sssd-tools-1.13.3-57.el6_9$>.ΘP6}s>2@?0d   C .LR\bb b lb b b b!b#jb%T%tb&'6'6- 6(-8-94:GbHbI(bX Y(\Hb]b^bd efl,Csssd-tools1.13.357.el6_9Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP passwordYc1bl.rdu2.centos.org LCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_640H0KR@|4q"0EP:ao2\ 00m:+|LHNr x?sH cC A큤YYYYYYYYYYYYVpnYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY37400738f8cef2d1783c63c8365dc982441e978114ff575a73f2ec3e1d855268b7d8ed25c10f3f96949c3b06bae485e1a8bd3a9256ffcfd83398fea2d2a4fbf506f7c06b8d4c421d9c8fcd580af633e3aee19682fa86e18f02bafe0010e9370ddd05c09b220c2c09300036dbcd7be67f441693d13442bd8f9cd23abdff722b00d024a636f665f3c205803ab952d6a7d67fc6f9880f2a28fd29366104aadb3b2a074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e31c78f14e9e5e8916dec1155eed908e41983829beb1b4e67230b61da9b84b6217048e1180f9857e4e4cc360177e8a16323b3caff65cfa88c9855e6dc58081793435563d311ebff2595244bb14d38a3f2e835da62f4acf2d5c1be9a9ec1af8ae51fd6440b604ce140da2805f918d80f4273fc16c0c3912cb52b9049a447b55e1662167d9c67bebf0efe19289cb3855d420538049ebcaec5c773f14f7a4d45f5b98ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903bd56d49165be0f793ea9bc0a0fbf88c27c20d292672b84cb0e67952353c8b45db60546e2fd0b1a4db5a5c7e199a68462dfa6fc9d4f70bb6e847428225f1c6f494941f3ec9c6039541ce3b64bc650a29ac1097c57c034832ee664ad3d8ee9bdf2e101d1cf6b834c2b2594d4814a8ee49b2dd83f3cb46fe7e766475e8c16b0ad94a247e6d836cde2ff962ccf667d769b3d9efbce2f1f9398996a2ae5d687294743202e62142bb856ee5742b66c06e961a34aa71751720461f02dc4f6ab4feac5945ff859b4f742a42da0bcd5ca82b19eabf4278c3208d6fbe25922256e09d637f6b7113f225a8077dfd00b558429b3af533d564d0d3dc1af0ad2b0dffbab753eb5b1571422b01d7722370b142f0707c410579bc5ca16ddc3ef4c74d515ab4b1565b81e7a4835bd45cdb94cc2bc47f767333d4a9e8eef8bce3f5eeb2cab7e7ba50ee596e9230016e36c3762f835d7cc308d3bbf367d8629b3d7fca841e7bd9ff90088178b4351fd120291cf8a21c604534b974bff38336e4d16d1fdb7b8c04a3411e1a7377e97d32187663d74ed14c05c6a2eba0a13aa70b1619187ca8a05dcb479071b8350f3969ebc4160da63638f5fcbee6b6e4af3bb0f09c0e42ad72357d778d6fd567264037a4a4c081d4cabb5ae706d2e0fc2ae265b623320a5e2734b86190a772eb9dda989f2f748aa3fbf99df359b0282a7098ea86131d9232aebc105cf8dd96f4c3350f176c7330c5e9cf7c09d98f5bd0d91252291329241719dcfa0b9440df973197410da7a78b4d71bfe834d9e96447a69843a061e7ed624189ca4382324a35ab7cfe1475c12e50bc662685f18dbeb54856b351f9ba86f44c104cb95c7199386d7040d98912f4a9159b0d24b4bb54ad605d2c0f38accd6201d73f5a228e8cc0dc10bf14f9c4457fc0a7ff36ecf6ac0f9c7b8997b3e99e7b14bf320038c14bc3a74a2b5aa1dd09670fa25a5e78bd3781a26ede2186edea3a599c2fc5664a0198285dbaf1d8c84418d440b18902b4ff20bdcce840d9d9e54304323ea803696a0d5f50485247879dfe907fded7b808b941bf5f36c57052c5b6b6c02053cf8b388567f57a1bae9a7eb2583ef24ed2d283fce5ce51f8e909fbdbb3cbeb68359572abd8cb7a76c64de1f9ca5b2de01c9474f311e167573601e72cc8e96c39d65bab72582723070ebede1641cdfe7490b0b9b815c8f716863b4004a140579af919af012b19f32e396a2b6a3358cdabe04d4feaaa26804e1068ad2b9b4f06d14d568dffab20416dd8572935ed1b2202297a775977baf52b0d18ab878337d9d0a71cc23aa014f6ec5686b7e18185d4525566eb88f2444db80a6c1a90c4a473d230b76a9dd02379a784cc12d8c748eedca11523b837dbc5402e3c7e068e2d35b6a7a2dcd9a206b010ec6228248ea2240d38b7411df8eee8260a634dc1f3c13dea2d3bbf32f0d63c491dbc04849d3d895bb9b1e89cd9dbfd8bf065b062cc280c2b277bfa884e21ccb85442c43cd67e0ce27b030855220015afb7d7b64728bddc14b06e644234fbb01d0cae463085694640dbef5f1547d8f5b692ec09177b4153da4ed567ecf238bf9490b4c3ee4835876d16d67eb25bf01f31e288ba2451f53f857f37b21ad06a27f043efeafd2060e114fd21cfeb79da55a2f4e7c2461738b52dae0a97cfa6e4091c10f33d360c83b987734e1029d19111c1c94f5ee3b812f6046be8f060a6bb6473e14c5aca92526ab0b4f670636faf206a64e1c1e04f75b07f37550f857712a297c99b5aaa2d982edd5f70355e19105ddd08fd82cfb4a920725014bf9e2f3765c529b0306ef3666bc82d7982dfb9393b50b0ec86da5129aca10aacd24b55eac3376acbfbf7c42ae6b528aaef55b6c6fd09e0e79616c4aa1eb73a4b24bbaebca976ed1db8e4035d7f49bb188333cef045dd93ee401a137eb7e755dca3b9743887c87c29b86498b001fc55253fd3e67201c4c62745b82f9038f34ba89689da239fd813677185207225a121df18faef1a478ef1ec86c5c4595cc0b7bcf86900be9b0d7e9e3f90b7312ac036a6037bbeeea7509e39284396bb0b81bd9f0a7fb14c5a7554382b42235642b694fc2fb844088d619aec8f2b56f67dea6c8c7dc23146cdb4fb5e8c1ab08f34406ba4b5d81415644b7c0e91ca9d24d8cdf89c0fb341fb373de503fe2016354cb7e095b645c8d90a7a04d1c3428dffb62f1c0a3602b87df92a82efee38565139f243ef582ccf91572c3ba0de14effa839f70fad9dec318d40a00f0dcf8dd7d791a0bcc6f5a7dfa01e03535dd94d9efe39cec6c6b1a3106a18261dd9bf9652a0c2b9cabcbcf95d39770754fe14b4658e290bdf0fa2d16f05abc74bec20dc1eca7ac8f7b54c311b2a3d24cc3c691304eedd07c70712a9b23a17e41e2406f3947aa6777f1c872bc33dc80b39f647fd5a316b7f45e735e64b48e2cb56da6ab32e5ccefe303025d1fb78ea3e0fa8fcbac58faa728410ed7ee3d796210e1e4ad44629d81230f97ff4660dc87e7fb555b20d8a71e97b10ecad2a06b72e28c61e402e630a03a8292df8ae343aefb039be64273b5845374692b887f00c6a8bc836bb04cf32857e6e90d0986d9bc8ef11545c81d06419eecf7a1a37ccab90c96668a2d20cb09fc19a859648eb59fc2643c3383181b7183ecad97575561bdc647b261fb46fef28fd2890057b53ff1fa4b1f113ec8fbeb7abc1d5df60684d684f02fe589a40a01ab55b08d7a3b457fa03b5d075164a2a48bce5762ef8741c8f51083ce661309ce734f7dcfa64eac7d56cfea1fcd21694a968d28e0ffd54470b9f57687bb4740ce760a79acc1b4454fc36b1f136dfa40628b598c33011e00f24e6a129911669183670f32af088974c57b51eb9994ebe42a9eac9142070bb43189cd1b632a87926b745f207d9722864b389d6f51f60e16b4280dcc21e0603fa02a7e37057d4e7dd8ab556de75ba2be7f572f280bc117c5d1f795a89cfeb571e007d1a1840cc810e75e33966c438ee0f412a535c6ff776299f58b9135ad8b5065873fdca8b1ee9287869f052d1885709d65752709a34dba6d5e2ae58cecca23d231ae5fc7bb295368201277b17bddfccfecf37f1388b61ba99d8ca06fbe17338effd295807dd87b0df0032d066201eb8bdb2342a01939f0fc0feb0ff96f6f3a651cf642d6a3859c2d1ce20b55f41dde4c0506f635bef1e904bfd44a9acd0a5e6ca4f062bd3bd2106c043dc09349bc0cb505ac4c8eabddba264e16a3fcbf2a40bfdac0ccee0a777dca0b0919fea5f2e60b001eae37b27af3f79858f853fd6971dfcf3ef36e99314f1767426c294cc4eefc1cffce6f623a91d2e0a0a5f857c735150d8b90a7dcb2f46094a2554b9079de23b9410cab36568c842bdc0a1dac1767e42ce2160b1754bc2f2585e0fb0ed1195793e99fa22c649a4860672ba2b16a2702fcf15ee90d763bdee1518c1353fa8162224c85150faff078f6fc5902f5178f4c7a033d101a06ab04fb6e054889130336ac41dee67141c32db1d893bdf2afa4d2fa6be4c746d2653d0050be744d5a39176bffdddba2c220106940f0bdf7359bced4ad8f339c8ec511accc04fb3642ddf763948ed68d152a5e868c28eefefdd55a7d50cb766a9e20217b7eae427a517fe93654745216ce23bc9af7c69a8dd15cd283a6ada923cfd2dba38109110c7da5d3a1e60831624313809a33fc25512227f414c580d72af313e6dd8de8eeac53da0f925775062a87e0371ebc854484a80c55d60d285856b99148a13d8dba813c7ed1150c3aaaa866333b7d0c6cc75574db59a9067f3297483d279959cf7e7d68ec55616cf58f99cf7ee12rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-57.el6_9.src.rpmsssd-toolssssd-tools(x86-64)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0()(64bit)libcollection.so.4()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.6)(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.5()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.0()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.12)(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-57.el6_91.13.3-57.el6_91.13.3-57.el6_94.6.0-14.0-13.0.4-15.2-14.8.0YyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1473005 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-57.el6_91.13.3-57.el6_9 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnu?7zXZ !PH6]"k%}:w{!vQ_99eW@7ap#ifZao'K pq+2b(7L:9ӳT>M!y*dJӲP' ?xHe[<I鄼2M+%o#5k{y ہ0)h+eff}Xv0`TBhg׈{,A9#֨~=&7r$-@ YPlsUI R 43SsD1mDJ .[izJ7 :b$Y8\6UZ/dcP>nlУf,Qqt"\SK*JZ D.'YB'3-dfk7BO鷙xЭMVDŁF e/O,wL+x\ŋaOܴc7u68lYz,  CNR2q{| R.E/^ 5ZE:Odʻt52A|MpSyN U#Z %Հ7/V_/'3~UI*2Dpuމ̽xDħcӪ׍Rg_rN0!4Ge-(h@#C̕-▶ƯToC[##W@O6$|!YG[т }*73T֒(957;cO* M @Z]'b͕CE[)؍4I0vQB[dx26d_L>v"VI㬯{멞yȁNYK= ~ïa\vWVt}UW 5i0@^WcY>_1ܴh >իz'x"AOHTr /\sŢ$o3::zjZA{d#}a0SIB6kS2rHYYzu0~2;X:USLa1r$I; :_~9?*Y"M[ba hv+v-z|tT0"jE$.? J{#I2kҵ퓎}hG[U`f*p}2ynҿ7&(#8IsLa-RjDsҔsSѪW/Km8cG&yװD߱7\ "s(?BL4 Apof Rmini\jeԄUQd4nf:yk ܞzzqaK>f-Lc>HyGН4f%*S Όg]P^&rbf ά&@%їYŠҕP?Bkfbm⣽tvGH]}y߂3DBr&ݝ5 r ' 24bǓA'$}L[yr< AnpRҩN]xj=XrcmZ&`ѷ !/fe2xZ,u}R<8Zhr& Ԍ<.J!icg)Gu.z䥭x ݡa&.DlH^OeN15:`?-J s3PUM:H}bz)͛k5G]9?2yBIײY 5?[m փVjPEqdWPj?je1(ბv‰F{@PRSMC%,-bfA{ u1b&pμl̟x* n}VO90Sc^K+hw>g#pmzi4,YDe;Cӕ a[><?P"]#@ԱmgwEcpfg,$Arg!\1vV'7@Vm"pEW%FէR߇ aj׼oI^0&wӕ(tȗk GEJ U2X2* PO"A<`'K`1w+9M)X|Wv2Ӏpy)Xƶ4mi[TDfɹLBIgNeV6Sn^^ 0Ve@1{F2ʉB qR9*!BRt>}<;ޭkpp7IEn eB!'PooRjM̑)*\1/hU,`fcnӑEr=uاC:GL5L,i)NY` DE,7A~==0D'-3(7Y05AcqQlȰZc瞀1E Ay N.+`;LpqŧW-*MŤ紦z2PYu0B۷}#aJyoHQfZ0gy2{^lSx5ir[12U7c_a#1SQ t;h{}뽌]LF"…IQ: JEul*.0ӈjk ˁ|S5 4Zz O {C+'k(D09"6T-n kN :#;wRC l /Beq\U(?Z%u*0`kx5R`x嗓`y΀F1墛h5(n^NTd@WBXol͑:2le8F*}53 NS^H'f~w䌴9{|_> eXF39-ݛ?F 4|F*]|H'N)WK99'%gQ~B?wzV>k*Yb=߇[HGƨ5IC=cD1~VVޣ%Z6y&741iS}Y=7{gKSIǎ{equE\,~@4FDb5@q,~7E-@YZ?1+]Ƀfr%Swq(h*2obsnzEѓlBoØ>?X36i(߉nݯV082N*ƽ=F ! }I<6:F c/8wVkyܺ+w?(Ї4 FwIl?g6͚iA:P80B?]F=JnEKDEژ(,ֿƀNhSb{}ޛRK̭ۏHXYK#,%ʞ 1hO;~O<3ya[׶[Ҵy K.ГG:/$Դ~,,dvZ_x sv+AnT&Pi#.U0sReF>z#-{CK`\(vN=b3wȕ-U9I"m-BUKGeYv#EY Olh#o" ~VـE#U\K(W ,xC!V^#tX>0 j:v fgEQTKnK ]I c0[<c.a1qQҚBjH+(s#3`waDWom6xϲ ]7\cn1U8(J9 -Gv xJbahJ i ؎D'GJm߆BVݤkͨ&sj)z4/^K4300pCe;l|ݝp^yRQ춓$- T8v|#~`inJ-L3 w%╀ѭ˭R]5(]ugPĴSȳќo<_F.E}V5}\5=!5pת`0j{^1MI#{1hxRY籠r lןS#{T `uIj`B;q`hK .'{9W)>brg \Ȟ׈ #PPBQ&xpE1Tp@kI=Ɂ(^^=ݯ|qw09_ӎ}/W&55GAp^a5e\U#ɡ>"I+%L`/MJ@] tçC_Os[48|2'(HH!(Ѥ36E|+OЌ\,\6tGeydFy36G^YHߏ<~iD>&ƨdH0j@ޥjD>A xu}f8nqӭ ܞs/C/؀M;Ɠ+^uC#uIёpVATԜ@?#PJwƉv.8}QInWPsPb6nPm uJUEBKc[aXz_u'Om48т?{+>|K0M`7M(N}y,~V2! ?Y}>WVxsgt3{q&SFr然c@ Fvv*`th=qu&<zY#M<,܊_1oSJ4F}?+T<:L suSeDgĝ^{(Sr UuZ:gͣ擝W^)i穣SPSҢz'Q<[$2'sWv*UK QQ ? [D|KXWUFwpYZ>x@C#wEf Z{:)9%#ZmCnKZヤ0p'wr};s4mN`г-\ 82R# \XI%JX 1FD'ϣ&NiuAј|%"@DB_l舁6\VLȥJtujmFھX(J }k09)d C|_ڐQ'aYMM䞨@Smg&N,zMV|_Rl/haq(d&&-lvdzh.EPkгc~$ AF ZOn>QiNGt FʞZ:!i V}.B5U! e#pg%!} I+xeӀ?ԹMb'~Nеsl}*Ke $'3^M-!sd 8/-𢴾3| 3Ts@c)GэD`o&X@ͽZF$^x!$ao>2VB2;pcGO(8UtIg6D'(qy(x˖ޘbbl/+,16CY8EVѶWqJQ-r;am|̐u7_>Ao=e{4ķF3򋑹b畃Wu/$\# A zi;Û3-]Ÿ+N QWx5٠qÉp7f8|h^wU ^Ր&;jnk]l,1J1)߷pYh>ub^~ [2gþ[1D~\uߑ 3G7T.&"}^6爦~Ґ2ݜQ*[U| R;#'ow?fm0Ud Bq|Q`J3n3QrJSR޷lU 횘b f^/\Rmd@^0~=O*l?!gw7 !(2F'4 izgbB} !U R䶬C IտOΘu;%]뎏ar_&G`lf<V+Ծ#&cfڙ!,i+Q0\(jS na (<+ eeP1[?l/oC<oãGYYeFN_;eK t"yJ.r7mEB7apFtHPx9f8#u9ݼ+QՕxRiw-%-P-v C4k RG lXyK9' r䣒. g `uN ~ "l҃"-V;l}'QsԠ3lh:s6Fm+Qy5@DV1N9t[8|@NW~롱YBZf)u8L|wEХ0⼪cPAl49@!b E(…O[/TQ4[}mv@/;Vn nHl!L1;R)R֭,plvB?]V:Jav4'g(r Z04M^[3~h7J->}ȳuբ+3DAތ\/us+/]/ rp,POEbCaJMm*!q ^q'1L,,|U9*#v[prl{ Yу5M)YZ )kMTeɥd }-%~aR^aaISw1\ōgڍzd)oiCp#'F~V#O={&r2_f耱lZ˲m0:L1AqRp3X BCds#.IN0cV7lBv[/&$Gݒ,'kGˊ]=MӥOI{q%IB(:҉5y/1AխC{[qϡ?f)=DJ8A{H}jvrǠZ-2cJtk8}7(>0/DJx-jjgX\D\ 5vHNjqDqI`ܖIV&aITjD7-s߆ջ_hyIoLDEф >Po^_2Ьm~Y*٬aeh?(PWA-XXZQn&wrNp_Pnu1ݽ3kql+?Ϋΰb@*nٽ=El$EGp[5R=")< x}QqIseGړPjAַߪ5oؚ&:@ ?- 1 @-ΩV*GBfp+5K~jS=a"B|MzL9HfHґl4𹓌(pz'ZÇc/^ev%F}Vfg(z'f4@f10YpA s?(&4k(: CŔUPP^ p* VJ2)˫Bض)0ǹr4$׋\:nݶKW u`P([ܴwPd>)63JF_Px? ,Rt݂Sն~T|QoDΠq~jƍ9/Фj `Q38NFD0ܾ n*jӠ\_y3_F2WU@ViQ+`*U?\q%>4V#nkGyěVG"K*29CԽi%PphQ Фxon YJ7\-#sH>k3\wÛ[JppPx2b6/^8=mibZ& d 6j8QVkDI<=>YH)qUCElEyE3Vկe=s?ܺx(>ʄ֒R4*TX<˾ѷ_l1yNĄ!$zkc=] r7&H&-8Rz9Q#=7ذD*5CSE?y͍\e \jZ!n-v+Dzyg2 &]XaA"_z\#X.⹁bs 8`PIZ_zZ3ua1fSӶ  uyM O QD%)oA.>s~٬U+'7h"%5Y|P ]hݎ6\˺[,ѾT|CoZ(E}Zh  jM,Qe+,6a(CWl 6 0ȏXGU'͑j q!'Ne M6p^АhkmpXX lk'v5;ɍk30 m|ؓBjXX"=Ԡ':Ke9rD( B~ #XIϗjUOz( hXțcK{/TL Cǝ۠@3 1mJ,0|d+\\ Q2{\(T,y `iB;O@YD@FEݮEb"@aYAkCnOndD+?VmMlo%R~YDyx}G#MЪط×ms008+S+Mqg*!*ƚk!pAяRՃIV4[vC(@kye8F{wIU x-JD*k}]U11KKr%w?jxEᵋ#вw~!\KK؞2vޘKAί,Wt:2tG]wV)=a V;}-Xޭ+H8/Q3Z% 4D+(/ƕHXdܴo H;`G ! Gyig W\CvU{6wxGMBJ}PiȄDC M7$@ ?ڂ`KROQ%r9 0 #3`_%L@g3?Zb8U5/(L  e/ (4ɠ[.P#w W}%&mRK^cjJ+;o+85)/xQƴW_E) !~T; ['mʀ݄qsBJ,LNn|Gw$>;Tu&zO ZCa(22dN1tIBO\ŷI(v8kh޹BOycCCCh'Us$`l /ur͇sqcacM ա6.GYNI7/:bk2V k .9%b@gQrT5_h|A1J(DAĮ䛸m!0[GȚe斾I~(0h%yݸA YDp/؛ 2؛zaK5fIJxcpE3%kE;L؉fz ^sׇ^W4 2f}l'<,*{"+RS'Ϳ[nG3xC0u1[O~SL !st4vcUJ%;+X N40SduD>])MPɫR`T޵鵾eBXѧ5~Ϥ]ٚ hH7\ w7@r>2b~:Bk3xdp|~;4ae+D$(O*m O7:AݲD`"z_崄kD&=_R©H `lF Ж;f!/z qZM A |7*m??PD+/S@M[j8\]}OOv0}0n^o, qh(OxADZͥIFbo=v'|ɮ@́` _4Lҩ,qQ(B,Ȳw"_pjK@EUꟓ~ pT|3K a&;Bj+0vu@U^iˑ؄H 3 }o`]BeyY -?` QrVFo!Bm}xċd6 feUmwa83 PNm5 1h/ԩf`sXk[9qѩ{fK;lNp:J a &&j{ݻ8 ,!9!n-bx?.䊒y۝TYе0|7 Mw3$zҷuUUr Ն]d1/yb_U܅_\Eu,(fB|.dSO h輣5͜CKaM&d3&L]g2ZI` bCQWL 7/M6qA܁5 5ZPEֲ'ul>S釧xGgE/'}&V} c+DYlh挵&H߳X#6NP*Bwz 8o2lYttnRg>)'֝ S8)(SW7$fM6|SV-ب\WɁ^9,m(<1JzO*.?`L4{E\IƔ3zrͦwp[lpEe-J"y_KوF:>]`8IQI"lw4Bѱ43kC܅6b`nOSnXfc183JI8߾kXB3'B' S@;E)NҎ͛{ H5+3Km* 7@mH*/2XNj98VM.bt_l_}-wgI7wN;bQ5(8sc1pEDwi>l[[C\?POhZY j|=,֬X3r ? qR^#% &dx[HTypsgH_wH6,$;L ,0<2͒G Š/V,u|$ n6ŶdQxl.Rڑfv0,.E5p#.UdI"2&c%SlpK" 4>V{{g6kk_.Fd_Fu够5dVex#=[MߝsEPBB'nEhDM87zm`\==m[>NCK~qx<Cé II{|ƫ*YZ*鈹ZHYVd4*e)jvhCkryX`!(zUU(ݙ/Z:fVz?^in:@d\?~Oi 1#\vh韾s_/&aX黌>+ŰN๳f$s<lOsgH=_bOKla}ȷ?{&`!_}VCp([;FǓm3"Lle iOAj(5ܾ5a|DOMm zuw'KӬt%4⧁gڷ@"rI%*aCSj&F@.63< js5*JؒeIFv ndW#bE`G6H׵ ۲/4k0Krק%$yӃWk|VYZᭃ cfE u .t7%>|G4?8UV{T*r176Y9ǿfoZD>e9Mk;QLʉ,T^Gm[/+L#6$~88i;J^E!#]Pap?&gJmv+z`6R"4'M||~_i &˥*GM *]5)Nc ʝ(ȶPAd(@*6}NtY)ns]Y2x"\`{3njJ^'o(tigLuƠ2{OsRs~p(pK:K^U,+G\ 371Ц#K׾2'̲GҊ5Q:+otnvƍbAd ~'V<)-7} dO LjdhX5\68N"4}#v#I}f+h˰3:=NH(Mr~F%TS~pf -9(>k$ZCr7C]9=6,b.X⑘rW}g?Q'펡jMT6jIHO=/э c}L~&:7;X.HJg JO2;:EyTOV7EQBqFfX3"WDg2Z т1` fZ;c] Ꝧ+Rcl3I.]:4X2`lRhÅbʬ8}zH4~ӿrIXN{`#fgwVG-!o8<$Q2-8NT& U3iWf2tpy Rja8DXHG|oO24KFWHѵxƨ{mʣצ̊Kb"rT5WG ։*UP AF&Q9DSN0 ¢8[M&\@ WP :@dp/]y9}.EZC A=u79#׶^6kEiV) \PY F:vL(K Uj "-o"CV^zHDļ^͊Cpmk2<к$R?]'N;b4'gU6ɹZ+ɜyqA~(#Kƒy!6Q@犒V;Xdp#cHaΦg_-MbEm-gfgPC̴ = UM_`p.劭D0 YX%;MO4~5[ Rvm䩶]}:/ns[7Kݰ^h*+n>?_?e:5D:IA*y uH8Qe|o$G ;,_{8^ߧ` !onJ0rCZ :L'9jmRɀ r)C%\Pf f`S?\[?쐀ۀ{h_j+*!3A1{HkP.CSl$㸏G/ά\">Pҳs ?n0*ĉS.NT ]gQ2TMJR !ݝ\l`b} |\bE>l,RܬÙ@.8;Q[aGI%3`АgpqY RԠC'x,3Z#}u/!{ނEO 9lmCE/ ݓI/Jʈt|b}_MR)|ԡޝ)+t=n^:.t:kgC#Lso=ט3FZ{A}ӨIP`33m/ʹNbªĺm|N,^8!L=`(x7s0~42!-alyE>`g Aג1O.: DJh?/8L<3{,ΪLsўi>!,f1 Vc OA|Zm9= F\V#xWU`Y3!oL"*b29r~ IVȬ3]ʻpM\Ui!4#0p&YQKʕ:jfdLL`< Tҡ$>U{>$LSe%t@*'r?FqL\6CadB *TDuOA~IM uAA ^/pxᄁ38jWPbUUؤ1zStJz8".!@՞_]m)2\Zq.뷇ڠF 9 |SP#;ױm2_۩寬3ɹѺ*G{"cqRn k/T?qؗL$8Bot~JI`CX>rm)s * -a^ .GG sh:iVS+laTi, ׽bN$a EQ^sׅ'W(]Wz.,6G\h['c[Fn#٢7wOS}28uJe~X.(qi5|!Zϊ(Hoi_\u8[ÉZ9X~&G$,a(#i<]Qd.ջD$yt/2O7KM;eMdjp;>1|BsEZ$ܡyژhNNAE7{˕_3jz% d rWi;6PNU-u*L9g8v:_ Nt!$<߽g5D0t0 F4m(RڢFb*X?edkGTv߫ke ɗR  rzue1w򢟾ަMSpդif.7ꉹmн&[c'QIԜPS?cC"YFjMi> {gGZѪa>8iGY?J]ULM "EvyO Z?<XƂ,mù_AyUmcE.)M\`R KN8hp.V.lk ׆"pƭqv)cB F]sn8Ylt.FwCҷyjhwk܁`YՖk^ K^!9}"M۞6o5[/󋯶sЩŠڃm1 GXO3L&~ޥpbs*ĨZa,k(J/uL1~ Z1KB mNfYpϨ9:^Fyo6KQH*$a󬇸; T&:~,h*y4b"}~ 4woO`NB2o[t KYiU D-6VT\H?G6a8%0^ٻ=aDCYVR| B(RG!wKcl"&;|:63l~$ < "]<؝9e1f?Şxn]WYGY/;8V>1pA@CJ9Vs6-dsPʦQ';=Jjc%]k*SKK y SWOEM÷$ uFv-ݏ+/R"6aܶgkcg.! ?,F:\Vgzg)$Vٝ @w̨LcPΑ[}O~ߙ66uЌJmK=+Y$SRBtEb頑 O2ϒ , B757F"@O[gae]]rbOm'2c iHhr#˛qԐ/Nfmf) >gH8n>#pkQ!Wܷ+WV;2hŗ7FCYJZhe/x.s7Jdb"B֡h8HR?ߢ>Eb?Je :L tN=w)'9U _}{ cqƂFj4AqGN`~Z>7:,J]X. ߺABL:cz:B7"G/_m,{a+̰&NSE?vlKN7ԹPȈ/Bdh?h[~>#H6% u ;q8hdPoV">i 9i&.cOb!9'-?AbSϮ;.Z+j?[ Ф+i$%V<+uu~1  Xo3Qk!PU RXcrk>Y7UBܣ| G˜G3ɸHaoK"3G DtS Z;NGNƴ HbaM*+Q\Hd'bUP iE0+>#Î Kϖ,s~>Q 0-ǔE3@U K]|,@Uo@˔~ 2![4dTvOyٟIf-3i_גFH՗tPe켧E]q\xzuZ!,E1ze6޿]]&`+O}2taŁ{{$ni r%w `矘:yt݇47,CYcdRq%.H?JlfZSzIV8ruj?^cxYZ:CNr\Z<)ADmFt#j`3ydh:i>J"cNvEPv9y?KDʛꊢUrJ0K䛇 #jf.mHr` ?:DAUiw9ƞ]b-xc8k>|>yK-d=*; =ngB֕]e-9:Q|F랐hob60^zc}`l-|fГ xgqJ!  /cG[:#|/CcAS.7u)A044ܥ>o>'5߮oa?RfH_p:0-zkys+^h:m2Ka4iWƋ!ǼDʹ\ۣ "iX#`> bqy++5rtv彶!> scD2 O؇=@sk!{ 5n+ WAˆT;piL%*IwUt :~6J oH3B>~2zN=]Yc+lPD(e~˧Qp J*UW2J㠦&zRQ8_)}õ޲ |ȓZ$`QvIG80 sc RD?pr 8$p$^{w[Q!q%SvuL<cQ)_eI4/LlaJhSLWBuM}0ͣ(΅yz1kߕR1_sv۵Ue^ CՠNX"&a,908(N%@M)vu:J@ CM8ÈC+en 7)]PH5L6O`IyLtLQuŌ{N\Kje5vvbrp@Z'U`3 |@EfTZIMٜ%rH(]<"_0'%ia r*]v?r_xEaNr/TO$.4~=٢o_5,QQwmBD0렎R㲈Ec3e'H*^x5a%QPxxz%uXXP0.&("O:>K -jYϵ RZ ݅~ Qސ6ySwBP xyX!gJ93`e:֚P>=A-V 0Z(p-"dīCj"JdBTy&T/+J ʑ*tzWޓY,iV@OE>\NGyK8!ohN^YLJ5JSz 5F9 Z ]EcSgW/&%aܜ(ucke1nӉ&w-yia ?^_-l@O'?1Tw AU@!L0~7wDD(fj9-!pD$M,[D QI*uc0Ag*bwC88k=N YuxA~H]3&.<v=  {IJk,ŎBM0DE9Fc*.28.tuxLpuH"r+?Af w,@Rs?TvV@SҙK>vzQl0du.WM)Jzͭj6+M2C,c2ȱ>_uHfYqOA0X`yɖD'K6\AdV vS[췾 ǀO٘VD Lkkx 6U:=|1)Dڣ~F*Q =4$HTB[@ zUy_uSoE Zjܰ]DK3B&踷ٗc!$ |#5/prק06YO` |P n ;Mx\Ad8oXށ+ Dx7.ya4ŝ͗ՕRJzEBRy Y `v(_5?^=L7W2vW@ N}qYJЫN"o2lSE2hpl;#‡VH@jGU kђ+$}ʽ?oƸ~<K3 @<ٖK~k g]DZ N +0Ct![lIi<ݕx_Sa+7,TozqhM+RxƅWm+']λ:SX)1hRNiS"l_*ӉڇSHM}"NR$ao7ܝܖ%cvn4 w`ےQ8~0S]$xY@ǟ!mp&n:5.r_/gTRbK8 Ne*ݦExGWa~bS {sJL[W.0(9ŔDZ33HQb礕!#}3G;RV/d!l=i[[a 8-$y@ o4 >ukZ^xV8ڋUg65+%G$+O==MvD0.{Z 'eУ "RxZ"+zs{߃Te1ݭ\}>67X;Yvpw8ؒ^ҿ=Õ9 F |"R2\ԘFoJZ;Z&; k{SYQaq?A ~SmHC!,'5 oSKB1QM6/ .ˇa_h,lCPRvXH}c@BPmBpe" Ǵ(P(G #Em%n0:jPRlW:p7u+ѱ@IjsF@ϭۆ#i1]m5A\jCiJ-<кXSa'MFJ&' cc46W w}xܭt?;ML3CeIu TbU=z0h9d۷mK"A};{{t⅊1`Zx:_c]CIUa Z=9 hGo!aŌN(ZKUCE]z$SEor>d%44&ֿ/ 2רeq5hoh ]74]Cy?TvÒxغ}4%}7l'iavM%j9q)%{N Lo9ԋ)uaKv]FLsG~B^/@v8%>/u)NHh#1,K#j@)o&T 3 GO'b@Z;FMWU9UiBhP@s4?bS..%(e=?}ti&i@%-.ه"͝pUNh"oޙ&ױl[4n?`n𤀱+uFŏtmc'OzJtiGù'/(ke2qDAͯ{K[5˃UUVyi2ݹuQ3 #g+G8#Uk'5!+yk˕OL>k{Fi>1g=:ZYJԂg<322ڒm{f[w6/t騤 "9`I,)u6K=և+{(3o-3!W$[ߢ27;#qw;ot{NqW)xV@IFvPb]5= H^N$ !z]mici^x򇗯|o-:D a SpG͐vS8\V*ix紆gI z{aOoFgrGҤKQe1,dUIA< ZJB5j<%xqmwRV2F1r"t{;d_.%sLǖ50^K:L"wG(وrţV>_(8zIwxQySMj@'1j-rRf 9pcP0́\jKl,FIxԊ2]PXF2IR6^ǍU, [IPv_FY1ntfCrivVhX#iɯw!yT_@Gsbo>$X LrrM@zҧTO!@&rr!w=B'L=5B0$o_OqS/fv$L qgwp ]`,r~ߔ gy+yVUm`;c"ٟ3:]Ft~|z_uw$ ߝ-{Scr,V?[ӂ.r B)kd"D:M)*i4Q%'ce813(0&XS4p :/iwUVIhq`CueV@︗QNt˻:ZYPaKia2\A 8sza'[1S̥-Q#!!].c-рʇr@< hw\ $Z3b옞~o% &Zgm?xc 9"n0x"h1$fD$円 zŏ,}^uoj1+v{`k9'n_g6PEr6WRDh7g8CGXT @aVb_UJCz߶gr!T:WvYĞ7ds-<~unJ yǾǩ fAL5Ұ>ڵAs7u{0/)ׇ NvN{X$A-f#$ĠbCb-Ȩ;>E+i,P@9`SfW<%dOn[iZ];_8`'9(fhu$X٨@fF9]Q%+/%Ȭ$rm :txcez wn7l SD[o8,Z"Ht̙F} j]2̃=W}5?=vYcA4ƽ*SlV񐋕Tc)/> =oT+T)zkx˩hWjr;<6 e/Bo)Cp*QU@C -sIj1ȶ;5DRDY(]fU<flǒ(Y4ϰ@gE%geCۧԎQ0k բQJMfDt%O7%S] %]f](1b=f(mF*;!O/93`sƑ0 FD=D_ *\6cOUg)U L$Ҍ8~gt:U}UJ wD[98eRj܆q{~LYH"z˜٭<ܡahKQEP/E;?X#y_EB; %d#[ kAasӄop*{ݱ |&wD`o.v%}rMQǢVғ/qs|+63J&͟P5M2:zaTtVp`Кjhp US.g\mQF0DC[8;Q 1婢1c@PwNBIoߧ/U-Dፈ=9N E,cuQًNm0OnO'XKVOX4[P*#ǥٮyLE!ߵQ :(*?i=ڄ l&ZJ%Zet}& =)u5[_)$UY?qSCr#!A]ne):=$# X㭌VS<_zϯ#_̀8U2)b9 i ƴGC>*>*'tcM&{8>wDqn;۽?Ș:La1hg'Ѓu =DҜD+莬,-7l?/|c pV;#OB3{#ʫ{WVi}x GѭC)7KچÑ= T nx7:_}rQ+bp~үAuI9x=Oc;K7‚X{gx+rB7!d([ ?)&qs(.h/_ )%ﯭF ǖ|O1~K)$_) _M= ?OWe<5X9O(j\۫>;8R5DAIۄyFweΒ<٣I%a!E1tȣG~M41rL54v(ק (Ac^oHV>8ZsW1z Q7-DWCG%_1iԘAOg bp+V˳`s̗ڨcQ6xĎn lPX=AMM=o== 61ˮCa7l7 $zB+ˇ 1T{ů_Ѫ7"Ԟb5Bx~fB.̝m_}ln8^7|Q/qjC=Hc8ZCC#&luڹQ/o Ow<=eY׻KAPh3ޕQ[,q3EY_ۤt+@Ήd. *,ioW9EOթkL]9g[5MR(eYn6c%I8"Z's<3d ]Ms6aL cf;w@JUz=Pg} a `_  n 2|m"ui(bok'#;ikwi65w<ɕU]tQ!|ܕD!0tA?%5u,W{#zjkd59RT c1҃[|aꇋEXq9D;Z]d+Sl)aD֊,KaO8Goq&bⴿzTfijTD'4UL\YC.@iQ3cb6_/BL;g0※i1L:^|1zW`s7r2\:,~dMBz~yCѡ3q}EOX|r%*Nk??EԭwVR} 452Lz:^6P;ͱt JiPϖrp\g;xaUz RΆ`-b`wYՈo^tlN>9u\zՂy#hV(FX.O= %_XiرOIrfru4Fu$=@`u.R`k,(D`4ԻNX j!qUV f^f1I9kv,z$Sg{gʾr#:˰<3$P~2Cd=@a9z=6BnfD@hTT:4{l'u׾ Y%ݕ fȒ% OlF.F0L߂&n+hD!`E'0TtՉ%f YR'үj ̧g>dZ+^?5hPAZl"§t3~Ǻгxt`^Lrӕ\LJ 7>)i1s)O &FAeA#䬥#=qRmW9YܔH[GpM]62J5ea`<j'CRcrGu2Y'+Du=Wmq]$ƞBy&o>=0YGnNvw|>m5xOxoy:SXڈW@mYN!kh|mGHRhg+.ˡ?K7KD$2ԇ&/`̹Tݕ,[qξ51=mGX?sDU֟Jt֚fSohmh5? k'x1 ȏdl2^)IZ$mflt)?h9EY_t5)/\9X s  ! . sGBM1Y= MjVB*/g%(.kZ3[ \{ؠqh'UPPcaotv. Ѯ@L+g63w ݿIIx8ֶB&7Q -_PV9!ϺɓMUvSY` H,`Zǘ5v-^KgͱI0w$-l{fQu&ʳXOH8/Q浅b0Y':4SŹoϕsj#נKFQ`Qb?"¿iM(P{M]ު+`8i>%;=&R[Gac؀U[Bj=| .Ej˶9?ʆ+f~yECePoa2/g,mc}gEX)#o4A[;dZ)W V] 970<|h…yJ厹=t $}F0}Z>^z}YARo+ģ#c~HYA!.SEq  ZI,5':Hrʂmd‰PSQk 3|>j3,x 6J㟗3kEUsڟ!qJw-gVSE5PDjGDm݇K vvKw @q ~lS4YZ;"&e`nWzB|iTYu/wyAzN4rj,7 t"17/A')&Y'* KWܩY?R*)3nlbNOI. 0h滨.;[jbi9B#llhA~5J %{;|&_SM)=]BhAg5Q(y8dj^RI]'f7 @լXN[pڕlo Qu䨣ʤq+CdwK_4Me6oaGb%i7-@cWS%.W 1 P5ijC|y!R^O>EܛZ^~8aU2yU ̬~;yLRSMlBE8^Fgʖ*sHƚwͥwvmcL.`W^M0^Y& vSn!VЛ4P TyeKn5mER=]3^_{Rn8U2$mfY-2Ÿ->ApzI, 񶮉qypՈ:J(8KUi=. #<.azu%t:*Q>[EJ

R T:a@Zni4_'aog:H{̛6լ]IoN4 7iĦ _ٲAO`E#9T:fsбK i/kәdm3>fp,!/ &5" rbKT̒a%/2㽐ETLZ]QSsM$1j@˔yeT"@p[ʌɂzP$Z:F iR)jz}G巛q=?q; U)ꃽuoE6S#BvOj'5-\sh+ڋj5"" EOjHD $XN0F;!bk7~Lݻz3gߡ+Ŷ~CXeLq Gr.I &Ky{Z(6eT ,g䏀Yr(NGI&*bJɯ Jntb2UNnԲ?W^W^ᱺqBd0m^ (4$MH6L)%P.ޮKhߔq'zXh9 _*=~.!v)Α5k@NoϠ7'V1͙-iU: ‹Mc}͵5xh 4ݠyO<4G)N{CM`06# P <[KA$k-mNáe iOd5 @֍ T?G B|e ډ1ӋDXmSU(DSC2dkcNNvwd[|p*T&Pfd+իA } Fz3Bm!ZrsJ78rȈFH4L ȁ,L {,oFS"CASm{LSֳ el]q0osՁ+Igu kFW3*qTg˻KՋ,I$fkv&8n)x){t7` &[y;^Q13\.S(|PN3-D+vCkKHVJJqŠƧWFVH1voG9SO x{`LU6  Jh';K*l7`yGwtS/U{IWȺ>%'Ca+UP"cR(a*ݢN(g_T femif0x(: |L0d\:ifny8!Q\Xq> OaJ⯩69dd o;osBb&j`ЌlA%Nrk W=>p#;&6Ɇst[4+Mڲ״-ZSUk@MK"\uQfH?Đ?T[7%#'vn1) ?Wdt# a&/;34'x%Tl-pՅ1tr?::bghgCA,4ahhOϚcUć. )ƟuLl[Pz9iPki:9 զf\-p)& `XN:cw1$2FΓj*Q NWhiyƄtWrf|K+=~,(3Q5֍ٽpHLZUAG*8sW0!ٙoHJ_ ]!d19v;fQX!PM; rl:te$Bkݑ[; |M wwXHs۰S;?* ӳ}nhqq5lmX/ިiD$by,3g |l4>:R`=!#j `aH0Otՠ4Wso1N &vKMxEnj=.tɨcty*5h:ׁ!KV^ tvF-Lˀ9y2驈akǢǗ?υq?ouiة'3ynPxUK`5]qf^d'.K4&)\T?(h] н#%Pid  єȢJnf^@sC!)(1`ƾ?~R\{Ë9u3jKC:TS{~y0l@hS_1p]lvK^`𙤉48njQf;u'i\A퉁~.{z8̀-"e%nA1[#e KOi"*$WܟBySփڅCI'֘XW{5d(oby,T6Jid12̈0@[bJf՟Hvh?jc~R+gOaY36\٣פlPU`ZvS4=BI@f3Gg=Y ;4'9S];^VAg]2 1 I|A-I)jߧ@.PY5/]!gqWi*-kݺ@Gey7.H*TVpJM<{%. Awы _X8'bIoh4M='>ZYt6*F$G#<f΂ b-oKXZ4qcxzL$%u^o׬;='<$z]6+TK^J.p`1,BT*gQ)#bEFk#U}36ɩʉ Mu"i!@L$?;!>"gD{~{vH޺A}t lGm.zB{Bmx&Y0f{ȳO3Pvpdgn>kⷄ9ԅ) rZ0AOw%;9K= rKs/% =۹܃gfi6~e|Iֻ4LP@{l4z8aڒnѨJ<}>&[Dǹ)mp_33?onrVt 1sy]֡QQN6հfc6q=%aABع'jM#vY”_CB={P]XL7O^1-D<ÜsDW醕ƽMc0j\ˇO?b\$y&7c>$rG9Af`KxLj:3`(SWu .h=-ОsWSP3^#a~<(+/H=qFe#ctNEˢwhw Q{ 6quڱ s6'y]j0$hA.y4ЊzS]ĚSho0, u?"80-3 {ŔL0o1! S'dUb6.qTHzfS >,4 d_iޯrc,Sֳdui@/3ƂT=VULh-k*JA4 ~l_m6bx0]C~JT0I 8xsb*0ZQSW"G̝159{nrtEZAw[ןd#;(Z-\uV IRVr*fqŠ'omvrRb7}QAgpGͻ?N)K>' g'23vL7up|IP 7#ʺ<׻hF~whGkMv_:緷TH.|*r}9?lE6rn>.hnbr: >J:1_ Mׄp*o@:u2.fDlA;$xĖ}=͓H:>3ϔbek{3RԄ}Oݖ`E_x*_`9Ɠ,LvBk_1ljQƏ$4hjgLxUQ,ʑ܋>ϕd[s 3RF *H}:'wC1% 7_WHM:?zDh$Dp 9/ǕtnhhuˍL'Zx8npvdRm.":yEW/gOER<uЬC=M|ʒ`$V%T0'ofJ5 ib㠝}Dԃ|inHZsRWCHS3}\QxY6~$V'9N==*A0 ˑ$&Y”J<~KfgGqreޅYH9RB <"ߚhOJAׇK li#%Rduc:*LNP`SYN)clj4rNL R'UxB$!sp' <7"&5ۥIb:yo5MnXς5:t[M)R)캀f$sA9~q?,NgJ]q D<ԥ,T_gRd'FHpjC+J;fus!jiq2VChw@+>m v: ϓR/fQY|lD ,MDIúej͗cߛR93y,`vaWW$rzgUE,lYNOg@ý"YPht+d|τpuf$cK͒0$i#Y%<(8CTY)croZEj)Y묝o(1@ )?0B\騦p#c4XJ X^hdgˠlaD-~`\! ▍š"):xPėk8LDf GX"asAJ1L֗PI" DX*=\6jJK3pX9~9LtR)_ͶFŊ{s5+*+`T!:^%>(bC[=\mJU}Mֲ*h;p]J_'uh&_5d)m}Ԧ` 4 XuQ[zם|3hIi~*  *MoK^ ]K.f" !<K0tCgY[_imk)1l}ffj&q4bXU.8GtA~KOP,#\ R%y ]jlT*C fY ajl5ݳVeeu F7]yTޗ:V"zIu@)(za er#߰ f 5;@`NƽG\l&~wٸ@\T:)7sT v2MSѐ\L|apQN2|_!nU*H|}bߨ8c~^O |` (LWwbOX4H㯢ĞXr /B;GKS-f5~qcaV)->!Gt,oj<,8Q|'Oģ~7I0P {(:+v`5EJE4u|7O m@,}p5}&;v%/f液_NKԒ{{ùȄ{zx^] Z$f#yg*Ta"I-K[O) y|RZimv\ Wp02k~xpVvXF.]-)|R`Ur(BC,HZd#y)" x>=G'ɎgH`Ow(MU-å(}x`lhA 5;dr#V4IFCdP¡N6&\)OD^?bh.xH`'Џs|~ /le:##Mu4*x~sZ~FXE8i/k#To3vIkR4Q]Ў܂T:q/]9_HXQPS;Bhc IQ|UǵՔ7L LlO(籘ff NEW"8@<'l[0liLej8NNlA,}T&n$%ўj9hq,0H晓~LKlܳM/=(a=Y *=pul ʑk35G%z(}|a~R6&źM.:K'qk4wnb l0kO;֌{J(WD=  N#D_9&w|Oy*>|~⑎YX}k>Jhw<u~,#8SM\B:H^NUy2I^ov1VVY`{8$1qR0me&!&9(%ڋ"zctL-8p_«DmؽUFG`"7F!oF.s-*pwԚ ERsrPj 3},꯺j-{ܼ=o2(IK?~A!)9 :~BrޖA]T6(2,ִ݈̔/+t޿  *gԭ{,3*g]PA_G<Ħ?-#u<ᮦB!O,#&Tq)ONkw8.ë@i#F"qVB|Z&9-[7&ǰJĹ .1 ؚXPz_~rn '2'^lJۡa_t=f%.,SBϑ:k-_5;}+B36>Q`㨿JEَѹfڳJ=ʊ?"mRZ#쭅\c](#k4Rk|!J_7F*.͒tnW*1Y8<0M]ʥ@}_&B/y5[hYmDQmn<鹍sJPD3^DzxE;.qnvFUG8TY6+vTV Ϭa2*]»('M ŵ0ImK8dfc۠Q?C a^$=eDO)4r xWlTGHT8RܬdamnPLG(XsZi1fuL+~U˚?(؁{Gb' aOg9}/wT DպCҺVCXh5ށω%HFh.,~ Ґ G& HgQtjb? Om} e`ʺz\[q,(E%\4mcڜ_#blɱ6v93m/k1icCs:3Bw 3T㥏شX?Td7…4( i mE\kW v%S M\I+pF06>>b8Iupq,^uRy8i"_5{s!.%*U9U>frA&ኃ9) 8YW+WcЕmB *pJa?^Wj{,<Zbr?ڿ+JdePW` 61G#rECIm5(s˦(k!ƄH8k0 )nȨ)0bV&d7K+b^J4}8Fҷ~}^s~IheUwrmW\QF.Џ^8B/$p ~a~gLp`n/yp*o tq+;Rggɘ jghWb!\ ,o0>Hlڶ 6l_~sQ!w0$G~Bm^(Ve]:v!y|V"IW0wK̊t@c {&RBLOB-@y!q-.3T~L=IQI'(J%T$Ndhj X-I#r8R eb4{v28i}υH<}@ZrC n}/' Y2<^e;1aJ.6wtR;GDip^ęiE7puWrL-v;,22Ԁ ) [/>ۈK j k)p vHups̊(4Asږb Vy!?|68r0C 88e+/efػiR.߽X[M_@QY1x*as&J1a7:7r̆tB#| ^!`KKiJ|63 #1OmA֭A)Py2kCvȓ&YB*'S>a$~ L7p)]ª B6/-u~{|e2n߼OG]Wz(%)涨̖}+wxuOzRC  sR4Y^ef'Ō1%_ς|z\߻nS]_aў/R'Cnut;yY"֯.Y0$is뾃e]C6P#s%2}7[UHSBg^aW[y`۬0qMI79S6( tf5|Ǡn=0+%?]ДE8٣vpC"e|kNͭbs\"]LJdDnDG pe6*ܠ}mZ|XmqHDmK4_hg2pWcSax? ;ZbQZZ NqJo`̢]kʦ6h(GZ t `h\,uXnn'7=?KӍ fܡ9lcO|B_ d";wDwE1W/F̩<`qB(KB~V}"WN1[~ 82\q0yU%kF&c[<{3]|yr5!".v' E :uVz|=. X?b?tB].Zśt;k=4ϯ=R.(nlC+my)_1oXߥ4 =o˚Uw<+ <VєenbrDbHY FqN@Q;tUgNkUF]1#ǒݟ*W&:qy&F4)- h"">0+c͆%u#YDC; ;g`5.:˚/9<$l]¢a&!IOM7Nh}6}ϥf߈Jt6u(+yyF}Vdi/WHנӑB~{&O: k-~ xF]L #!K_[fBjXwxA~ΙJS  h0Ch.tē19}EnM9ߒґ];/,)ʃLw(߁ạ>" %TqbDI&3*jq:>d,&˕AxNa.1y(vgmnIY] U؎ E$OYߧΙ4),G7}P}r |*|H nCcĶ{E E0E⃁Po8XslafP5l}{q?wa^2JMĐkTtR_Jܥes{~̚Lgh3wģn\G1Ɨ`L rKćIy :ANr+yQKs(yG7 F6Lt׋(WI u>Mi[~chJPKQ{l퉫dpݩ2.w <+1-mQPAws7?]g?䖆Օ=3]5U͟!5; C2QU[K>0#L+}( q\ĝTRٴ@Qr{ (d)&Tg59"0/ߌlgßDjY7y UGa_I%2l^PdXe=&YXD<2|| 8\F7i~:ܑ8Rl߳6 Plbs=^gߠאǾMp#/׆ D80޻x"7 v7Nلۥ>Ί! l&̬0lm1Ҏaxmd.aƔ Q`IJ 06?9hBzr U#cpVMGNJSn5q.τwGPb R?fnp{ ꜜXd)0@4j"g}]2~1Rʇ|0M+|ӡ:*//BH e^E 4iDj6=)r-aˮ} P&`>,D"Ɇ6.D&6d ;w (,8ځbTf~<۠ Lc*<]{bkP~34й 9:aCq=Z:ً&&, MFƤ0qť)vU)x'B<4^0^BurJzN7ЮCz: 3OcA/?{]ŗIs5 8|l׹zF^Tcs0w-1PN;UKi@N*!k%1FP4Jh**xpiFLSCNjZdfcy1;xCq.wJ!˩oMU2Gt#%q ml״P|HEr4PZ1\wrܽnn.Z!Fi KUU&?퍶Zۺ֥ H?l.͆ VK2XŇü5;bPda dx&I_5{TwwoiسcZ@ O1=G"7HauGSIb xVeoϰpWFuTL']܀̍8{u>$=ͪz;{/i'xUO6 ,:oNڣ^ꣿ Vt5[zߝPt! @'w7 i):C"$\&tje~+B 1f%K- IS>0T8.(/Gm:hVEY0_A/| { p*Q{,[6 q{Dgx.R)1Ҙj̺ ;[֯8s__k0BP>94kRq%&6`iVo0%}, Wf<:@~!~[ya?)XIBǃr[7WXXKbUneX ZC~У0krf)؋/^  4n܅~v+x*\rI\2U?0ghUhΓ},Oh'* {{tm@$D%Ft\wR`kM`C{i{b?KսYicbgkzxmwA AV%;0zn.&:lV1U߉} >ڣ!DpS]7@$yoejFKE/$hBd$ER'Cׁ}`"0jFΨR[z(nec*)zbWX1ޤ,n۳b] ay06[=t gO ޱ'd<Xwf"&kśzӞqHQLQ >Ek|p3 $T>>Mް(*9iSF4ki2WFbna fyڢqc9 C5Jw4BV$y@\=WMf%l?y#іU–Y –iՎY*T-_ty8%c,;d(p`5% KaFqnNyjK8 NN~F;bV H }]4֍MRPwKMd`)ll Pt , /ćJL*؝L;D̮Qې9*H40@1W=XΟcGiO~'z薮:e wdH ؖ2" Q1!82zQ(M\;x睁jT3yABh(7b]C<̿,2<YςR`n~׋l/WZ5_VxqDjՅM7|ҕTb fPK cRKtkP7,$`Ev.}B=)xZMsb3R+S`#.k !gW1fP_(/GFv_6F~o{$\IV-: D -H+ 0_FLY/:E 4 $Ji3:vc<aKZ! *-aWP;Si噴T *sodڵVmME-8`O%!5`8e(X5닥'J@ژ,闕EO=dO3^veDޟF)SJxGpG XdȣPr̵\Y/T~$U 4,H!<Is_MNNrE@:t\[V}?~4"|BkKV+Fn uT}f-u§SU`6_PԢnJd:=gqP;6Xz(G𛶧V$|ax($HEvO%ghņ漮ځ=d\|xKxޣQ`e?N>KISZxmz8η ݴP q`'Mg: w;Y+%3`tTzfՓ`3VP?JD{,sX+ 274Yvwn^'$P%B2,lq< UF_![>&9P̖Tq{K.GH>f꓅5_ Z/ԧ9dnmDkPһ\4αqq sӍ:%gجMHn=sR(.:saCw rYPh=Q +B% T^[_ FDtYǻm݈E8nxG ]Mr@4"4DkWhYx` v }A]s) ˆ8y΃ȟ}0&6#6GʗCN` I.)5H6_ؖUјh>ƞHl(63$?%QQ% }Ǡ/) L6 E-ERTSNԒSMr6mo/(Cͤ,:YE6sR&\tʸ$vJi uz "hԛ͘u5eyqԤ0g `I%&cOecU+=+C&MT*V~`#Kw ;ׇN)xw.qa 1u?] gՔm%+%vyΰОٖ}ٽ*vf!D֔؉wYv(EeSY9, 9Q4dP݅">rY9_AglrhtE>pQ7SEp ghyE9AY w(וu5HyhG4i_` .,aS+_ςB(}Ǻ޿(K˜mҾU'E>LP$gÝyy8mӫ'0zB 4Mԯ.$30#c ^15Xꍽ]l_B8\@(.ÖRC(4NFs#:P ]Fܣ*j 2R2 F苿xuZFAvbYڿaw5f?++Ш%z7R^Ӥf-S~ns APLsQۏ9!m&7[v# F$ʏ29COLaWw56p}; lP%>"?S Fl0Sojm3 < y)ɇlx#C$WiF1-3U_0DtRkb@h.?Zhw1 ݴ˦<16"?yJMǡ1;; AUɥ,nţE]&뀓Vߴ|ZS̡E.mw6rtfX[uȷ+!L1nUr <4\]:35wĝjl')e _vjfQ(}M^Ltj MY WɨD~3"q VԈTp5"=`k-PAcO.ת{J*w%UP Ȼ]s%ۈwX)OY߲˴cyC - ~4iyB>tlZxEsUyHW<3@q3ŸI_m]7Ãj;Aaܑ_0KS´Rzῗ6lh^HI8YD# JI@4 c50 ebt2kUM%z KZ(.N5}R8NN-,lߨD_dEIhbk>UaTY_w hFઍyS'k'SѤ.yØMM[-$ C&E\x7m $p09&lKf r" b0iQcLJL͟!&f%3ZN,^c#`pOWr IWm+Nf0 F14Vp CD΁Jr\ϹU/, !K0fخ ܐuNi^6&c_&(X>7̋I'AiSoߦ-_4{0oMѕ?{@E~:ֳAI:k4JN2%%-H6]sbTII蔹/oG Hn| ~$A 1GJu{+ ĞÅnG P̼4͵׳3 z8 gJ23;Зy&ׇ$L@M ٱo?ЊoG+MSJJ!dK- P=.\*a1^ZSNPwT6 U[/VG[DOT+tosE%\TgqEڐ֗`xE}ˇZ{%FKR@Vه-J8S_39K; f⍷Z4b')IEƬp@ cʑPnr4>R8#UP|4'NB /MGXnd٣UKu&ڀSgrhUc}-Dϒ(/ʑ6JY!ޗ+-̬tW5ah.|ET!)vF]J%4qXǻKDVMΐ;ۤlJVo\BqJUQYgw 7U29);gy/N I'WH`]1J64>ͥ>Y=<#3:L_.5 oA2s5ljc=.wfX񾌄=/Jm^FRE/ (%OXY4|݋ iuitYbbb2yɁϛƤx{=mkR %.pk,ڻ;xſ/qW>hW/B눨e !aؿX3}S|)"+˕Gc TLcn鑮J&m"t5γ,4WRkeb)= Ҍs~6Pk2i2x{+>^6,Z 1ilqE C1~@Iuf-iFzx~T=M-:p\MɱwscKeۯf Vj!5NZqNfpNPvRSNuBXfz=tSa.`v?CHlBtW KMƾBM$调p v r3.Z| f-mC7ȖZ 75^"i3¸IJ.%yÏQУ:e2|Dk%9[/,;(`Ɗ:L+,EcU咹]y_:9uAEFTGt>kB~NpL=[,XI['Jx8^eBQ=ϫ2_Mշ¯V+eClABÑ:"=hdNEL<=WMsh0xM)]8s%4Rgbw(dDdidM߰N$͈vCVE36j/ȇ~c_U̪sqpXV7#ˆP}*_N"=aX5S:Y n- B͡eB,4\%B9c{@(viu0Зq#AUiDEec]"fc">٪R EpVeӺ:ʰMI&ԉ'Y.с"q9|M8FWIz[wW ?t#yE`bٛa؅{E_j;~PR!d&l. OŸm?"dtWSI66E.e*RŖz1x4lu6OK_;w+%hp?_Vz=5lmpbFp<(M,]<.)^i$zW} B .=_Xs ab"9Wo7Tجv { 74Z5؎>MՋ:X27tƳ߬O xb,Ys{ѿG8Ō5 qO Ԫ(@.巀E8GLk[n\e"m1FŴ5f>G8Nѹ6sp<:mk=Nd֥"P3kfm4NS'Q`?TȧэwL64'-؁ƣy U׶FpYD`SG Ε)uv6 'T; L[%T04 7.Ju+~qXcޓ(۔#uӚʨUQeYny±2KźPV$ 7CkcửNVk<ሪ:Е̚E((Kt|M?K`@ͽP %&\x mxkKټKupw̝FE /y\t׮HPQdvi~ГCWc;RG gG$Rxo@׻-xeSedR2 BONd [D7Tߴ͖L Zbf~ ){#z hYC ZYs=KrKd|\z5Q<ʺPo09 I;IMRwPY~dy]ş}cT7>U`88~׌JN튚 ?f k5g-1CZG)#X>0RW\ДֈsIZ`A QFq^C]^g4ݿGۮ 4YyXT[%uE9\1 c ekQGn?i#ŹOi`pFo%{g{DuC*םlZLk\)Kǵ>{O4nHJ#9 |$>$@oSMRqz~:3?=p^Fukcq xA@7OG 6+YQw07V[%zF~U30ZۘUɼq!yLdD ;62RS6?9Gty\wk^]#mfAԽݷ<`H//3=б _t>AWA(:qyŲ3Ad_k+[ Alj͏I$X>k©4$S.YUHױfH@lBt[jȖ|ŸEC+] ׫-~ 1ݵtyNÀo>a8wUߟfm:ԱGl-ǘfط$FnX_<ƚKlx[Dƙn 鼨ď>L6iaӣ{-<`l~ŏ*Z᧋Sn$uƎxh@tg#xLKgj=u9ȅ42"ʡխ[LA8uCQz ],fX{ xBj[yzPƁsUY4)ʡdMg*Ԍ6X.v%C9Mq3sy5^Q4UV X@%m!^kym#`R OL zu#&H{)G׊u+tnwjI9ի]hG$UIdKɹv5OW"Qy $R_4w;֞ CȬRL. yJzs5B_-摦sPl=)YЛzGO+[O_h% FiOPK_k̎d}ÈsL/ \G~13n~FMjﺅ)EV*}D dLPOEdvR|۪ Ž1]iױ28Q !|SvLm0YklEGXDS n|E?B pus*B+&ǡZ_ l_b M~mٽ<}5֏bspfAZ#7,Yp%,IuK6/߷3vAh;Ѱ%?1Hm4IJf`{x>k.E9D"@ݺq r0.ŠfX$!koIZDL`,EƝmgJSl8Qpic,h-C;2)iL)7VN98%OƩaf1TFCy*?rN>6!+6=߸XmN ?KÑ(<}K'LE[l8F@8]FYr2љ J/3Q ;Wֈm.RM3EvP lz#]AC߇Jm+W7eλ鮩Y96ybY bi5/FNW/`zx˱nx<j&}NW>QDK|hS]tRi+-x̡Icڇ2e[2:IDZZpwtwPR#w]X6B» ;L .-o@`mQ v_5d$qgŜ+yW{X@,ڒ) !krNF_n@`L`e*s1[ʮ'(k p"dF=nL1ۋQ;20nrv<:nȝsVNb*ʜq⛃HŏWMKaN6s,O9K (1j -`8A3^Z%7?kbM =xx&JZVljU}(}דEA5Rpǃ^_}ρ;t/v=*0Dl_($:G19SopZ(muԇk UW@U3sRGF!Bދ݉=Zw3s^=y[UUX;Ҋ'C[=uF|bQ㡗sb)/-csMd&Ѵpyа f8 Ey4ʤ5-yc"UpaSǏ|\">ޓ v:0뤴J⡳42t1也$idD]ͥG͆;7rV^*pz1QK_ؙhpʋd@Cg{6֩-RQ=Ü@ߧ]V'0_}>_V2\nxBC{Uy^#;lVGa|1^Ψ=IJ3^N ?>VM%`AP};S;͚K!PlhLѱPCcިCS#Qȁ8=0.,T?{wW/b{x$ nKUG e;k_* hGge{\@yꍂerV^ĊP92yZB$OB5vnƖ56U4Bw9` .&iۄР ka`ĕW"½ƾ qYH=ZЃߦ!QٌPn!0N- :'}v /UD& :A$nJN5S}>Uul2[։MkQʙR&QmPQ;bfZ$iQr_Yp41ʛ= v=#P0yŗy-^懛QSjT޺3Cb@PҕZgK倄JDVu::8|g3iȷ^94̪Dm{LWtyα-[&CDi`Tg%+4ьs6y*UTJ.Ulj%`jkE؃Iv@ko=, lK)I$ysk$s 051co}7ls~vHkBbp$8ku#X((-ywZYHQY|M{(>@m\.Du" V]WqƢu1|SE‰Ҷ{E^?oXAo \-A5ʡFow95_ZMS2= BAmIM0-l_ئAn$#G }.^]݀ T,MO]S[Zw>1w䚴| S0Ea8\9@s:ꨱԃ8d)6kpĦ -f>Y`_(mgrQm/o+OL&YP|!_17^ }&TQV=m+C@(6J*i*b,P機hK.WIhx 7ti7-/IT& 2CMX0fQm{ * s{)G}&s|VIޘ9Te $"Y@*q y6P/>%ELWq #T*ejx2?x謚g_J49ut4HIя8/7l g]M'c&qc \2,$_s̞TZKwPuJ[+mHԪ?̴˚ͻ 9sD8+Sd}# F|퀚"Sgug,p!DjX"(=} A֔o͌ !K,UҽV P#1#88K`l^dWOq1?@pϰ!y+$[TݳTo]`0 R6nÅ&g_zO)^#DGf%WqA5(PUe07qd?y[Jڱ Z.O)XQb[~|僿8n6@_&"Y!dD勶slHXw_^5&|>-'smV׬4Cq 8xEnO-6^^׺IȦlkB!ͭc| ^u uIYL5#KTđfdI޶Κ @L:F2BO~KG! 4%H7Xո5q`#L+B_RIً5Z V,֛xZ]Ω0g *qlAcG8RsE40cyبĒ=4# |4S9R KGc27yČ!(wlS0Q7&K'^'@^Ȉ )*}vL.ޡ~lP3-ݪX#q]E9/=ݶO=q4g\>6u){`7?~pM,a]J>K߭2qw=(0A >H:eʢZs!NHZ[9{CQ/<-҃um(5`@8=_`qy<(ͯr@Eab!,X ыbc3?\&!Nq7Ѩ\bT4cˢ~BTY,v荏رQy}bFzZĨu%9$L!s`JQԈ!dVF61ne $ŻCk Bd5J,^$cV܃W͵R:9 |G`ǿ  5\nHi/3@b=*[=3`R}œb94Z& }#!fZ sf2Sv"eFQy9u_Lew+Mu%&$Q6Bҩ¸?v :_@ w 2BZ;(&iH zӽBVSg%O&ub=fހގ 舲t-oh>7+gѱ"RBzP'M6`8k)E)(ue=&,G 㤀wcl^Z0XdeX OmP~(/4#M&H$RROaǖɀV(]AXnի]u}X өO#b}Ъ,cF;/54t u`[4dbnMW}9@v&_̛ P1"N3n.̓^̚rO{lXtB(6a)Q(Y[pͼ/X |6 Bޝ =oϸBdmkyL$m1v[=Eð2ھMR0<"!0G}s7I![ՃJ'U : hжl~ZTԥoQhTq.Cv+^M ZJ:}uqe'Q?bkFDy+cʟev4 dz-p6wCv@oNC^`D3fM{߽ۧݑ3NjZe> /h=E lO4SGl%r("Q+1ӪqAB_l7_KU0ރ#Qwiќ 58}ɲ-7[k9󊪾ڜZ:Q?\C,?\= D#ۓ-(|1d+4OF?h# 5_M<>-uXxM,zpeUN ",׋a>-. ;T+nd.z0 9xSxVg lzC(,aWw&dˀ:GO 7*ޞ"m; )[5,;Jr=90W91ìlyR/1C(hUqlzl-])eN7 6"%gd23 _2 ]^rF^#Hh ^6,&걕X&G|ɤf Ր˂|5$'Hu5ŗ٭oH RgA 8V`Mב䨮RȾ! cǜIh*:7zVFo qFTe5 ,- @kWy.'?)n!yU>4F;r(%3S`rofnc휎MCZ+Ǡ;x`c?0-:Qxa85 ݲlNFgLA#BІ|ቨ΅}Dʛ@8arit{ANMciDs(:=Xt.fx9{@7%6} ] ńYfQIfMˆtTXp/KBon.7\xk4Dؽs]n 8u5J>jl䚮m &+.m;FB1xɘ+hCӠciK| rr/Qipu(mGj`/[''^T dAyJ+lHE#DxΦ h’혀j-.B[8Fk%8XModwQ=lkF+RzO< Ki+)U4w^Avp6sR ~Ќ-M24)4GQvAh^Zh!rBZ!D@$.[Yw0r!&u]^lf@&Yu;8O@_YY}[ L؎WT/`9͊0=]4]'&/oF"Hj39mCgh pE@O(h/2unGo4YSZ_ۑZ/:)dA) }e@ߎ:뇘;\ZP)M 6(hFᬔ+K&MbJHz *Q|ܞ'R$K>IKgܱusIYx/֓B$mOi&\\&_N&9TT/X(S9 ]Ĺ%-ogedcc(D'8'`fRkU[];'Z72|uV|{&p P/"+OLA#@;6I shI;3ٲ!s+>vpRx,(!0 i{C7>0{P-sה m b)pU}8 s)3Doi~84@Z)/pۦVՠ>zVUY2^15=S5pÔ/"ͣ7ٽmEAgŃ.P2 #v9164rmA YD 35MsY8G9y.Mݝ/=BxՂo. KKPS'$UzV8 U |܇+i-㮆K[PYQ?ESPjPD(709hWY}A қDK,q1ہ^d$1 e#q7(T1>,-TOlYd`/2)ذ5 ;_aLʞX'NV]1?;p;xKvRbaDceQ/}_?7Q Q^Sҹ JpUJ"ҳ, $´T ډ g/_qPG !FE ݝL6N8ᖦ*>0|9OnFMPęI^F4l7ԳKAѣwlpBL*rW[F7`NCչh֮ư$ ;.z|i1@ EBZ '4UPr+-]Uh;/RI I6huP /)`N{hGJg9ð%-;XLm?{'tCОmq;:A!/iQZڋ5}qq2Og6n³ш rToB?~i}7ORC~B8)\ H}̏&=m5Wk|k/``MY[jq j=Cs */~ |CG_/&4VԾXJyU(" .P|؃U{և1\vԆo=XM VFQFxmz~'H}Eqg[3chzI -3IJJ@K~#Sah.fz[fN`uO?O=n b;5{7OD8Ѵ7ɺ:a*ta!͸n9l<琚١ 9.I2k4ZYB E.ڼ8kڥ'd.ioK<(B0R_H7\1p' ~?&5@peũH?Lԅp7V8+|҇+P ߑ`rgMZBN)K:QD'R9oUؽchac>$Ul8*>;<4jlnTglGΜQ]DE(wvف_wr u ` cI} ʭ!==ep@ ]澗~z=9w}X.~"_%(k4BE6/;hX*be%P{M*ZfSO PtAf OLvr.v*T`;8lNKzɥ|F0hF@)oYwM/D tW9*I/`xC.B/j[] TIMn%nyMޥ EG/bZՓ /HxM+xa|cy&&$^W ]58ri zB~2"խ%f2leͪ6p4ٍ#mhE<}Kof‡j1]>@0Yus> ،bTˀ229K{Ji'8+:Fˢk<5%Ȕa7E;xCXKdN3$vg+%/oc?,uR<d3ֹ[ShH*uwn Hre=mVC"KE Kf_e?ߋ9v窩 Bꠏ4.xQ1$r^=! :GzSϲYpWXa7T_ DTr,_IZN]߻=P2}{i7]H8g0k>MN88ԪlaT𛄏VS +{(Рw8AEC 1;M?ß^"=hru8EOn1u /Ҋ o*ͦ!nqJ^ "tKjN7t'V<v@nZCj~w8$P Q$u2 "pzt|zOI X&܁`#ioFPȀ*0UwuysO'P9IlAN uI*+hdP!%ke4nV|QQCasZ(F=ZqR3qzo#{\rֺ #y/6<>QK~?X$g'z#y Cb 4FljP]s̘q@FxX!2R{6•.Z43[DRp&Yr-O`ȿ@Cu-b;&YʿäNwk1tUvWdEΓ Ńdmc@U4v논qNUCL7ц\@qЄ;r֦,?O/R*$8?hW| b+q؈ m@T@Y"AsDC9uf ڢCK(I}isx\$sVl'/жRZrM\Be O5TmqI-ed)s߀I' s_N_EHB'?{Zs+Z)U]MyQOt55`<9ksd9`8 b@11)bhv 7rJߒ]~\`Ycw]oV-v]Z6l(^qLض_;I@; W_.+usj+eўꒆv:O)dU1N\S g#jL]A#E ',FSKۢp^s2\} ,wO/ǮV{kŭ!ܦ4v+/o_mо6fjv~٧&e:L<UXJivGrf1K68Vzb5'T0M0wgAƧ8€HsTMfo2F9sv~*)rr/ 9I "vk6wEIP~R) F" ~) ^: O?~8N>egvE~H_ -^ aqT8>eۿA}_\\h}ICǻDF+er>;9^xы'`5 |xC cg)ÄN\@M2>W S;&7x1̮v,҅b9taO\3|)R Mퟩy9n8D?T1 ] A֡Yx([X]y<&[e聙j%2?&U }d,=ZSA{>UFG I.gk_3X6|:UFm5eqF?CTLD2a(XRO4QOpakǬ!7es_˃=#i5ĥٳzx3cMp+s/ ' &dѺU^a^FI$OoφiCCMcWhqd)>H6;J Ա>b.H֓PΔMH:JoG zPc6PPߋ|+;O$9)AZR$n?rqE MjO{@U j!xx`~W4fRkj?"Iz| ܋ʤ`wB:݊f?|up*dHN(ɛ[RЄs(J<:no 0!=)OHWM2WWN/aeZ7n>PQ5ysG5P'ȷ͝q%;A'`_=$Np49LgHbҋ=[`l{@ N,7`kSlb>/ʎ3CiCABy;{!eE¸NIw2$-7$֫ռng8 G_fT߅.nm0ҟʑ9H'R٣<Fl1 k"HN0*nG #L 4-**rDv/edðQy\YI}P;McʷMW$d{8AbQ; hѪ xi]b[>VGN}!yaˆR"P|_8Ȅoay SerGsU׀<ȏ`EK5pWhH3Oj{/KA/7g1RҟVRG@wlq% S;:`M1SfP ͯ:?M;XokJȩ%y=?wLT%BB%YNPX7p$ϫ[]zZVu f]c;"<(jj^ oYwrx}n`}6%h6K֛zZA`fQ"F+ޒ\󺤭xNȫ`@6]DA}$j+=[V1(sG5 ilTrH3)yE3%U( x2 Jhzp3,Gzm:/Ϻ41PQ#s]a+8!X~- 3vp[ӭ spJ)RmEeŋ3gJ!l30W83y "@sNpX@š=ЇyL\"Jѧ8iMX4pI =]SL(r-J)nj#y]xJ ʱ~M]˩Oܒi||X6Mu.O:B|xXlkKFZNʀxmطl˃Sb)G~XH' km?L7@l|x_@4U,.X"/E3F,>hQgV9zn,Bg? FQx?C!kH]:͑+ 3i^ Yl\']WL 9Ŷ.Ieg@2`06>S PV)𩹪DN|JLZ n.(_gmN$J*Z\yh GhPΉH?$AEIgTDimU%} ~4[?CMRI\<KպGj@:!olaW)qlGXiHJ8Nۊ,&1reFB+}<)YVpm?aŏEf)moɼa [)`S,ҽi?]%baccĂg"誦$1C*_YpuLҝhp`Mp=Sb)dpyEg.Y#ⵀK* GQH0@lnC `V;ފ3`|) oڱbZ ʐhuyQk67~fE%dY]鹢6)iO9yJ9Ox+.8D9DJ-8w 3a፥v jx]btIF)8 ̥Pn4D|ea_Ϛl -)ƨ:ٝy7B__|,{|Bڀ]`% Ӿ{MAJ:X*F4LK; SϸYkWtDJ0؁E\wPl^xTdFjlvO}24M*vS'й]i89=d﷮^6 ۄd\RP7htc򒖾00=^=݀M?oׅJ/UPiC&#^LnR@aC)\Mqr!*D,42K^́{Wdk޺â:n .x߇l@b qJ&+BG)~ogZ7fDQ/u-py/ GH>lR-k.l-ۗ1ZpEn \|Ѩo=,`Z<2ה2ē@˟h;)(|n$xvEI0;gEMnTI0w;˾(/6)UuvY;IJ L #)VhAu## (w{srHԺ{ ^.ns}M3MǦg,xyeT<&rG߾g|B H)Yfnp&C4{)GR/nLi0ސ_?L7mC)P-"欞X5W3DUMJ0_bYzbRKh/Ix$3& {C рͅ&'Kݬّ8drGDve%QQ9[~`n k륈"--T[8hDn4W70ʥԦ@fEA={?Dhg=^YB`R,! :^d()1ʴ͠?`-^=8 i P4h,pǙ[#u{ћ5E*͠Ņ=) M!Ac`YvrW_{>4p6ϢW/<iC(^)@0]h&P'\xzy%M]X^>1?80`ԫ*}}7Mx_ Ђ8j.bAS姩G>7Vg=~ KFu=]~'yDG,٘&iMI$7l!iAAl.LU!Z=˜hzDWW*Ju6)BWfrݶI!#gUP`=X6<)jȰ<)=R@f oy4s̈́@7vaTD~-Tpw. J6pdH_DN6A7[P[`W|rUj DR$8u${Т~߶!៙I%7 rG3KPB15ۘVӄ5EHu# g%f]CT5b6I35b"`[n. >v&X[30)"Cݫ1`co'zySa^X_"T@^Ȍ7r)\Ԯ* T|/Eg#4Hu7GVD_rKunQ ~b8qE,|g*W8ÒU}S25Ab> ~S% g 3ܛbϸڎD$u ܫ e: ief/+~/aU# (뫪 Ȇ%TDs1]6/.[Uy|BjUXA# Re)3W%-VHo o{F)K Ls6N^)dRv@,QKdT(rUį]ƹ)B./V"=SC)W[Yy/vv8ZktRFFČv饠AUVNO0pޯ|4z7L; Hr^ۡ]j?sHezk;l!' oJ䦤9]P DO1o'Z(|"SZk{|Ow98|~W(-F} ѱ >B0@F:N qw~5+LH%-DѿW#7P|/;6BZay PnIKeP[woJL7=sn*$ˢ >dH9G7 OC0=}=X L|F +qLҪGtz֤yhq}Q.'( ܽ npǹx `U;7,[ɚ2k!6,5 MkC|hrDNLo"t}Ϻ>""wƴD|>^FK=b@;9v(Ӭ6 >HnhkDL@MNԡ9nv %5c_YD*w ,{m֮v΁0fi/ =>,p\G)W^ߏTc~y9o5_faLDԪdJV]Mǵߜ, nꡟٟٯqf>Vbz F dq2KJNF0BD> ! w:^Uc_6:(plzPj%:>F{ 1sмBe'D j|VVD Y$*Tkk ^pZ-`QoYDlJf􊥴7{ʙrH] L)P;* 2AQ9x]Q_&6dko*4MݳBqTKM#VqO  P k_Q rISEe0k dĖ`/'1<`bӑf;'W7Na( ZFymbyN(hi@Y"|HZ<M\4MW >,'97}?xX]to^EoR.ɑ*ɽ!UorG>mQ+>SbXvamrNh~{yxCCKb&e1Rԍϓs#_e3O!Q2;OE/—J&9SΨ9) ^21FE@#$BWن/p^>(CP~B~{JQcu䑄3W_" xu Y2V[K|f\ܴ ξIJHʋ67XUy5kj&;k]WsSgFX0@n1&G[⊉Yu%? ̰{*XCD~{ @lU:AJ]KjJWT+)$!|LB?*M҇~ʘͱQ{L9m/1ɇrFdBp(=ĬI$ķ`QkV8ωi9#[@m+C+'W^s!(0|vekf(0J3RC'?-u[[ c k$-l'+wfI-R-$;< CR8*/1a#Ih~,nhpYN"$E(_~iV4߫(!e뼭_մ=xd&-1Cɢ~}plŹ3s/@`Ti=sۙ\q8H P 3eCWGE:wPWmM!禹8vNHTc\OP{< 9s-o-#>V̟7=dv7&%'J*Na-ڷBlLiU'<܈(JubJ Rfj8ѣY ]R;e~ y/9;iR牦oX.FhfWm-"I=_HsJ "˽XKCc~5(I0(LB/8ar~,VQ(OY"P.)@݃E3/˱.cz߅n#IVqQ/ @,1QZ<f6A/+!?0Wh Z=V0tKSfOVڲijz'WwvT*+.;߂_Xקeq>o[F iS/ꚯ I)s'΂ՆTY,ρFF3<ڔAPf؎NX"Be\NRk'HjcZ)H3ۼ3po0q&ӽ^) 05#J\d#@Odô,hoŊ%,'<,%S~QIU$\U_eMur2}AWYYR8MUf8:B9xd0bի'$ [MMw5; `uNLaܒER?H,4d!-_ [)>Ɉ7M9DG!+R̸#}:IA`LQ{*X uKK:۶A-iud㾄ˍ[SFhӹhEu̹ )T<aFfsJLƻu&D(_Jt;( mJ0YE9)֯/U1oC7!Ėm%vћ5dG9ZW/Lh$l<̏m >LT70boay/vie|heL= vHA߷v8jJgߗZp;Fa]n7Æ3m*D|?O UᾦRmД4<_.UFM\|*m0j=, =ŤNd 5ev؟pvixAʻ@٫T3a3^9{0T/ daTKql tD.^K"Z~URMBtk@\ ^o|wBQ E, / y (lv spG4foϞx$i|Q.h u':שׁȡeU5X:O0ɇjIF첕鱤w~z/5 '&WΥ &I>&,_R/_le==%'<0 Wȥ6 a;bҼEM9:B.&$Ö:"_40Ͷ]'%ޱi'cpmA{zZ×q=*d*VBz q{泛b%|2@2A]ŠhWi"KI 4ũ䬖A1G)yu9ykȴ--tUt V9`C6xse[8.4,̩uWX ^$/&v83>- P #׏P%kֈŊ])ZCcg04AdʕS,b^ T&:7W2#9cQpߘ%pBKF:Oꮹ ;3t")|EShX@Ij%Bě7~tMuR#xz$mi,bS% ]㼘/]kز:6n =sVVcl_PIS<gPTG2 $^Ρ2.(sLz3mm&m4E+yHO"jd"j{OB5e1w1=O'F ͢r ,%I)x/`B7(Jޞ q }x)׃y\)-K̕@PHcd:IiaIRn% ßXETA׸0 ELu[kM;n|)\756IOYB{nBZweH,btrrU$^wׄ^ |Ĭۖr̐E&QHl:n= 1 j ?^IKAgG0ɾs DXjs7qn@RXh&T|uOIzMhRhf|.F%1m a$i6; ] I Ȇ4QKH//'?V{Ķ=JW~m?dv*Nw)KNO"{v^]Ʒ>{`^z|;A U}CYLI %2^7NNTtЄ cf'@䅤.lU9)TtPݿ|'XneaMn[0`ys'[pĀY8$o,KhJOM#vv)lz-7=ǁhrq3&t &?r9ͻ7E]u()gNHww%|ܻȊa8#~IHLs5{qA79c0 HJUUQ(c n)(Ydި2}.bEZ_s\Np$| Swv:-X!Vڞ_n (t3.fZm/ + 3 vBT4'6T @ZĴR}՝;h#Lp|]c1fA-Qc'Im!1/ΙAC@M <~ Vot;_oHq W>;"4۸!H>7!+m97/'!X/L:ik<ߵa!ڸsTBЇyXܾ'âjpYt4಍'? ;kL)a!x\9(&skh hEۑpȪQPR9fX'^:yp%[~YcDcV Nc;|jȐ#H8r< ϷGP[gfmr~vy>g?iItOgh* 2pb9%k%8 M0N {2bY̎YӿBd7:Uqc $ R%'NթͭxmcX~kw:rW(x+ł}j#V}TaZ"[ rq ^*R'2KHV8 U}'.1pYLF. qp Z/52bф6k&}=0@Cwj쩧S\2Ia(4JcsfgJy?$`ckF.%:9|c^{cl #]+ O8ˑ7/,1U|*8\g +^㒜)5+]q + 1ɉvJOcM8PwIs{5K@IF5EXAE#ۙd%.LX\ŏ6]T!e<V^<iKjX$9VNC/Q4n_cC^_ R[dYy,Z_W^Q+M/P7[7:Oa P4cHXL WFF֙%}M0]DE a \ z-u1oˆ6< 6g|t-X~ I)vR\eFa=h | 84Ct.?if'OnR%c/vDǀC -h ED C&˴}0j::SZ!43 Gs&߄t(3ڙ`|6G5O*\g4Ldm3=fL|wQǕ}XhU:*IX[ x~ H4Ќ0$2啸4U}سS/K.RL hĖ.aBh_Cm$g7oJ,JDJ6'-D`=⴪e=_N\ (X|tFI27{ñnm|!H~KG mTmŅ _|{XDn.22e3ȹp9у,{ahUjXch4@hd&E'.~ Mh0 rG}X9Ͻof ]N# k])L<ѧ| qv<}XɷCPnOT5PKyl@2#9"KFt;-]P]O׊ݐuLFGk⏵ɮd< 1uiW"c]Fw%<_dJFWbˑ9x/z*E2X)ߨȤơx[wD/SwAO$vi:h RWWwEC9Ң,}c9!s:{'l{ZTnw9(-=Kq@!i˦]sj2.uBe Eo.5\(iw;#3a|6{-ǂlnRMݒ[@ k| V(!=-=)L l:ޞ t}~L7iL'9L gK}x"`ƮYDA{n= yF,@F]&ۈ輰j#z:̈3sooS"JD!̊Ż/Wicge&rfgy' Š5+bM1p;ʇ.*a)j; 1&ĞӰHNf:h=S#k5,)w,5}*jSn:y' Xuq!pjY{M,ϮOVm*𩡬Oy(#6c&114[5de+ $*O ?=+[ ESL-Z,_$cKޞ-P//s$т ב҆ҋ珏D ,bS*zM*:;%7҅._xفVbZf;v[$q \PjU]$ߑ1>&3[yK%ͨh곁Հ52<`s+[S>h ,;f\Yu U X"q@WQSoiB^ҁA=VTw(F8S%^ }pc".|.9f4kM,t'N\4gXْ]t|(IzTC  8)?KR!+59> {uy5TB09sӃs8q ߙ6VE X71Y}`Ɇ& "4,h>%@l:Fm|(*nMg DL Cg>|~(6gn?:pўKOw `oT?=}\ gAd,Fa*omMpj H_7%'`Y@BN1`M.J.958~,M]v jdRY&`eΆCw$ C.BH]gb0>!i# (飼완8^yWoJ26ič9QF\c>k{(d"ƾqKcЩD qTL&ddOԉ"E }-ZDLj%h70mǯ'tsm G^<(ɿ }g"w,bk-n44"SPʻ@F2^`(ib>ٙqYD޹V*XrQJlκj/τyc$z(]Mr.a pdݸR܀,坝% Nꤏ/^4@v}ˏ1f$uml;E:,n_s[6a ϕvzjͰl~>/*W]MhyhůHAfkގJuqԞ Uo·pm|/ ŵ#禦&,|xuًмU5p#w![UvAyr^;`ɱ8U!4p s&tP4O*Nو@#&aJh'Ay Qv pDi%!.N! ݼ׬&]  Ɲ.b7BRpިvJ+ 5dhut+{4,ϲ\49gٴ~Xy+טC[[5'P; cҡhGGq<ȷV̳. #iu}5K,^ !߲QnwhJF$JW uELLƸ-;YpK&QEFo:޼>Vb|yi4 yV_U4'p{sľs.tqfu^oBܐ{ƝQeqi ڬ/&ynhK4/QVnYc润"|з)tBN%BdH_kv{~0Vaa?s]1`pB.P u,ͰXD j1b"XHB3Dиz6_H0 1liu -5,$ o`S#6˱pawh4+Qar`QwW ѣn꾒Fz6y\eOFvr?B* hW(]lЗ w2U {x4~;KP2] E Q`@aaxz.:{ #; kzϜɝb/wV^ʴtB{M)b Nl䌱2sJ?+f:FK)bDrK$1:ŋCl9 [g>`yqfc 9`24Q-n @Sdg0p!͋0uSn+,'*w 9Z?89}v4PP/g[}IhcMy==n 9lDF%D{]ƍ+T BcqңNdTBޫ ߴItݳN`en;t ):Tx"#k0oE^©>V,)@A1]Q;|jt Ԉ>zӊJ9Hc^j·ʢXk)e{ɣq9{R]af;0ǭ>@Z(D?q2dח9⼅w>;T^"̂]^{7ebvB+,.L雵r]97D*rnvئO=%v@FkVoufg4r~SSV[3\Hv䔵0@ቌ L΀lˮ,X\.3d%R|Y}F =zHf> J F(SⳓD&pu b 6֫FJ^v+sxr*.;` lϘjih =x./kZcN=ANaQvUbd$$ue\-2E 6rV_kctHBۆ~'R&9apC[?bdwb&c%)RW.yӂ[C5lI f2<x~Äj=hN.vA*Izn)fzmS+(㎃0U?hH^VcȰZߡ=t!O}9.'|DAoYeɿ i8.( c)EcyXGriVH[ORsp#O! "fv4'ځ}KJzbZ2x}ZrE~]mu%ѥ[Q /m2p; %k۠. "@=-Ĉs=އe[^4_HRb?oo>u@o7D4EzҜ*Pɂ`4bs'M?V0LǴѳ=ב)Z,u:ճ{Hq L3.-; I!/1brMD\ y6E͝ upli2:PO%ca^ 08 8zfm;B<@FFD欕zM0&AfX8^MM S^mBo<(ll(6>z))14@u'_DX@1 s T|IL)cSY3D AG S*gP-$+DQ}Qre?j7DlHW#[A *Y7oo]˰;㺣BxNù?l_BS'v犭t̟ ="(R[܉GPښ|`Gx^ v3qRP芿.Г;ȵ@f+WB߻,mnS+b6z.lUפ<rER1`TOMf8&rCC[xwG&H#r-;~~ci^Lîd( ήˠKIDz9]^3bVY Nl=qNq{yn2jw vBsb"pqHQ9IBw<ι:x ˌLĶϗȎ t BaSRƴ:K*g+mAs=g>ͯ+P5a2l8!]{݃Ն}], B [g|6iGbaOd VHٜe mi)Qj(b81` d/9IgH VeMoA^I{UfPZ;SB|B-0, 6b1`L3B=z d_{;_5-pN#br/|!Yv^NY6Y+z5 zSmKu6H5iRz{RrOdl s`궶 m\h^MU߳e12)шRJ,sJFHx!q VdX42^HK\fSbMˌl(sѵWH96&U,`yb'Ё_)惦1#_2_C@S2hrǖ/ W)h sxg8hp,`R!;v#gäG , pe6դdvӧaDV>]3&;N= McetHg6I>7w\!qw}^[8'vL W'B_AaJ#НסT/PG0rTW{};6^hDf[atg_clEP,2>Swͬ|<:m7p£1! c{>!FQS*'QoҴmA1 njt Vq@=f2ړQ4;4BU3kVeX92OI2"W*HM)׆SSz i`kw]\TO[Cی֣{ٕ3sfGuahPcT?y|QC=n׎8띑@?(u|~Ǿ(xiZ;P3Y,&A`dBl@ 7{ xSYA),!TKֳOh F#:\T>zGL~BKظc㐾B 6a ٜb=[" 9FLC`];V4IGaĈ"i鍼^$J瓸.Is*AG}5VWyc7 Ȍ QUK":Pli3%eGI*F&B%X'tm5]KUA", L ";J?8u}#x˯b?ڸ~0?JfS3j2|eR$KL;Άo.f%LwIɡce3BS]駓Dd3U?Gyi6gHKG .MӼ3 zSVu }y1r\d4(XNi47} qlu.ifN&Ӓ2ZؒNMT8ZUwS*n"-mm6qlW*+p vwg:˂>)%Ⰼ/d&re;@To<.|h1祙*v Jo.PӦ$&zq7INW=^O>G$E,CUdd fq5r[x`-~RM#aOOFuO aX?̰90SؘP6E* n#)p1jq|QY*9pkd{F@iu5BWo$NVHհv4.vRoIp٘db :;2€=ɵ'iwPF0a^A[vsN]/-<\ 5ާN_ kE6Mrc)4Gb_˝$,y9u49ېw`CyW| T?MՔ[B`m.ctYVejic2X(WMjbjra]*Hj^[O&XKpY?ŰjUWQ wC;M \蜽/*t5xdR$EQ~)LV?Hʹ͠lܚr%a@=Qe bF@=`moVwBg!Q S'3DWA Ґ8*uY7HpkYVtms-MF@%|b&ԪYx9\7ub#<>t[*K{ t&|y-O=8Y֔ b8xڛt5W$mrF[7_} \X}pKeJ둢0]%5%oHoe$"ժ Aя-&6VW[n(S)d‚Fmz vЄDReTg'e}/t:b!o$L{0U 2d,Vːȩt1s4@5 !ՉGSv^TĚYI؂}].lCipI2<_F"yaQ#p/m>۱:Z 0&dH ,Bkg-OUSk*l:f0Ҭw0cqgqNVen>^0",qwDm-R&cV/ٯ3TNMz75;Ȝ=8M A@YLqȇYH\BPizqH&υW`$}wR÷:9+Won>ó;P걇\@J%#uQw9?x|^n5"1' \_`AV^WDBwR$xfJḞ:Y[G (t RE*nTi .Xx1~WDj])hoY;+BPqJV^'$I9iǟ!W|H:2+NwXuwq_>Bt:XyA׷!KCL"X6b3tnjLйTw$HWd´#57|+H؅&?*s{|BnjII/2+ބU (*M{:akYZeM5CvG`#!Nu$'a4ojbݩKofl~n?x֞|15R}O92] ^MO?y|Cr(JVm U fqKFodZugp-}q#x=W0Equ1YcꚚbJN+I{{[ta6׊ Ca+W㸪m^nQKMz)}9;x%^Thf5el?Ipa~붾-rd" ԤaAl+Eqo."γ)sCg :2.2!/c0az8l) M`y T={_ b*2˙kr@҄ͪ's 6-JZg187tDX_yQ{ WCylfRy`KdO_>|Jc3tr(M tȘrp @\h WtWH2Vpc}Ã!s3vzv=+TEp?@`;M(E1>fejyI:g_{5OՇ)#;\v(JnP>G]:h drznbtǁVlX3C}A3BU!c7$@LꖲFuל2q%*x/$#[1+WzxLv&?pD$Ltso=5?S!-zt6{洝>n=7V+'i-9cfNcYt(4P'MnA$,&3ښJ*!vH@lŘdĮ, :j<:ƶ|^0oڈb 7_& 3g S}L3 ҋkbiPN{:{ăI(ᦱX1;9Gg1aɒkSV":𷑑O”SXʩ9S Қ \Y؋jb:^ `(>Nq㝕t8ƃDP,G)>\G%xKWTuf/]hlP2?ef>WGXL۔BF*(pu4ůJb, lkīOL7^Uj5JztS"KN~RPF$rύ)&%4Qyb'@甝dY Tte4!-y;9~kzLVJTc19Npa1@_{oIʘM ,UT!VVÅ~rnךp$QJ ġaf@6GMZ0}\p &ۑO ~d B)i-8h9V3[ \6 C)XPKHQ`0\Ǘ7)sCi2!K 5pɉhQoܬ½_j)fjN^zT,L;'}TZ}Pטd (#gXp $*ad$ʘc)T'x$4# Y#gy}.ڴf9WOQ 6a<*2@a6\fUAJM nR據A9tθAe1kd7d'p:;GXeWQ~2A6RZv=>ˈ (~( ǯNaR>ɲ@hswr CaPv5N3cD#P;B[3 o*F_*C tj22967*lpJ>3?d

Rۉn[E~Cog 5~n87ݐ'9?Fȵ, *rIRBj]f9hY>|g).8=\D !M6faʱ)!?DZo;<=w4y:ߤEx,w+S+l~rMHwS") jKUh.LF2iU4;eig:Q#ye?R5w.%1_1 M{ CYX. *PYufv@,X8^fgIC[[ Cco _RP-v ϋG ~;Tb\ϟA& | 4P jté< 7X(3X)AQSAKt3r8&9+-h>J oPqUv*L֡N4N -Yvt֙y']f[䶨+C[y5}3gM/ҵ^ҥه'$Ӄt8n;: a4 Pzdx޶NNd%ҩ:SAk'x*'.`!OCI|(d/5>KpUU3.%͗`EprO1zĎŴu([;nw11p؉#IQrԬӔDb:Q#M>C]I q]:~k`nz XB͙ҸTJ}y؜#'a10 H>c`Lc:ve" s7\/l |; ]VA!'إh޹IL8S`=8u{\ԃH'p1|riNw[@'jdۈAq(SH՛KGQP}UUc@I2j?br>f qs M[Heu%TZbSD:`/'Z'=8.RE; 8;-EGhI: I+B/p>5^Ky }I#_j핌Q=ۓWq>(:(V=69{d5~hHg +K({o6!)Y,Jj-#s'oS*xtsaw CHV},q,H*5zu8<`M>X+v - J}P3= {Go> ֒*;8>&y,T |/7( ?dO4i[.+B{Q_ڲ#e؆ڐWĭrmFtſ8p#a13fr?2`>k()Vy’j[<`SVnt@kb/E3z>6L+g*m\֌ @ڤAuj">J< (zԭ1ձ| r2h!k14, wxV{mڍPIXWc:02`P3TpZ(%@R aGuюK*kn(%ef<Z#oܣ+:d-tbpp^6*l7 ڿ[vdH 2J_z*B~Vnrr0F ܨHl.'>k(4ը:0SJ0] 9@%M݉7J[Tu&`[_"&а~Р>8aBu DIV8qhDrRy#ADŨܿlyB;TőGh܍n֓W0? vױ:ĮԥC6ŝH\'4qaFknj5iDxsA -jeEGq^<xwo ba /YR ˯!K$ ;C|Q'$8D#a.J<]jdI=#]Z4j{r8\@5UUZr!3b k`p[}، MVR%y_!ܴ\f˛ ;[D]*ӥ{,l^{T FXazqޏHʈ;u\~;I^ۈx]nl芁X2̙<2{ۡb||qTdfh!.oeô~œ?1h+h9 s!!TP)5de4PObl;ٳ_J0{eI "x KCEZנ2#f0?W8Px\҄0$:rD qӞlcPOb,/w-ЧrƿiZ c R%+Ct.+ӓ @$#ZN1y=mPp렚vz7cZC8d7,R(bb{-ׇEDw9i}3"<>izx֐ۙwk W$D|>Nh5}0×}Ћ鯧WԎH+}5~ $r)"#@nS}Y/QJHV2_ڱs\C b>P0ٚW KL~$gr6y 6cGMg# _h=/8楏S\*|c!sO*E.*\Uy,9B^hw00F 'fq$'$^dVNxi|#-u]=B T̨S3U#jJY]+zlMyJZA0iT聱jܐ6""ؠ(ml?*K^"|+, J!&["9mVAJ-ڱyJ}clcbنL {O ʶaCMG tZڳH~߯FZ)B]Ԍ-f="(f.\jUX$ܹx 㓔Kxb ,"@PeB ?AeG_n(zxXvf Ý\꿉a߸^xOt6}|%" dY`\54UjW-"t},׽Q`I$\PDa.>VB[#b߀= Y̹u6j{Y}ܹ ϲg8jt<^"] ;#<gQ-Xy?>y4k-dE"II}}d)RT .U|J}o tix`%j)85s@Mʆ}#"n?\zdci`/b3Ĵ;ث u@L7*G]/q|FOR;̡--4 -bb_{}#ك=_٭^jИ%!ZQ<ṗMY@uxrVâQYR0QKM%qe*w0|G &,^4/)d1fRVKa>J/r{u ;7RCGEہt7IUy8UV^ƞ-#B#=2Be] 8y#hdzYHѲxҞ."x1u9e<*ԣwJ2j'dԟ=KK_3޶]iAu]mJUHq,~-tC OJ(ƻˉ0X5(i +kHc*V~a:NJ-?yS[vf@pgJTmf&j4 )U/b&]m ?3/TgJ4R恷aA6ViŋEt%sM]J1Y>@k2&!^Ȓ{ӯd8q]09)mo>vel bOE!< 7\R9҇Ԯ z4oe\h4:},к5/ucJ&1N*,`ᵠR#<rzHV(ܷC*GNǃʫ<ݺ^+^մ:HȮ6`a#Rڤ@Md. ,?I޿oYHBKcݨY[0y=٬mu/yD8nPkY0Q}Baz(Yr^}Xc[uOihloO%ڽB>? D`z'Sba?C_0]c3A1^q}'^ nv oJ-_2U 0^B6r| '&څaR:c)Z#ò^\ lEb0e7fD  z h,bWt2 ڽqT-~]3Sok*H_O'5 BVbgsw:U݈) -bpX'9hvOn.+KV%օ$f1=p +s{blsbz{ʋSh?MBb=+ L*ڎG ΢UO-?NQQk80imuk'Loe?>E)aV\MKP`1KՃ 빴B }.MT`%t9apZ~讑aɇ' ZK>᪓w?;Fx~~%.$tgI:Y Aޟw[*id 73`|&`{! R,?Ċ`DDh@S)׷R?9e A1d3M ҕБ>Gҁ+gBȳc\sTNNˍ] zQn䶎HhRASR͋R ,a%{8nt(x%a%"bY7$a4z*Pw1rC~Qsy7ꞃk8|#-^ {)xq+O$NBiM?[{gi!uFM;{ݵ8^uZӒtj A:e?  ;VHf:oC阕?dհQ W(9QBQ4:׃z̭n qlA=rdӇޖf'``] ;RT';`'rtZLrۇӽd~Gn%)e70:;y!gzDVEr"dP*6¿OD<>ܟq)l9L%&ilHPi$@Ht5*YG{u&#jј!b#^Ǯt9>TRkN&//^K?oF͒c3QO5;]-̞d89͟wl*+V88Pp5lzÉ g3]gg[J| REEo,SEޠLf⪄B稣jB*L IJƶZh[{P!SlZX b*y9*GB7B4XXv (Y<Tp᤻z?QiЋ_TZ'= ]Cn"2wg;xԯv6̄h yOK [ W`Pi?bw_ZU\*flRP½z+p;0 pWQi\{tH D>Dﵘn@)c05#͠|ܺJLڹ2& oW6U##S{% 2(Eup PS0h"2$LFho^ț3dojl%T ,eg(EJ.; ?aJ|j wRe*RPrB;/sM|qX 6)eccM\ B3xHA DŽ'x 4roLt) FZ2}WUҬik)A>ʓ#-QT34+;|7pPe]X/2Luj۞=hOk$WޮQ7O0E`}F EG.(cS7H"x$۹~ +9Lr G?p=؈qUvm^ac'D0,#p]?IEuyÒc~qU|0ペ5ٙLt.OGPa Z'E-:cѷcf"|b#f#:)>_. Ȍ>): ,7\}) e&9Exd5Y-^T啊 q)\:o~4Z=uՑS;ĘPAԝG}o峺ʡF]Rd6UOs7a> W 1w2vN-6*<ԁ|9{ݟLvZ~c4ۻ,US8mQxjbbRС$OC03i{x~׌sg9opѽA"@pvOnY{zE%xO2p' 'R&KLWH Ev^C0ʹť+E`F+sIw(-OrJbbVJ1NK6d]RsgrF% `geQ":]QqGKCTPgCH`/zM!vSN%:ॶ^lyjO:؄d^:]6. eC&zQm5,0VL6T~aRB5K]+Wo( B6sLY^Ão7*1^ [xFÈ.yoVfm`WC~ ~u!S9lnppU8'WL2$=h$>|(nُIkm{CsaB#R!@uF0Lh n^e(f ^?)gXtҕ9:LА~K;ƗpV>XJ^V䈐'*Pj4&ܺw=u .tv`` Q/f饬hFkw5ToMT%a6ch5v*M-YFe'UT 9[K6Jf1~&cةWUp͈U2y guZ'v6]2r&)%RͱzFw67)Nj7ot^wrI7l+kf߬!ABwrhb% zNAS,7xq:Ʊ4i|e}x ;b3f-ksbj?fˏ_M,J6y\ä́phRy˹RKx>_snL ` /G,-6#sPCRqu㪻q1o"8~4YnqP-Ez$syyK*ʗD)?IE!q>LB'NC:TSt1FZqFg;Q97ȯv =Ap#PTd#^cDE{$Zn?~'L0MJXAgQ5xzCf ܃ zè9߽=|H@#tiʀGR0}Cl71Q.LhKpM3%C N0DgvncRd}7p{9,Bܜ|g(RlѮ9c+c龕Ăv(7e'OCcKP'(ޅr5sX2AX=={;Ɲ=NppwAɞˑM*N߸bK{l nTz:G95c1 ڳJu-jAmh c`AY#Or"ezQ&n@=gH/I /UO2ƒa!LTVKa(j|Q#e,~s\ڕ;`p@]b 0LnFVviL.Z;:! n(~Eb| av_{;F9O7]䃬/aJD<2z?Ju!ƎÑjKy%Zle~_qK\T  fO*){aT^m8 (axh &//)^ެVIeutTHadr{=?ԧ]|y7`EM-'ݰJސ_w]̐>ݹяAg%RtCѣ(K@yA%`GGx' >^/&mT?HqqE,#U( d}m6;b|ـLYcB߿+@`yEH˞J}q@=>N$htj+A*8Vw5CӹG1\~ɞoMNxm햷} "<N=J 8lo rO+Ĩ$*$wHMpAn @Ԃ3E;ljnAP4/W*ƺuq2]b LY·ŹHĜ()+m A]:-V'}JǞwMwlb̏{U\&*+\C1)LBZiGѸ)T.#;}|VDBH0i)CkL*K"S?u[/q3$=f06ư@\||[*^6 1!p'@ 8&l>0xX0-L{BbwYӖ8DFode5mu~ǐ0 @ý _MQ} |mŒm|5bË]nAn_-^b)˨O/FuEY"n%XCZ媺4UR R= erayבTIlH قq10j$a13$wP&k43;i6$Jla/~WIW#,4 ~G=`s=Ssw$X؆MQ߫Na[.b䒾_[Uj N=¼{ƫJrКlfZ+D F}ŇlB:QUP;yf=S//Ȼ71z&_-I#H5|LBAgG&~SX_z|?i/h=VGW|EbM#+żIKLq[ 'i"hNDG/֞vs{.^8#c'6/Bڄf) FM֙FC-ҵ+QZsPVՓ7V%PjAڊ" yOEAtU%؀tƻ~N8AZâ;} v{f%=1V8kfz< @ìW,,η]e5B?d S"ޟ7ǫ.3 ?K2!SZom2¯?[lYUIv#NUDx!qV.C '\klԡ7hN%ђ؄P󼛘Ghkܴ_ձV2:B4/NQ[oU4̂}]G?u1eedT5lq [ i޼j2%0tDxW4|%0%RwO^-"/6,Ev){%ŧ89wJ\ʉ͕O* QItߑI59jب>xT)0q7ɟ`ͺxF$ 'E f:Lef$ gmk~E͛V2C@Mbf򗜃&cX/~v0=mgr@!:`~P 3.&BN$I_l12p jn .!ҷ\%\YuAb1O|P !qtx5SFUx4ivMsEq$x1ӥnж@)4C9{a7H~ ή }fBlI.aA쵺b#Y2oaB_2<*0dmz."_Pb{,d ~\hBgY P#̶Y [˪ZTn_j6|\GiFg|py]$Ej+3tjPkqF5\-\THfnՖCgg8YNFszɜEz;6a¡UzRn5c?Znb'Kٝ[b%=C3B T1jC+og >ȴ> vmZ$(jrAB'Qa<9Zk23{ȰdX\Y@b?gMs5פd%餟׻7BgBGKve@m[fĆZ^3#ܬ =7B.;^ ĠRtwA Ll& .39 l{ʺ5ARilkۧE m(L0{Ugak/}/x X^DC{EK577SyPinT$w!d+o}l& @ /MlEf(A "p3b;0p])V9+/N?LOjM"SXa,c@@G0D}-R<[k D[۴⅂E7GHSڧ/\{F]uϰ_=3㓞S_2Yi~iAҲcc&4-vplin=CxOcOBZR9_Cx{H*wO=ge|13)><|Ɖ#Bq>ͯb a ^ [nÿz(iX؋ؽ5| X@:E/pĖm^"[΋2,#P &#s׈v#E_,eX]0I7MZ։JЉ*qgW0a[DIY?C›XKokjc lCzOyi`麠jwhj9DaaR׶;eSN+'8Ros'[#L:-|xrn蓮2E6j|,>oDڟwA?dC肉D20P|p5%DpOl2_O8JR< mc3vyC}>uǠlRd…R#뇧 ۖ/NG ԯh7X(퐯*07x8195d z:=6¸΍sdQ /やqxK5rUq#yM Ya6M1G $vz^1QN<(4I#T]B-lL@p boiU=2^"!n3ͷ+Wܪ]pnX é`fE^E?-&e4j5Lf EAxdihH~[Z~\O,#N>m}ë5MRkSmTq~*^7p"fOyQ\:RX09"F GvDIPd\ׇ1  &ͯ0IFhACO3E!̰4e <'3WlݹH;㍵~R&h{\M}#z?Js~*]l%boVN 8E]p~*CU V,{`>8uFof~M!q6w佑J=^xU6QbQ-cR̸lh) QG@WAznbWbFv?!8 N|{ua"vB7]_ņ4VF c801m{:u ,ڟ|(q (NWTW'ˠ똓VG=bB2Hgiz\۰MWSR.f?~¶WJP_Mɂ #z kG~!c<àqx|5ֈӨMV<9MI>Dg0hQ(cs2wWG7WSsI3k<l?wd(9pX9U}k! |м}BNK^[+[6 #sܮQ Bd]Ha" C8'VVK- 7W"b+03EOni%5] QU7(dVY/- q&XFb6Uu|)0$GNU1zTuYϯ"!q1߿Bi\Oqltg;zAFx1;#7n8phAƝ bq~//P(cqt'ţd'c0ܓHFfaGE.:?* sۢu>ށ5Q𳖢bY#|`Bah.4:[љTG vbZgNh hc%4D&t{GQbH A}!!d)2l+Z$ZGPrߜ]Arb+`oByK]L=$>IȦ{0_򈃨 yZy!V8Awa09- lRW}=LUA570" Gڅm.c%fEu (M$c[5۬3٬za_I_cUm ZY|)|rӨ0jr v,]9)G K_OqS޹ 1nv[0J/^wSj7V~>0jSEѠ.vlf+NO~ۯVE⌄,L"jU9fN%|ޞ7+c@Cgه\i%J.!'/FxN| !/i iʁ($oL2 SPd_A~uJ ,6e&du/9Ks9vf9C 8 x X0\aLfR6̨ϵ$-ۭU>("^:\e('7V[o}'j)j-գ@u34y?WA-ƧwN9+h,N]b ^&4 M?aQk`'ݏ:׶u4spôzD$#ЌH"]QcwYIc['~j D7 %3NJ9C 3Ex3m`YB?{Swcp!2#9 U #b*o71cxјM 6Xҁ?:G8rAGS2Fһs['P-1?_D bi:.(A xOoM|l}{|򠽿,8֍4$Y<;e/fVm x淇^°k ^P|}1TjKESk+k4qB-<'O:w,6B u},H,"\(F]g'Xa9ɠvLmeս/Zs>3qz_"H鄢07ai;X1K7.zR eW7?'E_an"kn 0v۔EYl`7QvNy`fz`@ 2K2In.uu`D .޻ `wɧ}266/kqйZK&-/YDn衈ȋ+'dasln7[w\Bf!{Kf8vmE/S!Ia쪝&HVb ^Tn,fMn~E?0 D :8.8K'ޖS)/"XU{0"ްk4/CWPAKT :"u{LG;՞&h5V%5#C82a~5bQאn^B4za刏`4D:ӡ& I2dR} :t Iꯉ%fE_%%pZ~~ ~,Sl-La nO'>m>utlhaT羅&[|!S'0@|ܸyg i7y,0< ,j rfl؁ .p{v kݕkBxL'Fwǝ9 G`[x2v$c-HOn.B=4;pN@5i3Ŧha)ɍ)C3yae&<yKR|Nkb y_~Db"Ta9-6~\7'\阄"W[~V,X֜B;&s2m9-r?;RE2 ˅jg[e͓7 0;ekɮ1|-0>N `jvnLLnra(ԞrSȑ&.v!>Ws*}f}ecjW,kadŪ: .:U]{J-0^|:]ľVp=p&Bk̝죖z[y爀DK|rCN<5VR%gj|ui tٛ ط[JBJVX9w}K8z Z<+J&Ab祎PDRZڋ>8 /XN*q!rb dw\h{.V+Ӕ:T.tx0bVW9zfYROZdg  _]Cgm.Ž k+4I3Sx7^5 v7o.{t !M:%6IV25@ ];DEEL//-ipٱ !T9pfe,ё-Jb;F{aL5OIKOzy ^ΎDJ "NnD*} I 1"rNbe)?axy J^Ȩ? T595vF^#-Wym^U0yC./A$@5H:cpǩw037StcMF]wIB"jIwk(C+: \.wPA84_4wxٯ?9LqDq9b6т݌%MbQ^oޤց쥭̑;ZA_~O%KjTiReI ᑄ>5t.F)e]Ȫ˩Y9M܅öbuo PD QiP݈A]4 ֌"ʌFw e4pcYy}^{,!oi0,x`h5KWz;}잎]-|O" RH{m >M(*f_+mf?PLSX۴`fo.A[~rd7 #ܔQDǮ. 'j'pz@kUDi>Gk:@0%( m񧍖$Xז~;@Lc6LM*iN1_1eH8,f:R\#2QjhŰѳp^+(V1DZ!vJnU %xJ oxl!w:~Yy\+1uY7x?0ٴ0D0OVZwQZ0d/V>^ 7* +ME%r弯;CB*;NMԣZ|q2\ V)Q [!_&3w>]}T_7~qQKE?;7ë7I>Cpo0J`)mn;K%pIu@%ٴ2 ӃJfX΍ov12<ģk<ҽ:ݪJ/zq!ᩮu 狫ZuoU ЪMGp@*1.ܧ-z7)Yl“ %K2{`4wOuPލshqIr.~S$Ù Nt Zl(>c:K6lv4DNpiº1 w3ci^ʆ@3n(GkRN\!)3mHbd-me =f뙅JT2qY=F@heln VK>OIp7y?::`ɬ%RRB]!z1ڑ][- a?:_cqAy$L@|!(s-n .wxdX . -kR!jH,F5V#S5Y$I+ޠdǙDtWܾseҺmAS4̻!԰^}Kt1,^BxPmip&Fb-30d93J)8`ڑolԥ`v^A}[~S2QN wW ͙0sJZRrAUh5CY0{1O"TxmrŽQVw'ʖ;A9s+H56h0LndLov|1kֹu;K6N俠]G2uhn\S]S9q3.tB<c D%r(9tPWZkE}ہ(I3ULu7PGmxʸ ݽ!_yKw!E{,gKzelqnև[~v\a`F=xi֪DSz\2 gybn  ,kx6 zJ=9 9oɏ'7aV=Pn|o*zsV)Wv㗀߮Yڧ&KWFlWfb 2V!6HQ$]%g؈OR~#nM9O8pBsɲuŚ|"7,n&&n &2>XvėŹ\\tmޅ2a5!zy!j]l =AYxWr.Md=jrGQ8 5x_ٚF|*PRe,%l3ק3M",?ÇUVVAfH _T5Rm'zV+D^Sf4?\7ΝZX;sTnHOVj,5YlH\3_ %<_7F]qy&=0ٶPoApϟW{U,D,my7TGe/SDclqUMHՌBZW)ɣ|[BΆ%0zH/$|u:Dun݉›qPcQuXZ`L\MTϦ474/s'xխgӣ%4r^)o V4X ׃4Dp=|(\ًϑ XgVeS2ZhAD_1W~4=q{0EmkbOfOW1px{0Bt&U^msp:U*Ԗ];ؼ,=Q4WMd79mm0 OH¿5 -|k]!X1"g8@ONib Tء c.H_єX 㳤+cj^> B@Foel #vZ iB\+\QCUg`vU} N&k;PcaUDѼ##;;:ѣDMcϋ7_ %n]4E@XAA ǂtxGPd3+ɳwTH{k~(*8qmlTg$<[H(8ɜp~9OK&QBކveqQ RL ˟HiWiȟ/ݭ9uƏ,c3& @_u87wضL=7j2+gt`V.ɷy~}#u A) Zo᎟F{SƒFBgѕ$AS1(h|E)FnkbviCXj:Giٴŵi7Ed__@кMxeћEifi 7 )(0J~ 1 [^`1j`HH{[U" aLioEZQ:?MAk71; m5xk@ ,o@)7)>nq21lcp&‡;ouU4ԣL.U()r9_B&ːM_uyMmgҵvq AXb{=8]Lzhz.ni0¾RÜGQ(f$q914K D'B^w7\Qwh`.x|eubydX3ltdohmH*/1Kgi5_f^@@8dm+'ޞeO*=Lǡ_ 7i<Yh'\jg0۶@10෠ʵz=pbitJi b[u+R)WR7w1WP{u9gCxLJ_M +`ۗG9,jJLn1䱯8Ngt캛8L-3eM]¥Ϝ9mL v2-#5ȹ#b go%Nތi }ӏYnؒ7 Ԫ`[S}Y6}*e$cDHrjw)>r PmtȿF9XR{bRMqrs%{&̦& d yL%>i%):W'*5T|ʆd 1n6ۮ*E) nY17Vܭօ$ސ K\$@6'NXRs}=-9(gw1#Ixm"za>xVCN ~+Gߖ(WnjBtO} v#q}Y$ʼn`>Que?se[tFqz ̂O^3`@Ciɳ8 ཕJ8&p:%LF=Q3^љE.a:YwT rEuW]Хqw3z*5CZ<2Se!~6*͘ I vs TN@2L/ӿ2Y,.X}{c}L]Ӵrhރ[N2za<őқ,^8 ԑVu@{Zl]c WFg_qa*OROg`L,N@rhm;_S%hN#1ЋXCMgشJ&FMI 87z`?0Ǒ?4)4rHJ3wGuKϝ!:CJ`,6j-r7: ރBl6õig=elsaB*5iBZ'GC oޱcAre*1G>fB,:pB`f /CĘdkvʕ:̌@̏+(O; w}w)D7&"$b-Ե_jms7Ǵh5 8u]D2|^BdӋ+nO`.jԝE Ut@cK8\vR~rCs? J쓬3ϒ| Xz#ddvgfγzuRC){c뙓NwMobieWUWtd%3sҟFV^[Imj:A.~Ҷ, Q7c?@&;%+d\ru%Ќ\Rk~()f2;ʨT*Sa(ZzMax! `ӄ;j4ט`EAOr=-Kh,6}KQxBjc,i*DGuj/e`J 1Vz8)Wc.ݖ%9PnO]qdj ZXW[t¡Y1CfO>>|6IbwiVACUnGP%l2%g#6)nZ&fB7+BNͨYQFtLnq`S:AIM-? = JQ WzG~W\)A$Cʰ)t!8-(U]eTE,^%cnx3=sf\&šnEfcO u;3q$j* h-GoĮ{ wmmqQig|\c@52%"iIi=85AX~.XjͰ/| *cbFBG=rediOUJAN*Aq'P c؛lg^m,%Td4cɊc!X2u^8Vڱ*#Ĩ2+TL2jjSxԳ/?C~ KH,V WsMDg u\^%{"Tߵ}?F2C]qV8ҷ,G=T - IoHmQۋjAG`TR|4Oᲆf_ l oR?M#VX`n@hUf!'u'Ybh;@7A,6%9Ĝer˶a3=F7|'>9γ  ϓbcNڈQ` L:.[KPMc,VQ{C5.Jl= Dlg6ߕ}!kGYи'|/-gvNv|YZ(#SHkYgƋQyXcYga-1jŃpec}4A;(8;߳~"$ݢm|UE_oM?pn݂PL\4Nۧuya1[cX̶޻ LtzDq>dzxрf xAyzTrJgl?QG6:v(qW7?`@v6r85-X O V׀o$BHu-qʰ84 *{an#?hv7>ۇ>9Kў |^^h SUǡWGs£uFw:9x+rɞ$;D&&!N;s_D+ ,ccpZL މosCy-T(20}3?D_PBʋ( B"gAd.1P)|l~K!Owy5i2$m~s]HXҷ$R/4[f" sJUh2=μ4lpW氾rK_DPe@iX:q٧(ۧz7K7eT@!+PxpO%XP%㗏ࣟJQY4ZH1+f @R>d¾k?SUON1l;Q-u(MFWN sR#pIY`0O2l$ y12D"q8wÏTM 7-Xt&ňȭxB 1w.}'ѡ4ȃƜ@8G35n$7R?(|[?hQ qxs2 ֟{B+Ph]0$2Zmx<ݜӇGN fefW:D|EۃqwH39`o"|=1e67A3Ǘ/Ud'x-H`*TF0_Wfx (~C`k4MIQ­9_CǸ1ƭAD 9cLwXgaXZ/U꛹k(hHW JTMKEQI]12q10 &ǻN]pćCp8YbZQRq1Uz噐waQ:KzxKb񭄌 ]ҞfONqHɁuI!+taЯaiݪn8gܾ"ƺ,⣀²]ZTE0fdptk )>c眕KLxIؘ*Б?ȫGߝT{3WPN uGRIS""F}"~a/BI=6Gvq2kOq5/]bMX__i׬P!kk 9Y ˭8ʿ OuZқۉ ;n l1-ѢleH.j=y{U^А -\>EZ ' ٹ7PmQXuN$8a%8JS* |AAO,<(`I6@m2ZG<^ K 9ӨPVXakv~fk#Z {i&`6(v1U1!C'XtS-b4Q혞ĘT=Ԇlb9}M2ɵƹ*,Y"]Ay~7V\4U%f%b3/) b#>x{iV:~f?E[\q{$4ОpUpOҴ#'n9\r2]& !mՃ8La/4z JL熿>&3] KxC:HExoþ*l׸~O!cSψ 4W[tR6I_g=áHVRH 1E75CLzi;pFMA:73y.rPA&,jju|*W|T!bAQ+?z;C]t~*t fF"_8`7b{zWnV0p𤢫1G7?mS5A x|7C)!0Ix3IfTLP;T:Ld D\Hf[:tH/<6 Ei՜} 0JK=%P$Q8*~:q@;Hω>_l0=mV>o)dcϗa~^i'S6A٥>O>1ڐlxtYy]_^.a%#gt/"`Ha{h-oJt/ $rPc݊nЎkUav1g3S /uT 3ct2+MbĒ-E|BMF!mM6L䶲UE8hB^޻ή9a9#BPpG4>*م3 _'2t`xX.ZλdmF<1r8U= %u Lk` 6G]ZAs'F4;0RdTQHfK%Vj^DYh;ϽRBQn[:}TMî5?#?3V"51a% `$h`1R vK4ӥ":.cd:£Ekp5^p gi3)*]M i YSS~}3tܻǽl3z2#%m׷j$پʆֳAk6 ,BxڑО zW6‰ߔh="YCSXV6 +4㪏ME[f]KeQٜ6-9j:6V)GPwN Un*& ADX]'6FYٿN MG55)#"2]P&L(uE}KBYxӾAv%p%ӆV+n߹((+v{,1VIM5M)!0~MaG◿S~# (GsX8:[/%{bl v̛?aԚ-,Cwum섦6+o~vUEˍǃF}:89)kyZݪs{sd64b~P`aLw&½LuFr1A7Ot%=; 7īNnYnwTwAr!%ÏXR~7c6'*Py(FQA35XIyԓpp&tinffU:Au[Nȴ)cŒ~U9 / \{ jϼ!)CSG{p'}54fs_9chZNOc+mDVe5nEس`%XkÇ{ ɕiZMΠse*:~gVC48Mg-^b}юu9ݷŀq#aG@GEA@rE:BєqykęMW,minX |#rfkQ7}@A+tr҆&w#gwBiA 8 !1ʺ)1Ϧ߂s/)rsP_ 3Ft(6Mu,OE2v }>+2n ॕn'oF"tc&6Fk'3iؓq"_3<9 <3h6 ֑AkHi|;Uh1DT WktBA!Dž8v -۲W$ aƦ @g./оIhMgգ3 C/w!q}(? xܳB́-^3T̈䞍6}!֦L󇶔FH[W G^EX/UݤR Z$FL9([ԋẁje(Pr+ŮcmY4cӈ U۾}o#ao@%_WD ts04yk*(0lxr{=UM8ݰ!a,/\:^2{3zC e!q5ϰ @-IM1%ňZNwU?%Un4 d{w\%IY~`9IkZ:IMW;PM."y@gkԊ]n7=獶.q!(F&A9q&*c %F36bDE5J(;ג5I.grUWy*x2Dy5~~ Pq:4g{g||-TjӦfrꡋo=o|plivုZ4fB6e"]Z)+V8Ɯe&\hijгg[.Ub;I_+7}L sZUh~f9|/w8 O$/^.Jhp5UɛǾq,\ DU6d۹e6; _W)ڧ<"?.UV39,bUrOW9/4}kXL OzMሟBqsqWC_բfho=DSzS b9TlVuw Bo[M2%ggi XֱqnCL?;J7@ I]ѺʡKM/{W `w>f$3YֺӬ~BbӣV4V ׫4 d焁8mNb FouHa,Hj9Ԏ6 ޔV|0'ᾛHc!S6 ~=]zrL`ROY~;߄4#?'Cqgpr[,cŶu#j^aZ^YhQW%05NoM$ӤSѧb%Z(.^^۝`#5SʢRE9BZgAj탷%QTf~ṢL l2{%Ӕ\fӚl7̗!Vtܔ}+rmWB z}! H(W:ScÔO_i^A@ݹ R%~J715P<)LpP_[-~/ 5"휚ج'3'< "|׮RYLVֶ#tM Qt3hrj }ڏ)[SROPs/fc}Z4SY! 0^//2g4LƥM]aUN[Eਆ<ᰠS{`α6/b>}I`\\h#XlYF,j/ZsP6>oL3&wQbeqF4ryCծ ]Jql+'WtCKri1wBV̕ pыY^ 1åT[nf`$]T OaM͝3֗rq[5-iDkzxOѯ5 EuGˀ9 qADŽTM)^YÇ dP޺c_@Mf>B܀lg.^zMp=u r?SO=\>|EwMNLg`56l}:dž"kGosA3^eL|C6şq$`5dZ-͉B^rG q% #e*=+~,l` VCisE= ui̎$4;ɪlkWga4ѳ܇v=Cw J2d ى|G|MLN<*q1RŖZ 98TL5E^Z9/6hY*y <ƚ@cr#g0F_>a P'XЩёk3!).:2«,,Ex ԁnml HPRb*c iWO)vԨ0Ҥ=D(O,ω-,hY~bNW9&Ƭ`> 2VUzmbղv&63ͦ/A=-?Mqzmn(d'5HuhǯtM!r4^i{T_ceeCt5El};к|lu dg]L J VY~T?/dc mqu[h1a XvJeMt%!dCp#=0~ÜFWt gd74ޝ!R.Pͧ&s9#pK#'~ V;@ <9Hqjd3#LK5I@=̭0Xy-cH4̐-sl+WF|@E&0FP;5WN_\ Zt#PD;W[]+]GG(MEeilwɓBXN,2 һanur1h}n#%| ?{%u͖tzzș#ݒ59JU--#Li*AoU(Kuww.9r"Dޣ CpulP[FGgwHnar1 b( YZ