^Ga_ m?gVlg`lIc„X U.$Ꜽ)L?A)3ugnljf''x:[t Vq]b%%Gj ۛ Ip,PYҖŇK sxBGR 1W9s}W@)i^gmHhLRǛ!epF:-Q&"UEE8 Biew$6@(jaf[#xKN@zdK-j $ys^sF.F3N~ b 1~GPaCʃq-m3RLF$6{Lˌ>qU+87IYaS ]_Lb Ο93h:9 *XX6/),u7 F2h^ 氻b;ɶQ9&KoV]yx(kxOݒ.\\<ly2>ҵ+XbVq#lƵCI,%8L;ڱY8Lv2mTp_3hr|@V!n!o-KTɈޏ=E;S wv^}W2xC鱽hR.W:Rҗ!MJcۭ "S3V9͛BЂ*p"Eu.hWH͝Ɲ /9v6v̪ax)R!)=v 5 {>agDО=kxHPԅb⹥HR;W8q%YPWG~{*Ѣ^X%g ! dDu8&+ʏ./1R\'êJj݆(ۣ c|^EҀ9R<~KzϢV'qDx ; d%.qg| y4߇Eы 49D+=nH:M"c;gh"ΕJa?kCH7bnE3.B}!x1kz`ʐG+S}C$H70e[?T(( հ' 7 m&F0Cמvt'"%WiK"vMͪN"dZ2|{"c)'tMӱyV>s_@-1f>}|~6nTͭo{J[ xVS`) U^+I@qŸ)OGH~"fTE"=R5$d %~$UyOyxyu2$ ã: n< -İR0l;SCi]D[w&b3 C?]`vyz!ܟ ml~A70uD- ?#yib>DykTY{{I('ACѳ~.9J ^1A5-yr~quhNozԕ9b(QcY͈V"6elLʼn&4J. 5V=me!&|E96 }I(Q b ykQ~lg| .+? rި93PydJ/"͙]fW-FeieVԛ^,°]`ZURQZpH{r$5lOɩ(Słz$گ&؉LShNأ|8s;/Ӝ˔J0A0KfN7S{7$? ;µkjs¾ux80ߚ.E4P '1[ю)ݱmۀ3.mb8C|vPJ_P|tm~Ҳe1[sECGD;.Z{ ;V()PL>0pOQW֙;!EHIJWqIVRׯ '_ E85beno] fc]} l6.e-ŝrsvx =RUcӠK({BNo[}+()!>@,63"[nSrR3c?&ݟbuWn9a&+19 ) ED$Q ,laG*3f^(ݶRj)ݟEc-"/VCf?f0N&"2MLN rY^h"C'l-:j's_Me-VHmhM:^n ¥Y;^A̭5/gcl]L1/2NG:SӋ^Qyoz+8q'wc Tsf& {C?eMS]?S{]:1ߣكP n@RXw̲OR=<ݎUu-W!2ƽ@?Rm!p فgJi3/Ьpwci3t] [|`PA E >cҖZݥ@?"=*݃ΉatuM*P 'uh*L#k E)i{Jpن_rM >fw$<C`Dܶ.9CYf*OXShղ5!=#IC=bIICa)`>Y W ՘ufq1}Hܭ3;79uE?I'֦]Tfen_A∿xB`%!# nehQxwi3rP]%Io+Nm۟ '| -?- Wb7'uBۋ +4vRЁne}4c8TB~)ib6MW㔸*GaʨvPgڷ9bFeOVKWϱ-n C'"!zb}n+zm;l>,b+ Bn̍pVEDݰ@ M ƞ`_La!ٗO}?TaАH^I9:͂>,h]*3` BQ6++H?#k%u&Wz 4d%e_##1ƒjeƤz.xNRsWS+tΚEnA\m5ߓԵ!< .Q_[w'Qeٷ Nȑ256^xE%u]3'E[jR!XAVoh:ct\ v_t]}a"X!F¿l#L4@[I gOsoB0cJ[~Q:`<#-#>_*BÐ2E`3v5"9c/ +_ y 'n"(R`HzrQ (TVAN$S%b  4Y>ծC/q_4{SC^PI KEv4j\>i|]ٵ nF7;/4dM`FlH7c*IhI4e|&Ӕ_ZY^NFtmI^8 u>jtr]ʡ]Mn'I} QRнBx_s[޳7OӨe^Кٙ,.4D,5G \|oާ`XO;Eq5&l2h*(a>w:-Z r06N5} Do1Q|,!Ae3W^ei#Y! yqzk4wz"xԊRXDGkw6 ICz z+ADvZP2V)c~Gc.6Q׺踐5d v) 'HuV^$=1V繤v@؃dvPΌ|7mފ [^z зKpWS.#/:? ,@v}Sn&Vu_0j" z4ܨi p_$oLYE2%s^ޭ=<)p@Դf.!Χ[h`wH= rҢ}:vevG&S66@teC{tb X`)2?ԥ#M)z5iw v 7!a!&Pe$1 Li NDs(M: ڰr0%6*׾ʏp)Y6#EǏY%pIoM4XR@g9&VRSVX?s#X|c2ugHRM(*{wѶn ƾLBCڪh%'q`dC5[:$~ۋa]WcV˝ ܯ)>axEHH ]!ÊL-%&T1P%(5*ʿ[DhUNF4yPb1 FM(^vD:@T~:~Vw|S {D ֙/0|1ۮըZ̓+B{p!]8M< ǐ @3a΃ %^bUmuk'+~+WF]Fh9Z %83|oП 5}.F@Kjw -H'$FR7P4嚳 0Ywnʼn(tyR&Zin3C*ҥ3I"7ɂ I#HSZ{97n9ߠVkyA2=keNlO\ F.ԫ8^#W)}+!vMZ2w2U!!1bU%y:3Zoq4xKUS[ݶTl ֠ !zM*4~5#r).oWz5"2sC%7LB0Z)kI4Ǻćua+QZ JFdZ\D"fr 45Z`ȏF qsu[>{[.NfxNgh3)/#t"k3f6ՠ/ 2uY%M]IAɽ NvѳEus82\7Fu:8]E82Ye=4iT,D},潣TlߣX9-ԋ^Y#~W2{Wv sŤĽ[fUu,pƒXxI-y n!F.V1IΏǝ7ZǮs ZQ[h<J#>]m1y~({x@B\Լdq-Gʾp,9zsaL̑z;ǤaS[/MJ5n3vu"aQ2u^(:1dp#rY xr2.Ͻ-ܔXfImy0t E棕CH_Pmq}CiT"Du 5Z(p8εf4J|g<g#^De> [«sxyU,H;%-z{ Ψ׮МQ+ꕝ&+x~g mMKrx8InT<jxv= :v@S憍v/p5E7~5/ȢXH 𾍕%O^.]Um>y\i)&--{\Hv8m]l<;ag2*%41cK.V)ѐ6R+hw}˻|A/_EŚV#-":lMn]Uuwcitbsh v@ɩүT_cVO!s\P y JD5'"!uf Ⱦ4fZψc؋}v5aHEyfIK.YG JS,Ʈᅆ r[`ַY@'By Y1 v,VCGFA3ڪ'ՍSr—y%Q9 S""$uXekSnlMjz MSǏ>xHraPb5wt~Zz~3i <~%?<ëܦynxeQ@&;*]H6l㛍WYDo>ݩ30.PvS-z4%eGCS ?,f 7,Kΰ 76RCOoGregs%=|Ѽt$ƛf. z#nԍԉ̈́HЁ\}cFm\יTU65eJb{IZ>G<g,vWhޒ8 ׭yAXh3k F@l }aH_P^=+>А0.TC{)U(,o(6A' uG$>󨐤U",W62p0K&#$>+LaX>ģS9XUcQ&->^B(:_!ӪIDBXÈ ͓SC2; IV~yV#[(i(,ϵH;ݵ@&JiYW9Ktڝhڎx)T1gl?OaZM$Gmf?ICp O1_7NUd(ewx55  )"SƘ'ςJ7mߦDm7BXŊ%ZjgHvu?nh2iQHځ3ҧRp?xP eY4y;޲˃"7Hd poGuUA 7R\OȽ"FlDŽ3M~t#% i\&Y{7xC N\1[G:uڒRq)EBFNE[KQYF>*vtBpl=OsZ"OHDMB#Q淓q*?E0Rɺ1V[ͮ[$rHC wI8gy姲ht!.CYQS̤0Gɇb͂ w5#Z(NI^Hug0<̄ߴ`>ʾTa$N^](rD[>&vo~HߑR7y?6}EG!s/ۏ@PScМ=/|#qwdaF=z1RW˹u $H[ }Qg mSѪ|wjձ gR <1h~5Է֮6'Leڋ iaJAD%[G$I1<_NeN}fN(f .$:F-omЀT7't`5~ "fS(猉ڞdݳla/n[ 9luu痨IQ(p6ov(:Cig{T·d[nI};RTI]Dʷ=3%xsEKhP)\67WZr=љ  Ko̷);x}/6pM@6SA@ ڭ 8n -t5%Sw,6J64J!JJB#WlmsVA>V1uէ >A4;U;nvDʛJZ+Rl)߁C ӈ;6b0䇕.3K~OT&"#r|W'6ֿygq?8GNIKD_'9,oHw|]/ֹ_lHcL=SCyd,1/ Dj+ܞ3aּ g+p}\ ] ^)/~ d魰fpK3+4.Ȫ(Fipa CӦJӨ>3y2zKo@~ϊBuĺC11m0lUJL4[k){< ?"G|+ߧ\Z.h}Vq{2ٴ8^ܨo2ɘgvoI:g1Ȳ$ +4T#[oƒ|ZL`I.c@b{79ˮN/@-k::07`ܮwpXAVipU_buFDiz");ӏ1 }o'zw"^ґGn-/|=hy!3曓?}';u34s70*"+3䝈zxBnN$H|nC:FIx;l̀ӳeGìLxPM`pI' 6Huo)}ӯDZ)R斉o/ 禯Z}ϒwT`7 *6$O&Z/s3Uͷ.ӋP:v5j^#2䇄)H*k%inMP) D-1d"1<7Pߧt -]sArk=Gޛ&H֩I;~"zjZB. f|M*)[6 [8ѦpM#G#x~u=I+«<ޛf]nhG6Asz ?} h0#bv:Ņh^_q\Z?o, C#퐙K"8_ XXF#XR1KWk,1VVp, 7r'dyN*/M`b=L ,b82,eh\ Z8!BCdQzb!N105 H? }')U_!B<Ahoe&oha ǁ0{0y_yGh| 7[W؂ @i)A[ 5wG⒁/@ JpsH^zO 5H8*w61u7'@DzgD'տx~ E vla,a8[Xt!_d.ڎ`tOY–8D9{5Ȓ'nii<'fϳ"fU(ұX-D[[O;'_Ҟ(ʪ'&UoeCSuH^ҁ+ nֿ >M>v_#=GդH#.gp o"m@`4!9[wy-ME1HjhQcjjqz |jyS2ʢT8|JnjYF&4"!7CZ)#>*m̼vsxccJTbys,cK;ēkxB^6S gI/B \kB1\Q2.Y5t 0p̰j5a[&:x o*nx6iºM J8{6,p^Sn6Ī;tX@c$_I.tzxG6mUkr*H,MY筗^n-oU]w>)_sQ!'ȇ@t'{tV95M佑a6o+5{PE DM_Z%5^3:[Cʈ|Ҽ<@% ~aBXBD$GJN &#^X1O~E lߵ))@X|8nXKktUw`':HĹԟ{/kd!O2UWeKNnxM37//0g8 \}*3[̛*6bHbĨABR-Lo>xUL]xO! wq;ݩ̂ ,}`FEovPRXvbsj6ېWrѨa&BԌ`ί?p~o])\!Ϳka`h}?7R7zUno 랇Đi p`,EBM1&.-٠: ąqlUfZ.^K&媻5{q3PhO :޽_?7+(o]gL'Qo| hFɲd%9zᶛqT9iSʫ`. ,̰m⁥&^?S z)Mqq򓇒UW;)79} ~ƚ*#Nvuw mU2XiR.?Vnhh6KOzM|fi(l'թT~[[wCeP59s9qj? h9gAgWʋԙ^KKLk^׭6M=,b Е^>˄Ƞ-ix/h6unNcD `yWxu^rVȇd#Xdڢ娳+9qe-^W_4++Oj岎4Ezg" Q{jT'4R;ȈFfٯ{>E 1WqlN6r>_ϭ*l~nh t)鈥Έ%1,6EKKP5{e ORW"GFA兢0*fP嘍nb`΄Aj\f  ~ b-7%&`V^I dfmgkJ drCM _ Jg&g\7EUGyx# PX Nh\ h7@݄DWȈ |'{̐Ț n@_}.#"̅|P,,u!>n-Q:z~4Ua;0V2۹A.BfuxEκ5_OK2`$ 5ZGH\~+~VKͬ4lSqo>`:oˍw<岋fSN 9#i?tr@j5 Ŋ")KR2Ruڍ=c1TX欆,0j}^-J,P2dr\J @@޶΍H-$Wm] $Gr &#u9",qBah3CMzSm?/N#EԠ~NXu,0A}1!q@꾧d4Gp \}-ȈMmqH+gԒ> #S6'4{%L4:[Q0Y2r'I/؁!4,@={z#ܚCF,Uh=[ (֪67AS 6Ӊ9ACC߀]+N<6x{5xqFh7n)eA(iEX?KHU .c"l[>bcsoN,>XfBʍĔ6 e,Z^Mօy^A?# B ;)+uk36rhOghIGZvGc,ܑH.aMpC VTӢ r.P䖈Xqi'G+(mOG5C} Aj\W2"e ?r]xֈIF4%ZTջ AzV]]=c12:;A3/RaFqz%S,FF2b2evyg"±܉m,C{u,MH1 WJ/ݟ~ wN󛈌+4Oy`@s"AxsĘWQdÒ ! fQV5U2*1n˟(Nvx{.a*^A7uWL3ՉĶ$ em<& 5zL%2Z jH$䍢v u#pT-@?(j?I{ q5Z"|"Qu+Xkwq}p A&mUUu\&)U!Hr&o^y* t a|*~I]WqѠ!uԇ!OGIJ"i)=̔kS,aaAoy؏)RQHPvQ+b1zqNi(PA9ǍlR 4RR;/9F?Roq;Pnkge v+ df*Z3c`?:ɥ:zv|k nP#۷O7|IAUkVmpN)LϘԌ,{]X%Ċ$G* 2OT.N?t7mXءf8i2fcl7gTp۶nPK'|b!M~6u /i8yq|VL4,٥u"rL  :0s8-3Yqcf0~~@n9 \a ?wx;U,v[C$"R[oaȗYCDلw-0!ү4"8 ب FzT/*C)OwhFDXb:gp?"3 +0#PN#!QPAݪ;v[$v!G]i5M#c叱ɾWXP߈M`H A2my̨7A13bx} hc㜠dž9o"X}تB^uJLݼeYyHܼ 6"tG`@B2 j4P "LÕs?}UpFIcT]9Z9/bO=Z&v Xf+/o[%P +h(-XA \-0%Fy&G}섥;*rMS{m6y -$ UׯwxCƚ<ZI9ixVLOկAuOC½d} r=ߍ ǜ^1b ]E>=75~$btP-j<_C,Mlj)N Y=v1z#- *.30@ g 6,q/WM2)vӨO U•و#`4Ѹ|\_9NsFg5v6~0ݓ+BE1i󼗍'B F 3Fؘ*`GTu` c>|ب>OUع@ @ٚb8 W3Byu{@s"c8Z5!f0CA @О+Bǟ'qEBǺg1քլf;'ha̜ @L k!~dD,퀨~+^kqcER+a܀G;SU5`nX˗_ejUz|j+N؍^Ԕժ/1Ƈ"P'*ydޖuqGce F3c{-$gflw4"Ɍca/AA)lwI5@gKyL@M}Bzc YA(>e~?թ!PDo?2ɖ9Dqp~JP!K|xG(ΐwe?:~c4T3\wj]WѸ^n%AE[ Gr;E 7NOZʪSP OzU_ ڈLqpgd%7DIF))Z; (edQ\ )Kߵ[JqTt<[}#@KhU=s.=hYMNZk\4z Q~Wt Pq o s39,%]q>=Y %kc|>t@=&g͆Q7nlMˏʤu&"qO3yqگyu֚ D,G<*h7~-Ķ:l"=@gB59cjt>f?S0̃+2`h?R)QZO SĚd=SF4x!s_jOĠH}6c:oyȽmm§@o,X7+u6%19j)7Vx$L*Ϊ٫W߉mm8 D3B7 uXOPuMbܻ \{_}f WJaB-mJT{ZD eR3P]vn j׷洘9vdV_s곗 YW.~1 ƁQ->0;Fe^ J4 OIIt% )N$:f<Bݩ2+LaBu>Ƹ@aHJ퐚Mdt$p={ `!5c9׌b[nkU֑rvL=*TrLQn,Ϗ}v 3ve}nztxFLyX|~:l 9^鶣B@m^Eõs`LWwxntI\ux0{vQ`{ GZra)nacŅwG u:?*FU>H|'rX8z )lĈLi_:Nf/=fGFȜoStDR=C1S2punbtNHD8׉ ]&݁d#ԃśZ2P;=K` Y,!4)"!ɑ&cm{#e.^SFz(ȠfRp~nՆ#YdV{uF$#0a1::jvQ> u{MVFʑLS-pt4;"T|P(%ɻ>BG6V!78k&\6kTnz.s l:RH ݺQFEGo|&iq-D8 2spQ b{wI*;,\RDѾgθk5CIo Fr AzO[?>x =֑z0x6 E/814x)5W"hֶ[W„e6<z;2,=*_^Oq̂?m;4)`Vm 42SOn%]"*5YҠTsǂH{y!T@O?u@贤 qǥɨCM>kEs&r#(Ya9r  `{}qO!r .NVӄ})d䷉tVod[_,bᩖN#6|@ԈL1&@p˭".0IkiyGZ^=oi"Shj.%R1) +3f?&=`޸ӻ i{!0Aq;)-<EfNR]ߝDIW<;'I1fzP늅3 R 0%=s|.Z9VJErù]rn=( S|)U,. jc2rZH@1)[\0t|n*`#^odzA B ڹԄ`= {G:tLĭbcbm_2*.pv:r.3 rSb1Qa!ɏgU,[-|q`*~FgrEi IVѧr[06}iL8l;ΚH+촍r~ 1MTM6l24Pք쯉'bhԋ93>ZqaͰ}fZx^V'4x>0Af~\ne_=_LզNbKavLPE'Ɇs[U2 W86M`jifY'oraw(߫ûd sHrwl\Rn KK4"yx}.A~{_x"Z.7s2bg?eV+N!52$ hs>#ђ=DDΫ^a~L9H靱!K Ӱ>ҤnCQR"ңy7 fǡۢh0$fSמσŎJJIPt9|1Yh W/&D5}!Vl/"E'Ɉv]e7P6d@հ6~KAWd,~AV5֩U!*b<&)ߋ+8N~iT ),°f*뛄.! _GFSϼ"уX$A"C( _ ?E'Cm0Yt-Z+G=ZuqX0 ϮXjH36s! M| H_Ҧ2ډLۓs(H=9AC.aaӈFh^ 5/7MsAe1m' Rlq^ oxHaZrße6R#3xAIk&9,4MgW~pB:+c[ΪTkxN_)#| PzL=f9M:$#"έey '(,#y4dY=ԓuMV4ow^ǁv5@zZeIpa~V'f$ćHi<=T ?5xυ䊽9m IlGWtU)tݛՎg?!X~BYq&NC2؏'' K|Xyoڦa\ha{Tw; vl}oQ,CiPV6k͢ӔhoeAYI,?Tuy6D!2Tv5ר/8ԽBVZ(U ~#IhQJ)V.v/X$:B7t1A{¦@֍'g/*vB>졢-{[Ii 55!yQ0[ ށ"?_Q*aoX\5(:V rB* 8{e=Amzwns|q'RovweL79f`w"w-.'>i t%巽}8\!70UP]-G=FR6oe7[Bpi68h39p-ZLאP8h9\'AS 6{˞w3{qPl Ʋ,I8o%HB=bI )8jUE Oo{Aph]0zTxj${MUqsP;+ɓ(%О)ors(ѯ0p2.zy T R3fw2N!x`Bx qK*֜]T>ȬrC]yˎϧ̪ [kF@OcVȴi34,EBLe, Y9#5S L{) T61M6/c(jt0|NB|xhT=/ W A\NO>|P gٲ$zB'2BA`B<-04p(Y*̓jAQL!AZ&!\مA}vٿeڃuHUp 85NY]ʦi7bvOte wL|F!;}Gzy)aРNG59IHv]i) ԀO?v4J/fC|8V0xcua3m;m-È _Óc:{C52jKSBt:OWŮ? sϙ<6ǎLj|81m my͘d<1$`nĿS%!aS]#&7]I5w54R9yХKT7C6d5;Vp5FJwuA8uCݟa7FϞ׿UPǖѦ'_WGhM_ںymV:sCT]a3p_;WX;r `=nӥ7]j0k̺Ò6pBsGpG*Ү3p0lo1dVCjY2%zgf.]q%j)+8X9kv.=Ard)þ(EN=M'9d([/ټt׬n_>tDb*Ib)RA2j*Y%}u',?/)# VKaDXq/&/T~iRHA|͋C@/?oMiA#SX 0B[<7HWJBY5!ha_yNF|huD,N(쇽H#H:Ln)-4lPa2xywqB%N-3gW=rl:ǥɼ$zY͡d??\[Trg"97}BI3άZ+x1=dx7fmf`ا|i{igz9{Y; )ifBA%e2Z܀aSYR4͑~ڰH(?a?? nDW he@~S ͒qI,2p|}i0S0>RNCqcnc*x av4sT31c^@MOH?/& l'lz\@o"D\<@g߄vw:y9Q<.)a "]MBVUdۤ: ZMK+UTШ:xߐȒ~}(3-e׾{fp=S6MIR60p*1CHy\ΐRh7 |~}mcG t @ѤL%ze-S?pӪ=ZYp{;B;؄NfH*$S}L6n?G %J YyA[{Za~4 L0Փq8A:T7f]/vX;i6jNZfo$Х~ ]9?&a1^}[vc/kEXST׺&~#U nPHavh? ǂc! L*;prRnI T ~"QI2]֌ $/҅J)x6ԾRu6b)a&M qD=H &:eG`Ω %[ 9RNșXF}59%}'$8AONDzOE;- q̅e146~pqFmsi !9Wgf;WwӰQ 8'yWA( 0 XvmG7yn}LJP8D–ip'so\4-_,ղ }̛߾Y=T߂^S Ku4MW;)yLreC@eD*r߄]HTPӗ8P~w0 R1fxq6iE?gtG)椰%3fԼq 7aᐉv+|¯'<J qVq[C;Ḷ\qUщZ*ô Ȑ|SKW05AYݺT9'H NfN€ uGRsfA*5/:pbQrhk>6r,'.ҟ/ЈǼv%8S=m* x' $2䎃yf jB o#uTrJr tWFsyu\:<4͙ͅ٩DUcFQMH޸I!;RtEiBQŞ:_1 :nX9ABkp;&jy` r.GTa_E;!!@{jTMh8(a@se^~/ Ö~N ut`zrWD~` Bn^DZxZB,kʵsWiYfiyٿR0pJ-u"s@E@dLe'eӀK9UK] 9vT * X,TfZD[/nYga$ht>E>=A0,uA n?T])'!|Ѭp ܙnLj >ǥ!tnMT)*k^r=o˚-RfbV^-]Bjl퉲\{ttF$;xFcӚa/B06vR%!3IY4DÛWjtW_zVͽC,XF O)=/a,E:'Ƶlsj%(С˙&.v=vX砓*),¾}`jWxn2Qܫo&10P[녧HT7vΡL1P7Nba$i5zjdF}~_Xel*:~fJnTNy~Mp4AL;# 1`>7%=4 gض<KtSgUcr.=OҤpǜ7:L}7 ^-KamXLN*sqxm դ=vgq:6nlr h׍ɳpkVm$}X[:-OC[;fOɘm!ߩ=&i_6hoS=EDSI܈$S7%>=/W\|HF(L=’¡slIjj87R4}$,9 )+MKeCZ&pWZ1💋6Xn" o8Vj[ USWd{t/\1~RYe%*?l֕xɗW(zYA Q|SgWlBFYEB]Go+j+%Ca1\y咊eo -[Z[&eԸf#7}/V3s_nc&,Z^2//%*ȿ'':F Z8t/F-LA ,uTb *YOh?#ŋIX3*0]'j>P3P5~Pj$~$ʠ{|_ϟ-Cpґ@,1$ǐ` y+6_BсhwKCU=R҃t3rjnE;# \.Eu- ͏' daH3֍Nk[v~Y|vwKtĵc%^y.|;hLQqT}:u_ -9 5|oy & T["S{ =i꺙[I'Rշ$j[[ ScwS16}EH&KU= 8H?u!ufm<+*ߔ,I.[lR' ojhKh]y_R:"dxe]0-$n5fbxߥD+ɨBނ1ju)kTHVj(;: P8P-tͪ^Mմe#;W7Jx=:d lHabf Yc/.+wKcrMT'M ʜ8ՑSF-xPQ[ri()bGNKd A1NF J f$y2aȈML9Hy3u&~>gjU]i~Q4jy ʞTu͏VZUjs1&0ii S=oKz=}(Z~bz9ˢ / ϯԜK;jW|?7B tyhUq7t_d4`h- +Ӽ3@ RP0E2;s_7`')Ҍ]4Z̓Ixr!8U]\u4a g]A٘܁"Nް Mx2I\,{Ns80 xYBׂt{@v>s9aAX~?%]:m7Lt EF ,@s+h ۫e?2"|f-V)U | yޱGh蝀S*|վSk=e*2Ttc_9Z\# (Fq4T#AG /ܥ$B7weȽA{(y43>=UUe:L8.|[J LoE'[UE"x} g"1ATVN)]"'͠'$ݘHL1,5^iYsI(I~K8E*n<]ɋ,ZK,qtNn%~V8>iB!{Xf@bhGi)kGWLs[-8Sp=l{T$Wyu(+K_3uBsGFp,+stP}Jp*ۢ_`˝V&% _D䘻pHKTSkŜYwS{j_x 5*#YOP |Ll,-rÉX". _kt꒵_榵`ڵ3 PLM/Xd1bHF0VŽsX?2薒\ߥ&h DBS':cV,fbO%"f+|̢Oǟ?i+rrU)ySd0+,wJeM)ٜTp@~~Djֽm$wҘ<*U&?j|fk.ʧPUnum&_Bq̄.{{h+1+Ք{#oSU&2ՃO#=GĻnLy'~EW)Nv|iWrNa~w ;ߛկjUq!Fh0IL-WS4SXe:&LUrR#Ph%uEqZ_=’1fo?_,u:*мEbRk7-@[BDT UVabVJÁ Gpyd[4m.Ƅc$ 3q$wPg$zϡc{\[)~p" b ݞ ׈ۖikWԶoPF0SWlg/ ]K 黹bs*=H[ۑaP4.yKtc\ zV5/o)dc+m=wFӢ̛p<,&[FNa~Od]WK|4~ TEd-.ǜl/Ks絤P2wCYzM0>Qhm(abX SC{B K2!Ԏi8{9,3~dzCwy5JqVq(}S[ X'2,07@QJd\NMihxqnݗujB=gGjZ,TDd0iE%73ǘyj`^ u+P`],lEvgL]qCxr9XMTf1h#z$d.NͳN?)PÔ}2` %|zKzxӖr.7})1JS{{5p_L \0 +|)@_oMuv^CQlǞhb0׬BVef6n("p_%Ya,cvg ؓjnY4߻)Zve8m\kUVm764ޭȜ aY֬(2%RI̲5\%sJ) a&3g7mqZl3^˽ l+FJ[vp='ᫀo5lYt:)*0ه3'%8S T< 'JvN8.ďuꙖ[cs]NxNǪGP)^H>J4|qg(\!MUͨω,&J1,+Z݆Qq枈BmS'̪Î4~dLJø#DIyXimxǿ$Yo7ǣPQcuN 4a#krQAJa2)'629D/n`ir7wU4tϢe;Wö́p^a uc (W1(y+C|L:4TRQHz/mNs,74V܄D3m!A3XάQ$ܰs[Q\?{VG ;R2GiǛ$H <֣y x0#DMMk5ow ̫ `69 ۻ#d0[MT9ꓢoXw]$.jSBozYbs  ?J07@%ɺDxx.Lڹ@Kh}E7_&j뤰^ |tӶ 0ND R,g.!e6lqh<7S~-Iz@|e\1kg{quE%.75o%XD Nؑ0;o4g YdJLxt6ƫ|v7IJY9쩯N8.THL49arQ`U+)v>S@h4)CRd$oN-@65}a/%ƚ&ZnODjvQ[]|Vr8!ڋPx=u'?d a>#IjMɍNDm& <*;NK˴@F.UT-y<ylxy5ç~l+#mQqaɳ–&a!2͚1+lLI7L.{ ".$}]wi~!q@C;}/`#X} ]'=tTP "< S0ޭb߁CƖݖCY I Y7sqg@zb'$]fZ"lW`rK]c84mȞ+9cfNш|a핤> ¾"mܛnJ,/s2OGuF3c]ly%BsƗLl=w13=bÒ$!r-ٞ@=?/o>\es0뷠mXۈz!S/ i}˚z:D CLWCH́ ]Sߘ:LTOa͂ú !l1qz\ IɌ > Ce.f'){d&:6Cyi2- >4\梭7F'AG&0݌@KU0%ݲ)86T!yv%xupONcԘRAmXު&0r|dE7]|&N+Ւtd3D󛎏86>m͝r\ށ0qU2q}ۉI|cɪh NVXg;*⹣H{fJ!omF]gӤݟ{Xcۿ\|@N̍3\ˌ7ifRѣ+ޖj"0)P^겚KٟbԠ۰S)#ݑkKRbXYui#.@_3Q@Y\Rݎih8Q+GPħB҈CwoD=]fd,.vPQ[X _;7):5 ^ K9"l I%-dj g]2/r/'7k{+(D#iP5ёV:X #ԅ *d.w|q_\K] 2-1->vzT܀)|hS?hNy~uʕ_!uU?$#vak0ؕ[3 T p s֟[zW ?BlpxOݎH[v`J0y ^q%#1L. ;`@hb򗛷7q^$*d s,AXNX$6YA_[9h2H;hBlOA]/>2I'\ >?;%O#]UCf[},sVȍxPi^9G6|JdD'2NhD#5C+K. ǥZ  dz!Օfp !*q6BLuX ບvܰp.Q3uXYgd(0{&wk/m6>pBjfA Y#JiRErI|iei3̪iŅ;ǁ1XXcvk`={ -4v*``';$9OornhB `RH[;p䓫eU>Xg /֧.cu.%{.E^EݤS6J,X4%2 /#b#kt oxYS;qRd$s@cEȾ$&5~F"94Op>\q{d.0b]Q8цa_=F;5vX o9b[+ t*3 ɻ|x$KޟU`7u#|K'epm`ETgW_VW߭<&ub4_dq#ϕGD PS:>)]x9d B¹.]ɂuS͕ c>I ti@D?M=ypĭ][8ʷW &읭o˩_ bXyS%'yIqYu^ONC4l_M+Hbr¢Ԕ嚷PSnkG;s 1vGJ[ F)qfvF :3)1j|Q=M GP=سc(/nL4,x{s}Jc'k[tci Yw6(t_SL?m\rK{pnUH ?Ɂ~(IqQWd<JQCKTvHZy+;e]`Ws3%DlPMVwX*E&S$,Yel\GAq9~U&#_Ρ=/;N" X<\6Uǩm5GJd'jkNL>Cq:MKw"$afnE= ,*>a?6e{f_H]%y;ۢR}<N|Sa`GiM/r]<]=u!LJx^ῠmLg{ffM6^˰gƕT{v[Wn7WzU@Fb;Σ{9ٿ~@0~ vS.B%~Nۈf.YšU耫 sX>feIdwUMA:#Š`ͤ ~yS䚑sR~Cɜ !Э,>2eJ_椷a$ %x6oij+ 1c;C8xJqcKEmI0PO1be`UV',o ,WF}DE>MwxBU'O8tұVy5,p=IJ5nD'YÚHQ)Y,hf3!] ށU2UKvw@EdRV@SGIƅT3b16ZbW IV\g.pg̥)ҕH×DOwjt8?3*0/]T.KbcVh3OJuI(F,] Lx"A lObq vݚd %Z9zjĕO3wOF}{ 1Dt%9#$H&E*Iq\l21ʿBޚ{k]`v1+$gG 1Hßf58.yӝ$1PV`[l a+qjL{8j?OuElƉVRtӘ%e!j~kfP3kC^X_HTڏwpl+hL[/B"Z <( 0C3+$1c !I_khVW鿶 Oko5)~? eO#z8a%2&WKi܁܆jRDք1=յ+|\"Ғ<5P[R{ӈ$OlІ{Ƅϔ8GY!b2IIm{(p1Zl5ctnڰoM6_֐ՏqZq/ȋ4D ZǜÄԾ n]}C{| b_DGjB[e`3=T@ * Q*%wW:]ta}"žt 'S;27=B`hS'~MgѿDn@>L/Bgy.4 ~1Q+8X}XM=6bxtdMz+Yg7|Y\d9%KWGaou,u0A+Ik|"ZBJz;GuOZz۽AfX5:1tb%lzX2^xF/Ph{bI[av ݍhf";_c7"֛NV kG ͕os@A6R r(LTRhs$=spn$])CԳ /\~P>D DؚdFZE᪂|>@__%,UX6u;YϜE/sɊ-1h&V OV(UMc vAX@W1X=4nj!)Q3hޢx0׸BA&ZFK :04oD-=F#&8q ɸJ |vAKp)O&Dd,7( RaEۣ M )D??%CiRd suTO5iT>q|rN.ka`rݠYp<t0!F?&ţ^xUc6V G~,{5ѿzWҗh0T%1t]Zuwj%'ڐrHf,m?~MYYYMYڗ˧u|M#Es^z Ojl`M q_6 Ez*,iOlBqFit)Wd4w+eJ Lʨl7: K6z T,4gx@ͬ?4%x> IXpfEhqֶͬ6tr ,ĉz\.ArZqˣR lf̤ 99/01${ŨʋL7ךRMZR`}j^\GKU˸~sJ $(E)Ξ%ib9d)lA>, cTBfdr=)#EA1x*\6 RӬeYíGg}#QPe } >EeV +pQ oŊ̂!fK=iQ`)ZUEX 6TZLDwBW!$! \Q?'ݒRDHӂwq.*`f\ TRih$ҁ5P7b@3)z * &OҎq}{"\% PQ}@ZͼbYWa-C?eVuTA; >@\fZdX0GjT,Uk?}S A!rRufyJp \N:ӲSIAb. H\ b7|^ ',a$O\rC퀹&h\엎1r4 lM%DhAn/%J}ή[_gR*4g *y].h-GCSSd LJ03=w\VdHG`Q FB$#{9-IGj q iWk Rv@tQ~!D?:dżr6-[wnPogͅnž[pUϢpʠg[:Xs EPb4(3ݘNYcXoɎVXDCd3p%1Ijm%LF<sŪycl^+gc?u0W* ľxPk@{C Q*;L/$OLT当/Ot5Pð9'Z{͙nuKb?!*t0Sbo|=g'{SKanST .@]LdlBk)\Ԯ=^+CWHa2 ~Łm6K@YXgŕ*B^)>]׊^?{-w5n/<M#xP}GH$X}ms.)QG:fU;`<˦0G!~ONm5Slcʞ`OZ ȑ ' @_ƚ MiՉeo1ΰ2?l,媅;m.T\lDO"\gV;y [ u|/ʵBOqrV{ϻ D7Z$&LPqˌ6 5oaǨ $<=%}l_gTS7 J!)EK^=Vi~s lƎP TtW#V4I𸱭TfZ(&er6* Χs'ra=yPR‹EV+fL$\zGv*`\.xVgZy &Իmr ܛxb/f=\7/U ZC;mЗ!¬[4n:|ymo- >.D|ToT^BB=R{W9.WS` &qDbU핽I͎50[:ghPN2R* ⫡ܝaFU&O>Q8t"ŴVc'VyY5'e0e#uWUˋL1k J[;ѕ{.P}W0<lf:*gSAd9/pyHhy)δVx˽nK'H}jިԗ_ X V@]YJC4 ID3?s_Bn Dï"$6F,0I??X23;u֓,5Rg$8K/JDXaѡ.E:q֗ᅰ~(AsM2f5{_S0 4ȷMPZH@o(<862׈.`t]`"dI 0 2U14|(',{y%4D̬cQ|ׄؾ8w{8qBx#eP WY,Ք+%U1/3kp!\hUqv" )s&DktIZF\柷ed&>&G@5+sHM2^ߐ7sT ~>6~ON9% WL x9 1g{dcȍ F~a+~bxXc!A⢖K+r)sjl:7p~VÎȂ(Lrjat16ut@g@Yruv5NfajGPH(P G9T^A[ZO O:;p](m8-xw;U{ie'TP 5Mw.YYg[ѷH2*V;ipeLJ>EZ2G@A:{XASoA˅S9Tg޷q60RH<z5KAFm{HѫM{YĐ_rϣ?c7 ^IĠ*{o|-]3n_Zʂ3sF N:"|^GSnzj4Nj7 5dEPڔ7tNɄx87? ;ukBܐոߝWi\fe}D&gghvS6vո.*y%#M%4zCv"'3pS̃7y%pVyA?;>LLsGMf矞' f27 Xa$ Hn<QkNW`B;LΚ ڣT|3zVl C'.P*&vdjX{Iñ?]/4e@2ƞ] $Ph]DB[YѮ`|-$ hQ5 eqc]cΐ:Vt(|Yl7kBL˯<4hG3WEtDPM\Fn ]#SFbd<^p9>%PqS@yՍk^ C :K[C7+}XA`d_$<)享@GlP M\Q.;@Xj^M)e?k? xA1ז"7WfM\i_\u,iQD\э`tI{%\db±p|2G"fRǔVl "q y\2҈Kңa~lP{ Z&y]Y-KF`a4"a̲4:3߾2j*1(E=ԝ -AΒM5qXX3_5.U6yth Vc!cz&e02JWrŤua{= ]!ctPnZ/NY=cx~bU_ g'TT 8ۘUR0lgLJ{H]%0VdAΖfA3ƀl.ӥPL*0C;i?ߏ}Ǖ9Db6Z{p)cC-U.|\Z!a>tSR)ڡlW3lj䩸/Y6lLZO8Ϻ9Y>9;[k5(h?mC)Ysq`Ð=q̰'g?pYiD%fNj%e"Rijx/tcp/zɿ#Ç9n*kE={L~X;]BE 4j2+eqݺ" BAJL,rEu+gmӃkwXATv7 {`f6Þs-kK"0ExBJ#ioUgYe!H { |i!@JЫNGk}ΗQ_6ԟ dpMry5dkG>b6~E;hnaڒ>۰y_P̑6-@4^sV]d`†iB@D5&]vg{%lJtߪMʞifpD<k2PlD#\?="hƻ7 9]iG$ 껽Zۤ*foP=#vX)Pzo^8->`U!5H)ǽ6PB@ 0f~1b( hK2q{uuf1sJpؿ/.[F-ЖE?adVG݆bKnk B' t5MZ?ZBQ^$M+-͐%PXKICXLq޴N82( u?-$vr ,]1%fZ *iGݐdHja?c)~TPbk6<>/Őlc&"$`׎p Aof:q[$,.{AL1@I=v3O-Qr% }ߢmPRmrûg_$&Gſ8tޏW >23TVf?D[ xuL7[Ǧ)0I7FC=%s)O:3'd]mffE' 5r^k6Mte&+"rºl-^tK[cQ'0q SfPۢ.!`<x>)ɓډyu7*я흭Oz6yΌqYhXgu#ڌ[gڴB`3Τ9]T̘LQ[&u; z՗O`ֲo!,s6M;T߯p6էOChK7/N1X$HѴQ /xOK]> 5e|VO`ݾ( ~):JQ3(z"!4ݨQMR4jxz]vx dG,~ˤN'+a\~H6̢ʒhOt#}T]:lFfkb.Դs3$]T?FkCZdaׄ7bjߦE @Unҧ`?Is"?L̒zH@; L' ᑍ"MI 椋!-󑱒H Wa-Y8Gi\k G>OMiS*GW6(l jY a-n8+'!_ A Ȋ|Q^vʘ&WӹgUiX1":"λclKΆ "QN(zcӍ!zocDcTټ 0bef8:$rT1Fg\Z,9a ~uTy\]z.L2>wM`:^7R}I< %QXgZQ'Tg7S)ޛo [t:{f_xq?8'yH? klH刷=p72֍kB@&\Q'v#SldF*m`.<@qRS&/I*fldOlщGGwysεA`>RJ$̇+ U4U$(qY@zZ' Ƽ;ʅܟOs@=H]6ݣyatv-Z-7fAe-[M0l&Zge[ pϋEzԂ:Ca?-c`ХT,/Mc b鶠Ed+XmǼ>m GZkbh(ɝ/gnW/k>q,Hpi=e؜Uf#:sRfW{E1?#~ @7\BTZ_ݘ1mn0!`\~`7^)X35J B,J)P 2{k)ݿ1@Rφ%P{ׯMXw8tykɜ \x)kV4FZ4bԶE9 l{tO[v@ECU>#OG|$^3krIuEE2<#wz1}69NJepDcmW ؝:JӐ+&5ʻ GLb)q M47oM~2KNpt) z𺹯u}]{ЎFmrRkXH ʹ[kRf`nZ7~ͱ8PM,ojrfN4>9w2$9V.ܠٔ uyupC7gYNx$#M1YUQ,PPZGJɸ84E]E%yOD33f`--'XNeK16g4Fm0}U~pnuKr>Q#4u*nO$hn7TipS\+RZi~m5v 'Fnd-TJݚ_y7KEDŮF7= ̜0bۜ: IToK\5y#ro iGa5P-Y}e^) 4C+)<"+8h͈H6g2c*.t_!'WV!a􊓈ʀ}p$FyG( dυU*">m:ٴW*b ;gz,7&++ZŞ F ̔9I;]hcrÍ=n,(8ήGNQҧi8Epm3j .vw6Ty![/2V2<'MnpPZ5c#b &Mrl *4,N"W5k"@eZ40O[`@KgNawq]_ fnlXq$wf-솟ke"3 YN [m7)1!VnQ=T7" F@/Ƞqn ٻc|ם56’D@u*P$9=`!p#dhH=b?3l=rc"^2vB5L!\|:^Y9LGAdc^f/+T>}fNO*jsp8uldy~Z@u&:juG`W@#IL_ \ ΄-_E#g1V8);,V CZ*X uDackadh#,Hv|*U7~mx*AGa \ə[55=;K _)$Py:CAixр"85BYRe7os{k,zG} uB6&xbk7|@?~)(yʶ,_@Zen4?p{[FiIߠ89|ȯV:SG>thJ#jkh}7[oi27 ndfˁP{ +%g[{"Aa/@yRŒ/EMHqR= ACJ4;5@tzVLF+NX\'yԁ:nhA@AO+!Mq%e.: zJ_wQFcx4:!rŧ?|M\USAz"3,L)BRj +ahCA({)0Eʔߞ.O#y-RP}kWQÅV&aR5?U7BݽgOy6wY7%ẻKmʕ]# #}Pn M/eU :?}MiR`j#\~E84ail!3t&ᓅU6‘8>tK4v/P=r7 17P7[1i˗g2¬zZY35q]:" ߗFklY^VAw?598 GT˱`sk%Q{?\~z|"t,p1`N `*o&z}w+nn^+@yY8+pٻ9K Er搵 ?99iG묝:[y-p^8 (5h/+]٬kD[]x; ݪCG,H&-S[jKkv//@7%G։6NJ8W0P(E,&y7,!E3 2L.0ϤBDj`M)3`+VKmB"I#'Y%3=l~iAeS YEpˋQH0j1:@{p-y ~<Щ")zKii!^XaY\ƃ^8:~SaRw 1)y^{F5b鲾a䮽pw8G]1a#pVٶp1-x*ςLPkOXmEAR0g1 LF߸-Ӌ\ToXƾG .ޥ0ZBay&4O(8%*S4i1&@ijݺIsZR>L8 N>B#T;ji:駅plhvoC8"aHןhᓎn Xu||g J>)f2sr'2zr~DQ= ](@T8J> n ؍EXҧ-c4>qüui/~Ʌ ,K "X52d'#kH4qޢFQ5;ds֔qP:;g8a,cVBW.P X꣮])w.^WBG_"8I{<^=|ʤ#JGn-')BJ °4KbR#>f4^l4|_ԯh CJٔ^Ll(?[vF ܃7YC/h|c& bAr2 c%4ּ@}7.;wA:$l³X߷cc9"ЀGn1 G/\5x@ňV'hSs ovqCB+XS 돌osxĦ e"}Ʒ/he[k@+$_R?*/fő {'D?J%[|*Tڬ|2=3+0c) Ja=}nO3Cfy=AHr/cuwK~r02T6$VH hd'QW VMp Ӵ%))|<)+ zg8a a%cR&.~U,N&5[(gty4Z^WR=8p1U^dSf6f!l_PE b.lǺBF0fR,2h=i^|θGV|k*|]5?U6m(AA:ӄ^O> pDqnѥ(`zL l/B~V~;Y@^*pV>w1iVr `L|zǚ ܢ@{>sS6|iǒbQm?Nn+=߅l@,ic ;Ppq- IL%ISKkϼ Rp1|; ZQW(umVYKN2hl h%vlDo9j lˤX(X&Y۫­RtU(B8Peٗ4P")=S(ft11ɤ1wb.< (7fB/55PTSgVy2"?7+mx1Xo  a~2Hȵ2vVߴ qj8]#PɨԪA?h!J5#X|Y|P Skۀ.јg@[*$iQmR`kX"gA@t͹r0i~.&C}F SהD˰_~ڂ;2aH&H 7@d߫$rq[xFgzNJfHm 祽??5j:AO0W_@#x#ݵ g,j:g]W1^> Iuv[Yyo֐/ֻ&\wb+HUa.#{"ԲA) aoi1:,X`˼dt@-YrĶb><®Qh Vq}hW;Njm_V#<ӷ>,y( ?P 6lN:!lJX~[;D&K[;C:ЪGB..Fj"#Yd/="B)y'a~°Z|Vbкg㦥?K_10tew.Cm<\vQ;%Ě :M|Rzz;P9ƙ5:Q9GZ[;iOw1 (=(h ׏Kw4\Q!裯&@k-;Ԇ϶iч.vk*jqoKl]޲l4XpC8Rɠζ[mH.C2Up^\_8|'ofJtA%9P H V7R7bnh liEԈ׏y}]}_x"/0Sw} ŷ8xDvm qco/Ʋ6>0GvDp}=dXuX:|mv s[LdWUUN\?.g  J/ɠ0!*2jݣm J.Xjz7%E|5ÒJ&! /*. u(F"KYupk2v?"OQ-!%'/NCMO|QFt_S@vbdt7ҽfC z;F3442}?`lƪu񣄗ܬGopGT.~Kxm]@=#'".pv$cd!gQI1 ˳p?91:{Y<0HSc$OC89Dl 0rť 17$ʦ@@_d5h0nyAZOWGKr\Q5YN`#T)\]%pYyXXX Œa,Q.֦Pԫ>h E8\U K ɭqx^x6K0m>S8L!ЛYn)8#[P'pG8Hv): FAz}gb]^@VjYkWm5nCUaEرT98`Fo@>/s U,?P$u|c]U۸rm̸ebx4l*6E6;n*I:`J@6s6ɕ0ya f)&, ]!bG6uSY T5Uz ǻ-XfnEm38gzomc|A@ S1ƅæ ^FS/#e5Ę?uudE{ AtYP8kJeft!;2/8IZY #dgпFR[R\ [ :4KhOuz' F;CHwlvfazλΙA1=>MY'B3w(jݩ&@Of:wbcS zmg,F3Q_`}eKř=H[S@F!rm̉)L,1|9^tIHq+渁sv *f]H-OZ"Av38NA [DvAl'0ZFl6PM{EpfcW黦LR__9x c=\gОX|'*qQe-ͦ=hw!FBG0,V!7C_Kn} A޷\ḁ4~ۤ@ #hy^nVt]QRYڷXz쨛ELğ[-%u4hU="ۦRP!#ȥ@ ^ƕ ưsB8^%6- 7:EPgJu !r-xYtدpc`zϥD8Ҋ<)2n*qdۻg|7p좔 Ax/Yk׌ˮEQ:9r/wMd[2mfƅp1yAmCm)e S͂+A*tT}fH#5;TTN^bo(=5hѭm. pL` 7XRMQ&vGbbR ԒGQmz[ 1NAs 2 lo J4"$amW`VϘAf+Qߗ3-oiFuauu;y=3یH $WIh^]H(EHw,nr2Ry>UIJXog bO B;\F*je?wD8UPkXX&G`^lbÈs3/}MHSd8{/"_@pߝJwBN ٢sY}Ȉijxފx=)OR <:k۲Z^j3_nXU\8 Q,n SJ٘+-εz/Nz 9|[[aJt311*8y;f_y+aKJ&ވ'B,rꙆP {U5#h~EvHJKH~+pxʵ53Pn~7XPFi$Le[Ą7@ȇxǖ5ŹF;qsv0 Ḫߢ^}Kc9A/N/GΖ{[͒J%H PI3i-AkEvgٙE+Sc;AhpH5eT2LdkH' Ƽ9d7tv\rI@cp3]_z)S/@÷BtصDI2w>WU#OGvݴ|w^30}ŤM`٣Lv뮳"*{ƛ*sgGVH>#Hݍ*xxZ4(!L \]~J &$;6~&xDl@m63V'tgD.UFi @jls44lubʟΗx ׼G~_S~˦oxP1/cx:;&hJЦh95m8IuHt숹r $ nY҂-̱y \v/̌,R.ױ_ѣm`#%f$O%/A^1" f-4L4;0Vgb2"Gͭu}nc*(= |ADV^+衠76B㡔\ЋL _5U"rr18wdY|3K"(԰x}ߵE d㔾4fɡYyֻ2 (eDiG"kaźN=C\mceQ_zn>CapaxL]!$\Gq؃Q JM s6NkBqDψC4axs 7 Uʸ/ 7pnS2"Wn" wzfujD?EqWR XBcӔ"iAV>]hHU[P:ooN*lN0\h, bվ؊yȔGT!s0ֈ1sextX+҉cSHAO/r%D<ņL¡[r+FJ+/*^n^6rPyml?geZ8mlTn˘1sosMC >n뽖6&l0g9,2ZnS{t"EDNjd8Ӑwo^UH: y ~5OV d%̢j=u<1hPv+ +_M]K16D&-e6zXcP/3'uTMaC6x5<4'6'rƼ&n8/3U>y-"].A}*@hyG:.gS4|`$.H[M{nv23א8~x!|Wg[ <\\ u9jg}?D3Y-J%O,A{uȎ3i䗁e $5XE5se97`dG|k]1G0 |c&>2J̛?|;M$Ek ƫr(,Y ܪkQu? d.9)XtT1@nhU AGc;:68Fu:EVGtQ1ԏ@xB{`;2_0y>u*5*Y6T<1$#2I^?xW^FxqAxjs{}ss'lM4%S` =yG YBU&'b(($;@sSU';,T0Klfy_. ?HC*тk 8Gk4 hL u`6>UfsS1)m7LUV~'[<4E_A4rTv-lificʑB9x؏jN}]_qA7}DjP~&6Nv0Ւ5`3enn iaPy"z;֡BjAr#3׵Vhs5N!Cjie 1.xV|}Ψ];`/ ye8vo(0Z?|d=z2tE8Td/'YaXK3 `xE訄v N&Gq{ +5( DD0N`X+xxyI4"U4T}StDw/uZW[@iږOdνBp{~['YPd jA/JC|ڗ;_Z`%EhN@?W}eCsجȤd\DVCb 1L!veکYz+^@þݎ moNjjđ=< ۩?Dk1WE4+LfO 3Cb} IGҞ[t=Ur/W^f7(%v(iW?+,^!љ K8<9k$'@k(qOMI/PMk|1\/f`87Sp-n j4VXBudޠ!KReD?fUe?sEۿ583gLWŻibv?1V -UCu66Qp -7}C6FxZp`!9V\O!=Id0Z@ -JH^Fa X^+ykt3{`YKHcm.Y̘ v$wڠ1b}v/Yuۥhٓ2 +F@USzoVTٟ1%,-,ߦHA+*R"=IG?WU, pDEiojZ"OYG YSP#RS.Q-(Hc>mjy1=cu0kk#g)g(nKn攝R[{ HQFr2ޏ#װ?vxT2 c^vP 4ApP7lѲ% #nH?[*^I#gqGIhJ;ƾ-#EWHg3ݗPzkW˕tLЅ#Ԃg2nr& GUy&7ۇ!Kc:r,L|ݐj:TuE):WcpPr 7@NB P + B(ҌSɄQ̌9> eL5aoBfl/ |z L,{sL@WLm'6dGgp6J Ci\F<ݽXط>/a `4k_η3Vզ8:˼HQʛ]YT ޛGu\"~ћWmqQDx7i'|ӗ??oM_ ѝyͱF,ZI z(=A1,ZOe[2oHIT_b$!~ݻp6 &z mB(Sz*ǣpxaqB^cy/UU:ncO86뵋MzIJcg 1fClJ&XCj2.$R wvCt0F Pޮ%ދZ!d4ߕ;_.QgNdq z ^_Sjf2R}wuܟQ i\{Q\nH;BԘWrHd:m[4sen;~J8{-G] W jjӿ fE+W NY] x/᏶RMgpҙv*ed?qz?#n%@%0 (L1`l}&C'lW-b9 P^IXKjq@Rp ơ0eEZ\Ƹ=G 2E&4Z|?ɆF  lV;,OI^?A|n;M#Ld 12̵SoHMc΂iu1cUh{$Ak4.>xMSqM_xn~m:6 yw$v;MmW=yO qQip|$<<0a1ܬ=3AʻfI]ҌV,b%V"E ;DǭA4 I,{8 rԮ$ /ra`gY/+{Y}c:Nu\"t)%a* o[dE${ENfҔӱc$ڜk62΋$c=$HuGZ1tOQԕDBf' |o68@+$_qt^g=uVH5ȿυ`"s!sNB|gC :ɐX(VIkDCo/&X 3' 9f|((m3.sY|J#Ct%}PmxJL}v9T>u#~6CwDWm ǟ1aU滭rg{C_]|ۇ5Ȱ [6/wC%D)ƗGo|G֦Sc ܴ,YZAMe%Y~GNEF:8i>t] uvp/tN}ce{S$(K2mt~{>[w7}9$WLǕ6:-7*%3m*bS킇U!4 vf萮rw d`)4՘eq fgD۬zW7:ֻ)>"'̲ Ck&) %7BEnݶ ؤ^?F82C%t,u?@cH1B ְ2Z,-eB÷M@Ϭ(Iŕt:aٙSGUt2xѳ(-4Ξa1}#g(aw&P.X%V+rn2eI6DyHRr^*~"<ԸA%>ȐnXq}I[9es6z/R00Ɓ3* L:G@-e4^.IDsq)7Α.9["6Oօ]ʹuRUL q-'#h =a|}v E(˦Z no"q\XVjⱮ0tnv7r!J3[%RzȓFWTg 4sq7l+`Al$`r6D?φћuqXVN=MH(mВ tR6 oC`G,Uqw /kEҸUdDxI E˷j2cMÞ! *Qfꀑ) 1[ٰ#N߸kHeaI$BclUHP.nJ)ې=wX~G%n3.^pIŚ Γ(RP(G ?v{󢪥XXA *Mn6)ft*G7GոVO•gx9\&λ` nIhpG^#,%aQD1gl^1j_ؕ^e["ee[NI1+dx8]m8k$&8 -HI|ha2C>݉6kK$V%wg sq:dXuP]60KFXa]w,T{o;{,Ja +5rcQ:T~AY}=/ 22Mzf z 'azsJGfagS Eei-3:ŋOr9=m*OoTV-X^8 u)WLC#yc`Ua;%J%_!So6w!NyU8/5")0DÃK~%TCP_JX`C7WGPfdS}(Hy"ET TZf"G ,q4@Fٖ5jSvo|R>P8':wr:U~A^0ٽ9)EfgܬM͖[ò 7<TYWP18tsGMZEyBDPldFI HvnI%Ar\\L4 ӱ7/=$XbFi| _OV?Y! *(Z r[Mp{hsKP̄Ϙ: ҰqX f34`gl<&CsB%` YZ/{9@-P~U@9i2'TȨON`eFp@]t'ԛ uM.!Kݵpy.r g.5)261FTB?"?agsD4$?fkKaw]2q$PksƢMS0 K~7rs_[Q^Z[7ȣw숇p&z!&CPW>8>h?"￙ݸ;h*oM 7} ,…#̻ܴ.&Ħ|>3@XDZY(&({>AE-+9li&Ml"7Qe[j?.;ctpK2@$p=5ی1ʒ"9췳Kc+s\$Y"6goPO>mTVW-/Pl5+]G`02 NJcm*]ZI6A(N|uᭌ6uqYg Q7U:/HG\džJ%!G^r=i^y=^ߨi/oA'P#i<+`ɜCl U`qjoOEJDu 4J,1D^\_fC'$ C-f`f 򹤪aɉ5 # =HQhi_enWbtMQZT6 *~ȥ_0n9`$/!]|Y?]{uٰW8>B>M3|M .zή ]oO2a2'Q!IʼnR4.7_qHWRL#؉Oj@Fsx&[xwCGAZ=+{K2ױ%+EP߹W X^[W5jn찈ȜXer]9y~"fw;6Kq=j Z;C-,D3>ek\6 z)[C)B4Je{M]F!9p'>7DZ9/M[ QMmәjJ{`k9pb[h>8yAnQ:.-⿘il; Q K0!EF 3:=inf#9fP``3E)k !jB;0ހ+)Oн/:.dcS}1Xy>HP6d#6A;)p ֪C{,ydK| wupk-(bȃI(]x[, [ WY_h:cm&rkegY(TdJdÙO.M\wsu&C9ԭF RylArlD!̅, G/1MyR9qaPr~{<Ϸَ:s/^(<s^{U ZtF\9!U$&Eunb?0FkQ{0qPUG-;+sZP=(cc@a0CD.r!v!J߾h$!<, pF$6nlRby[;&W]a W̾{GcLۗgU<猊뾄}p`;܇zعڛZALM'ؼ#:vne*h|]SO+OqAcw)nJ =sF}}U+Sr^]1STcڊ9pxKY-Vs6 (MX%M*Te0>fM!ʬrcBJ>@jN~r3PJܹ# `X E3ϻ< E:Zeq2 U5JzׁWڗX%0O"^E/}R]375\zs^!ZNqe1%EQo8fck@u g^u5y?`6t7^ ^Ϧ[]7\"aMuAhT{QBp){|{{x1H(S *7__>kf< J!N0YIϒ]o{zgEEXS"&+bh3 .WR}DMBDu!ՌKAwokyxݷƺ\# 'jWYyJ0.>ŻKxTOX)p0.eU byCltTi}ǭ^g7|}[4n /4z4qQܽDUn?. e5U(U#4 OSiT"9Z,,Ýv2iK93c,M^ *?ۡ ]-DrC0d?f2S lBË$Ôo>r$3UD'r1&!yCA[<_QYP8KqW@ zGQ+1h9Y;&D;&UĤ+(m!ՂM$‡㊊3F&O=mKMF0¢RX~Ҷ!NeV76 ]AveS_ 6c}]l%wWd&Y|ǖR(Ry3i(EGUupOm CuIF8G9z 汇J4Q%`o@>[25:ZaSf>XcFfy5EW|8nN00֭nсRFJMG$_!s3|RƸUҎS)yP Bհ5}K(R2?Nł.BI/c؈ŅGι )BPG- -BZFfwf܄)'8xk}J#Qzh*||nk?sDjMbhaU.--@3dR5/Uqu1!whbƙB!o+isTقp]4,XNÿSH0 hy22L׫O+ADi$*yċA:]ۑz!~^MS tEEyUb(O ts*v.ɞt R@WIּ+"ԧ;eӝ+%0LIZ ]( 9/6Bt@UMPjVvXH2 ]#3o ~S-%RY}S{ Wt8[G}j$dL|tUY#FOsy$Z ^OKZUE:܊\;GjNP$%z71;J|ñS^$h(Zq _{ɝLScEj8 q{fsn"ZmD ,1µPbbF"D5'Hb@*'$RD#8YLq2GY}Nl+GfŔI g&$sa?ڈS&\\vJђi#PB?:}ar8jԞ6#/!Zׅ܆[=9يcf?y!٥NmN.tɢɋ,,joQ(Ep>cQμc`BT XQ)f<-i cQ^Lv'8Kp9nqۥN'2˝#NPtdeeT.G*٘WEΞ9)9? yU"G^bǁ|Ȕ\42t2&m7-aE1GWmi>9ػ: 7HUVp\k9R&te}yA-+2Eiѥ u~=} CfcG#= HSbqFrpK]Fm? a"֔(-DηIT!QP @8&SǏe5LK6CJJ!Mƾp1Q}RcPV{JENifA mt[LS0%5># vaur{P"u[,1yg+N.07UW^1g,:=~'r_e_hz>H[}9&/ոʒIٱmm#^vФ(a(YYՋA[ly}]K7j LqgY8:.paœm6)ʛ~/5,"ⳅ*GLlҷ%y*X!]N &D pYjZ]Kk6Y$# @M{{PEg >Y((5мn‡)VQ:(`RK^(U"m9(.Ou6%SϗU~Xg6TzHfQ1TQYY2*5zCi6C7_ܿ>-M]PeVA~xMT*n4 ! )"Qm (P˓,#ERlX5lAo-| W)2:Mf!_nIh@6)m˃ `R> |gS</f8(g\*J*cOM1?u ;?=&ߘf%eǨD㵓Վ ?Kg$cО9.ݜW?ejtACɘ;>R~ڄ) +4v+ {6p)A$'fQT{8: n sV /UΩQ>/Y4V|?t=4)Xp%NÕ C%r8A`O?^B=V-ص  a;,֮p>ܝۨcT”/T>}N8.L\& [7_F5Se5[݃3kcs 7'C'U !DJ@CKiO'[BKӓQd1UneK#phs+/pX2tJef7tRh5-}a~@_8*]z?|y"Ewpu@)8j̎X&dlۦ5wlԮےdȋLhm<_Ƶa H /v*Nqf*a+jdƧv[w|,c5˘8;<me-KUe e.Jb3yv ݞv8R4Q opY!X' `C}q)h$׈=؅j  6ɏB5M&}tux>;y*i` XbQhGWfs MbØa7__SYu^RܹaN6rAQNRє}zC"VbԷ0 ]H>hqD$'FQ1ny"FbᷟE6"k?{\݅Bn0g4͒~_S$ಒi\)#(OxuBZIfQJ%/#~Ǚ;ԻR>Mn#Mf[EӻuíSVh#޻4-̯^kI0%!M$qEwBrA/@6bTvm2cb>`T]YAu6d}*ƍo] D brtDV2k_T}q9@qXl"_Np؂Di?h;װT aT}) xd mk1U6Z._~6d1ro܍~!oj/xbD(Bv =wTNiowMȬS&09^T}%^fG, p'8UZa@q\/Bά-(YitT ab* R*g;;ކ [E=-SXIRyr g͝ RՃeS*rwS[j"+"CYn8C)Y\+)0 }1TAJh&[ɡTE-]I%6ue҆ 0ٷ\o fkd<⊫Q|%EɄ tW.==l, b濍@$ sd'p~/Lq?B$$_t =~#T$c7 VsgCcƪC``d#7gjUc4?T`pRΰMB @*Æw~#gtsyѼ>1&gArn5W{)2%#p˜GzxǛ]Tt@lv1 qp0JH2x+P} ϰxDGlWMM̿]ۮhs/gZCNƎ0$6iѸS <1m 0R3C-6 XH)R8\&. 0O`Mqݽ&r*i>$s1 /$Vɼ! qlN7-_7M$ z|v0kt С:ӓr댢W IG):pj3Y T ¶z[2[: QwO,B*ov9]i`P& f2Ra ;_w ͵В 5Vog(s$PgnٲJ&w%Gr?a'$P }W^ݑ~ VPɜ7SȾf0[aGCU-hwDhծJq0_.;eJcU/~GbqܬmLd9leP\ 77hc%{XL4Z-xYTԸl.zn:*Ru#~*/Ɲ %ɼ|{'-BLcKU͞Ha} 3jd\ ֺ| \֖9mKcKtX0prd R, Var[z~zq#,Re{?t_2s5\KαtTѬUv:qtIw` Ղ`3~j}'N˛bq(F Р<@a#ȣn첉:e2W5Ěi)WٳsD9bs9^d*qn Z=.caW`}/ʤN$aZL*sQDoF2%3BCH5tR?ecR-D(U[9F$T:-HB#XfAN3keUz|-m*򡅨W)hY8.Xz G#E㞕[H~;dD6quǷ.xCDƿRX@v^l֛v-1hv&xFa hY@c"]my4HfDdh61e|lTy(JdKa0&<δYp?Uѯѥf|D{+*ӹx`R2r f0ZsF@Zhn9t2ӟ7 eJ٨#zK pp552хCN:YLo.-y`ћZ6ƈj`TskG|wOլGg{tv%36VnPݪ٣99_oĹq&]@LFKZs_:="| 'TI&tQ430ijZݖ NN<.J3 MڙA !Ց2HI0+ƈt˙JOeMj,e0ZVqEG %d7Dt5$9 P $S%D0bzKsx5-yr3F{6ƏETDED`h 'O0H1+?laT'S&WfdnFt# @$<.2&?|ZU:CU<`O`QTSRá1bR !eh mM_dWzso[;5TuIax?NG(^MA@73x˦dt;Yqkc4nF7(,cxeIZZfzzXU `[Iʿ^nFY2Wk*s6K =܃a>!WpJL7z=BێUK+bXxU#=OcG(frd }MwjX]sU FB$iilk M$N$$c4yfRX)Eڇ2,s^hG&Zbщ<]➏8ߣݧZBť&·ml='mݬ8^?7ކtt0<'fa%|v{ʕ>A)umhhMSvVZp i/^ipӢ+PiUPAC ZA+_P@{c(OLŽv\\FV_ʫ(Gro_+y`=HygGm`^65 R9JcYgxOE8h[薹 lg{N0{nՑA3iv8k0A#l &R~Ti 1X rujnDLtg+S"d2 k -0ai:E0|QT+Q.>/=j1 MUlO`Ķ(Hnfn'?JY8ՔYz2!g$ +D5c5o󵶑M8/͜~ywҿU",Uͤ_IOrYsV+́tߔUz& 'C1##LYC ;=+6~aRMt|<٫mKgɐI4TSXI>ցN f߇ŭooն?5WYK`ib!a}3,S|dB+|3jM3|u6rf8yTsJF٠U4Z!.#tZ4es2+u ;@\;&owbE}ލ \:~YEIxN y u,.Y&4~eCU)~Sc#(WN-<ÍeeRC3+uOl ]h595FO-_|ҿGlg@=]qy'Z2`EO4tbZ1>[y}&oXƆ}Y`!j`CX˂Q9{XCp2'ZLce.EAR"(5JU% `Ԋ喇^#O!VBr7H! x)TÆC9|n'J.$˷wJ2vZj|VrC:bNח %D6[G_$!zV$H*ib-xaH7\(^m:EHI{T'1| >Ҋ@㊗쀒7#JA?wx%#m xDKie Vf"?Il1ʼB6. υզ`v}Á&~WOiqQr]HL# fvoONYNtsVrs嚇JNTϴGaRbd3sf`꣇e$D[t;|+Z >0' XV@KP=S8Y}+2hF/Oŵ%KEF^2dk>2o9{+SY5O7iVSg\7Uf1 mrRt)gF_&d5[DITĞDiS3EU\̫Digj;hiD5N<]=йAjrwu\R [5tYqR\6].FXxԀ̀h)|vcd!ʑ'+Xj|NHc4SL}$5w ]/8&vCO"jSSeG73ˈ#|d;ZC V1f${R:"aث ˠlo UH|keI17R-=Zuvo$3ٹ'fѩ^"5tBL hSaa,ΥR"ٮrbakMZ]޵323ó5?敉kW8W̓TS2Z{Mӭ gu t8YTݷtxnk[ Sۀi},RQ>$?\\\H ̣8j["MY# $MexT/a?rO?B"Bv͹}* zr~Fѝ 5DR8%6n=K+hӃo"m<6Α KhfA]4<٨!'d %ݚnozTcq-%Cp,3^  i`Sz<7iTؖ@Tz@~ Rm?E013?էmescôeIO>]$3Hy1+n7m:g*udAbH0F[/[KKz%>4̙q6ٝ /55YDρ/!IUgcܭPۏ Nٚ0~Euo"YD؜灑GBՙݞv_I6q1ڮ?=ʤypdTAXX6 !?b~<%%|'t(2;I0Nhi3-dtX"^=m-B'u ,$\3}L#cO'SQtru7 E"Ө*d7[V|K~3dsvϢ#.öܫ^ *O]*HյfkIqfMߊ΢Qv)4H)t|R ~%D=֋h$ ?6lL(Vi 8ا!BJyz'Xsxiu+DXg2Jqe$ϖqaq[4$6'L;w[.S29($V3ˡ!갴䭳歔Yv?ZhoC@d8rSBhI pvK{3wZ-\9SGUg#$)$2d%WeXrV6f!'4v&}? e-U%&53X1#!V)OPp{Yv t"]%42,LTV>ȣ$ru?6%xD|ٙ8)=su(%ydo>VL*1H6S|_B܅ w *SR7A҆ye֡9#;lBQ/U57_LIy+{˽=~Rk!$("Hۭ`wR\r) ꘰ʡ;ϣYpK΄C&'C?vbX*a\/E S$E)ȏGVEu rfsSMtQ\UK0 n3ߙ0K:Űgcme ֐79."=02@/-㍦o2@TD>٭W/2!#5e5A~vbr&?Aѿa#0r <|ag9s¾. bu.Dk쒎'H /Pyη0c!EY`| b͵ÉHԯ1Oܗ@9+%wM q@3I`2 l5x3w#EOPW9hc2~~[̨jeK!G(j_H>7C0" s3T_isA4qi&~WnzSE!M L\7:NLC㡝_O)UcR?|7~lcӼ7--POs32cwrU^.tdw[B]5G6nl"߿1 RNQMGM7dƹc[[['0ۜ컩B]`7n/D9~ K80HUf^ƇZySnP0VFOK s`Fs+LPd} (ܒMIM ])y5&,5dgbE+QS{Pڀ?ž}zq"җD~$fN݁nHzZT{y(IՉ&^&pV> [2uKQjF ܽV5p. 7&gY`5MLI|KѦޟ|NZ@>H's31=~ ]Y=MB K]in&FI}[5 r5K@f mYg$nU%H1Z`1ʺbϢlܠr8{_mbz-%yA:mgDŽ{ya.̷3[ḱY&PE>kK[U&2PG5 Pt6BА/'to[] p &J@@Wjo!wםP;k"^mO;ȸyHәTM{ygEC }`{ְBOw-h{NK$m/ oh9TyJlWxQ3yYCxDXȠ*2-Z&ݮ LÙPCs z&'J`4Nyh,pnj*_R:#Ʋsj4#u#B3!!q:l>Ng|WǏj]xd9)&}s%owdO~N]9cIL{\ 3O9+?zmpPcP- FȘ;*7!%-Ȳ}KbF8(Aړzs)FJƓc]]\M6N~$ I m2}H$2xVT79l&SOVI0;vk&%p:{'TpC#C}oLnD֝]+A]|+Hӗ>@(- L48Y87 6I7 Ow 09,hnMۛȗz2eo YCI$o̧߰B*띶eOdlíK`ghAA!۱W(4]d}81EFIΩ!͖|fVU|wPUSU޴)kEtAΕ!q0Q34#֨:;#[z84sŅJOÚXs$Z}{SohV+dj =\r Fs/\oӑvUTbb*ԓa ,BnT<"5yu:BAlC6X(~YOJ_k`MtMot8znB:ѱ@0Vj$ W#ɨ9 fcL;(Aˮ9/=V*)lgkl(ɎbY \8 @[~lReΉ@} sS90sMaLuyhHuX*e6|]v"EzX^VuU6zR1I8s|!3.YW?bfN;j_z^l]o.Y '#]̌1ro r$e+i /:ь7^ywAxaʧ?̫r\n)c cWcG++?MtNlL/$53I[;z IZy!|#r\Z wwEKH@ 12FZgm 7TP+jU^ɟFN@FO1M<\6bs:+9LaFFxdfeD[Wu'#>?Ftzwbܣv֫?YŒC0<6fD(yA`>!Ƿ㔇h20)X{ⷷ nn~̧ yP@- \Ik1\x2 tgFDLϳf d ޔv+i; INnrw=Wqds "Rt(d^2nJibS w:%7x.F}h?d1=̀}g~<5t˕6s*k/>(aS1? 4a@!t|?CUBc׍ [V{,jѣwfAi[ v V/4P'}X =:B5qD8EvS._*Tã@>-Vj+RںkBB;{ ҦfXrE?[p;N_gջ?[ s(_f&vOV1ѝB6Ap,+}Wgϩ`<2Et QfkUYUۊ)Mgu.}2j%7沫xOys[ ()ɂ 06.*? +?>?s9lz'NGz=q:VWgQ8?n36Oܰ;ܱ͞nH{asVsL@xQ ʭvOWSϑl э`{px> ?Svh4_KJ*$ࢤ&c^u # }7zK02&ۍweqЄh}f&u< ]al]ȡ`WY5)1Zpӈn ׂTjJk5.%$OZB7uS*^䔏@ґN8fkvT4RRܗ6;Cw1Qj= XRi GS"/M .ۍxA7YA َ=tiu3MM#͌p0dbK,OEL@|}%X8ؾgĬځ \~E[@-l"!7hFqZ:3f%s:BB1})I^;Dzf#~0 UNF\s_cZL!F|UhP sbN(O0@]v7pfJakj2m"~^޲uXx M#mmfU3U{CVkOWfmuęUvb,2,iafp{neGD!djX.{`PV5,ZCݩҫ»J\z`|nqQ2`Ms=(~-):?aBħ>+}{vU*0='Apqb-)yY(W;: =P/:|Ja$cxל5Qp/2lSz–1o8(=< 1a׀r[C BJ{LJJ ^Gܩ́T@1| ~۴%_ >~&I7s!ϢKB1Jݧ:j ݛf̂*dF/)/Qcw{!9>\y[лY>TQ;&N~o,W_+(,KPGJ>1LMOBfp::Œ8DROzs挜zi?}>9`1NrV.|FmAB_gkGaDFok9b!)%œB+:DFJ_heV^)篃UQv߉XGVcum7疢wƴt}Fђn xZ|#7(d}XeC"Z5Mdѹ j-IDm-[&aw]5h!A3M.ATl+Ri?7Q)\ꊷ-99v-1Ky5/Dt-|'M;ÿn3Sc:p+ M,9M25ќGhS[JJ[7ՖfU$}岭ĐBKw_yxMj+Q96zo0!ǑQ68[ҏ!<ȵ "m"z6tR KR}-@4Rڃ@ VU@z}IpD<]|ZBTbfgIa ľ5L;ƚ 1QZw$D i ǵǣ4%0Oٮ,%Du^cR"@8j7͠v5Q Br R7+XO`'_mvcz6k9ڮgel~BlUTi $P;y gW]kP_\+y4ҘN`C> ڵ夏Ӝ'nT+D/hA\BK$Gm?ױ6vx ؜s-ao2}EGB0`āĴ,;S&}LB)zJJeCnyR/Vt#P94tAUQ|p .[  w;~I-IA a^owİ,Tw*@)^8`Ogf{Ms@v ZX0us-.K. udHE zH9kvj#n}0t a./8U[/stݡWŋW FuK%IJX YcDž \rx!BG#p-W4!gh9!46 OX:q PL~ m$^CzoabI:4MՒɔFRd[k_0y9vD3N O㿇vI;мE([Y픿% a ogbGjX2{t2-7%~Jkx—}rd+fr"|ӓ^M+8]`~zHD:**E~w3Xy62=>~j)M#;n8վ\jW$҂uvuKʓVI|_i/pYq˕ie6i/ f ` hBm R3٨;Ā'ҽރEIMdcۢ(vKrȥw% #K'Fںl \8gN%m'}Y5n e>Rz:攃ֵ4rjSx|z!QDĉP],H)j'5HT?5iV-^*/E# $+O.F4-7gmYs=No:J-+v+ ӰfUucؒwhjZߨVeѰhP§btyP !$%*J'o#B, 2B-69lGS!& Ht wIܘܷw6i"{2ٚ'q dk 0c?/B1xtѧBZo~Geç@lB'afX1|c%Y؁E1R]ZsAu ڿ{21,8mn : FVeʓ_7` 5AѹJX$r&'^?WG=Gk^ث'8>&PΙ1)k11вn' DgLDlo$М -eg- -״B9l\I ;# ?̭ LKHoDUxŸ="wpY7f~|{p, (gcZOFg/E|l mR21TJ125 p+c1gtoѻ1-4o0OβA^Rh\^^z7+'bKeでC"XsǶ{ t\n; %,)4ǣKÖvR@6uL1){92[n4% zޖ_s=kwUQL_jHut/h/xaJI8p%U .,`eZ>e2zP9/Ϲv'"߃DUBXaR+ᶔDmϿhe­K3v}HȆ%,8{G:a; B#X&c<@8*WG:."ef;>Zl7ĉKNݘ:ʫVSCKʯ21m׆pSm!Hu<~%IYl5$JxoM~9;uCx}2s<农nyXd:3ŗwWa)U$'JH֔8%:]9%9 }yG6 tхi