sssd-tools-1.13.3-58.el6_9$>P/R۷ά,n>2?d   C .LRXbb b hb b b b!|b#fb%P%pb&'9'9+9(,h8,p93:GbHbIbXY\b]8b^(bdeflCsssd-tools1.13.358.el6_9Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP passwordZU=x86-01.bsys.centos.org yCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686*ɤKS@ |4q"1FQ :bo3] 10m:+}MHOt x>tH dC A큤ZTZTZTZTZTZTZTZTZTZTZTZU VpnZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTd7e7b127decba56deb239179ca1ad550f9d1a7af1d025afa791b01329ab072759c7b46af96bec45781ee8108096588020da5cf77b593154f6d8b18013ded8bfdad131b0c47e6cfbafa199f67d951f145d6e373b1fbfa9f3749b88b03878c1c1c2e599ffb7cd15c37f6f505f8899527511241322ca0cffd3a0abdf293fdcca22eef4f6268d6b5e2f9dfa0fc5289b4ce5d48a63d72a1b7b04923114a4013b80d90074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e392be566a7ed5695776443792b81391b8cf0599d4b662fb67f3d281e915d2bf248c553abf149b4a7568c26a877ef0241430bb8e59fb5015ea7cff0dfc4fa16905262ab1ae9161bb5cd95e9e8f8578677149486e86a67c70ab696bebafc920c03882e0f68e57d2f2f84f9c100088ac8508237103d5d3f280ce1d8bb507193204781a5fa9d915f5c56cf662051c6c122a25016409bb2ffe73ce6a65fa46ce5597b8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90313b06097b136c5c0d5f655559c2cf20fab26fe76fca5c20564392eccdf0b5f50d3000aa080ad7a5881c8a49dd3da76fe1d6c6cc9269abdf8bc222819b42b9c22c75a1268599af05ed0cc0a04dd9acfd73e16a6412a5d3c0e498d4555e31c84e23425506bdda4af8cfd3b03f3564419d749f067940c0c4d3ff4e0be57991069c4fc3bcefc263239b822919149cda5ff37e4615f1f84ca34c0a1b625e3a2c687613b1af636877fa2912a36482b24bc0823c0b4f22749f376848f870a125435bed91e77ff47a91e4fb1698ce16a6091e14b9676da515362f6451be42bf4ba169e677417db216f67b03a91fc7ae16bd95b800a180d9421cdc2f4dc0475469db40419ea89929e20a817960d501a690a6f830bccdc97fce0eca83c029d23cca69bf5b25c78fd3eb592c4f9ab2cb3a846bece68363adca060e3ce994a98ca81b5e39a1e711ebdd751d5e9ce7293d68410ede3a69e6c79c1394990ea2aea526005a814b678e88f5546250961f8fe196461a7bc8eca26b4783fe9fed974fd577ec6abea703bda376ec5b5419141a902a19e988e4f1705248d9742df853cbab42301c2457d4296d67d7241a07cef458752761ba8bb724e2b9647eea0a61dd91ee240c79a21a224a1d29ae27e951de1133babf06b7feeb94680f851c8e898bf278bfc946f22111cc48c43bef44f58039b7e13f5d96972fa7b91a9b635c8e025f4f53eb774411d95efe410e12f64ca7ea89d33f87fa41bd7b44c411967c680b7274128b11504ce4d1519200914157e3ba9df7f2144fd42597a5f26c58eb4ff9d7aa7e54f162e1093fd8e3b76bf9aa1be3c4db4de63a83c7462b0c47d51dcae3150053145910ac2791378f73b979be8e47598aed0bf6a13c32cbd890a1a8e425fac4a61038f5638459a51e976bdaae341a3939ef61aa0ef40bc1554bf9cff5ecab78453d144f11c64364cf8e335bfc86a6cd797d3f7ba1591a3c01890dbce7ff38550996451ee259d84cf9d99c86fbf343b3d1cb1be9e942b14234675d8e7a351e296f72a95d39283bfd4bfdc79081fc113073438d656bee0d1430b484d67b4f9517e9e1a335dc9d5c7d37988a048246906108b3120a7d9ff465fe452c55515cc695b6ffc826ab9155d07bff1e2ab13d1f2085be637c43d6259aa920f94f408d8f8f2b1d239de59248760a97b39d664d4990be381eb364a0501bbac3f67b04b48ee635ea6cd9c7e6c56021308ca05c0b83cb0c0ea4d4fbd7a2810f60c62a9adbfec7051e2a0f5b29d34477b38628aac5f534a559bf3c0e060ecd176563bb968619af6d72d510a95212b7a8db0393079731272e190ddd161edc2ea98aebfee9977075e960eda2d85f9f1e4ee2688fadd88501aa33e5282741dde4bab11d5151eb1362434a7cbc4ece6145931276559af488a73f26319c36bb407ca226488069e039aa075e63d39c1c9d2836560a2312c6e811a150de3844c6ebb6b008fb79d8aa0cdb9cf1a43bf9faaebcfe61c74bc4b7704923ca483a906c5af3a9abe944496758fc8e8f0ad18083beb507678f3e7258d4a11c3c11c2fd244a72dfd9c83c8df1270033ee4d8f4e40293f0fe07b24134fd9c470fd1515883146784f08d5bfe4de420a01ca628a252f40713fe062ffc2412cfe92e68fe89fd46c0b6a38c09229518711f91ddcd5073bcb21e9372040ce1f635ef41d1caf1f9916196675e13a0007e42ec3d96fb39fcbde84bc7807d6d5d034d68b760788623eedfc354054975c58b79e59a378b94741cc1e08a1162835244b0fd3ce8ce3148d374ff988a79e8b12b994a9e664ba5db2d423a54500d801be898bc7049839217d8ed9b25ada18f60f0ea5d9ee69e75130755250d88fe9bc46cdf1a23416502a148708b819d763c72aff1e0d9e74d367203e93cfedfd64644fb6790e6df37bcefd9b53995b5c12cd376af384416ba54cd7a6b486bd93f07033099981735fe5a3cca9bf7e8a5a449d04c20c0c9a917f21e92757db0e35aa2d5f50f52126ccc2a56264a88215dd8178273e8ec26feb06488b39cc94bb3ab1f7b668ac0c35faa0b5816840161293c41ebf2c81125e1a5ead6914a501130cf747f677b00c4c4e60becdd2f27ab3912c5785783337aa0aa5007987b09fe5d131b62d51e4c44c0f24859dbf7f7c6c666a30100ead481f43d0cd3352f3af15147b499cc018c662026942e6dc93fe4a89506fcaecde2e6f54eef30467bc4422ed9178e5e3029b274592bef4866fe443cdd826af758d8ab26ef59bb0e66d29bd5e638afa602b9f8eb6eecde0982840dc302d5288d1c3aae408c81e1c05da6208ff91af41284064ed1866149d75229cdf9c31477e5f9e83f61670075fe73c35439e5f72368db8c7a0582b0fb75663ba8e313afb2e936290d917740515c4a6ef5a231dd83d15b2612a78208128e075999cfa225bc707d3dc3d420840e322b7f414b854730bb5db58efb2a18a216d44a9f2c71c76bd9fd882259d9345da4bfa87ee06e7a524479a3a259ba83ec126de750c296ac6d04f07ae79dee0b2fd01d1801ff04457071a4bdb34ceabc475857c8dcae38730b872e2be0c3e0915fdbcef29372eafb619a4fe9bbe13cc478cefa5ae70fee31a81ed1bbbd78e33cfbd735606b5e7e84d56f86bd3a42152e9cd068bebb4e779ae152a68185bd519bd26683eb8161fc53a69b169224ea6887dda3f92d37cdd63ff924451154aaf87b1aa486047281a5cdc1d258ab35cfc1db9f5fd27139ff80bc40dd6b1aaeb51547832eea1c30b3530ce6ce83c669b19c04832976a26098cdcc84bc7492112a6facf629db70fabae3473d30d823c0fdcdd658145372088a2416ee2d9b1b921c638cae5a8bb41238f48f94e5ca1240d87597fc0f19a16e82adf868918564908a90c69d91603676af9a32c792fca882fd9f96a6bdd493f0afa9334bae95910e1a6abdfcf1f6c246fcc9775891e955d279f998f47e3e94beee36bdb6c92c66b4a50b08246e7d5ad5b26b544b26f74f6bfdaaaf2b1f0de96026e1f123e1172b0e4a8cf81c6def5a6b9d39ff828202afd7196eb74ba0863db20efdaed6eba97eddad611c7f81116d237cae5ec8876bc6f0ad1933db1a4b041a1fb58f901850131eea8e3b374eaab9c4f8ba7fafe9461d5bc82c401e4c49f3bb82b18cd4ff1fec2142067a9ffa6bb94e58e6db8553bb59bb559d848f62fbfc12926972320c6b1ff62fce6c8e4ecd1945e5fe47d7f89f021bb6f80b8261cf8b50dcc3ecffecc5449ed8fd1c611844095d83f328a95a141efde0595bf1363485db8cd49c8d8d2064fa7e32bb8d9488cfadd483ac904addb95f1cc1a58c61566d5cedb021b0e7a00607592da03cbea0785a3dbfce092723e5e7d5a012f89b1108e4692ce8d4184705293a76fb9f56fe82692298a2f764fc49274392383f6940d5f70d0463ad0c6acf61e267f72f3feca4309ce8778d13f579fe68c8652250563028d777c1e9e58d6b35f0a2f0b2ebe0298fbdc90350cf56f0cf4881e205543cadbf4ed7ec338e1a084f1d609cfe8d60dc085f8d43b99018ae3964327c69555ffc35a598e13fcd24f4284c0aefabd661bfc1e66e1a84740000a4f2ba79fb17b36f331499b7f5f890e22663f9d56a921ff06997567b3bbbf6c6e6114f11835d1c0391dcc093618a9591c55b60246714852e4821adf67ceeec96e2fd39b79f80f3efc499d76d3f639c9e03e1047fd7c85cd8d50e82f110fdfb73a623d4e4ec14901c6c61a4dff8e18c0fb1b9a4a015b926d7a071cf1b5050ac02c9e1aec70aee74e1014b5661cc44630534d1a6cb2cb4bbe1158965683822eb952a47d193e69cc1f54700e924ee1104b8ec24ace3rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-58.el6_9.src.rpmsssd-toolssssd-tools(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.6)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libselinux.so.1libsemanage.so.1libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-58.el6_91.13.3-58.el6_91.13.3-58.el6_94.6.0-14.0-13.0.4-15.2-14.8.0ZX@YyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Jakub Hrozek - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1534618 - ABRT crash - /usr/libexec/sssd/sssd_nss [rhel-6.9.z]- Resolves: rhbz#1473005 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-58.el6_91.13.3-58.el6_9 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH6]"k%w+p}:w{!zB7 0YEyЏ;k"e CW#L:8ޟM.0Z%wLHz-6@Ie UD@j>{o^eЈrCVQ+ZX4^\xɃ|2S5Xwޫgx^̿+I ؋f8ФZc.֝CwY#MNjg,68qG]6g7>5uïLSI)$6ZQa<ո)-0K+O/L(+,9>b)/ZCҌ! JH6x /R[Z<K -aR^|>hS*qns=KUnl5?#35왢|Hzz Y]; ! 3T-*4%h :LMcE`yۤO {1+,hTN]!2biȚM^Jig[ Oq_7iNuݜYf8=+Y;`Ҭ]bu3A ꚮLF(_d([Xo33Xq_;=d`GH¤ f֪➙uO6w7ߏ"dijA>csA˺/}֨x*lxA3%IF2 $AT6,KjDTև9lȘ8ǂBKܯ:<);Ǧ_xaN|E.c1mscf'7~|`{A f7'_N2鉭 JpB11wDP6nTk:c`qjlbH&v/oyjśi=m~[gc*gu)m *{/&<-ѱ>%A[$F1=}Y\NK l${5^JN{rUI}|5ҡD+5ԍW`>sDႵ>@g_e4og?X8}.tC{"KI>h{]&[m]*MտDւ%chindJC4c}H"GI17pY޴P;\K5Ju%'RlIWUW\ M?8@2ERVPME:0T[е]2J}1 ֫KNا\7U<%?z-h@wD-bPglD#)KBQ1S[|C $fP^SmϲSҹ$0 =$|_rXvISmg%Ov7eisH'#d]4mowzp)|#eOvѢ?|dzGZ42e6M3rP%@GR9UBYG+t",27Kބ UB<8F D_?XS:PL G06I*o>}(wHzV6Rm`Dwލ>.z3\lOKi$OԗOˈ q!`OpOē ?&kU٣]wA]"d'2ǐ+<±T\!@T wCAu[pWSZ0;m/hKC.!n9gw^ y^=)ȫ13ކf}ۨa(*i8:36XO#ع"u6ͫT$E"e=҃c$*2o?lGĿʘetnvoվ=Ϥ\ &tBCt—heD,FN_ \7YDxdN8ˍaFLIWsVGL` "Y`52n. Zm*'BiwљUr.xb=;H=O,[w G጑dc5{)5oS],O*uyԁ ΆvmBy>H}6=Dzp gTZ(F1[4"hk'zULL7@r8m՛JbOM/%Ƃ Kr+%h{27 wrM[d[> ]HjDLRb#KNm> ʥYe:"3rRG4g4@#Rϻ,v->23!id'9&Pz TOgTl6ǎ3 r+fݤ& '#St_-%Wӗ,)xn{*8F0趐8*ZŮPŐ;ӫ㍯L~ =LĝX0.t@=xE4eFrS!Iw鸑M2((~79' E`fSkA0:6϶!ߝW$%ɳ {{d}.w3&f(Br#FnBf33-3D A9t ٍK '%܍³)Ԣda5{Zvړ6N*p[ 6jb5Qg3yr?؈!_!)$?Pva[f .@qM>Un+ee:D:cT5Μza\3tChx E>zt"V++>Kp>.ۊ5+8V\z0L6FFSb,zi΅L"R$mĠ1D#/g$bvJHܾf_ҡ n Y﹋.CXXnM(JtF!늑'so )E \sAlVf? ,A?fdn3qD[2o-$ؒ$b!IVRZ7:*H.ؾۮJn5s m~sq}OF?ͰYN5{3=ƊQ-sKeJ1+9#kE"25ȡXp*LL%6Xpot#7fw$Q9k/Ho>öN&R:WGJv|-۰NBllZu(O:TLHx:I" VY,K=uN):^zkns` iB. z1[JNqAT4GnBsV?2eQvq 4Xp@FqbInjaE1)=}ĆZc8%U)zg\FK˥Q3?a9 6i_u֝\kMZh`OD L;o8d&dt[{A03_Hz~a N?l: I-~+CD*u,m)$`xI%#M\=M_0غZ"S4 9ӧm,nXD6)G1)A4 Pe~둍9㢫UjABaQsm{ V^p GΥ asi `r)4Щ.@z ϊDKïΊ͐ Y48_L_H:-!lF؊ ŘzuD?}]L:/ ^bdE&_>'py1k/r{OO AӦܗBkIPaD(0|=CFOѥf~  (ʬ Ӌҭ+%M&\btbbؖlAu){K kqdۤlB !&J1T={I[&\k-tFYl}L mn.${4˒tb5eK.Ծ.->Ev3)1,y*^&NI#Sݢ$ [fZU9,hd" [x=p*/: ,ܾt|wgbEgvځ_#f^{dQ]NH8 aFHkXTD&w5s4ڱQ\1Xn-Peb} *j`i̍4P@ΖCx#E$='lj ||O% SKee,28`,U8 ] nky8i~$,Ohw&`l,VN.x)7BţN(V9'^A8(ã W;ɦW?`E[ed JlX\W $*;8%q=`k<Qk:{3 S6_1mBpo*8! ;{:ufLfP4p(iߺ/TX\O6? ׉Q~QcCL^P{y-6 1^ Ȍtxk#!$?oy`R'ؗd-@+__)QV8)^qɔN"yJFql̞֏TM Mgtj+@8[#cb\ޏ@bΡO%&2_T67~+Kka2ui5_HcKmwmq ^^L!{۠g):FmR,jOH9_x]Tj./u@DZe3SUvlƢOI\UvȌ>|'tqS^[vXk>sLq]y,>̾Ek+ 3Ŕ(%-c,+*XA}%pҨ!mN0^GTp^<(+ Ji4N kwteYn u52JMu 7ȆaBZڲs2' Zw79Z Mj%0k|.F'**Jϖq2j5BpMMm٢YՓ- vaYQu>hۨJN Chsɯ_Y~+IUU`m{21.4I&>YPWp;e *GzJw<&xBႩwa MO *o\~oiWrEZ~d?t*DAcWcyG$} 2[JIr5hB3^Kii ҜANB"ba`Rrp0~Qy9.73F ^ّ^g,DPY䑫9ƳS7k>|˨RSrM:+nF~o- -uI;wӍ,!ʢ۩`'4哔0nBrez.8AIx^r颀 wc`CwN.?r5 r4#ngًB4 ~i7:vlm4hi/ZVTr }:ULڄ+)qcFV/+d}P%WgHZ3+ uΘl5p0G4n9XԴC~}ĖP w&L|( ؏ б?5 VȾvئ0*?ΞY"uGӾC%x0+6JsCְqP3$~h~/zй[Ҳa*]-yv#4dyQM(\U_@w\iRV!=Dkm'O+|mbv٭W|V K_ ,RYH#M]INV1~ρeMp?X`GǢQt閄"\x@W3NcwDr\kVV)'@2990PC  0m߻ђt*qIrv*)BTޓdt 72v/ I9sE5qBCܙ/tlE:# 或یNέY縒j/0$6|MJcQ,Xt__OEI&OJRBn V:c~bOŅx!gJ#skbʊ*tQU#CYcυ-trq)- F1bt{Q%ݬ:VWastQ kJaf 0˱ xshrnޤQJf.Arg  vQK,D08 wج26. X?1jڤ>q+f9]vX/:%'yzZxȃ>a1SۤjVh25ʚ&Q{FIB ubW޶_ >Fn\ҫڜ9VAxbWJhBWa<[[iJn:tDjzL4-LHsq}C"sEZYH--}L|Y͒)5R/`S,5>L?gd/U~ߥuΰsB6&,$ޫE0Lלb˙)8q_e xo'-5+G Bd#76HˣQf!8ף=";r`D/R1 sLL'[©k7nQP*c䬒"!&]{!EÞL K"oIo8fOyO|íTjAhiJref汍!d$/ %"RY*v^O/kȗU+kḮ[7X3Or@Vc&7<@Ë~=-z#?Iq _aD7oRt)m<RdijȳmrrT7^4"ʥ9J(@C=m%?尲?9PhTQ 5 ͛Ѱ }nZnt $zxwpJ6-ę( 7Deo= J$2Z@/Qε9wR=S!ڀcLQA/*ښš[y̵-o47>L}@o ~ 􅟀NRMM%~ʦ@a`o!ظ܂dmC+ݭpQg D" 0.74_a¥S 0F8Tui3?=C.`^wʛ/q`v|{\%fy( m-uQx;q&n2.{2{g|8"%$CSYB_BJˑ2ºK@#)\*RB&8_[e/SI?ӶE1$گ ) PkF@{vS;w @ ﭱ{!~JOl6l^=plŬYDo<\?E} j ~@dFq~jvûWyW0չTJKJg$XR6iB>uGiVD{P \oC$t2l&3SVD'G /aHi>d7l,/ [-ry0 nHMcHa[8pl( {h4s_H:,ۓ͑9 UH(mf^+<s ΢(EV&SL}f466nr~k.o4ڠT,R̢~ՈglӨ=S1\Fe-V$ 7m&cZ3WoL g#NĦxp<# %Vm*C4&{ԅ? g`V_XL[=%ހ# ~p3!a IN\ ,zy3I .0QK^lx:~A)~-8< 9cM!a8p gBsd=gS X\շ)U 01qӸF<GElj:*%uD ´Q*sZG`c݆kvQzT[D;;p30ah)$$xģOWYpvZT![ pl܋.r!|>Oj"x/)Å;OHfKIeOhc'.3`)RkB#ӟVC/n~N> 'eeS^vt7L%W|)γ:]_E`Gи-kBO yv&Ixx%XfiG6d8+5Yj9܄YD`$)໕ 1B qjkz ghE v$Blc׈Zϡi`{΀jh 6.(>"`ff.]9Ghx61Ѽ oKG86#?鍱{&/Ɗ3t #^iS ^"_͊.ZvmܿAi=}+H[,evڋA'7;?┼7FDWEbT?5ĴP\Um6ĸ9y3'pF̺GR=W]K.@z23Qh+ t`NfV|^;qOnRו#F;{kv']JN]]}!8Cx!mJ%;#||;L[_!ż<ӢmAH62_gvEZ![2 Y+:蹉l3\lDJk8u؇͏u&bb(dU*ުMEG|w!d@$6ЮbDƪ KBqBsarmE&doCr֬aEw . .Hu|iDFP0MhIɀ< wEa((BōƘ+p"M-m,8cMpAZwvB{@goF& ֽ|C cL| sQu=٬$g:81WޮXD/^EL"Ǧ穭2x&sŁ;(XC/4C?w1"z Dr-ŋu*Ytf4:P|m_gx֑?cp}\Oܝ٬ЧF(Lzd[:^%nBjcLx:xݹMUI/MI/.?Dߛ 8NJ2/U"vgg yFes>0Zy*-踇RD4ƒjrS $)xaJTVP\R,ZDp/JVTXuxi}їBO'8ݦvmJ}}ٺHбg[n׽NOKX`@+v 4/g*^90R츳??ȗw j<*`~i8xJ a -FZEZBÏOg:BNHBCT88 zR-~xb%43ӚPrȔ$--6Opqpe;)T6dPLWڴK6wM7zK|Ҍ=\X }BU!>Cv^#j‰ eK6)k1KL5E&P+fVkC1=6;7`qRy,?Ow 0|@2;$ a 4۝:=$᝝fm7GP~IhND\g&w7k5&S ahcUT@hHG8m-7ڬLX`j(O2r_9SEI2P+<'a3({E,C:!R۽RP0dz[l*7W)_mzm vkO݄9}9*e֭n?2Ə\fkH)!C"+GVZu Z†n=Guʿ4vJlzw3b-VTۜF/UL&&u>t0ͻL 098ڇۓO`ic[/.ƹ>DBz˦ ycVͪ;ft 81V?s!AaJ'qy4X8vmEʁ}-$A՞ݏK MdhNl2&T~*cÎ㠐jF?TS}pBS) vy7՗'m.4F]خZ!psvEyumzmPgbg.[R2#=:Ӡ6j6\,X'xjo7=ofVbx/P)Ki{0j5.ދa϶.7l>) ,sz/׻W%_Mn۵>퍡DubqhAH͗Uqx ؐf}uP Mr8JjTw7f\B6 Gclt궟KmY@|œ֋$W(J\+QQA.[pYM _Ge``oa0K<BʙoQwԊe]\1(Mb6(d+Plu$>Cmgwh2>;I/(+Tܸ&ީFIWReXY%\@JOM}ߚ|4&vhG L- J G8G,XdyFdS )[qm#x$[Gvz< `jꔤCM0 ݊:ɘ Dڪ*zVsR(.9FQKY_/-xW|4G\<˫/9_?D'Ћ{Myy n`@}8%23z~qeCwIϹpUiU`ݫ9blţkޞ1`9(MwrlJ:4[oԩ=44S3j`KR$?i_z0Wwm[`TZC ̽-ߧ!BңDžEյˈdp,l{Vk2_W})2Ȓo8&0~G1+,IGu綔q@౪v8?r k̴C\=e2? iB%qĭ tM:M|?'zZx_nSw{'q/QcSmA[AT@#9)9HnWǔv3CvAi1_Gh$)Q6j:g^hOTrd7ߧgv1 붂״keet6Hb$N֥6ZJ,H_8ٓg̑2aCQE馋 ^’9e2A7wI) ^&jp3@ gMj2%X ~0><1PEspƫ}z#rraѸr7n-S~A8[wYT.9|TF""p"6Tm +ytH5ןcrj eRY 4bCAVZt?dQezs5Œ-e_#Gb&munapi]6njmGDD8D;v Ռq1.\mJX1Aqxu(%8AuߨԈbXFN(?QUOF&")A?v+4/@!-&M%"Tk)hkpq+:pfE"k],!yBH(uȾzaݨWd{d*Cc;HLS3OdN$- 5PEdafObACa܆ 5;;Tp91lIr`KW9J5!in La_Eq%]1}/DBdR QbC)#=r~|"h6G%WDk5Ld2zZMV" ,mn¶rhͽiޛrCn}8_&2E0(*(BY K+N򻸑{h Qbن~䳋H%P,J  "[yQ]0/a,.Ja2AF^5% Diȿ+."7S;o=~\I׍B0YB_u#(Zgl~QD`Pb꘰oA`Ì ?2ȢȚASlf8xCp8r"/KG1 eaFz3:*N_(^j@I OK{띌֯> B3wMji23`fș(h`6$(xV_\L#{r;=10ae2ym/ͅ|n%wzTQ1=a}=T?F X@5ke͘صY3KZ˓>wO×N5~w}M}Mnx;23ӅBK}oTmnxMOTwVS}+hN~xԤȕ]&كV#tZ/다SFvkiW5ۑauoH2aZ`ZD͸Z:XnLkb% ד`l)Ă϶YY;)u@g|kLR+s~Bo%3i(at,Fl֙B!rǮ|-VnSJ:|;ԟm&҇n.!RSijoAZv_DŽIі'1k,;&H]=iӉvX hr~4;9>> U dlGjX7xWSHc'}ѹ!&A#*MH%&2ɚ#|s'q~Һ10J!zr c"̺= 5)HcT(.%O;K - jFvЧlZIkLiq56O~7n'-/{Lܕ|d1%=4:8yiՕ"0Ac+5-H QP?, 9-lPf:5 b#T76VZ R}GU\p_wG1i6ؙWJ#hJa_ӯ _ :f/ڐ\<`Zov^3!I8n,"D/:;W* ՗؝2+L"3# ȼ4QW~oNaנqUȷ(x5ۨxrHLQ%y(VKh 37S빼Z}r'] Xݢ. 471͈P̱֚WWIopNܒӚ}1 +Z9VQRqsljld6dpx9ZJfGMxD7ZN" /;6ףA;SƓ A-^}QᕳG6u]daT.,SQ0.7rD|Jb3 a=ʣ?~hZB}DVOzerPh,n?<7]uƂ=wɈ;!C([S'9ͻioZpCWQaE׮ ^0rVŒ: Ei Έ%BE.cs5e7gZc{C(?]p:G?0V®3޺5)#%5-`p.krwN:<;dK׏XQ e1^~do3ZzTW8\B muR҅:\s־#DXu(TѤϯ!)4Bܓ廔3/mċ7*A^~1iP #&%08 _o%ՕwC2l R\Ű Ž"VIY@] 0O&I0!5[3C ա+VQQP7wjϲ ~<3N+.!nkFF u3}-2l]_Di~ae ,psdt&aX 3b7r9&ʷHoDVQ&nG/sy+cVKPF`WiI, A!|wC}ŀi]so&LCPp pSS7 ˗!Rӟ5/BpRMܸ ~Z<6 }@vw-h//χ< lN/%=_+wӁciK;j|qy̅Zu"6k%_e-nE U3eR3) :JJt9Oo̤|w)6w7*d5Ǭ܌s*"QV,T/mOw_׍h븢,̤`5rt^u冩)U8rp(վLADs<{vZ /Tyv`-fj{CB=2"Q?1i.|^s9!v,^EA)%NݡD*^3wP2XmM\uoŇ~\M<ץͥmҤW&gO/ηxS̋ OatK~!,hhض2h^ztXk޷ůHrQdPN]*`?q G&/֐+ʘ&JW[OyADtqR;UHd) 6PA^AgbZއe7:&O3_O>瞄t9S*Zɂ;zVBPtIdff'_;4lNxSrw Nx#,7~DMь XO)oyUjgpo^* υV{3kġZ}kvv,' @rWW AN ;H#FO59NܮP\^Iʤe$esh1=Jx&xh cPLju:U=/6J)A.~1cI ˾FQ&2%n"㈄WӶX)zeuK^kkϾ%da% (Hnrό;FMFӳ(^UN^y Ԗ:JG`tR4vmu0-DMC/6ywdQM(\E(&ʽ~洚g`YV'# ,O1ZF/Kmd}o?">C!ߥi-?S;'8NFup:?-qsp ä.qig |oUzo}G$ןlwlD?$uI-=O)J|uo6[HX*FGį O jM-S欞87c?sȶB"CJ /L4b A&BT[jRIDnPAUkm:Xr!L湓-%k3 A2]]G/\ھcJpT|"R Qhﱩ<τ+:U#IqJI7]C&6t"b?I3ŏ`*jW9eYh+JϗGjh C {Eof=4tUW ˼sn/1INf91XH\9"- 3u:ťkHOz^oՒW֣b`56 Wnפ bmA1r\tȘ`o! ZmQQ>muV<"+SVYtŀu%hSXMRJNj _ &ȌHP`1J[JK3ѫ;v{ByN8A*br59˳Yrܙ@NF(Ϝ4:߫uC?ȏKQ[;7RQkCe4n 4Y}9@㓫!ZDP1g`_cOKC_5l[JAz{h3&RA(e6*t&Rkť|3HN g/əA [ okso+jD!痦ʴBu4\@bӥDEV5l z_czPL@A?!0Q,9r6#:zcҌ'c2$ 3b8p"[wd-i̪gL"E0\jGQD "W_rŽ0SMW\ZY&O?D~±JK.0IZ̮ ڈσʿ!7x14"%!G /9f&_@Y[M~sjpU؊ݽߦhq*a#͆l>{若0Ěi:,Y/X 턍,Q}ѲN χ^?> S 2,7]`Qҕ |^_@ ')uM[NR'U*?G§kmf)1%:bWSY=z bč!}U66[E$xEբ\:fTַ%s&q 8dn[?^ㄉ!a}Fv nyԄla@}%H$W Z3Р-=RIPj:26=N^!y؉[TX-\%52kJ3r},gk!#}k[.QwZ^ÔFnƅF'&0dO>Ym5WN= 4D48.ކzZD<ǜ^_"c;,A|2H)2)4en*9֛֊> Cyi!SsqUOV"yBU$F 9o1B-W4D{@90B5Bzy$Svyc6ߕ\gCA/ejbW&PmG1[dY 3&<^ ͙# AC"Cb$g+׍{$USdqt}+R|jmS3?0fQ;f{^&xuլ&xIk 6u&_GYlݴ^)= 5m;"|z75($X`G0 z]pնk %H4@8.M9go`Eoծ7 헓FvڏI *ab9`6d(XD],]0 OYL>x_HTƓլ>31-%$=- Ћ-s+}Lc2;V+4U:[.o @ [$91KhPaS/'N7]P!ܓ4?F#sS _8ΞTNN±gM6w<m~r0/Ms#Wt'mߋPm֎c[X 6NWl; Ye4!.`AphU$BCPWoiyolĉG .s(ɐ+`?mh^1k/zIٷ*m;XyA\5+P>KS1498'д#Ed_W&Quk y04KP{ .|8>c+S3DZ3%tݟ[tg4zc p}|[!@@nw*d)hkWE%\:gci+˝7L&C$f,/JCH2Qǰ8a~ ? MTq P[@5^+UUt|)$UUQ\R#ļ-aaSXD>bEĊVyѯ[ Oq==|Q mYݲ (Ơ[53ufhB؍~ HI#HW8TJK';Vrz-W3 4z$/lGB;BU*6o}?qPxufY]CJ8u><9<+aGӂ-mUT!wVB/mBͱ]u"_'G[0'ݥg M._(QFaQSVɬi=E]CW? X݆@z=g7 WrלLwÚg^^Qe qIv w4+|{ %]]}^e3$Jr gM4{ +PDR*>pNC V^0Q8 rd`!*֙M!*H#5kzGBt_Ik-A5?B~_V5E뜀/Fl;-Ňlcrqe x7znny -@5'O^rAԖ\>c> ~"CQ!6r̎m ݝ} K&ҟ_D!W['GR={3{(&rb5Дv?H7/^9oXC8i^s6̙O(vKM_悡*lWi_fꈎuO 8NS;*X޼U1)6-]j]L~`DWynmP}8OCb DH]x A~7Mi߃ ut|+`r#n u:pqM0sOUb;.! SV, :y8UKB0jqEWTy_9ث;|3M0x:0W5TmhQ{pirrTEp{2"k[EŐ nq v$l i8E:$q6e`8  o3QSVW"autY'\B"tHA*B$g}K-,R_^ *G6eqm ‡[Sp!"xTRʓZ\{|('ؐ9@ӿ5xnQ1y=9."¸^l t~Pqp(ӰZ> YdLjae#&M~ʡT<@b` nB} =[i!{.ȁAI(Nba$U0We8KZv;ž GFg!25 qZ=O$q24Z*.!P(Oӈ $t.g;uZ fWSBoiԜSZ2m ˷glݙm/&jb 5/Fy7wǷI/63iPjQG+&Ipv:DdOntZf"oc)U5CF~Hg*ɲA՚kS6-.OpU;]<_Wky$ K&t &(ogCSЭE{$]ީ-ؗ}!/2qQd[pԡ Y7r b+{ u{MB/^Kjl9/3jU`FYtO.ppX!3d!/ ͘vr֓aI tf鸐4!(¯R1zzCg_[jhѴ.ŒljqF8$>aHYs;KYDZ/A{|P_kqAgoiý} <IZ'^,t.eFt赲$;UL1228&E'(7Ѭb^)YH!?6BG\½L9&Cpvq/7 t?[ₔnY`;:3b}6!B?}$uunEѫL>T"im=W,uign4ڽPi.Olp#}I.F mL?cx$sJ϶m09g.R-xAd.dlf֌w̼f#i ai@Qu֑nrC8?߃>: @h!'4+z]3#WI-!~=ÂFF]Cv`'`,4xWDoQ/|æ]&ު֎*m3ڢ|NdAʊn*1r!$LX3V?U}^(f}Hm]&{5]kMָ/ٕy_;)$sgjN,̿nvs+}߬*$(䑘Kޖ?!btvy,<]0 g<@Sx! BMVU/`h4̵]& #n#+7W uER1NEku$vQv e1!C>( ~e es^$䓯d7֪o>;&'> >feBHg`b/m !=X _Rg!6:$XuVcYߕI1#Xsw IS8jLeҝB|/XU$WJ Voٙ6h?vQKIsfU~K{4 Da`̚(t}o J(?cD.(y=r|!Z!(/kZZf%MOk\c1B0TV7#${&bsSj/S^_X!oxq3U>*i3e:iTӥ RIZXA^#Ԯ'qͰ;6Xg6>f]lTTW ln\ ]+y`˙YKt**"I % Gly*(ti.-#3] v_SVQm"?ݪ01dLb[UX0HL. I!\HG=6ſ2ֻ LP5~ _>;‚ 2 m< \ewDTBgL[L^Я"ʛB%uLkF ;(9t7P1E> rv.q7n0 ̡ RVˮ;[mw{K@fv;ҜS|ڇn ^25Y0Qq匣;ಠQN)rȯGyy5u3^}6} okL.8^j RM u!sB)sw(v8\(1d<@=Z8YldɝTgUQ*:&P;o WKP7wTwH7E#Pi権]}tNTD5n[zO3tXP2ʪtz64ւ$9} w 7R|Jތ qzKIj#"`"o;z^ BA[˲ETgf_|tǭSdۊtѵ$=TyjZy{#  o.߁eY*h@I\?ںm.UG mn+ݛ_஧Ϙg\K3Sѡ͆颻 4[CHmdדaAmP +N(Ap ʤ=0Dj2ޯq$6T;ߡK񷕪3l* Y0O` ;F]G#hkg@w 6{Oܩ6CLGy$.R<בmQvVځzeR&.`jL z{Xh;cZ.MIrRI!|&>N^Kp|<Ŷ$$\0S4TĴEFZqOs~]eEX>AO ZodVݬ>]5j`Tǚ,-Ք$pnk9F# L]Tvw|<5- J.}ԲB*ǎ- 9᷶=8ͮڂvWK-xIJ)8 ;_Kx pѸl[x]Y5A WdutJ_jl: &mXnyWύ8.9iudӞǣAާtnMsx-@oh*() Y SuL:Ӵ${[ގJ/v/;g\.X2ҠSWΘՍ.>ؙ'̣uV5?ɾq/s E#F2xDwD\__A'tbxd2|qiA *'J QZ2nV2ݰlDǰ kd :Nyϧz`*hN ĎOΒк8aʪʡ5JHT$7-hܤ5%(&"GIDݔNs~=n" Fm~R6߻0XymwVvشE|! xHg#e ".ad{CdE9i Әۉlh,Ux]7߇STBKj˝_HSWSHnbe{OQ~e&8.==_@B\P/V&^oq ߠ,'z!+/IPcq~mQ&p2Bvڛaj[gieB=M&T(ecQoZ9cRX<#!umV-ӭbIva^U;NI$Y_bwn|ڬ%OqZXnX']댷Xp/#2 tfoUb(h:`!{g_p;@ `r30v8 )Q^g@FT|fc@-}Qw65)M\;1pm,,>Zs%X=0'K9k6z7a˼1?B>^\01Zu\K3B}ͼD5Y;i o{x\Pg^ H $tHx\ϓjyENɑ( T9K_~?\SV!$vQW4U=~,3 AΤ'UNúsC1\wz.|+z?k}9oYtsMqe'AD-V {SM _P3.bX/xFVb"^Jj"Aa=z&SBϨw5IV~Q*&& xҮfez6ynq<52:gC)0:gG-7Ⱜ /Rr `-XJ/Ni^2^3fpdA"IloT|q3hHzϼt z9tG_D)VJhKqĥ%5PN㻧ce4|} “A_yb JDGgrۧ珂M\&\% ޯ"ט{J9֭Ǔ黶ƙv P^\U[_!&};QZ "fdf|qRXN:!Ƈf{F2V9~2؂Ѐim'@N.SS.6u^#:YJqM'~h*]0j#8C &`V`H _=\xy/wŃPzΕ;4 4?) U'ЖOP(.'^H<7a +TM~`: ~,ߨ %*%-w,5Irgٴ9w6YLfNkȯ[CE曇֗4adkf@٣Bj_.Z?t0#hR7TM-(tO3CQc 5۽ P D>z/,3x*VE1f29` ~Nwm^X֭٪N6x{7?sʶRX30uOְe{;?[y&$y0FGkU)t+'؎ 3/֬9sH0C%6oyoz5}Ӌ~xPٿCf|Y mDBŠLc&^ϝ${^)kqVrs5@K>icYp\?sVcۮ{c&gI-" >EaF>ki!~HPɦPȍB]t :5J35VN|NK՝1dD41h RM0]į3T({TN~F –yWT,Y8Qܗx;AuW?zvE"ebyHNRdz7x{4cN›و^/+)@;- /!hSҶ#BZOu>~@ H!z$*]cfHINKRj.=DwXޔ3ns ZM3r P WC\ı۬B"u jh5gz[[KqPvEs}4 \^W.&n<]hrc`sɉWjl? .}E: ;xd=D3C).PM,_'/@SF8MVS,rYIixB KF6^oA]c[N2:v=8k, ~;ΐSݚHN JעAt햩y]Wśe!#c:-qZNqb߶6N%o4-Ol>B L|%|zjIn!w)J;pr28ʍǒ> ي PȌK1θҠsmh'.T#~Q)bqAb$E+,ץ:A `U0Z j."d&W&?rX:FGoUncmuaW2kjtC[3\QQۜ2 i1M8m@_Q*o\(=i%aOwV6r}\'yZC PPNelgۮ+^7g hQ&f&hH 1n(AJj42dF) #w}joRoh&3Vk*U,;7ܕ<%(ΥW5Tƍ<=}$f/T*r&<ѢL t%0mb:*׳g)x4ARI.} 34eE_#NaJEϰn@<,H3DdqZd\+ez5lP ٥&>8HS& J,ݺ? m4$"1$Պe3X® -"K&.{Gb'UY{ducp^RavSE!2 gyLI ׇWőRJW~v^:_zP q>\v(%>#@[a?9j2YSn 5((}]inAOJk}?ClZ}NxS0(X;LCUѭA=> E) )NYVtWav($wfjXcC2ʸW`!K$Ogqf^Lg N ;,ߡK P"}L虊]QS3 GFfzلv2裘+p[.³>9.}݄kOʮ\c/N@IґgԪ0h@`֔9Ƞyǫk#Nc[=N"go_"#I1Yo䅒E$AVqr#c7T?dJ@7T[aR2j!!-lGZ}PzoUGbTB67#`K(),z[Ӷ]lJr-a@׆`Āѥ8y;C0Gי觗lOR ˼c c{[PG5(6͙,}p0q#%-{ZXlM59{kSJ5?Zc7dImS/"_u/$ln|+eg0̔AQUnH]$ cpT|lrx_j\|jrP_&}|9zO, \^ #Unb0bTR2);^.:!c8W8t̪Sչr飡&ޞq8a>MqkCrTqb >u͢P%T4OdB]dd 2/1-_ jF T3ZnCŦ6-}w(H,;!>2SZ_{jՈD<1ᑺwmnЇ[a%=_W?ߵ0B~nne "!V_UȩOuwR2d@5+pDT:Kf}҄?:DA.469x1ñ38O%UF/R^w+?Y4PP.˵ɢ^LSRB6#Y8qn:SOw |bʖfW :T ^Ta |3f.ɓy٩yylRt󥦰HO1tQ]vvȕ&Eiß'1Qʯ+D9t>)PN@!Vb'6]Sred*:$ 4mٳ9Mj9x84p] NS~lB|MA6dFB6N%㔆+0]xG0}GdLv$'_µ6Sם}A(hΗ,èL=_@~0I<^7o7곚E| P8H#{֡3 jL<S! /-wZDhl 0HY:pgZG&U BpvQz~^k|Q"iiz1}n=η8bAo1!h$ 2(^ - @HQ>.[عaCbkYsN& ;᳾]-^+򹯅l_(΍NS21Y"6^لjԌ[ S]s@п F m d_-7) %82uX5]=E졠Wj00'RP͢`i8c s¦ww>;g5/𤊎[Ap Vʻ)A+DcPEQkrer?v}n`Tpݍsg?OP<n1 >Fy5)Wh_h- k5R㙩Xei{ HoH>hi0u%y@N8O$aϏo4(O"**DzOaY/*9=e\!8A%D_7y{h^K oS,Y,KֻZ5~zu% vvL=90$.++m9m1~6vU4`vd#e^ B֛uaBLx^v0((;d)&aUÀM;j ů=!A+}lqJUPyHOEFV=5;b[ Y@嘥`Mu o( ،%{D=G b>]ur0[87sHF_dM V̊c%//s9$&~ IL .+cθUӁ)5fl9 &$v#'pYHN Ԩ 6GpmB/Sxny??ɔ75(թC,[hB 65rxpWA#,zUQvp^4yO +Bj9⮛mty-$ۢYݳ17`zXU8^+{<4Wz5]v  +.T뱷e–%9738Aу""^ ~: K/(6Fڕ72;=f;c.t AXЏYv,r8^ѵ -8oS? _DIM63hzMy`ˌ4S|==&B) k=H$;:OVyiLME L(M'eSK3"PS^9>N ey^>|C鸶MVhu$[]I-0fэ&ef֠/+$8T SLN!PQIs~-$[=זv~iߕu/VqOJizp@\=3J|5j#|jKM +Lŭ`*NEfw ưk={pW+‡ U$S?IҏYʱ*1hci9j=xaqrPuwA?$_A`{+_%@roAm݆wƓuTQ n ! AxCk(n=X> #P2@割w.펂){&Yj{9U9. yݠ %32h7N1_;my`.97/ մ>E ;Xv7T[UQ>:a>*05"wlnjԬ. [(WI 4}tBrm]%*ԁ6נAy<2i-GZz(v}bkl:ka_S:p/ùJDeud#|xct#SZ!ߛavA~`1 Z籂']ݓcв̀??yq~XEh-Iʯq xdI/ :B_:D. j5Y):y6$TH]Qa 8wuE v760mwΑabYT\ZR]4lo⫳J5'WeyqILQ'{,KLD;j6:F qʪbƎBe0̉xMS<lJ&%lD,4eǥ\"xw@6M8l~ݗ6%4ǃq,}AG2!alUrX,[@C^)Cܴb5kk竅|k]n(P<;Ξ2،,U2h?S#kǃ]hrC .CCzjCƱS+b " !1an5011/ia7vE)^-Y9U4˂렏( s۲zy1mL^Yw^ ]<}9G-kEĞRJ91SޙUQ; ȂI9ɉ٥M@!{9<1\OO!{7]47K1[c-><8.Hf=|sSJOMZE/h\ܵ x}ıfLΓ5 T fߪr9`w=^d1j Hu,ZRh:U٪\}Hc C],xғEr1d(<ꥳ5PӜ}#۶*^mܑ4PcW/;eh!:tdeh9^a+ޕ֚-VըƸ> M폱kE6!lX'Yה`X*^WR͸KL;J['BU85!wJ"qӓApeUǬ'2˯#D!?HZqkx4J|\`3 }$3C2gQqu3zq;n` >pôpTp/B>yG^sGxqH2sDv5>tZmQ,/T%?yUdd035D3 c$&bo_S[Izw!~O'ʽ: \.ۜ bhgs ^~uBS4cV7ִ'J 7I5:o6`H*V;J4T{eߞ+]J>ìT3!M10cӈ-ab8_HV7󓿖`ꍬTeA&=焐t6| ^-Dw4xa"¦69 )!׎#7S riј44IliZ``CiQN'Xǃ)"VOlm ID]=_c%liKQQ9MYqL~09~nKDNn* /CLw={U!OM$XW]Za|_mB6yϬPy6{}̂,cWyztQZ彩Hp W|S`ZNwM  r+%H_$EJY|A6Dkwdmc@)M[VӕRwh(ce4nߌFEu|`~!ܺ|iLlDҾѫ{f(0@1,ʩА 2+'IشcdsK 麨롆ݦ"d\hڗW\r  ݯs3YR5nF\Z>lcDB[iN tMX6eh7 gj$KFVT5e8ԩa9k9q!͜R33g"zU󶈭Cz҂)MņhG897ݣ\LҠ~=8 L%.rHL?kԕɍ7U(7›a >CWTڰ@d-9q/fE. Zw[3 *K&xuuRpO*\v|4Nz_hkD, 9&dL~TݾѶu'B]\zl'p"}V|gv8ӹ1b$v[ϚsSSҥ1xFD+!hG>|<ڂͦ#(fc[Ou{ j 1b}x;rn` mVGki f%7 GFYvL,$chG慤 w"m1;X X=[׵Xk35?kEH+`A9Mq$E*7xցVeQ.-Zm! ;T9l=]n}^,9T%r^sCµ@_ p$bZr&8OKoG spG-}D۱K-Hl_y MG] a" ;G(BI>XУKJDO@1Bl1vH22Ew2x;,?N·ONW{rr6QB=r|.c:glR eu9 1 1`S~m1Y.C˨Cc)>zĮٓXL;I6(&~(#IrmuPfQ_i6*R'`mk.~YU|*H'8n|-PZW"Sd3r坑g&qna'JC%\p~-$%Mב!{Ø"eDՖ_z((VyÒ"} seý, 7qHٽ{,0 (> P}G?H3v܄0j34 w7jRWqiٱB^!)~qJC͗^jia᫥ ^4(n-U9\ Mcs2ag03ӻČzaDҡ٫ +7"̾hw6rKvz"{"+B,2i+SAaKQ'#e_M=mmp-ch{rqlU38Um :c9YK_z-R>O:M;x]4H 9sן+ _:r*\2Bæ«VՐ\qq븃B+L*>f/,FYOZpyaa=tjG@e(ej]B~GCnvWdZG@iB 4U'XOS#28caғ&63co՟t 6|e7Psq7}󟼻cjI ?TVO~gSfS(ʏ[äg6L\Ejy\4?!& ޠb)O,۹ dVG"Ĭ[cExLan oR-_Id֙MS4.㛘 p? OE S Ӊ+zc`)WC3(u5r -Vn^Qa'omC G?w^tsjyS)fr M{džC,}>SCv-;XA\i[H%+L4wHcΧpwN,lo8t d#/)x9{Yq!6&@ ۝rHyVsmK@Sn$9ʼ";h Pr^hf "'%\HÎӧ@Y5Lf/ ^4ne?Pr2' ׀ ID; ݑEUqm!nLeZlj[rI[J1 1S>nT N}ސa{.9`QsTc ry8=hs>(x,f>m֖z_Th)#Bi\Fմ"a+]Yhҷ߻32w_Gt%ZWNrv+xٜ>?L Z@?d'@$> EءU>goEQ˴ꔨdiMSV0<8Y5" =Nv>^״rbmV10X`gS Y_e*~wAKI0Jyw&lzK8Vg&N 9%["6$R>Zm$ d=*9ZB~BKȮ]ֆz%*j 7B5D%?kqq(;MւeAYuw6oLz%1O=H7֙BgC/$;y*s_rE@c̤qD8`h_N$d*%{f)Uy#GgVb$niAÅ>3S OH*'Ǻwk>P\ |MDG9j+{}6fh4j% WE n'w,yScEeSǰeƷMS"`տf[J0'f|R3\)+_n5f !Wvl_M8 .+ŁH-܄UF`cdkzO;Qxai6w$%s56墾{ǜz\׸?'@;U9<7X}0! $|&$W$v=S,[VOazaqPwDjpr /59MhL>֧]f@@Y$Qg! 7!-x%=ȚrTGC7l "{}QEI|^ !&Na/`}-[yԁYexvZ񲞃\'ErY;'۲SLmt#݌!ȹ(-|eάYFru´gj)9a* hP} cJ)7/6+uwRSp%m\@X`Fܐsqӆ8)8Yj_rD1x`)d vM72w'Fmʭ658KQ !*NHρmk:b> o *Ii1 _]o^ -}b\†\^E>H0S[@Jƥ ejo8q{Z"ETJNWqU+m63y9MG7V6)q0Jx5ҀaYjM>퐊*Sk+NmHгS#~l6ն;[Y@ epr}A$ȩ^Fo)I Йrtoݛ-sƝOь̠nJ"KHI] Wr#< T%2Nj%vB2vO`ZbVTѶM[0uUYrn[mIEKx!3ـf3u:R()N0lU# I=e3>9S<jLđI(Ƌݏe|'no!vy:=*}#z ~~~Gk/BI ޸RgPij?E%Ⱦa;l;oͷp-rs>Px$W8c,'rʼnȟ6tŶMYo;sѠX-ker\ع?S^T+J~KP,܁O#iޣv7{b祈wQ"ӕ\/XhAd+8>ɰEGq9`l2Ξ [lVW( /6GJ( 5z\v6čqKy \}cl(R 74@JTas h [XU缆o8 _idgqoWPfh0f _]M%(4EZo[p QJ5*A3e=/ux?kH7I~"r,Q&# UOq@ 7sbqY#Yth)}ْK띭]\v9Y-5VU"}W٘ϒy+| xeTp)MsZ̗Mx@rTle5߳;Sb*n׶f. e\:P}V=< mس%t V:8xU3u"'HvH! A$~$T*}Y}UF=ܝobݓ 춫UkzF u[QR]s#uCm^g;.DW2Z($1HBhd7ykL;% &rN챺`Z\_cb5łL@d֋] %mBi'Gh3}7rvwv|r`6?QB/10Gp2UwE=f_?{9O"8!x%Rhب2 pdZg0^-yA W_JeWB{>Z WK\R{q[˰^GNRb^.J&k93U?#-L ױ)8TSW A.[Շ|.A+{f8ƇO&"Q}^ʎ==Z$JpOC(?s}9'/Q"M AeaWVUs6<۹zv{U kAaM}[^G=6I$?c--ފ$3 g,I:= INfDG?5pju¨`V~UzΞ3vhG;= ҏ5cC}1%ªYץNshvOK3PEmR>jdSGZF9r^ڨrW?gd b(L Eev7~*u+`[BJV1$,&O[@.Oo!4i}<{ahHɮZ{Y>Ld U@_JݜNeI<!hY:&sd/dtm4d/$2ul_ dEPeB}fR7n 1q5Zbq6SVklY'2ۦn0O5L&A7> X~1^vq>p7A.Dyq"pq0^_ctA%eFb]kק1ont; u;eO/[4@%vފ2ڒ/M$-2=a@~" `k S#;ļUi-xow;?ii3#4;6fQg!zԴE>#ۛ,3 p41csǺ>h cЋ#VJ)U;>n P\ѧא$ fިf!Vco9hӴ_4:84LoltT0G{$wpG9F,^c>BhYgCHIFj;GBk@Shf\wRp!t񼽪r;g\5>6  VHFwrxљvcIFJ3 L,n9-1"$܁1ׄW3"Yo8ꭱUjH0OM(6J?>F('c7 3eŠ.pOF,kr"_E,soZjcS av)1Y\Ne傟)ߟ1?w΅rczmOS"<A 9J_=XgX('e&.}2^D{.5ڡ[u8Wt;3קm?,ն)mAQ|7UDF,}FLH/*QSEVЉI8 'c \=pbnr3эrT}cx gdbA\U/۪c: Qmdi^ElJbb؋RXXb S)P0UWI6l1.`E;*'1Zm RqcŀktKk羘v=leVetZI5a,2Ah 0OtҽS*\u5|5 Hwa@A9H:.n+)Zc=uL`Q4C@ObS0oxYqM;3GD_#b=sIQEpB,εlC/C2=uLaDgP!c| /n<KAKS_Y{'s!jN ?B;/tz Wf˵y=fIu;4|McvL+iQ.Ь *:@Tڵ%n2B}^:a_ddp4d|~։+y ћSŋs0̣GӧcLd(ڇRTwO$xQ6{D0Нbȃ)ڞA] "|fy*Qx &%+V7- 4"Zbn{R(%pѽyʍEn!(-C*DIݬN`K"d !n əB R+ƏCqDߢAve(nߘ &e!6%Belᐊ˦V\c^&?SQQڗ=LJoCtP {7/,(.IorbͶxq&"Tz>Aij:[5O,:a ,JUw~t.g+xZ{&|H&崀qmB@v 8{ 1;>CWd zUj0_V,)u=|Y (x VL$./ Fۚ7߬'ŏ+>wBAnUEI BΥ8mrJʟ¶gP{v1󳎗% ^]{|/bqŦ3Ì#ia]άt#0vk^ꌇd*aYKW[yl Ճ< J]oƜ{[abZg8^!\,M6l2,ƸwUqvE#9W&H^Z5'-?qF7M"a( ALPqcPz$2yb?slQVF#nWHGJ0W|BD1KZ!3Vko7pJ//%(O2uW'/ Gd1i3p1xG1ɒ EP0Uϗ9>j$wes7 ŽIhS:2 0 mU*q]cT |u3cH &SzÕ'+P1=R%TJHG 0N">I)Lë`b .|76lud9 mhro4 b0L77WGu($5. g/fH1W,V,J->׫6P;Ɩc[ xVC6pl<됯1o-~y a+P`wL{ow:$++V| Sv}JN|3 5\TN+P6talAOtMn?K{t*җaUyFbф329,DĆv6+b Z^_5}=`(T4(aYĔA&}L穙v]R%X,֯ip'OӀ8_y9; Iʙ Kn{Q҅W.F0;'="FbĀ$\*:z:xiEMPyT .!0.znl WQOdY,qu!H6sU>"v,i'HWd2!؟{SnApIc 6#(zC>_X'?Wo\꫏COfhhQmuX{HYbƕZ*fXwE ^kuߛha:ZK!P,|#rnǥ$I(1NZ>"C/-!-|B诛u_xMz5 7d(E;ݿ.  qJ=Xʆ|fOt(&={#Z~+|uI3FY\OZA*m_Ccz4?d\V,SFӾY¿v1V5[&Acݶ;%a`#:˽RU7%nIϊo_)bQ㞎廬L `LӦ1݃_bc#^b>)cKt`qtΙ|Sx.Ox5+GwfХ:Z֙]O A`PIOMZPR"6]4ku VՎ^iˍp\/"azKP&9`.(]Íze9RAHZFA3ep#oVXQX@wxybsyC뵖>?;$ HZ=6քLf6T&8v̠2^leLK_-"UB.b3.ŕc֍ J>Befx(͛<؃=-MчM-?k!fcf@F[u.%h FpČPr{K_u݈#O)@}CfEI99]y&2jakFWɻt`ws:#7rorR"+U,jw)xRwm۪’ JȲ8~#QʗWT"$Nu4H!Mk!^LҘנ3+)+9d~̱9Rh!t:S1ZQRzE]m[i/7H;;˯-d\(af`@;l%9%S汦*<"*rMmڷBZ}175U$D `+.=7PaRd@«M΂zkMT o8pA MO \ۚI@C}>Sxoe,MV7|qDp-e]Sôuk/y(h DP4I8~p!eu#ZI S ,pU<7C4,5o#4Ix X_YaAi `D*(GC9eX)⟢dv$x #:>I.1X4|)8œ7Zp ^jY2X

eMdž[MrϜ;(>"z>rq~54,v.19ázJ=xd`+3uvnt)38S'=\f -?,NWDu cJ~Q6W^+RoY2F);)\1'J.XgKph!žbu+F}/OhJ䪓7趨ޓ}*+_L*iz-vȫ֖z| 3)B"(IFq*4oϝ_,+.F=_bPf'L~ 1Z~=yfmZp!["~$F:i4#wy=686ADڭ`I5xhaE^'Ӹyv'H(ވT`jiWBe'X?jUb)uͱ~Mw+ǘ/@[ov;O@#U낢/*IHͱ.T~25{*;rRՀy"צ\c䜭8KJ *K+5j930詓qBUR)5c&Cv{.ѡ*l&%osO7vQ %D}\yϕZj~kè?#0Sy1'Vy^\85^{ ?Nfg>Ya}0vbKrRKhb:ѩGpu q+k;whXZC6:"&0eK:;ἚAe \'zM$zXxJ?}fD6t =*ŨTZFK)_]l#cPd >2%%:KL74ܖ(ySCGkW$)>tb[ڈpx8P+iV(VQ]*ccj b*Ȧ8chT`aޞl 7P6GMQ&ՇSQC՚ƫ= CTkm} P#b`Xp@r lA1+]5q q{\2k3ƕ)w5JrFև(t*YmkӮR\uuuڗi= DZ"0wsNb^Kf8bXHX"p8@Hzά:XtQOnm9pX2_5LT?ءU)dN6ucS>ck)…aWFz$(u4c9;!w5oqG7 H V=\٨ rO>;AG!K''?;˷8F'ע9uZ!5VP4kI)lQRɡִ%c襪sn&F_(6Q 98Z=penz%Xmy6o"0' c0le^';i^]{vEr'y5fy֯tAx:en#:JouPU% γPKW5BņjWDaD~3 DUi=f=;:bPJfӶa\JOf`'aZ۔ +?rrGg#p#S4M:W턛].7Wb`#aWxg_ށ}YXc&|QiU+-js"і\xmj+TO fH e"(;:'êQCiL )Ƙ*V1lo C|y%쇟pA]"{78ǝJ5ɸSoL|&6x[SKm[*13.(8Xb@ŘkGuB~=A%G>ܠW:U}?:u!Ṇm7_w00gi8eyyg^G{fD]vFR]8qZxfdֳ& % SaRuln(`U&#yr>f,X-Qmѱsi47d3qYi&fPGlL[)P:e群<_aFʋ-T(+&cɲ4ʫv4VNT)Sҥ-gPPOy*tpDHklQ>9rc08McZ'4(< L^dv+mx߉ݔ#VLRΜX1W hɅ3v)Le:!TA80.Pٿ23zRN=aqwW}Kv6[:Kކe$4^&$aHvW62w͎P0$)v۷:  bg ]#j|y\ +K /rinn0?SwbN@ (US)\d#ؒ cEXMH >n,39^r%3^ ``43Lj@,v+A"2 m}2\)αċIEsQF>wMWiyJq˽Ş 9c4#{,^bO+TO@j칕ʼnT}:!xBzחwD媯k2˺?[ H}`VL0١LG GsR*)鄔 Ŀ# CkN3>\~=_r6){;u_ (B}{O.U#rx^4l֋l/\vot7WѸD^ks&RV X&sXmJiZw{JkYwO`Հ^a'ntĚvh.A0pxh\@*ڷhOD҆a8[%c7 lA9l'(|н lP]y?/­: fǛ9E2B31ctEC9,;v.NLTbI70/S㴔O%~rQ;cM, NgɂX6tC~aBps]29܉;IL=FCũјA>>-E^ {}mޓJ$ eG#E'dOY"<0kt>h8u([P6놖ĮFb'lΨ#n\+xjQq5~3Ⲹ\݂ϊj4>=CP nw!/8o%Dzx hRۖ /$V+M8 Mf@%롡=*@1ED 82Я+7>قfP n?ge{/CaL}}IN{P)eDrvlJ :1Hc4#pϾNY{ÅD*л#-wEI&QS{~{Ln'̨\읫d9+k;h.mo+Yp*_B̻Ymێy,0/RuFEDC}׊(w'ᅲ3{|Tn%R UƾDZPv(v MSV^x/Tl8x< n~%ܞ {wXf(vt$Lm{^ƈ-8D^_&MPnrzsG2j \o:9xڞ@5Q|(6Ŕ])|넆cŠkp|i []ܭ>/&߹zK%Сk[1@R ,SDXַE7[FBҴcӫ;w9٩mә|. 9C8YPDh3ioR-wI)و~&#T~v Yzv?>W.xٔٚ+е5@jRW0:eCZܐOanb[ ~A9ŪEeP5}T9D,5(%]a*3 8X+@ZV)p~3WWT X·MSe A?'0oYH!g"r\(|@Cڣ!_Tll-tqTTvH@.FILwjtzpt}~#$I$0ӆGx_e$c*D,+o@GuJv"N$6bw 3N{A @8_SxӢY*^ôq!֪2$ n]7+_ vxf!)_[Zݎƍi;7xdIR. gp9%I@`v6t-YܓU0/KbT ^/CxE+7A&JCs!AP-^wC`@,g;;!`keͼSn@&8Nj0fڭŏAds],5-=TٱG}G:Y)=%CSIkWA%$8WSN\[4Q,a5Sqt=^;&Iڵb`=; *}]=yVBF)tEDwʳeMgQ,Xp.\Y3NuV^X5~Z/{ 3q.wNk h&jyZ72=IZN9ɨlwL*%ą=~@uZBi0b/u 㱚DP Ϟz?*5KB^3)*^!S& "k2DXhpU4vnL,W]J$ңqU\̂P JO@2>S:;hн_"#q5-̀W[䕕`j%SI+(-sT8 [_A `m sɚ)fi]u *!n3쁳Jb T  qc k!λYHyՃۃ(J;55hq_!i.y9T M~22rYnG(ks̥󆢩$\%|v9,_KȒ|,p. bVN{v˜ѸBVY޼0+lbW[SmD>oCM@^dѻk_{| w"' Z  d*,킑9mW?nt7.I[)agl$<@ˈ78(0Ȩ#뤲 ICOD!y ;M=<ϏlD}YPaw(~mvNM!N([cfIH WOCxO)8YZOyPtx@?吚Z 8˔Ra+ uNuF~&3&vy/H[")H/bD#!MOZJzua(fK jd[8 y^}]:{e/ѳ]f P!MR"Ti猿??N4r˳}AO%Ճiԭ_BcWn7Xh5\+""})xڢgLD~)$#N" $%]QZwM6?~zi~ v2IYjaxU'(oK@PБMit_VQPk2+>K7GlU\IM;~M1Z s;Rˆ~)70$6M.L5Wpު۸ڥ ]!`4W>6ÝoeĞH9I];F?YX.}n9RVD mLQTfҪ\Jw{R$mbSƦZ0`Mѭ m궥bLq, ;=ݬSSYyaMCZYKn%{(}wUs~W"i!1?(Pj ƨ^j|,YHVh]HYIk&L-%6K-. >E?XhzrDq>M!% !SB+U <20@ɋ > ܫyҙ-Nh[KU`ɩ]?BJ)2KyB㲼T'-L; #!FAL1 *w!dYO4>M U38Rr?\#ycY3A&9X p ʾG-ɃO#[`E5JHW@j^NI~ZH_prZNqyYm\ 8!Pwu8a%)~Ր`9^a 8Iq_ѕ`7R .Md/^«ro ;57șcpxr,I=6] -l̬ډ-!}&Z0_~\s!ʒ8ԥUBw<h,`hS^[4 P/rn<.qD-IA9p>#qtBqxeͪ{W; 8*\6F ;D&h7 NZ;& F7sC5Af=A$o%y`ND_0;{ۡ 7gicqVD'8Iܮ\R@6zK \g.jM?<"7ZSܱc pO6W1QLө$}V_02Ѫ .Iѭa?y}l, By۬OɓTI8A QnCRp*|48I !~b'ZfqXI/A5YT7٫ 7wp;(Ṟ/L˻'jG&3ͣ ڬ<q:\%$t;BMrCz4]ZQL=J mk{QSlgkq?n#N jy2#z=O.uWM.|zL{5ŝ)ђ\hePPiX%oq*iԅW\F g=-ܠxysqz*\̕?ZZb''WbRXf0qF~{a@[ < 8ZcoB̏@8l jHw7yYch)R3}8V'ڙAsH<V aT8,7IG3RZr-ѳ%+P/l|9W % Gg]L3w)96DH}og{4 B72߂`Q)4L0\Y ^@g,ujQ)LP_8U-ft 4pfUعjm5y6E qɛ~i6;Ţr1v{$lb7Гke"џG֧<K9]@yVqq@JvFo'UH~R/yٲKҨ% _ffh* X9  * %f_fp&YY}BwþRѺaG?{=Ah4Z* j2k8= G0Hj FEgFS/צe&\_SXߡA?2e8z+7^fcl2[r!0H1kh>1cގB9xwHƷJ=4髡Q"XSbošu7cFV='}<I^SZ̻JζOAOU~869cQ^ijEo?17 1L!gv'Q`jGRtS-DWN^~9l" w>t 'u5=1Pঊ}b_{S:/MavG-|٩󹲛xt0PZICz>1HrFӌ3eEؒsDYk0t)g;nFK?"!T88Іmm wBk8E,sD͵ͥ1uZڃ#6^W|"#oɯ!cc6d8 㜵vhKГ8pw:?D\'nXLhLHQ$-T0{Hca 9r`.򋮮Ӯ@ N"$ .=ll IN x$ BYn}.0(S:<f˳q-?~^9x|tvP׾sߥR$1ރŔɢ@TwunPa'iWXOUm(6Y\tvȒD/>J }ppb$.nGNBF*BpU )Wb r9B Y0Kewlwfŀw}(D*^%peW#7SގFܸ$CY$6}K\l͸cl@;g,@ & 'DtNZ/_5MU6SR tu7OP5.hX'?ŋ֦rC)kנϸ&lH19!u [6/يMc;HTAOt\LtU%"~Oq߾Ѻ8-,LVmRffF1m&B;9س`hY)r6eLiuʖkW7S /I&,p md"8Lb@Dp2& {aw_$01kVZ?{,sr/jU=X\*1jDåEӏLMT ݧ{ M$gy>J'iэ,|`c@/bAS;3S\^nj'ŵ0i':QF=ض\?/Wʓsm0%lI sXKgXk ?@hL.#b|:}lT.a͐'ʌhqҮWx޹ӧTїr($`72h~$d"WR~lDQQv(9&;gtg򫎖;>]#=s#TQ󉿖o3tt̰%CpB A^8,Q1iZq[n.uPUx+=Dh9]B۸:Rkjg7x! Ũg` T}TK+T,då|ߎ\jݕ}`h$f#А#DܜK]xAcR^ԚoV,mL"C&Q ~S(ݒDH<уx5 VO`R%st$lA-T3t`xXjeHq4r+Zi*ތ{~6`T>t'|[S ૳Zxw?8*,mG0=m- 54I ^hSR) [%{(0)z[Eܚ[U;/xJE )="?[>ir΍1 k[pV2GsXpWKB^*Ce/l~zVj'n}rYO]ViLQIs[.w;yuz, %vَaT<- $OٖB.w.Z$p(/Q͙?>07:YY@$Ordly]/9k rĚ!UPRm{Rː_R/MNBxoHO 5B be KR;"b%dgud8?d5?'˘tCߖy/o{QE[\6DuE;G~h]$/n.= wb*dY6Eu/ѾڬhqhCȘ#-Is!Qڥ/H<]fAz(}2Uŷ]ZH 9 T??CÎ qQWfπ˓1͛?3 eJbyBaӬdmћ E/=G~.jG#3jZCŀOs!CĽ0l T#,(t8&N+dAÉ@Aҗ4[|l6[kt&BՁ{ppys )%9\fYS.,A耣/>+o #4yqQ{Y5NIT`7ڟ5l!fx7SaLϢ7# }f+ Al,=e;g#ÇVxX>7m9g`t0lB\AB<&zŭ}da462Uv<+bi7yeocS"4InH# mlD=E 3l>)& r IH~ +n4E/)3'+nѹS9:"2wPDDTĹ Zv@xtamxr>h!ɓPOAQda7#Mn@"=",=쨛++RT ќ~ 7bqt藋UH-H d*\2p?ɮ4p,YM%bE oJE$TnC-uE)%63ZGPk6W4gO'T"Ck FCJB$XYw!}ll>cuspCgLHLX,$^GOBP.r]8ީ٣%8AsPW*.e/ֳ40IxC˟Fy7u4JV`=Yic`~#WKLޱVgΫIEJJ&)l1? 2VDA?X_<\!vγȒ {oJ\>b7FE_ۡ!.:h_m+[481 Ÿ"#X/C%[ [g{P^gϏWw󹺬f 7+u|A _"H՟dΎ0r̘{u,kmb[ڌNBùh==䠘::PU+9ph(I˔;{s[,hOrA[%邪*h9r&eHᐜ8rc7F. X ֥ϗ4p!m4;mP1p{s$麥xt rxc8ߙLB Z?m[z'E&=(άsRQ \X%-,?P[ph !tUҨTIbFgEq ;$M9h"?% );"#iTpٔPSzA4mmRe6ps ;"0Ӓ'4o`'[u9~ G~W:9c(*L"cV!sKjݟC> #ܳR@TnN xJ\޳F >RVՄe .SZMY2[򒱢~Pl,}l] %q:8jfKMKpxc h|(4vDiIuء{] Q$v:'zJ"$ۙڪ`0U3xS`qi'׻2>OoUuFks]NF/nIJ$WQo$[SƤ3wRX%g:%ϡ$,CJ9bxJyIQ[ŘBloyl}h(a/75?#u wF &b+Kr.S' {EˎZ㔦+GxidUp~}G^ǻV_$U.(fhʑZTY 73!#L C]AŋV;0|9ôcC}:EPh`7y?mrf(MUT+8 [.Q\UY-!EA(6 SwP% ӏ)TdKrXU'4y'a@N]`,ՂJ8û3|)E܊ׂ4%;v0tף?I,q} "~Zӌԅ)AڛcVR|L D\H;O{A< &GT0{_oy񗓖:fq;ФnvS(|!y E=d3e$6EyӃ@QǠQi/n^NhNSd5v xI>49λScXԿ!xT:uN[sϷxOj;xRήFl^n0] @3>2H8oׇ44P ZM^}7ct['s""cP[NVCh3Ģʯ>kFv>@G 5ͻ"Y-x$2;4^X< z Ͳ~׮Aݠ{Hq3i %56YWO8(ݤ?żASfP~ɷ2}6i Tr;kO’GL+2I"o) m$I*ҝ"§H{)a(B 0ǥm6L7P 驠:?L,zvmn^Э^Q=Hk$Ł\#mO8ZGzC5Ea &s:+g~fszov~kxeůat@5 ȓ.u z' f8Rx,QTPktjESug[NMspyL,:%d\&Zy*nlƄ-Uc@?Ÿ@#d̡h#8#` Hv7utzUHx-AƫB6x%]SDm-vEBʡf0JԞMӹAtpw~^j}&YE.yd>h5Pg8Z!" $Z%{ &]׹1}}|sŶa`aA=fG}=uWڄۀ9rYʹfRvnLI_u'[y|֘9 $mH0C@&3z}'r; MĢ!:1hrbEg9 2r+SlO21toX]NѵBRO N(PCiv K >I$IyQ~ jQT mUKS}@{BIM,DLLV \AҘw+{i{(: t{L_2H @ >xgO^m}Ȧq.ʺ!c7L b $,~$7׈6IcoPEfm1qhLS?8\2M'0/[JdVM@PD6-ΈNzrVZ=nMZf/tRo#:ut}!v`(Oll_'kEFZCb[}k\ݤ AwT-턝e )fvxF9&STQF[XKh '{  c1{CZ>ȟ{(\1J_ w`- eU6wVf}84'C*vΰ4umm`?ja4"[u 1&=QW0苷' V^%a(x  X +#2xS J'%$]2r dx Vʣ&AP۳Z ūϕ7U3͏lhA קzfܐ Nnr[¢bk,d`3 vG>9I$nS̝ynvD,¹֙~{OF- 'PA8Mnᾨq]ifO]Bxm7$@{6x%raHډ#Z-)^hncP2b;/شZ`Kinjf{\+SJܴ#.УvLDBUܩ:}Ǽ2dP(Ey3z-w@XCzTcD+qgR !v-V ![Fp}j;N|A>%N}H̯Y?^xI@˻Ŗ䚫poTr@R๏uW_9yee`7utnO{_搹AGp v΁6iN !(l[lPH |`[K稂jFy|÷&,2>ymc :⽰ZpD :՚-IƖ܀9* :&ܑi4oĄ'2MI۶KX8-lS뱇#~H^;B]"xlBϷ"t21.&DWeMU17͛\DPH#{ɄFO#ZAal*&:5Ɏ.{#Te1Ofʒ,6wi3yz䓠g? ˩8%%²̔Є >$3QEh5:_P˘0Xl}Ot*x_mBCTC&O- 'FbF' e49zTV5H UӠ3A|igkvc`u1ZI_ `[if5 X$ #Qp&Rύ&@i y} M jGv4 Us }hYɏ~*-Z-B6?a!c}9-QڥRQ}i:KP2yBlfqg2l`F5Ԟ gVێ O'|-y!5n%+UZ)ַo(?JkMXv[ȔYӝ~Xc('U;C,N_* cʣRG<3D &(:]"ȈTQx"zm)5x0denZ0LA{Xv1,Td :}%-ʞ+Ϛ^&򾪒>myq^!O Cʱx/G+I5m3QO)[yFO7lڠ8HehP!C$q|EX8D85_D!). T>(E1T +s#*^+kY,E% gk=aROvlԮ~9NF1p"f 5@kZFMd0'l3+DH A+-yI `-Xdא/_LˁNΚqtяj1Z=$TS4Jwڔ[ˆyn̟υlU#S2}TT~+ԷmȦ?]}^J𡡝9 l!.25+}<,=@]WR(U$[2Xk`g8 *Nu p9.3`,w*S\`Mi} c3`@EЍ1'=b\v9jHTK0vx(:GHvQ,|*-xRb.9БaYd7-I}FK;tiny-N-WSMR vrԕ$mw+DF.jP-,4(byAf..HOߺtKk^]V2O6!GHl "xU`ITlOjs !>ȦyH%'/5t :F_b6%^[s!-_{E$. 9,yN{(2ԃ!g>'tB.DžO%M iʌFIofz 9xҀw&~WߵT w:˗|YթZF2ۄSb3t"zɺ/6h]GYWlz&γEgL%l Fa~qٚ Ɛ,}y{J~Ni33>6gR76LR}0] jJO\I+YZlFgBvw\#X6'oƣO3t3Ӹ9qΑڙq`qGb@B (@uYAXYh2du}M|˳3(d|x6N6htќ9WR %A5阗+ tHZ޾c,wRG^;1G6(# ŋAMI*0܈^X(ݰ>Xse&WϙG\WVkk +8]v>_kHZRF9f*z{d^5#@6@/Vf2AXҿQ<%ܞ{e;kHY=Aԥޅ`VS4k{%(V{{U{=l>Dմ ٻg8}?">D>G7QD^zeE7 C_⺚a.f ,*c ڑȴ`ge#l_lп/zm=@|'˭[oP~Ia֌ɚL=oDy ͆z6y{FؓHq{r0FIj #Oܥ܄fVr(K qVΆ‘/%ݓύ3U.Wf$5;A?+2,gɐS9t\dhzI)VI!ÆF yWw-L"rqc`JŸs  oUV7ᴯE8,*}RǨ $#,gMOZH+O^|-m|h7k<I}.L?A-8JMzɒH9ϳx>OL , Sxֵ??9[V:Oe/29 $ iWk? `b(f`o#iQ+XSZ?T;oP]Lv4mVr |g"&"d̥ 9To'hqVbcE.0ʰ͵W3b`"WfkbVU7η#h(a⸶6ĐJ7ixRݨ>@@;Ъ}ZSנ΢Kw;1>TYbF~xKoƐyZ[`AOqވKo؃}f!)E+5yB|ju\HǩSFL܁gM$ڎ4z%K:γ+.\rr|ɶbDy*w;F oNj>IiHżåX-="ء0TѨXp{{8a rX%"+\[#@N2 mk1,wTծ?\1)fYbby $[-TliMA%ONH\'1w"F2^!ˢQ?p +< ՜CL).(ss9jxtUnT3o%N`_{+AvG{1VZC:Z<2C*d[oiX qX6:닥il \TZTrOM.%L@g \h,T#bSiQ5/!]KNNJ# XC9[L C̑]Y12(;eH'_EVWr]-/5رsDoV ̢=WW %AQp|d4 bjPDQ{z:]LUo?;BORI-}n? pӖx1gy2SD ||G%PHE@)?CĘS$AB w ]f FNZIzQC ޅ{aTD>m6 ~`gB"ۻgHR\-{_fS=4swxw'`hchqD#l'aI>F&X8jU8%;%Vٻ0GCKGp] [.8\A|$gͲ/()<RP;({kPeev'ݿ!_|Nw4N`q/_\|D+Ё s&`x:v{~!DXk[kgJ+OnH&xJV܋wE'jS[;( %A(2)땕P9{'xGpUL1F\ qXG#U?c{8b3s5SfXgNKL@$A/hŀEU N+KA3L,C=Cƽia=M(o*FaPߛL=$waJgwW~ZE~JOVS29$SaFq]d}v,0DbſJXl@!))]&'ȹ>1 "B)b07|:.R.[$a*%fiIGfKs:#SjV_?]W+s\A޺cqx:U 3Tцx`C4zmq7&=ѴbP)[t'zjO(@7S3?UT5gY.G,5U\?#}gqz`]}5@:Q1󑌄ncfrOsݎϳ[ץblVu{%3~/՜#tkABZ#ؒv*V6L0i!VW:##< `5 "J:JO #jJ^ 5ړH}. do'C jJb_ާJijs7^3_(Bp\ugEEO5B-x~}L;?`լ_} p\vo.Tq v}?¢u6UC,e|nJM Kx+SݹYPv7%@Z 18Z#j`\| 6<*vK\og1Uͭh_Z=gd4-Z{n吃#pJ2ECjk`a:ŦՐ Gԭ\CQ5ESꦺn} ̅ _nrpe|(=@3B%7᯼4COBⴟ(h%qLuN_4X}Nv1LLB;DWBHR,%U|KR'le 6C@<;Y.Lѐ=b h>!+zfJQʆ4d,jAYOnM2AE 36(pfY!GodM7. f_saƤjf &22wt]^5źraŋCLöUs> Ow,\OWp ݆E.ICUqKqav.\-_84*Hh@agJ0&kY#q晾0yR6DD\Us'DZ% `mZ4Gac0Yfjr /C]_p+YyOrmb@ߕ7RKLM9ԱرM'00=_K5Vp`SPdh03 clcN53JR>}̉|m}O? 8|jde 'GQ[q4Z'+ӌWs%_DBxMBaP2EU-g"QS6@sxzmσTi]E5uQ$Ha<ׂ46Qֱ7Zv]Ʋ!`QیJgh)#M(kKQQfA{r+][Vkr5?; hxiz)G”Á5W6Ĵld4jĊJBHZ Dٝ'8e|md1HI}!{j2+\Egܺi}{M2 SnF'9+0}uG>V 78(nB݌1~[]r;]G vH갞^+q T:NqݕϺ%T1%۸?+R  ڈ ۊ^rֈJ+v%bK:{ީE~f]9޽HU[%Q@p[!^Jk,]q EcY6K)Y&&K 7k6zgl z)#Ex@LSD˛+ܕs5ƒ߬GIp*n|I1~[",` 8)e"RJ̒L"8 hN UtSSyVt> HIӂqFb c''XQ#&MxymL@}/%|_k'q!O0RTxm"&c 2p[uK"oq15 Xnb#٠:3K?!hTiHgh?dUy&kijdbߚc ُΑg߁^Ҳ!󞷉}޼8Xzʪlz"m!,f :d"ϾRnJ\-a2e8p;/c^4#\—zrrfw`eԭFuo5ڒ#yEl˻ڵ Aϙ귕)aj6檱 _PT4oKVշK?* F)!3 iKȍ<-q3,AQhK,A3mV!YŁƯBIX_AAVFV<Ŵ8lH@qWP5{Z@nÐ jc_VcE i1I1F6~AJԇdJ21_pH$A8!5Os fY4tPj;Q!]V->0ş+'í&2EQ0h:0V| v1g3|SQsJix^Oɐ\kPSᚗ.F&N(5LaCBpExn``QqW{v0k8n)%] v1AY1%-0aN;Ĉo>ay|r~Jңo/Dٴ`gx|P{Z;k_1$/2J+4 FZzY>fa6@O((}7ire|-l'3 R@hp;HD<G oLG; _pMgo(W讽uR@{ 4&j~~1[D5]#}:Db]oqg;jbZkQ@8'+|/UhD{_*|򹖡~筴cD`[{)fqlU9aT:a^e= XM sKcù9Jqg(1;vw RPXCZ8?SlwA8v=|K'W-JNx[$%B^k=[LtUS}ܔ@2%pY;/ QLb1:FXЧWNo7g̱٬F2rqmWXm #H"J7׍Ϭm+*CV _ vIg0]~wUL2d!jC4C )YJ²>(MdKȘyMq%A@eW9фفmN|J~iʯGsZBgҜA,kgb^]~8G 4pBW3֨Z AbU5U0IX) @NL$u_H%eͪ ◝s=uA.;wpk;: 'ɪBrQB(Z=N \ο\o!J,Rsh<=δ4ir 6hDDDh-]c36Sn;zBk$&Td!|TO4j()!⽶iN0r2taD7p]*:R e๭0 9+D,뢯 #[led /\Bf qbdt3hf. ) 4H' ӒbvcZw}$j\z;#Q-FyMRMC>bgYt#BÈvՔʼn׸ӥT&"{Hr:r'egp LHN)hhC"5{) \!-,ZaI"bI,۾ A~@AOW%Iv<< @E..Bd'-; h~$kao?[n Wg m{,!:=q]DBtιN9H\#`s%Hݹ{%@+HJJu~)F`] }Ez`C5Gw ΚNN%?;t\4ڗaG3pvk@W >.M ֕,$Q.k#cv{c>"E,&*cp}/)G`?/¨olsTjc./7VUz<\qvcKdD*bpnHA"REhdPKYo O5>$ۨ<^J(hHel}h56|ԓglM A d, ?΃/ Ia#QNl 'B0"(XLڊ^aLTɏ|WG1 ?Џ ?7# 1箛= Qz!^wE0P?;ĆY{V#P@_\S׉a3L>UEmuE!i qYlMXN$A1#1K{L][ J Џ}}\]`#O\k%g$RVagRo&ɝd Us[95vjk6'6z,\ XF_ (OH I!6v7 J?1j ؚ|ArII>  sO(^+LY4BwSW)0?C2p가mW 19h<Jip-\65kCxv7L9pnZ7#硩:mGқ#/A~R1lNzS=K{Sel IJP n#V^j3i& y\Ap}mRs}Yp \rņ=w?AqAHn2m Cb:HTz;Am2-#A]ߨ"G6[v3; *xm d[EZVsR+iӖjX4з%(߻2n:_%|p婋=Mg(NH&x[ۮR7ih'© ՟4oWz2M=/Vvr~}SJԎ44Hc۱XYz5}1MLަ~&kVC΋/#$H0qKXk|OfX=gΆlw@R9h f<&GdYy yb6A˦͞4I; E_Ю\:6fcS^ql~Z,&X2,PZmQERb,z@PJm[΅be), Ziȓ>)IIqlPp]i>ags^;c@<,KkQGE n>u^fUFhwd3ߠDB/'qHǓI]" aQf7NнBOcd?{50 #ܖ|#C#/MX;M3,G~!r.* 部wi9;\FJlT~Y%υ;D}UH4M7x32M3LSc~;;iz b# =n V+╷@:C\ tESlZ2ȒG=[#ö=pUS,FD h2J Rmm*곺a^@roqJMC~V^jAo\;2~~s43QJ< Đ!W0ؒ8s)#A6m L)tְ%ڍn ŷURj9}C9 w8 V.)tlPq2}"yQ$-,:i`͕L5!OTFۉ]GSĊ))$=)LFDFFi|b!Q6z]ֈzQ=Dq^Qk;\%yK>vOYҕLnȴQc轃^}YVwL\i@xWHDs[!6hF;1v_WԾ8t8FrΣ˜9cv-:@~#/v{t/JaY]r[OgҕNS??;[»2bi{#b>(8 JduQ0yJ!qr *ŚŐm8^l6*h]8  zwOuzmK0|p^ fԤͯbddX ?L)xƎQ40_Gb25* F ,`ykQ#(}9“xuH.:7Ӎ퉠JwԾF K*^ &*CONaVevP:]>ƤZc{LvW1T)ٔ}EX[ "P֜.KW,\HMh̆RRJdlԁ ѹĻ+)жj:OmM38 P%i׹PPZS=3}+pSҿ$AyWލhz(4KdrQD#mnگ6fI Pq6 ki+L1hgYurS>2&ǭtv{O+`udv&-Uv[Z=6]F9j.u7 %kf+@SX<}F:*yЯ>Vy-=Hi-.lfmrJ`̸C7HY Է;FqԒ^[+uhp4;*,sW^-ӳl穚 'rd& 2k;|Dp^Afam:\] W@meP2!C1F^ Ie՘N*Xʤ_Uj ysa[, JNWwJsNug7flʹcs@Kl]}y AEV˰wjײ;e>( Zg`͙$̋wڕ%j:/>YE|{4`UmXFVH? y8QTMB:ε$"k8V0c? dq n3hx'xfM[Nr8| jP;OGMSiB.Jo YTGdoD9ݴܸ3Q\&¢X‰fYݏkp1imbzP6F TV"n9:)܊̞bj-B]Wax}s̱ݎxPu#L|#濓Rk9FoDeVQ7|%á\1cg!d۱,i@PI;bں)~A7ghM) ybFuEQq /(t ) ܿ:w47;⴯6. W!E%p>P=&qQ=¯Xpot9N2xY .*TY@Y?9e*1!.KD7X[A&Fn¹d,<`L\nrUSUiVGnGr vpǸo>5ىݓ6]h1O+Q{heZw ĎPNk;IQITG{xӽ(O+ǩ^7EZ'ífŠʾK@>ٕt:{ʒ;q47 ͦ>)"ZS|~ 86 RQ(eyoQR˩42wT5?\\z]ȲxecCMXn*][e&"[XOO}LpKɸdXS$=̹BNn$bg&׌@|`Yv7uI$w 6Bl(Pk 6\^‚CDDT2{:T~kMOu S/SD>j§LYWeU|:'K-~: u}s^iLj$+G5j _-2OJL֐@l S4mȋsgprd)Tʷѿ"WK=-pՁCk7V9$ u$vٴ=v@d`ȍ i*B~LF94 hգ􉈅+(^KudG~0r[l k)%Xܻ8GuK#aIL pDX€oB'B_A\hzH12{ A}дf~;iE{-W{p |tЧž)0 [kqp _ =%5ʖFEr Cl$Q^h ՏL>CEuHQs/Vgnq*&7]i__I+1je2y+^v%"꼈"[QDzL! 1(XR6oMA:S]a u'T^f܋|k7f(^j_"TVuZ3Zo͊+PƖՑ>-EX:5He@lGꕻm }F ':͎˟=>R&ƾR04]f "iAzd pkzp|FWo#'[8KNpݻP EGnn.ۯlA蠙vw1,*0ElmCf*;50%xniۄ.(_w.sWuDWQ+ eVR[^ovV9kX\2IV_[{2N\Hl30R;Xit &G}gv]~?+"XmZ rZmYkyrCkTT? }JjIF|j|clw@x?yPrDC#6,d7VC?6&Vּ~-\57S(] kv .u&r16 *{H3WN,vwN@<ƊGu/Á5q_bQ|i޸oV|tPd;j Xh7>KP.Yo¨.B1cӱZ̽^܃^)QW4 e.a*8v~ V᠋ez];㭼:;"7gzvl#IH'}}ՖFWV{/[cM\„x*g$ozS8h֫y$p9jY q;\@x㬴oM_KesVw \klg 6)kF.tk |ꠏ[ee^Wc^/Fsq?8l^Hx:W}xWRm˃ߡIї|i=nڗp9Ye.d*+|)YYn,&yN]m ȕP mꍻ"_ғ.xfq yZl ~%'IJ[Iz[ꠐ`ށ}g`.UeցĈKS5'~k Dy㑊̃";:aoF4XcxgmQVF:`dp%hRP*I+Z k>JKǙi9N`8ՆL(2nJC{ߺ9mD{'sݢW^?mXE#1+4S1@Am&b{1MѼb$7{k BMyMeּ>!늑'r/6ᜲ; gN>TזIAm8:Oе aQޱ+3c۝Elu^*4[#}fW<ҁy\= P\N^Ntg7-zrL5z\PFQEyfo;t^Zb֢1\EILv鋊v'w"P?Aǭ{WYr9ߩׄ񎟰#G#QUe$)KZhї_DWld%To.8Os]2csgA3i1Q}etݣ_UW ;&X|BiT+ Pjq=t?|=~Lm epFmfCt8K>r4X/zY?p!wUJpb9G9 g^UK"~yŏPZb˻iYa>DYhw4u$$z!G2·YO=QYا@#8>{ "/-&ybEB1 HY%O O(y/g dvdC{#Ѹ܋}A'¬nA+_qDC8_?<>^Mu0=滻*Z`iQ#GgE'Ƚ)!p[cGLˍ`4ˌ>8R,$⊉ fWoNdڬg|?cg 40`Aʵ0~$X5$! S ~'|{MzuC- ,:W!=r ָTRg~lt0v5V}w?dV9OEEcՁV@g]"ѻ΂DH5>Z&J5~B݊x,nIB ql mf|K8YGMNٙ{rwݸbZ->7~O l[Uoch(y"AB5 oe=a62vexoVjnR U*nķCkJvw4ʱ-\ʙ+y3n(hĠەGYC _s-Zޮ`hHCZZqhTmϢD8OY}/B×omGnY b<6Y<=f+9xYߵ~hL+h?}c[ i .{tIY6Y[v=:+~ҟ~~k̫ݧ:=YՍ պ@`9Ub@XYXWNl?9rBqExPKMhE(mT3kG`Ct#K9/Pt-PG亘>+eka߳пͧu%ŝenTU䤁`Ͱ* Z_JF줎+o(u-e>_SZ0vrfPXɨ "uqdS>{# yk{vk-wKգ@:xI8&CvI1,.$=s, |u 3@\DЇ}v\T{$ܗ֩C m ~뱄_Fa0D;ʕa&`g!qiNԦvN+8%_Dr}^ع{8H #W(-1fVL7/v_%{/O? $j8aWƢˆ{ԽsOW s^Bu{)@ Q 9ۍeEM؄59Dȉ, fjnI44wT0JzC7~\2&z#aK(C +ԋ<:2OlFΏP'к^<K{en8[MТ`pу JJmЋw&jd9|:a;WD_o +5 &wW7x WQ}?6+ѓ@j܁^ rh0k[ l)+bX٢1ja31`e Ի[:!:= )PW q$ ]fyxhl?dKǘd&4rVjx6RiؔcO%?;whvJLNAC9J.KfJ^>#T=VGuhlxr2s\X|M~M$?*=f#j,^-Y_kmr1<&;tx4:VfL[.c6]o .Ÿ(p7(>I C7uYm&D䦦)Cl*Uf_b DYz×^U̬lR-4 GO[LNϟ~8:βB>nC"oA|,p|BČoVWI9`,- .C4ƚR^g*#ȥ{M#Z#tujMB; ^m"3Gݚ 3ȱMvz{g4u`PV Kn E =mxUި5KmZ;dg(Y}8:tQJ,] z:k&oK5=uvqQFYқ-:y?+D7I` R̕;9Wn}Eŧ6=X Pa2ǶKM-Ӫ9+Asp(%L`l 'V . gZ+12*En-N>ks؎ ANjnӆ_)=[>JF(FCI(.qy dt!%/c^^ q>׈B5E&iƸ=r j',bJU+sAs>G[!#ݩ>T$&HYB_a0wypL{`ao'{_x-INGTKX2~>01Q *3x fːO y d2( @|1Qx,~L~ˬH\D3mu Ԟϓfe$6P{@i ,7OQv6$y#o6ck|ClGS)YJg X K {X b--yJ'8K[;li﷩@$iYog˟x*vsMzWC);3 EN+Ʊ4s{D0/%W9d$2DU.CK(mzY PG5j]+=LQdcUIՈ%?´h1J#zpE;xn67Qi6vi@ Ö@RthH:8N5]7RG$3^S@x'Ysr dKM蟚JEGԿ0AF:KaϺsT9;K29d_ ~ $0;=6$ Ǹy+߽|.f`-G%(eadӏ&a=K ?Ѫu!$\)TY[ JO(vw}7n|/L$CPjyb])*2Bc}/k Q2'puE GVOXyon_/Ii:sAQB3V/^4(q:}2 l:/ ~pidCsb/bS3XUA 7K܉M_;ߗw4-Pj_hޯ,SM&?a(|:ffTl}&ԡ%SDL*A+@[wulHAˮ+cs 5ߟϝݱD-Ua {UkSV']!eX'1ҕ @4s4l n;^C<'{T_ kFԸ귗>oK U7o; {Aᩖ\!>ЎKD+,*;}pWTE>YH^8G2 U 5f: k1&0p҉T;{f&.$c?3daiz#?|95[B4 Mtwgwz4)"9ܳ"}Dw+3OG!l'.s E.v&LEFBXIl2 \J[$_pDc΄ Ep/a]cjc}VmcɖVSoH!jBXOΰ~?bLͧѬrK߃z۴,`3A)Ӻq8@8f",[ܨs(Xu 9)"AJ ;ujמEY#҇;x=^?Q1QA`e&;Rhjn|7fͭU,ϸFba8x*zI 'DFvۃ }(WPƤaEQoziLTlP&vوR,zЬ@)lk=b!i\ƂOX(U~"RyX mMwqF}~kcg~C96czF+SýJ_ca]pv.lƳIH3 d H1& _j,ĦKߔAyU8A~)h8ڸ8װYWR)Q@|~N8,2l x7a|$z-2)B> &"pJR *ZE .R4'jAZt>Vqzq‘_ bsy#Auy`j̿ځe9+ s5 :lGZan?t#{G }>~b@eT ? i6AŀЦp®]:\HqeA9[G_!V^l2]p SeȷlK&]25vg(M/MvhBz׿ md0_HPyzȖr12. :iڊ183UR fq ɶ~ g#wqZ'> tgA=W yє *}O:c g옚gv,8^Ď8xIݑºmL5O!2bږ +.Ks UmHgIo;?}):#%Zh/|`zτVYtO1@=_/RyzJߤ9Q{B0AbmJɤW#R|D` 34'{suEnM;_ΧQ~^7 oRb+Vko"@'g7G iv,x5ז/p;5f, PY$Y s*LiɴHi]^$y/ڍ n/F/u)*{AFsN\B벤QS#/JGh&H_+wgf qGhZi@&4,r`"^0zirA HжIllIpEpizN,ezR/So6e$5mñypbi]\JOW!E06D^oJ('ۻƟx砤 R5G`P7[?V:>sPi+Zy̫͌ryĄN'JD} ɳsPͽV1oE]ɓf"ʲxwmlV+0]͈r-,sMd?\_rbfٿƒz&#Ϛ7A#,f5lʩ-_s]YS8Vnˆ!jw@ƾڧ,s0U"jKk0oaP ;DN yyҏRn~št 9~8Z+#GP[{s@i7q1SrC2.&K+Mg@TZOIگ^(LGjB|Z.]!BXM6sGŽtJI({)Z_iM"IEƹ %<Â9 W#wzeO3~osOŗu6I:vbG zǕef1Xp9`+29nN&Xԃu5>)2B9ecof;N$SD|>1QD}'8Wq443~S&*uG-f^4!`aj`3g&VOM,)(x8; sO6E*^p@!V[A{Yɒƍ[7pxs :ZdC7vJeO"Ue`zq!}S it.˧lipA m$RsH5߂.ݕd86nU 4HOnz}'ku7WwLfͭV8lBQґf!% bXZoɳգ|ە +cH*`feL%^5n L_ei)߳}yY5?tye Ƙ4(LExN$[6&E~b:k1E絴ǢG'b6+36>cP&5adp&Fx鄵掹(R 7vm؈ĔJwCc2ph30+&MxiqjDL J|!՜ʲxH-Q4>_fߠXjB?$ nWNZ6%6#?PJOO\V}i mB #:ly:7arYf8F`ogWP,fv׶8(N7}ύ l"h2Ym("rahۧas(Z6^W~^ GyJщSg~ ;D1jHF5X2^Mc*5]M,(/<׶49?lc |!`gW@3&<#pg';E(c0Smo'׺A{cYr 5#?G,*Q*acMvyUDydu[V0rQuN0$6(up<..qAON-]yG~2ͧG1<{)9#8_Z$`aYU!)f'"L_`2ÞAD>2볔!ޔ?HDI"A t/G?x0mEMZ"~"` Åܸvk=tKeMi6pmG=p A;Jlcf7CT?3|Jm$p m#c.Kf!bwb `/SF#!3't;=Sk-jY&pN x]04頾yѯtH#vs}y*ܫf7K/xxVV4{rGPY*ф lU9Nh &ZZ!oo(P8LYx3MsMvYIڑ vx !"` d|vhclb Ɍj{%J`v5tLY+AݵR抃;!ͻs0 (82w5οV5ShJ{g%M[&eʎ<-@S*O'5`N7>}OCmOrk/QtnTmONhV)VTSm %{d7Ccl  ɺ ʐ-'S}F~E,+Q>?GFGpyD7Ycl`0C\94$?"pa~H7{j1)A|&l@slO.$2s&hD&A{a yiwm-{^c{XZ@ល6S?gC*F{rfr lV:cWQ>Їx6YĀu?dP<˿o 1!;w5-~Iӝ '@L<\n^Ũ'CcFGPL|X,׺1=y\|J mvR%E%P1]ӽg#2-QHFP/lM^n&&B %-v>aBf;wQE򐋁Z߯ 0]:Lh@՛^q̰C6n.-ƴLΆ [:c`?l)x 6pTˮlңBP 4ĻīV X 6F nn!.7ldw&= w8WFvK^=P/x4$qi25BCj#/c/ö%'X{{%pә:m_*wDвe z,oy!I >(ln'þ}:t]^Rt}Mֺ1) N[c3E5u2}J^W$/qz`E=0l}U_gGdR[YHKd@yĪZO{5pIƸ-`g]tz$WMl])lӦv&& Y 0nb:MLލP ˃qAR_]o#(/>e}bdbM,^&Q+tO/*4޵+_[qOO#$WȳYc 8^W0Gүѝ%.jEr‘bHdCc= Z>\v Ǿas?F {&„N?7]x/.R? ?dBal8 # ,$@ 2.)dVğ:Lr4X&"ve:ȥ4IS|6527jcC 1> 6\| ?!A[-i؋vʚ:r8&C;xY=)͵Itn6kR /48 0h#sПmLW+T}M͘cUUٍM:&^k'Eʩ8( Ej6pYtzr|6bOxKVG\^?FXk9 ' [& @5uk|MYF&eͣ>[]! c(6ċQ 2brXtXGt5e災Ox喬S^]3Y^J%+M2Oիw>((&Za |32QS@җ`dvk#SJCO#h1 0%<x]phڤ2vۚuN_spJ-S'}Ԗ-ZיYHZ|u2eQ9@ʫc[8XS2%/gY*=׆@4ʼn!sԒn}jOپSǣbkC5yˬxStyǷ]0Vwc1fU\qv8bp9,~o5z~]IP\ )e[} 5w~ e? C/DLf [elTu/wOщ%ZyƄTԴAeOS<򨷩4e@PgL5czV6']oTA cYZ߉S*cl"[ïH-`zyG2A8Q\ >E3 _>2x ySlGQJil8 [s:܎ڦt–4\WҸ?cH _xU`jKx _[uI|\Ögџ,Hۊf2/mߵr p)WEpQ1mU~/ <".#c*}tu[Ǟh. ǟ^^;#y [,3rv F%橶f]C1ї{ҩfu.t }1gSCM8: pYevӪM% >q$3Ǔ@;9J뙟i 5 }Ȧon޹.|ݗŝUxtB V֟#y Ɋ (P,YKzvI0TG;tK=S Q$n#55׷*}kLΖXf_<|f^RR AG`&@ E}ޖ7I{Dfp/j99yVW{HG-։TqZ U0_VGC~^mcω! M^H06w 2P5~u$RxIب rPfn0)u-(eȀdd땑hpk}=53*D"/%e˝V;?.'TLFz-&ŀY w?oY;/XDg;8D~Q9U:m٤84e# P@I~ZR<_qw'#Q _/ؚ/y~Pĉ]3IZJފ{3ʡDFU~eA[_Ófp^\nO.h7h4S[ȕxtL>lUU7̭񀚽܃8ҧŹx8*}vx*4 _wdޅjܿX\D-o5d xmH<0SuR*([ʬJJc=QN, V C^w8OĆO{~׿9J۶Fy5FdC|FUt h1YeSNU&DF~AK[o ͷP}h(sZqCEʊ"0ҹbWزbKqlJWq{YE9AFd .lD-8rg> OJ )³\ra'RJyVyv>48rCcBUܸrsPCFc!RQkq =Z/l)b CN]xz܀p7z֖B`gZei̹ZkR-C}\0G^Нq5fVҼ|EqFŁ)65貴IO!-DM+4 Ϭ09ҏ#ɐ1cJ4w[u+Un:$8> "23oa/켎 q̴~Hkl(B-OǕ;r$Bal[$ETXhI YZ