sssd-tools-1.13.3-57.el6_9$>kvdz 3u>2@?0d   C .LR\bb b lb b b b!b#jb%T%tb&'6'6- 6(-8-94:GbHbI(bX Y(\Hb]b^bd efl,Csssd-tools1.13.357.el6_9Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP passwordYc1bl.rdu2.centos.org LCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_640H0KR@|4q"0EP:ao2\ 00m:+|LHNr x?sH cC A큤YYYYYYYYYYYYVpnYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY37400738f8cef2d1783c63c8365dc982441e978114ff575a73f2ec3e1d855268b7d8ed25c10f3f96949c3b06bae485e1a8bd3a9256ffcfd83398fea2d2a4fbf506f7c06b8d4c421d9c8fcd580af633e3aee19682fa86e18f02bafe0010e9370ddd05c09b220c2c09300036dbcd7be67f441693d13442bd8f9cd23abdff722b00d024a636f665f3c205803ab952d6a7d67fc6f9880f2a28fd29366104aadb3b2a074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e31c78f14e9e5e8916dec1155eed908e41983829beb1b4e67230b61da9b84b6217048e1180f9857e4e4cc360177e8a16323b3caff65cfa88c9855e6dc58081793435563d311ebff2595244bb14d38a3f2e835da62f4acf2d5c1be9a9ec1af8ae51fd6440b604ce140da2805f918d80f4273fc16c0c3912cb52b9049a447b55e1662167d9c67bebf0efe19289cb3855d420538049ebcaec5c773f14f7a4d45f5b98ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903bd56d49165be0f793ea9bc0a0fbf88c27c20d292672b84cb0e67952353c8b45db60546e2fd0b1a4db5a5c7e199a68462dfa6fc9d4f70bb6e847428225f1c6f494941f3ec9c6039541ce3b64bc650a29ac1097c57c034832ee664ad3d8ee9bdf2e101d1cf6b834c2b2594d4814a8ee49b2dd83f3cb46fe7e766475e8c16b0ad94a247e6d836cde2ff962ccf667d769b3d9efbce2f1f9398996a2ae5d687294743202e62142bb856ee5742b66c06e961a34aa71751720461f02dc4f6ab4feac5945ff859b4f742a42da0bcd5ca82b19eabf4278c3208d6fbe25922256e09d637f6b7113f225a8077dfd00b558429b3af533d564d0d3dc1af0ad2b0dffbab753eb5b1571422b01d7722370b142f0707c410579bc5ca16ddc3ef4c74d515ab4b1565b81e7a4835bd45cdb94cc2bc47f767333d4a9e8eef8bce3f5eeb2cab7e7ba50ee596e9230016e36c3762f835d7cc308d3bbf367d8629b3d7fca841e7bd9ff90088178b4351fd120291cf8a21c604534b974bff38336e4d16d1fdb7b8c04a3411e1a7377e97d32187663d74ed14c05c6a2eba0a13aa70b1619187ca8a05dcb479071b8350f3969ebc4160da63638f5fcbee6b6e4af3bb0f09c0e42ad72357d778d6fd567264037a4a4c081d4cabb5ae706d2e0fc2ae265b623320a5e2734b86190a772eb9dda989f2f748aa3fbf99df359b0282a7098ea86131d9232aebc105cf8dd96f4c3350f176c7330c5e9cf7c09d98f5bd0d91252291329241719dcfa0b9440df973197410da7a78b4d71bfe834d9e96447a69843a061e7ed624189ca4382324a35ab7cfe1475c12e50bc662685f18dbeb54856b351f9ba86f44c104cb95c7199386d7040d98912f4a9159b0d24b4bb54ad605d2c0f38accd6201d73f5a228e8cc0dc10bf14f9c4457fc0a7ff36ecf6ac0f9c7b8997b3e99e7b14bf320038c14bc3a74a2b5aa1dd09670fa25a5e78bd3781a26ede2186edea3a599c2fc5664a0198285dbaf1d8c84418d440b18902b4ff20bdcce840d9d9e54304323ea803696a0d5f50485247879dfe907fded7b808b941bf5f36c57052c5b6b6c02053cf8b388567f57a1bae9a7eb2583ef24ed2d283fce5ce51f8e909fbdbb3cbeb68359572abd8cb7a76c64de1f9ca5b2de01c9474f311e167573601e72cc8e96c39d65bab72582723070ebede1641cdfe7490b0b9b815c8f716863b4004a140579af919af012b19f32e396a2b6a3358cdabe04d4feaaa26804e1068ad2b9b4f06d14d568dffab20416dd8572935ed1b2202297a775977baf52b0d18ab878337d9d0a71cc23aa014f6ec5686b7e18185d4525566eb88f2444db80a6c1a90c4a473d230b76a9dd02379a784cc12d8c748eedca11523b837dbc5402e3c7e068e2d35b6a7a2dcd9a206b010ec6228248ea2240d38b7411df8eee8260a634dc1f3c13dea2d3bbf32f0d63c491dbc04849d3d895bb9b1e89cd9dbfd8bf065b062cc280c2b277bfa884e21ccb85442c43cd67e0ce27b030855220015afb7d7b64728bddc14b06e644234fbb01d0cae463085694640dbef5f1547d8f5b692ec09177b4153da4ed567ecf238bf9490b4c3ee4835876d16d67eb25bf01f31e288ba2451f53f857f37b21ad06a27f043efeafd2060e114fd21cfeb79da55a2f4e7c2461738b52dae0a97cfa6e4091c10f33d360c83b987734e1029d19111c1c94f5ee3b812f6046be8f060a6bb6473e14c5aca92526ab0b4f670636faf206a64e1c1e04f75b07f37550f857712a297c99b5aaa2d982edd5f70355e19105ddd08fd82cfb4a920725014bf9e2f3765c529b0306ef3666bc82d7982dfb9393b50b0ec86da5129aca10aacd24b55eac3376acbfbf7c42ae6b528aaef55b6c6fd09e0e79616c4aa1eb73a4b24bbaebca976ed1db8e4035d7f49bb188333cef045dd93ee401a137eb7e755dca3b9743887c87c29b86498b001fc55253fd3e67201c4c62745b82f9038f34ba89689da239fd813677185207225a121df18faef1a478ef1ec86c5c4595cc0b7bcf86900be9b0d7e9e3f90b7312ac036a6037bbeeea7509e39284396bb0b81bd9f0a7fb14c5a7554382b42235642b694fc2fb844088d619aec8f2b56f67dea6c8c7dc23146cdb4fb5e8c1ab08f34406ba4b5d81415644b7c0e91ca9d24d8cdf89c0fb341fb373de503fe2016354cb7e095b645c8d90a7a04d1c3428dffb62f1c0a3602b87df92a82efee38565139f243ef582ccf91572c3ba0de14effa839f70fad9dec318d40a00f0dcf8dd7d791a0bcc6f5a7dfa01e03535dd94d9efe39cec6c6b1a3106a18261dd9bf9652a0c2b9cabcbcf95d39770754fe14b4658e290bdf0fa2d16f05abc74bec20dc1eca7ac8f7b54c311b2a3d24cc3c691304eedd07c70712a9b23a17e41e2406f3947aa6777f1c872bc33dc80b39f647fd5a316b7f45e735e64b48e2cb56da6ab32e5ccefe303025d1fb78ea3e0fa8fcbac58faa728410ed7ee3d796210e1e4ad44629d81230f97ff4660dc87e7fb555b20d8a71e97b10ecad2a06b72e28c61e402e630a03a8292df8ae343aefb039be64273b5845374692b887f00c6a8bc836bb04cf32857e6e90d0986d9bc8ef11545c81d06419eecf7a1a37ccab90c96668a2d20cb09fc19a859648eb59fc2643c3383181b7183ecad97575561bdc647b261fb46fef28fd2890057b53ff1fa4b1f113ec8fbeb7abc1d5df60684d684f02fe589a40a01ab55b08d7a3b457fa03b5d075164a2a48bce5762ef8741c8f51083ce661309ce734f7dcfa64eac7d56cfea1fcd21694a968d28e0ffd54470b9f57687bb4740ce760a79acc1b4454fc36b1f136dfa40628b598c33011e00f24e6a129911669183670f32af088974c57b51eb9994ebe42a9eac9142070bb43189cd1b632a87926b745f207d9722864b389d6f51f60e16b4280dcc21e0603fa02a7e37057d4e7dd8ab556de75ba2be7f572f280bc117c5d1f795a89cfeb571e007d1a1840cc810e75e33966c438ee0f412a535c6ff776299f58b9135ad8b5065873fdca8b1ee9287869f052d1885709d65752709a34dba6d5e2ae58cecca23d231ae5fc7bb295368201277b17bddfccfecf37f1388b61ba99d8ca06fbe17338effd295807dd87b0df0032d066201eb8bdb2342a01939f0fc0feb0ff96f6f3a651cf642d6a3859c2d1ce20b55f41dde4c0506f635bef1e904bfd44a9acd0a5e6ca4f062bd3bd2106c043dc09349bc0cb505ac4c8eabddba264e16a3fcbf2a40bfdac0ccee0a777dca0b0919fea5f2e60b001eae37b27af3f79858f853fd6971dfcf3ef36e99314f1767426c294cc4eefc1cffce6f623a91d2e0a0a5f857c735150d8b90a7dcb2f46094a2554b9079de23b9410cab36568c842bdc0a1dac1767e42ce2160b1754bc2f2585e0fb0ed1195793e99fa22c649a4860672ba2b16a2702fcf15ee90d763bdee1518c1353fa8162224c85150faff078f6fc5902f5178f4c7a033d101a06ab04fb6e054889130336ac41dee67141c32db1d893bdf2afa4d2fa6be4c746d2653d0050be744d5a39176bffdddba2c220106940f0bdf7359bced4ad8f339c8ec511accc04fb3642ddf763948ed68d152a5e868c28eefefdd55a7d50cb766a9e20217b7eae427a517fe93654745216ce23bc9af7c69a8dd15cd283a6ada923cfd2dba38109110c7da5d3a1e60831624313809a33fc25512227f414c580d72af313e6dd8de8eeac53da0f925775062a87e0371ebc854484a80c55d60d285856b99148a13d8dba813c7ed1150c3aaaa866333b7d0c6cc75574db59a9067f3297483d279959cf7e7d68ec55616cf58f99cf7ee12rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-57.el6_9.src.rpmsssd-toolssssd-tools(x86-64)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0()(64bit)libcollection.so.4()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.6)(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.5()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.0()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.12)(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-57.el6_91.13.3-57.el6_91.13.3-57.el6_94.6.0-14.0-13.0.4-15.2-14.8.0YyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1473005 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-57.el6_91.13.3-57.el6_9 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnu?7zXZ !PH6m]"k%}:w{!vQ_99g/I^NԺb+/HfУ1 42)yQp ʺS]jq= h_վhغv5r-]G!Ox6լՒ9ƷBvmV>=Z E۱|,7M`,vCd|*451I$&&r.p^ .[fR_qaUTΙf[rjY4YE #>q (ۂ9tL<!Olc>H~9Lze M|_ Zfe Y©#;n ݎ^x>LlBίjmxZ-BlsMkfg.HVqAxP;U|1M[;ه*52❓\kݏkKQEPLA{\kkMv!A*j)1 XN8q|On}1i.~ WsKE o[ v)=V3Mi`VPZIկz~iS E5Kg$397ƿFPc< v-m֍˾TnUߓ d+1hn r[[0P/UM Xͨa;rR#P|!?8߮\,*dҰONŐnƥ,2fP_1pD_$jRPi[>vTD_nXksBdWgwB;|,-_yxHVЭ(BIg=Ѧ}Y/aOtVC--upI)G>GP}l&2@~mԄ2U)#j+=<\+>HrB,)f_GYmdq[v={ Ѐf_TpO8oV؛3*~~Tw8 7z-\!`::C7 d8bE=ƃ"4S7 yp38:hNH'2Q-LiǍt6-O}*أEM "H  jM'kׂrOP[{KVٞ]ȣHPɁA]PN-NlKHX,] )%sOT:Iлwr`>h29]2`YD)|҂ FVąt)N>U2c%ñ$(}[n<\_'{[ ldQ׉F:pM(P'Ǐ^%8jNfX.g#_H(&PZ~Zzwa0$o{:zz4(aF$D5H?S ,Ss u%z75~g=LYtLֻ(m#?~'iMj YibC0/@gc#}L`uzv3 Z.?4HH4DJ?u,G!llJ q#TFZg<14 lԞ c6ZWsrtwNP_P]zhA?\vW,x;;tpigTэnSZc^`Minyƥb]^tarmSR#$U8C 4$kk3Q<>3o "F#X!ZR$fzFr< F.ת[y_ dzfU=Ř&o']S$g QsCGI;U0Lx b2ļ tuj` CWNaI sfǨ:Ϥҕ.@n0ڴdwq<+[Pn g,NoWh.T>0HC: xMJ*C.7@*-ݵAVL4xYӒEtG8r@zuzb C|`OŬ c%Gu),mK!zC0eM6T ژ=ONSP0W cٶ-sy2AuMzH<_/n%=DyNaonÁra0G[鴅dDh)ftAy ~fxB#ՙ@6V7"ڢ= eI&1jĢRP@~|&䯒x8^\+neBY A;d- Sf1D-bIjڏ(BI2$L_ҩw)!n:/ 缤_C:p#]&7`lݡzY#rMcԓuR>7ƜMǞ:11 -gR+G~w}6s{3+˵DSDw~=%O1ݐ/w8dH}|YWWJ5jE/<.uE+GV dyN R1q'7:$UG11y߅u% ٠|5z F#`RmB{;#&bwb?s3 0/1>R Z^Yƕ'Sj(2)p1A ?N(MjKza , ȂAȽ&e]k GCI`?mA59VrJ#4MH\Tss<٭82> }5J (v =%b/ pqh$Xmiq"ä{`uz/Pl" 8M&E, _ev2ҏm؁ʇ 1f{MR8@R;]IمWq`f/] 9K[Q:%p@f`u@;>'&<8/wdڬ:F!y+ޏ}M bJ*zoҮ3dj$G:G9 {Ԫ\)٬qlfˇ𩿔1:X!ۛ\ bZtiQݡFh{ '?4N{1,z &I-9!V%(s?GCyaPuXE1܅MpKGGbMThp e[4n{ %[|~9^}7|OGYy- 6 {Q$#^o$=So!A ȣ d$&&q4`5 UNvCg"AD|,v <F-SϾ{VXȾkt5V7?$=G)0e_x:~:]8 w'|q T&C"(02LVƨTPog`^ʼܽi'Ֆ^vQ%R2#MܓX{ o` n{luR^2 t']0^R r *h5iM\صt:y'&u.#aNoMj!3sc#dZD1V~oXIyoV!$wtMץ;w NAJ=7U̒F{6uG{ <}2"G:[BVM,bTG's8^ -FEtG|esX`5fWUЬ5h)F\ >oԡbRm( q}Y^MTg |׶jz;s.1N4.kyG 톽ˑ$,lpݴxRx C\&R)д/5zō}O-k9{N XEd5i8$"kUQ-} ^[sp,ߺ7,E*6@bKmeDC76$FGt3Wve`&zoVvCwEmY>oXk*HzV8NuA'Hm|lYGS"+#{7\lp-8#Ylm*BZ*"-_7D6 | 8[Тdެ11~1֦y;}{Xt 7ntJ&sY01M&i'\;)W?2BI r[͞dW.gR@3aeNϤDDBL7 vK Dl_F{qap_Rvz8%ē@]( "fTn$vX˸F~C\EeI"I8- ې^u#R#_B†h6_?0i ԟ6a]GMm }Jf0 `{b(_ZO%4W,)3*ܻ-'-ƋA* ?9moV>rA T]S9ǎcu(-pק`o>c1y r{Yj_uƅ 6b 7dd3e8`"4, +-)2S"vJ"| *;W{}/Z*C="vzIOfAg耟GsRggP֯.Xb0bbuFCQ%̌+Q&ܕB @;c=țQ#$f㱡Ͷue.sD۽"| u}E K/ 0peV"օ~ b^bδPkM&_Ԙ49Bn-Q?*&MH zh)y lAxձ?i8AJދo ›tʀ(MPxgZa&{A;e [ t FO`q9n:Hs#T`kUYz2/gVX3 ҜyŽmD]jҥ@F6S$䆬K1'}˟㽲Z`sf |d1 lr),` b.e-#X?{wxtu̬&g>%g]MXZf!p ~%dn,&[kZibv9zrR_Bq&Y8k1Kٍॴ2H7Ĉq' 3=VK;ya s h5H6#| <QI<ֶJ'&jvR4\4EU ,! yu;@X=1۫`UEr. f|M-v;2 ]4۸(/aj<xEf Mx#7z5cn\UMU=\-in+l^6ʕ $ ЄNN"!f/27_dCtj!p&n5L)Ḧ́ӈբ}UYF"`ف }z ^^m Lw&f~. )PNnuȃ, $_,GJ]-'i,ڣKwmۓږ2!s1acvE lV9#@I/FtL0̢zl7u#!3?$Z?[(+Ԟ ULwovfsO!,|hJU<"VmɶG>stGOY܊R@q۞;78zmysm8 Gb\ph6r_4xtN_A*yecy'rN^B<۾T=J͏PXkBhsS CewtV߈7VwSLs񖲒S bKG6 nv&mm GW=2Vd,8/۝|=&PH'6R +%@L lib G|:F;]ыJpFjw~sw:!*TYz:BeL"q*||%?Exe .,`g+|21 N[62$hO:ލ}B@@9r||,tHKz/">1_fg&M1=" !wXg917ڟI:$*c0ojgpA& Bz.k }`]4 s]c)'̥`P`s^ˑe$W{)'JA/Y*TÄuĮV5f'C5 ʶ+"Wn~ȞԤI4\F!|*uB&8ucm#kw͢%C듗nd7S,8ne \=QLX9 pqj X5*E;#H)KCq*5q4¶Aq!1X"4@F3LۯJ`%~)`1ѧl|. Bj%δE "UN~mJ4Q4e%#+͸C.}'Az0.7;Mᚗd!;|l' Md;Cd(2G8씪JǬ^v;Vo =DD|[7FdASvp47 mqA! VifiSD5Ydi}OlK#ow|ڡ)b~ nrO=BI 0!pt5SKa8qiSppR$c:  ֟0%]oxuw:DO8Yjxg$Q<-򓃏8"^OrGQ+`(2o7W uL,fMPFIQG'JL gYDz{ק] U]L9$m7F't(8U#XȪ˯J)M8W)?#]Z<(߮V~ 0ݙ̎KHl3#@rMU3Amui.:TcY "zify$ZO yKJ8E2 &ψ/bOko@h|KV f\ La )4m#oJDwݓ.t;6Grw8ZKv2팂?38˼3^y'ۑڟ LJu3[tm{ /鰿W}Q*1Ӳ-Arzz߀HA!qLP*֝Q@wuy<٨fP2@i7.ȩ6J@15Hj9MU>ĉB;ѲOCзIլ,j@ (W܋ѧU4CNNG=tnyS+L+.ޗPbD8"IԄ*ş$c܃'wKJZ5ÝM״(&9Ḓ,MęYb'PR*ǁo;uR„WƬe|#m a(H8j6` L;,*N8OɣŲߕ3? :,`^%(V]UZh krBqŮIxGzIy"cs1VKQD/ YRB[6@3Ӕxp!,7h,!j/;> [1fV_Θ~]&tI*!&!ʭ `.VKL4tdXOU2 Ql Ako>}@+E3 Nv*tRB_TgUZ? j"Ye^]7V++Hg퉔ErK=.6]cRTf%1BQ<[<4/m! v=" !MykJJyoyoRYV -#jr#B"`璿 )qqQ _hj5LbzK}0^5CmOLrzpAn3GgV``\ѧVqc 8s$M*gqVXwH&Ѫj4l4T0z0xL"E+31}\`_yʒK۲ CC *;d@h&!}js-'=ީ.gSle/aM_WEhyg&?R;mԴ}Ր(pY0ij]ݪk1 FGZ_޶b?z+>6.G=to*5>xDPUrH'=IީF}b:I nR![T#g?m[0G߫M$MGNYkyX>#YSkDϓfL//L^܄/Bz XPT#ӿ>IepedrKD@aK@og (ެZ-TC!Mb>dL2y;H |Irg@GdK/kn>QBLqtp\;C8g)4/rq<ޢꭅZ `krRZ%l$gq㸨JmqDwjE]ZuWzEj.~~?_U=<#NnLܵG6$MtƳxcw2m ZP N_d"-g%0"+5@ԋx0*F9ĈV0q# >TXw?zRƮIjAsp2gpcX޼Rh𝈕ez"@Lu/d3[8:$x@ ni&:֠}q.6n>t! FA>^1(}/ &WbK"~Vwx(=>)7xlFCpC r,eKvÒ8#{հ1u`oKB}3畂"ƘeIO673xQBGWL:){vzR"1jSXis _h[< _0{I-?@Uї q/՝V{NeN<~\*ڏIl:u)^B̦6Ch,)u$lOH֮0F\7V* ]G ]oMTHzv4ZØ@S:Ks Xx 56J`{׀'=#Zː=x%幯XQV:Uܷ;99bJ4G+ٳqSDbOnsp?yǽ1=\ph@ɌbIrcv3^n;_h gwC×rɱ;K2 Sͧ빇)/+}[1k/Z6OWUB ~Y*…"WU9W ~!3.Ls +ͥL#*?YI6C:O^ս1 $!ePwrL׻a%ǯ=m#{!~O Iw+ް:)d";n(!h"H;uS>3Lbuŏ?=AC5!1ž f9o!xg0m1~(>mzTlFgfYav6>{Ւf&Y(ѡӶ:WŎvk=)u'q H3o3tscSPܯ&cF'hLqyvM;:P bw= ې8[cwަ3.A+^N H)T 57}s7UY.縭?=@R̵wPC Ar`E*B+dEn6a8v G#MpT.%l40B׹[{UE尢lZ '"4) IkgO` ?m;(lC> /m#\37> ,i:T*;nN21sz? ?@dYX@6طa !V}8`6n r 0SOL9W% .mB^B7֋P%ω*5"e{ସ-T lY E*3éY[]H<$kfTt DnB=qV P$zβ#\h /0 -]R}QFJlVCYc9JFv|Odqծ;{ԪLdc~TY1IŞ5S̒w_p/OOG}p+~c7׻ qc>ht0lo?N-1U~)1W $ au:9om,"yL,I<| @S/T}Z~=M* pkS~318ӧs _˙L 8>&HN  K\xvn;!^7rhh ,|ld}R(߆uƉ#זa.̘7J-/4 2AoffKXrVM }03p08IN'܉5b+[ëNj7͔/<& fQ^2tyڪTyЏ 3CMG('7*u*WZmbHb])K;8hmu>Lcb_*u}4  cL1Gx,%$ɢ^'D-y^{Zp~aS*!Ou..&]BP;Uv[m ]mXVCӟ?4mT!>:c˺\] ı+I%5'CM֯)qad(ό}B|"Г65Ԧ˾]@gaX{o$xVYFwndv(q1 xS@Ɖ7Gb҂O^@~/>5ۿ$\-JF욬SapH*c.e^sR_VU4[Yv*?f)=}LS`C9OPY]Iʊi5\;gH8_k1\0NڷeOdzM=i .ɮwO7"`\}ьWAb@%Ҫ!k)r:9 FO 6G8U_[ xfL"CX &KJoH |%u?e3м|[h\?0-÷)AohmZv^Zne, DR6^ EV|0_6ޝ̖!oqjY P5z 49M֯ = (aeoiy`xO9`d n.jc@5pP6 N ឿ%io`/;f]oxL,JjYٖܻ0`R! Dх6e~tX̲F&-U Vc 5vWݕb0|r@xdCfhz1Isn595|ďre@A&peXodr,re@.bIJJF ׺ݶqi#M޴J 7{LWs=î>: 3" ~K}V鶻Ysc4lK"p_eI[ \N>BU03hgߴҎ?86 !(^VzNM裶#Y诜c}4]}o +F^srŽA/ !#p27LjGS"sp/o9xk}7+ZZ5||%+smTRrk+Ys3Ca6[O ɯon"rGLlTOl";PF*X)jHaRZpn@J OtqIMX ',%)}")2ܘx5hU=ʭQ_eX! 3Гd XDIbFSi)]zk!CT FMpЎq`Aڲ4 c,w6`-6 $GuȫjM+$P*K7<>ڮɃF&G) ? ?P<_RVg[a=n{3w3)6m:־$f[úƶpXM ,5ٚc`@O2mG6`9lASqW3l٘6NĚ֡b8M\~? ؕ^6tIٶ?^mZq+-AV?™BO\ _nnN-ԂNou"jy wPkDr$BI-xۻz{U%v 6DE6Lm+83}?>L#VCvc*YRpJV _u C^N砅 &f{9[TP 1m?rRIv:9 n ž}1iVfqR`cDbwxo󡆫GD]5ᦿ@7v7E;㔞9tDAHȺ CK02JhFXeޙgr 9h6͖͹|8-q{g߽0_%?Vgb^/%M)E4,.b?*пOya:׉N5}z*Ww9EdȌE\e7pb0gu)aZ$j`. I^X`8\ 3NDb=VPgق:Ll7kh?4(a-łwp) )Ke.~s^:TCGPF#a 6|/Y7S9Zh ٙ 9KV`634yp>/‡Z'aTѶV[5dUٟn J=~zp%!Occ_*%ʲDHD??VǨDTE 5*LeIC+pQ//yUWqJoB8-I'I|Fq#c^>ko a4[r<ԕ# 2>y-@V`;Q|:]h3= ? VJ鈍YNO=#ւ;H+V'lImc輙_t'W$h<?\\lm02%޵ <>QԽ^}JBڟ>r9/"@ Wɮ[3ڪjY~/RjgDLe,05;N>8cY)AKFp&`H)ݰK=%?MnOW/lqp,b3NPW?s ҩѰ qmbѤo:sr]'f2InQmc5 rtߦwCæ- ]M<d7A<o@Qq9%T]חY4 gCEd;JLce {I-w]z?ofN/u2\#8e HÄe$//ͬH*xG_pFd"kI9@[e0sT"@ 7:̱fmVPlMAMz禍ZT |)'F'F@΋&n qAi| GHN~@b#]Gx w'#' #)EMAY =JgjL{C<#X 9}46.i`nXHg[&Jf.䧌 Zd,9]F(l@LgtBgZFE$vGV=ˢ?mGm@5a6\Lu *w: M\Ղ9v%VE X0L&"Bi"[,l؟Q$YuQBg "j6-nǐmVN~QZ7̭] FjsƈCHqP ƝVuޠgmmw. |'7c3‘*&OqMHr/Bw%*+/spaϟMQ ˩+[=ao33[=̷,t/ma2ehH9+˞|$|'무xY Kjn7 )QЏ$wt\V :!<}HZ[X}F~,%wȵL-E~4 u;Of}sA@{Z C@aNw+E3< .& B2&)UKJzٗbΩ8g |QNo'%ȭ]Z&pʖX. #=# /QbK4~ <_XzPA%)MJ 5ؕSrf70yf3 W/,HO-LƅfTvFU J>ك.͟#cM E$}b,|ؼB\vdڝdB@Ae4چTUi2 Z cv3O:Ttr KەLrXǸd?|A/"(m w%'RoKd9iBcI~;kc'=T@9V*@76A?Im^ 97|j>¶Xq~RH)ll}FE*ai#`3naˌ- 1im=TP11 5tq5 CHq1u#@cW|RBd¿.{iq}*ʽWrMjbwOV ::_S͍^pG60VBi|0=`I]؁%$CeR5&F5uS"24<^jY yDۦGa/G"&.J_e9}56P.c@ <5ƠlKc_?\W2ݡw+5<S`=cvuC3sGZ%RO}J0x7x%|KkJCPy7t[#ks}1rIkY! fBcyFl7.pLzH,fƚUVijm=lM=mCbƲ鲀 == $ { |ۦ8:rwy<72U%N10gI3zO H㵐xU;T1fr,xt39=Q }ЕFV U8\[X"OZr!]q.k iruF//.q`E yȒ|\}lrHc61Ym =#܎E^DVW&Ж{)[Q o:rSKb-):|+ž|}mS"K2`wX } HJ{e[86l T ,H5T&Oξ Azp ɷYɛ&J2H "Ak>M!-㑀չYGݨr5\m_Zij+.T ?5x 1~?pR>ǂK3x!y`F1RKY%re{A{F;M~(@3U E#sgMz[Ћ+Ɛv-%zʵEs2r(¹Y9A*oVmvd;JnU h-re~ub tb/kC? R *,F|&2$[HVrl^qT6HiĠ~WǑ!e#go3 c=x];|tmmmP(r,>">h{VOf":@F)\┤;xs ).2zυf** g߬Rt&,6ufse" 4'[mH/V]I p|4NF alΫ5Zُ`ӳAF%29E8!mk v6@g/B]ޓz5@w bu4q/SקTA"9iQTt !@1~2YR}!wA2mpp'ҁ~9mGFbXP,&&A$$ (zW562'+zn+tJyv̟CO^"}J[rc :~6'D[Wy!L q7^ V*Օeu5$ hV0C0D'/2W?#7ڴ9< b73[ ?q0xϋa5㤮O6X/<kYe}p<У= bj1M3/09Iqʶvy({38rpԹPQ1^us- ֭ <`^XX>X3'=Dubj+.9 1R0 lS\BJ xBۊShD?w*~Yz+t1N N߲c?egwOuqU+`*/pQm\^p#b=Q v_2! Z7*$WaMl R<] VAshM׮CA8h6{$CD2vY v38`b[Ѝf)PP%\yƎ7vVTTb.܎kBe2%XlS+T~|;tZgꪵ1\ =&|&Iuq?.N AbХlޠ9I}ySmSSᕍ$GHEwDg@2T])78'1ko"K ):~v|>OIFI4&솰&j5>R ZįйZ= =D&7XJgH+WE1vqJHYkq6]L L2(8MF0 ccjF^ua@; *8)^[{1=K||p=2? )trtC.0Bí6-{|d z['{JhOl 3 hP;>~R%Ľy%1Bxg<;n`^ֳIIN|r&R秈6oE|yWMWB?tf@Q%M'"՚H w-Xu3T[ q M rw-|E4*va=sCtqJ"E5Ϯz7?Y]Pʟ3W)3Ij%Ž@*hcZ ȑql;iaM70^\MPPr"`ޣyCFPUMpDŽ^ؘ{?(_MrӦ^ Z}tEUY:NIa?>t_w'ׇw`WтȰjEzyQZXL8Bx.u?4bN6= X1ȑ@;̪%z2쏚^;YCRR$hbSCqC3݆>s㬁X8X _nN鯡Z |70Ӱy Uis5UaX-eȼFEO ޠ.hzъ~:QypoFڙhc{yfzZjL\.ޜe{st{+eI( Sj q9 AƄKپ+oɮ# -†7V>%nucL]^h9f]To(Dd5e \dA߿cj_l0:u644P%Jh9Hۨ$:= +OeV:?/h_B\ZΆ9K(u<Ef_1}ZT֤;Ibnw -e݊D䛄^)~1X .9G)qa?2})D7;XՅI7tzK}׀ɇ71]@7"RB_5uh՜Xt6Xse2@.1̻v9[)<9Z.{V>C3KܹtBvZp_9 d;UwqfrndA-^zzEs׺Ÿ!\ 4 ,l.bA7;\vd߮#`|\Py䴰VrSSTq":2[&OteŇZqgAd)JwQ|`>ZJ_ʖQSl\1&9&Oڗi!V;3"Sm頋 -+C#QF/nJ14.BtMa+e/QK3l9WTfp)/m%kl(m,Wۏ TgWm&_AY]_V=ݠVkyO]R1PGF%K~)5X '=,Ҳ5Z*YՌje!G#!lZϨU *b^Pɷ9H5\΢:2j .pH]n0p;noĪ3~c0µN;FG#tշeOR2aHNVț.}茲 [-1~/8|ɛ BYrk!?m(69:,?I" kY)~L+7EQ&.1D;2HND 4` 3oɶO8"A< (|cr؛= ޓ(;B$%/n# =}*C 4 H-NL*]05T1tL%C"LEy˃(am7kV{.#t%1 d0g)52dYQyf,T2gtFJA~2 2 *pubvFIg:s>: jv0qx¯ is)fLS^2~/ڣ1G8f;"U3'*f лҌ\y?DjTn޺E!n}Z*,hht'վkGRefhTMeexqefsǼf|I- N?.Ujɻt\<F'G#c&Sб]2VFVuVF3xk(WAbۛ\Q[(xbL&iaMⰙ\13пn&$:L~b[W\IJ/cʑQֶ8r H\<":# s~H0y': cqE(JM lX`c/K$zJ:FYA X_ͦs6FrǁԦ ? $`zzGFR/+Z(hĩ,8sʺl=ACڢ5j)ҽ{sيQ?QispIq&bA%i ]YU-KoOe703R0elUjc-9Nآ` E~og8L(hǍIPʚեnoAi/J= hqdހ GG3,0 ".:,'9oˉI 4v7T5v)30:)=frU> ,xfu amC H I~"1FJ(~C:|{M E)oZlʛU)n"np9b+F .Ԣn5,͵κ]C,ҫ|ӆn_lW]Rzw j .DXdMRc6(ۼnA^?msYIAKUJ:S ,z0OmH,PeDXcџ՛m8Ct6w_ըK_Y0>&agmr_81yuՇJxd^r!B&{Y6vpsGb`N͕%[jL ټ_: ԀxafV%deHpVTV;ol,h]kc%|Qж'LˀBnJ EϹ[{$ d*~{|, aU>zWͫ+GբEyՁs?Uך-ԓWb.4|}(_oR Dx?b):Xa ` UxU;߆- iw.}c&QlD. ꖈy T~ReH ݫ̕C`jE.@/E ;bj=VW9RGc1go>M',El.to 8%pEfEktZ(]DqL^,\#>b>AO!/.RnvAgfRW=KyA"cXcم_.KL);>Ml}h*EeQo=?eAӇ$ ְeǢ#Ą'.3Ύ{,Tv|z354g:OrdZwۃTE3fuo'";"!1B D1p: bz+/g썣d 72 ndEJi%0Kb5ߓRͪF\heҲא'K.4 g'3TmHŘ(a;OڼF]5hL(npE5`HL5#Wj gn[qxVig';j; f&gpS9VkRF UJMh%( ğ\lk)abìvb4xG)HTn Iq@*ɭM8%B\|Κ,@qj{\gݤ-kAo+9΅w;t p?vf0Tג ]`(lv"?Hou7&4&eeCs\ :7zl}m\ri ?Kn@- |N`:%וƑ7 Npf~՛Eue(r3ͷ[:]5G#u`|Jf>s>8Y n!16 y4VnDTM-t[B#D ץts"\Ѧ )=Ea8bt:szO\kPs4m q Z2!6Xnw߾#Qv=oXAl5>6NsbRIfNQCź@8tjfd)Y+k cƐN0O7/<π}N!]ء2@ 9^cYv-rh@BS{54rĂع{p(fv8" ᤍD%YUOl컮40EM۬-A*Z񼗙SKy҆y,W~u.yoXq V p:^'KuOqar:UMQ))! >Ni\H$EmY gXLBEl _9q ,Z*渣 _4v 9I׉[ubQmU8R,WL8m+H =}'{?jHby`35/rjƺR$"N ѓ9X$*蛻kP~P2gwwRi3!PYϥi؜s)/~)yT[])'ٖ)6J1QidfprXIT'W53 -jXP3l1d <)NxÍnpTOI^1ݍEbq2͌M7ϖI,bDfmR sg:mn{b!]du>ׯ2~0E3yMq *=BC&mJ>@UE=r[--2_QbӼ T(H*@w0Y[/U3Ajf/L/Uk͌Ed,dgDVfIWXX6n-@}zVǘ H5 r!G_c8&%w`5=|l trz'Ë}u*{?_gg%m&ȃQwD@RZgy8pA'ʬm9r7D[6Y1hӖH)8bkteB #iɝJ&v*Lk<(8m`)L N^P DyQݾ

An3 'K0zT:y·g5D$?,3p365# XDر^F  z#JCJ «Efo-][?z h{"tߧ)Et3cxq %5GjEJ>xq5ѲD.t߉3E2+/eS _0k߃F..4~$ը𞮹:kp@e:!AII:S Z+%{h-吅Q iWR=gAVyr'$:,4W+:!iʎ O+1=P -bJu++0;B|&?B*f9ۯnkdF6\k$mQti;$~258J'O[K*:4<~ĐzDigqaִ࣏LNi"KЧ{}۵Χ Ծ 0y]+ %oAۿ\D];. L˵Kҁ9w\];pבsѸytF>Mh)-(# F-W2FQWviR@L4+E%ӅJW%{L9#ŚZPҪDxEV2` 4QU*NB~ uQ6QU[2凜#'. 6DLȖPpcm\H/pPm -cp. |9 :&Z8[9-ix+;'p;^. ;XZrZdzFa[U3;.?mC T88XimŃy["5Y @PX!__>8yf٥h>Y`SD3H` C(pj+PM oG~ۺE9GE# %c[=qx1e:@4Ix^MzbW+etUk@z~“gscS8RWFwZmquj!)¢搫''3RR;sE DW "aG8RCeScWv!؞B;x&h,`qP?F,vQI`PD{dMp Q&քQERMaf) w餅jzD UCb?[9Ӭ7jPTģ+fLe3ӓNp]S9f;.iEƿ)A .1r:v%.0nLFoӫ#0ǮXۯf|VVϟS0A?@[#CVmٴ''k&Q[ԯCEKlN1m 3M2O[NSlůzb*!E@ڒbsI#w)F,u$alٰK @~S)T:1pP7J>AX)hTh& s  x$m/ -P64j x!cs#h5 mcԺ:>}~yiM-4HekqvgƔSD2睊mHSRR;,[6ݚL5mu`ŗ!@{O;엀 3aZfhcZj Ed*18T,}i9G%u+-oLťebT ȋIxL8 ݂;<[fбVqLIIՔsqw%~MӘ1[O LN9?)zjz0V>0N+6 Y,<;;V]I_flMj3`*K/!W)z\|LWIs*t|v(<{BV[\~+yC/[e"TinIcR%Q+ƥWs&}_RbsvLx2Ght:wT xmXPCi~nYoo\wBBY8`j/͍H@PQ"]Jn$ҬD-ы[Wi򟴑E%tzW(,ԺhWLׂK%SP~rcTàِ46a¡ 2\ az cz1$?M<@*N"À+tj 7vr-)08 1CGWܐq?P#d)>4f厶̶n{T)ЋE5̆c^8p3[\R@E=}G OL6\$.)nP!5iU.(+-I e < w EO Ql>7qDDl⌍D^_1УmlхFY(6@ -NQ- "zĩH˜J%T(z?bC*bmDK_# 8is[ֵ>[g;$$e‘xFw6ٟïn!t&dhۺ6QΠìX1tu4pns-SRSù B-{?',tc4B '8,Ũv:Ipzč"FX֏C- IFA&yLE2̓$Dm%;r)U;?0u!n ^s 9x.by>ݜ#'0ܽ՞y-~7NSuU1 F ~fC訐2l)2 S(%70nWNܒD=Uߒ`VҝX]+)-U6o.f6O]-}^Xps"Zكr^ NyBd^7/J鄀H2)2 I#! }fLd+jy% /aI?_}ZTSs?coDD*QT|"cJ5# MԽJSCB}3t1tH +RIGP zߴHWCfS\J`2JILtq^f͔۪ymY`JJnW*!vPy|(>2mFSB#b4ӵNA<acWRbx=5?Cy 㝖wk4"8?wGX-~c3J9wcykN|JřJUbOrQDu2D^}I2BC;^`H]LA>b'uW) Ѻc{JO_#ͅ/ubHg)=]Swy)m܃?&'ߵb`ž`Y /=>)43Γ}BMm1ip&yG'/F`j*>e^<ڈ ͸v8 C7NH i;Ѿ?mɼ-{3|)yhmp$ف [dI3.dgɡK/KYaU1D,،)L*n.'v!(uJ~S[7C“qvF:uSSk$Ni܈,$̉=:(RøQ 8?_t lTsˈ"E0{" WZ7&0I"9~Nj2SZƆ= Qu+72V4#N,#颃SySpf Al]/ȍJ* SE[o #~;&2G Km&zP8e6[ky1rbi:5Y=a.@Ʀx@Dx˲˨ TC} ,-BǨ1]XF`v\&TNHt9#uATW-H:3C hrg@S6 +גB>PG'[G\8Fx~=R&[&@+*%L˿!.v5ODeid Qc}0$ܚ{?oSe9ȳ(K7 dLJh-J\Wš_T AJby*kX'œmؠYi}0s/or5$&c|hRq5c&E11tDf(~3ęcF[J#Mfj ^xNb8 P$R !+MWer@^V:"TK5[KqfJ{?\4e]4'fvoBpQJ}ʻ-eTM2)g?@he9+΅Ca Lez ꍼqs;y DRW'E_Var`&̗b]bRBrVu?\8n:5TWUmm`6d1 Е.B-s9*UFzu< 0!>O NX ơH^qZK~;Pi@3!6~ryT]kIdJ;Y]0--en>o3.F6qAJ[D: 8P Qk7&8#7&^횠Fx1 i=X3`s 1L:^t1sel0"'ylRUUDӒkA6uҝ+M5iFt:۵dևkb!|GWܹ3=%J_fuS@tsL9W2Cc\[;e<>UQ*$e f">݀n"=!9ۅ#^p[9~z sZ0A :]VA ߇:[baLX-յ{$zjGBsn*^ R*YZ٣:hPiXkBN9 gX?m# dۣ>I(fR7C[?$^MYa8!AA ,kX`R3R7fL߽7W\}g/3Zx/\g C#Ths'L>ױeڐH=;k@H K\]ߴ7TY%rY&- N s5VdQmI)J< 'c~!"J`{P){1@Iѡ)wM扇uqʬ' gG$]ʀ,Rۄ$Qv^izwI؜jX=eMW3g0C IAљN=] v<:{0/5v%Ar\@? 2lٓo/rIhf_>87ݻ#p]Jzt\=ik9f!ۊ,E^]"9,Ujd6vKА .h`j"ڇcy!lYc೚jMi8*vd vO=mopX>y'hc:o:\aBgȹ p~9[aF$w)&ڮV(SH"O/O%Dd>4;eDl(7?ЏEBJJЩԉ9- Xs=!/_N_$v]HXԫtk:ǘɹ lT- NܦdvGbO)?\O@Lx<"R*GtkmqcQH:.˭=Q1zW/"'4MKѺۤBgW|~k0y!P2M<z_T 舦l?#]HH#H Z'-Em O :DT4l{{E3t[j^C4vLwap2R{ \8#k>Rjrz~Xؠ) Ω`psuDƳu9yYT(*9vU?hg[\mQ=Y38#q^2G`tziȨ'?pKZ>: +zXDVޯ6`wOmtʧk "BE / U ҟzU%+ >]k&d˗#y~j@Jx Y hSiVrQQ:| bcٙ,#<%x;52` C}sՎ8ؖi'-Y} K>ys*k1p_x?$%$u7dvC[e`-t2oUF ٝeɸ~].w&0۹j+,J틘 IBvFnO(۽/{zj`d5uU޽|j +("N:8oTlF9νvLŠhNXD5S\KܗyemT&Ћsݴ9j;fT%&H <^yFNT /:)Ww礒ƟNTcGDP2%@JINVfMjtJ[,s&c``!({L4-oC*3d[%g06^&BNC)ʸ% d= uR.A7Ѫ}QPXBg+:t_$ȁf֙:QDxc^"9ߦR0$Յ_ረ@FZOݚdSX*h53χ8+3$!m)d^~1tF#6q=%;ȷq>J_]}?j*0_2rs[`Cܰ'̴R A5@}~S֙=RK>]z,[ ҭ`&(I4DSv jK\B-pTYg }X |=reW;$v)9sTƅ3 ܌g@J\fhnʀد4']O5jxUqX5Xq$8(EhT[awg$ݓkN{gT+ F$hcGa‡чq/ܡ~Z,9K@yxfg:{䥙5||O\m}y_cB> Hftkۗ6SuUO-iڪ[>*LnIX~Ǿ3t@ TkuFmYAFK`*Jr@rmE˸=o5?yT!d͆z.eGz@,ZFUmLJd^J:jDoY<4*5QQL{k'PTqbLm3=4ߤ2BfZF3\uk8+42Q5ZҺ$v|@{-]?0 ?l!}6÷|Inw=ð6_!~=o' D8  T܁#>^1㠟D/CEIq|(Es<$hXΆaєI<ȯg'u4@b~-+R~w w!=s"=>bWtWlȣo)vVPQ.xJ'L.<#ˆΟ[wk|odhʂue)U06uX3jFGq·I q/'$o"?dH +,;ZdXMayRL`AWhQLUk*Os!wXfr+fY 8dE|36HOzNq=VkYP0!.M4jZUPYp T_RÀu(%A:"G?r%[Mw cx0Ȇ&Qj;I'{A; pvoymF#3अL[\v4GQI+uC^AHIsdȴ;ǶaBa&jmɳ#fI b;JsbY˧4bh|53#&\#Z7 ɞR+x<ﵿrh6yB;X*j"vÅex۞`"(g$ ]4=P%|4ph^RMǥWWևq528 eੴZ22Z!6uJғ"wXz"ATS믳m |$ԅ3?g kѢ胧ݑlpz\L"BDE[XEe QhƲB`Tۘ>j䴦#>JzS}=g(szܬ%^dOw_i -X-|_Ӫghr'f"ȫ?ec,HpÏ sx ~4= d + uek-*ܭS<ύd#GB*31+S,+&![҆[HR"F`"I=Lid pyL4#/n/AR-`Y%dT|ܡOSU='hd`g0SG_ @pu*e]cU-~paW.\K3߽z%yB<k\n2`0_k4vUظC[b `VOfsDf`qlu,MU_chOR}eܮWpcmA*F s]x 7;-.ڞ?$:i;ϒ-.P!@u D'򴂎EWW.BH&PK)[S=QZׁ6מ!#"LuZfe+$pprPۤzs84(XVP7R)\3,'iB1QiaҖ`&a'bnHr 30^gi劫@-cp+Ak؛Fh_)n'ר#n˝VXcA."[nW*zPu!uC*9Fq]x_.l{@˔(6[|>RؾCM~Lh2}w]F£!j_']'ʭ  w?\5Cة}3]Et5CZWsεrGju.yPǸ !8L8u`nŁ.bu6PBܓ<ii=t3(;GězN#HL ,كߴ ml cB.n24p~Lجu*L&WZޤKV #_4׵NWݙH&Wr|]0:J1|B9fVYu8$hY&]0_z/t|{0dM]|P@EJWL Sfon%Y滯a|ĭju%id ꜒KJJ^H_l$ ĝdumL<b5zlFZ+hJ XeC狑TaUPvH`Ր:lviۡ, -2d$-{MUlֵ cro#/@M׮)Y89{ÆoC>)SiGzE5k_9p+&0Ƃsϡ#Ԙqd!tV'"=Bc*[A3)+DႥ;Ck8^Oti9B$5! (vKSv:eP"xğ(EA%P c4<>ck)oqUX]N@#"JۊP f8￰hZ]b|}U_" Es[>`Ai(dfÛ2 G 2rbW GN|tE2D6s0~fCj4F Ҋ^;Sd=3G616~)` _U*!|YiX}r$(ӯ7(dwpek@Ox`KPZNJ.g8HWCS'qtqHDԑp_h:߶̬}jvK#(dtXyac՗4;ֻpɫjdLC|6~m&M&6ɰl j#7Ɂ{HObP)de^YRv&(}WY^G_uj}j;UۜL$ӾY*]WTu7g ,q^2H8~@rfᳲaARcg}ݛRNwfE%1$t2SR +h[Xx(pxFWZJ4ќx E( v U7RXuI F;l9yfh>N >+ѮT n;0k`/Nߙ;*nhKo΍uAMUaFϯx6~s8Z*m:{1rjWE^ow^YשԺDz 5vD"jw'ŽfɃI_z1gqԔ]k!wmr}0qI53YɄ#p  /7p֩jU{W"֣wV?B*Mg^.0_.|3m& k31a%.#*$uE=|.n>"ѳ^.w2 8!e5Z:[3FEKDӽӨ!i%+iA+c "EߡC_r=A!{FMJ t\Pմ룦R7Tek5_{TR0U#"XwܗA z8|Jj *Wځ5p/O? lÆu-`_رd@Io AQ1KFv4R c폾xV.7Ub v`K;֤ Y`r$Ir\retɉE8HO?Ag馍vmCXZdzkyPͷ_\e(ǷqhڐFQ=d~՛H ˛t5X$`mVQ]3JzJV0m,mr6 Vٗ?U( \/D@Qp[4+zm=i ߥp{h;OVZN-V,5Fe,,*/(GdX*9ʄ(ڤ') J6 npq׾0/Y!m@oS=}~N/BZTT;+y oL:[ K!6[jָmb9ԪxicdL|-'LlNKK H#KCclzRe!CVE\Yw7b2>w|K fLċlbB8a3h ?Cg+]F=ėP{/~M&_,ݎtQ;j, ՙi絺-W 2~ښ(ƍƮUjjQYٔmr+K}b!AR]cRtz( 5#0N+%S^eÎ| Jg.2$;1]wW) ~~l&"bk`J+v0 r'kJr&4> b(5%9`ABSrw32n~ ZƧyn3ĐbUWi͇Bɨd,\+n|HWϊӾDZ761MU<,HțEh_t`L%rZ1K@GVBI=SS~䈇f(BR53ޡOpTwZBDLX!Sv#]cOyeWVP#>K/;%_p X%;m)\6;jOG PQBZ ֚=Oͮ \1D3Hn}=S.n'DR!b'$cJs]CX.ՠ{MRb%Kq3|c>;֫LtQ,cp*.2(_@52w煮?g$ 7s7-}y`1eTp,VHkzᔉ:i:ֺϹKrb"PH<B@Wb:L,yT{WA9u+8t"Q1R.d6"u- -O|id -_Ik7K 84I+xA9~uAU S7oɸUSFsT un7Vt?C9@?UFQԾogXg0vs7CSbY ̩w;5 ++NP( D9'(r\  F@APYغ:@ Y/\+Y!{>v) lCGVH!c{^q pʅ[dRo8h)E_Q}^n: ̇#`%C=\>GR- PA6Ge v˩[ ϗX+Q^zĖԞm>AcZܕ{RArMm~RLZB@ַReXp23x+wl<ضD?Tfz'EG - giH =!K;Sz>`gzu٪o$֨.HT5,K 0lp?1Lޏ1\_ RRmf~&LU+&E\8(۪R0D!lξ6u>"&Ga؟[|E!,(K>a*7٠ )-t`> #_gڒfm8Iы`LȗY 9*tIq3ʦdئʓTYqKʜ\:,Qv(0 GbfwfW8Hg)ky~jjt-,} -x0ŕGxx8rN^ 40u|y19ErW&zΤ*N{1$04G<0)イ=՘OiKR.RUHn9]©/xsP{w̯.$6֝I`3]a =.IdޱQ@pxOS Dlsa_Y9-xCYű."0awQbٿ#sX ;䞢0e68 \LYX<'f(TGŒpG'wȴr=p7:[UWRAju[cf1Uiyl&Ÿ7hq\IgRP@9,ʷg/\Hh8,@3:܈\'.ZToX30j19sH'NNcOؔ)%KS9O ֬lFKQV9+99 VgLv*n}p,, dk0A>j<*dG> TI)},u9h52mZ/!6t%M+u>ܡZ=f|:rgC@0(Z(i&Czz݇Jgv4+<]A"N1 yT${I=]66)ZRzTuw5Mxx/]%Yҽʙ~MXt=}un-pDg,e+ȟݘURL#f]ʩj,E”"4wlBE;ElݛT,bjľQ 8[R4߇63p5UbI>G g>=#HgѬ^&ui0EFiL:Ξ,fr< ]5g{ߌ=W/5H|8^dz!#Jq@ ]DbPMGt4UsD;~y BQ4oX93PP='ؽ[/hItdC̀ 6{b\_D~n ʒP7f\CNy\is5/,P#j+Dne DϐnVM G|N~iȁ`v":+Exm~R ` w-(FKt19ss[drv&1qB] -&mc=JceVoNyI߾=|nv֟-]Z}iΪ৕1'IL[}AK9tZn2C$}7 mMKP:Ly@#"daO+(i$E8-Y5;X0m"S΍q$ "0w4!PTb$ٗ"Zw}{mK ޥP.Ul^Ҧc  Xʲ3\z*Y~BS 6y:Z2 4,&oxlZU!ޙ&!VFHⱞn~g`QC5cyC#@f [L7'LkDq+V+c"x4 tI_ 5Z2+y/aIQg|l~SNx`ͿbNt]H}1Ѫ!۫OW x ʠ|ߥ#8N\KQTZt7m |USٶ7fKN=+<~FQs?,:e9ҡSK@PŌEVBXBE)^d[Ӳ#--|>3l&^LF6k"ezj?!Zޖ|p=aG ͮ'b]NejXDK74`R1F'´>cuCe,_l: .HM{" X@\SY7es|%IҘFb為aGUu\,fóʇ%reدŃMgcG,U_D.[9\ Z2fCM O} :$R `SA0N|rU|}!nBoX5]hz:s8>LlD;IH2bJ>2nnlu):aD2F#x#]_5NWOBǔ"iuޚuoX*W@woR$? Z./';DKDFtv^+> 3mJ]T0/[ #!reӖb[%@o;/77[6{f{^|?/awNV )PEqUyg~b*-ު,I S /Qk}Q̫P{>%;dhW:QYB9!K}OTAH/)nՖk H(v©330qd+E %inpZur݆IH3M4xM9G<~l6x t?9L H,qE}3ӻt\lxk})~R.q3ZE6sWUl#'݈q"tS>~EuCZ+rLWsz[Z!8e`>і52pU;PXc6ԝ~ %)[yP:+ EaKEd7DQ.AcmR*;Z_○d,f>` mNZ2[b&OLE bޡs%OlKm@P { +6x=r^΅g;_`˂%״{4% ޸46 t؛vEfO*,źuPeuvoY_ #-? V0qO*WUrϰKD`rj'-4wxۄmzKfZ ]c7Lu2.Ŀ"Jmf&vgq=jFQUdxǤ>uyW8>L "${rJtv %Nz"Q03oF)fF2Y EJ M5`f v`zf!4AYqJ b۰D5#:{LJ@A`}BP0bhzO!hqȦz**`|f4߁U䁌4GB i9[CmCFd'1 R%i497 Q4&uKCPFCr_/Wr6 jzVcͩu !қ1q<0CF/SrN׿1S@PLy*~\n(bG+>osٜ[-yt.OLB,Ȣa=)O<AFe|* ZS]Byy`;LPr<s{ԬKXԙm")f ^?Vzn598)`yi`oF0 _>/bScԕP7T_\>Z78ry=d٨{cNHij [iecNJN1n;dA ʗ9G'xH7*'8Rxex"XJz]ӅX%C5*Tru&n͌=eAS˲u&M }<0/tQD3lo; ̕ԃUl0uЀ)Yn #]_tv@|! %q irR.D_pGs(iߔwKHC4%)Wml褆!O}T <>c}QVJz^TIVWW.2=t|3k {6k +);B>˙ IHzJ7Ȕs"/$m3U.sO٧_!cL9k$ [- M2)UNe >|9 $"̜w%[WHYo({njSƽE@ϸO),5dot /\GLdmsԷVӨ|\1'22ww|t EN$ĪYޓ&Z=}~ũMbhca#eYh3/}uij4ZE;uY#nyH9<1%v1v}Y#50>j`1c ~U þ],$MIڈ˅M-kLbAwfei}kTc0aˇ0cLݿv'oߩ7>]ʕbXai=9Q/jc{)R뾊H݅"pNѦLX5݃UeqC]pFw5Y¯S>:#uج!m"yyFGVƗb9<"d`XtN|XIlݗDWݍTE7zeCJzAcd_\?29>}eh R{nħs_"iL%`FwܳM"Y(]Dil 0 :DGwB!C>ãd_E qwk5RҞ3H|eDQ8]}_] "JQB%KHyk3\Y#q`{ʅ&}&ۥowӍܳ HF^؊XM_'vTD`_Є7U܏ 2⌐ƨIQ&J-V`C> X"R']AqYQhpNǖfQp6ͮ7gQ>ΨALX"?6c).0ܫomKڳ6g%0B2Z}L7>),O!qH$d #ftr2MQdkD3$L7K!9}c?vgѦ؍Ƿ"&~,pS6Lcͧ[rc%e{8 .6qK巑~l/"+:qRKA$m} ,*\g~y~`:r ǻZT^sj2nOݍ=2i&jnt&\+EV:N~lč D`#5nNfi1wY7 QǯʡyW5i[."gLz]L_2Q"Vl8 K~~Yh<#f4rɱ*\I2O!VHgR04K hNسB=o"_nnL͛8aR8X6 p\ wTV֥3 C +p{KhALx> 'U/W}KNMҫUGF* #f8MJ~\W`C_;IP=ۺvd,ο3aJΘC925wSdmԎ}Kۇph!XT`3Ad-!lz|[Dq1`uJE058K&R^~WB4:"xO<fnwc0^fzc=+J3뀾74/ l LL\/RVLQZ{2A-1?ַE$"!u%zVd/8M׼"uDAe/9܀&uj _.kWOZ%" ϪoFM!xl |!FG.^ e7Gb+6{pNf'c/5(YD6-)sit;ݤmǜW8~WV^5fDUpe K[Wre+)[d|Qff0cQջ3 %_b(aPrLcxqaÞ5_OgΨgS'dIw J K7Ŗ$+ b,n妞na@[Nhvךje 0v@sнS/ d]v3IYԜl)a?c0m/DAXt_m_UgRI͙dϽGČp@v–i\YMNѧ:^}$Rlyo2])ie} @T,;=8 ni 1Vܤ]~JgnIl 9K? Y-exrN #=|w}8@PL*ϸQo+7xu-OF!}nSzig fksVUHЭ{ZBfzatd|>VP,l#\g»5B+WD +H ʫ,{eFkBWZPWt2@i{xQTPsYo @QH!<()jW/ŮF}I˳g&%riAF 0(, &0ok+l'DLFANW 鴖Q0mf/4r)]4N% No ĴYs i{_< 1ġwTj':OyE3EWazC7#I`'p;p5aq=SuS|n?2e}aBюw#eh/^T~۱{cMy" MhѨ9GDǔ0ӫe4Sձ mckH9_Д M[SQ1Z*0%{s}@,EfLgɀlh{$I d#\G[_='N]iQ2$q\w}xEd[^svZ~qh5B.UHZ:Z?B1)F)MDϱ$y S qU'>^V랃72%.ş+ZtTQT_}3+nuJ ٴtqa VWoҼbmvՒ/΁CWD?mk=_1h,g>:f&<<#q ړDH9`-D#c]ugm83 cFbIV*+\dw$iɕ]ƤJ;нv!o\:u>Xv|yZF0KeA3 |WI?`IQook{nvm{6 ]r9@nQB$E^o{i6k[lcMОW{l8.{w2K7$4f!WbP'cɯ&#d*h&,GgJbaG t)2VoX^w:jE6Ugm}gÃځce%$UECZ%U >(s|vNӲO+o> tKֽwѸدr\;e2}$4=ﭴW=/#"7̏ 1a,'갔4$ˌ6?ifPͻ0qIV0)5s!*tSvr|Er~=Qc?)~uee,W2o m\ j|YR bC)xqjabɲIC ޅ7¸ iOܷ`CޓjmXYX/GsΌtB:z- 纣܊3 *bsj._Dm5m?UBV-mUH:i1Q^~l@&ذ˔7;{u'0?րdކ@P4л3W5&2!'d?2 zʭ;t劾g tt8xY$%v\~ܵlOrC(>:s?hQoet(AW[ce ?J21E_@8^svSg,Wbq&OhlQzAQQr2w,B}jW" 9c0 P'>Ǽx;kj^̈́Dͥta>#V?ԡ #3'2eW`ƜoGqDtrg07oޥSn SSlY-ǹ4ɅS%Cg¢6vtʌ-Ѭ!\DW~0^(>Ops]B!C-s^85[ :yΑp2g n⿕0&HR[uI|5c^vڢ%l1/ba/Q?/z!8ysܱ&KE[>l7xq)f,=&][~[yNfJ *6T=a ߔHk"z :;ra9“8a(~BDPkʃG_E {8$کzqOA:9Ae>Ҝǔ{ElˈrI/-3.^X9M۴XgV(.mn}FGaRQiFd猿tV<w@lx:B挄\LJN$۷v^K=۰vQ<5Nz<96d*W + GFQ~*"3j}΍}2L-b E.M@h*+41tP|ھ9X-ޔkOl rû?lTy9 3f9JEVBpP<3])8IpIWځ dyqNVIa9TrLٻ2kMF,w+.rPa/$!v[_@[MjYs{FќB#EAy-r%a)C]uzaΝ|'w};},%ҍP5gȍF7phN \ hR4鄬` 1rKްT|ޣ ıq ?PzuvN"u ʍnNF(Wjӂ~[Ґ0-{W>B gjeElQ(KPRa\"=[VzBesk)5uў}e=t>}$z[ U@^ \)TqT+(9@7g Xg Ps[;LIӑ6ij*Zs>蒳h\ za/QKs^rˠA~wxf0u`s2@<v@QBpW)iڕנ6#x`;9zfF]GmO>JܨLAx'뼵ZgdS#-o8k-nI`^C 5觻f{tr"Gg:A|VIE0LfO"Kª]d;Юr(\d=lH3erp̤b,xw27h~{< rm021 sBPј[n0[=DGIUoy:×C

6_=@A8)%&JOŠ!* &>\^B^ǔ(KPTwoF>Rt+ Oj;(|a28wBs]t6-\3EG^W ^Ƿaj*v1,w@Ģge4+ ՗ :ٜ Aeip;>C E~ՀR6 ;^mB?\q'PKaQ]j(˩@ u\ɡ݃э%HI:bh.6?椐Yuh]\5=yuYxSu21_hX4,q3PD6q)c/ȉ\Pa=N) ' MHlڿA -vR3gf:{>YXA([l-teWrIJW(Jw;RtڶVZo`\|Gin;d'zctNAr6ppMz0䧀?^5DQMJ@e꓁9ס0B}ױ+ٛ'a(k[XL;b! OS̢+҂zSj5;";vEo4::U[|vMѴWMX(ƿ2׬)} @=+x Kk /%kFxmBj:Wdt>Zoh6Q /( G~6ԩ nߔ|0e#% Ѧ,תּhoN2!`' -ƪϓ ntgK△.NU.4sГ|a-aRV0%ڨ2x?^6;m3!85zc0@p-AEI4D %{wnB FX R)m`U[g6W%ŘyOŴ @LK~v?zytsJ5(Y<{Y~u$aaϭ4]Pir%Ǔ@-2%@Tݳ4t;q!r%:&Y_8֨"jRB!|+5U)'WNk9I`sɛSw,BOLf'clFJN9#x$'KRh]osHdM"30q;.zATCP)S+la@uSekdB5L tYKol)/\+Z̪[۝WTraC)\Cef0Ǭ了`<[ydя$LBVSHUfEõTްIjCsDY`. *bݱYQ3?m1njlH} ^AV %JJ'7ƠJ6VJ]8Z54D*1gQ?h_ɘ&%SPr,|Kaz?>/a<5Qlr7]pU}\-BWkATzT8b$}[O2.#4pNmGhʢ<e0 .T0UE d4lU:̴t`/5ݔӖ:}EU_Rn4`ǑRߖ xzgJYCt|0ا.2d'9w͍X"eW0GÇˁ[Gв+QGSft)J+߱米*`Nծ3)]ŏD6Z P#=SoHSKDd|c`,ͤ}u{Du+ =((f.q | |2JiPx {7嚦MvP r Pz bv+*m6ad>%m 7* i|iĹG'<39V<Cw$M@ħ7% il7|CtN@J&SwX߷RDPpx|ѾTdl%bw|cȖ ]e_ }蝚Co Hʀ";,TS3P 쁘W7W.V{*Ԛҷ輸J:ƜAAMeep6V٢ ֵ3Ω\q.3h[vEBNtrZd4p`Ҕtoz m\pjVUa@<,8h_2bi{alBZHۡi0qԮV1XAwn+yᄄYҟ<$ er DGq|H( Fϛ/оu+4**;lGa؆KA4|u4Pv$p~|aDa){qt_IS)$ dܶ2G"R^3X%eאs@xϖ/Tlq.su^hᓣ4Y9UmƊ"T~<:LBSB 7]Τ\M]eA1 t%bkDX %b*jLhb S,KMkGo>l%E@$4W~GfqoaQyQnqM^ԅR6 &s >Y/?k[AW @JZwL[:' iCG2=]@5"֨^QI0=*.e*ramhnez{d$_c 3kMlBUYԃlIyɣZ$f&>ٟv%

EJ+wۂ9.m?O%j-- 9[}4:sROZ虄;!UB+RMm.{0C{P̮1X2ZQ:Hh#M mOmJ;LAOB!<9Ojz0ly掁dMwcGC՟ *>?#70?3e .PRgyrguAE;ExG}I-k_T7Bx\>d*!iF ES݈ө|/,ZmA$~e߬M[+Uv잜tn՟t1xIhM*= ԽҲoB=f3swcQE)#[xU'QК ܮx҃3\_ l+nK,ڎ-rh!G./!-~ҲߤFj Wco%v>Oqd|Go󙚬<-qKWnkَϦz_}Xw@ji#u\Xݮn*u3F0俛l?\ϊ!hB TA is~Jq6*W*R_#5ZNeW6ήqq CZ0ՏQ2A}wr3":ј'L<\uB^bA(ePi~mT ^5dqoSIkHC;|86L<~4|)@% ']pEcZixn|vr8<:-@~ ]A*m BEM'% %2i[SJ)|&Ύ {gijR}GVE^uDçjY:]% IϓTti֟BCR@CY|d ~ۉ_o5ihزrVV v4e_K , OeepP59ůGげ.PƐX;͈:n3?\x4JNٞ1{^߀YR=C ~cfO"H0Jdt u2Z!YgogXu".wQ2FXih=1]b d@!cV}}E@dS7b(jhN̲\|'ѓ}QUp^9qͰ=*ڰ'vEgL!B? Zim?fƣo154ч}I0j~@>Bfgbs?>Ώ} *p7s ?䒻$/T(8A~$ gHF 7'ps`zCBH'8ܨ R4^֞ʭ\(?"<;xݗ31Ý]62;hs7+ E5&VU оQ0х'C*qgͼoJ*q۝2 b(8m!VE~ÿ0nJΤQ錦S-_XT 0L#4OÄc"cǩK__@~1ƧB=;F ]6%r,͊},ھtwN h?l orto"WRRt]i,k۔1h:ۏK ӓ[LgL"onx>V^9Ӹ1w)(P\w5ȴ̴tYL}%]W0!GAUbzul`R@#RG'jt\U_`g L3fhj7WNsz,]g:5d $i-_?ˮő9e2 |2T%_e: }}FQF+9KmxV(_ ٺ|F6Qaݳ9>hUlIcc,dvqo d7BӲX%RuAʥ[Tn%|&^ ѝBD2✙Qݼ=RH^iL8'!.!@y̯JdͿ6ҠVpwxQ%WEgjjx7 SDph}CC0p--:/v=W>54iqAtⷮUn=ָH*1<͂G]jTPI^~UN2bHş3*1`g(biXfXBaV89OJ [=>Tlö qIZJMA-uhS71Hd͓L;:VeδNeQ0h{MNE1j' 0`oO/75e՘ԾM}uݹp)*0r:+Lg6k)pa 8vr>)d-I<ڠqx::U%dY_NqFHvGNU&KQ U}aPgLO \pn˥H )c\q(RE/Xs`""u2KK dBٱ'1wx%lfKz ͡ |r`Q_?JL{kP1Ï!'_5% p -A5k<ǿ«OaH@G.p,go<]Y~Y@VkoT~ֆ'0O[;Y-X _9&LFcڴw+kp^ ,rAt=`>y7z<֎&(akd(Wx- V\eeX%M H $ap?XIS %ּצv?%ZܣQ s/e^- x쑡kpU†[=ۡ5{{$ݟ3R1&g@70oĆ C4h= ]a`5kTJOjVz˚ST|EZXGԦٔz$d^b,>  ,Tǔ'¸)\.*mjpx R*NI6Dʦdhv>˥qs]R6J #I5XI:K$%8)1ϗpvcl*(1`+' KU[KH*L `M^nDhc> pvQuO&]ZҢBhr:P>,kDP׼}m+ܰyU?93*'fcIǴ` q_;FØ3Q|% ΀>AHVdOg2^$:ݰd?}pygcvwڵRx"4.T[^W~4C?-^Xc[qGd3ks9@9`F B]9,0o,wP(T\?PUuc2XtE͞./}!R$]@`zQjit[2lBM301DQs]@ uW@ z4<SɈ9rƅ8+OO/걀V䔨?x$(=9&殍㍈ac-q h,.?`a$t[T=Һrr+m H~O귡-1/1G `$L] =ЗSXTZ/`dL n H=+,?_F{fKe bzh=|02/E ]̿5VU2m]:I\wڛ 9,:zz= 3Ylxz{*IY2iTZr0\k?҉2'˧8Qˤf{N鹘EkE۫ώ*9xR̨?63GG['BeDT|UmmLv%zΈ$pyE)؋ho"n :6ʐvs$ahLam=k?ڒt[t{\(>3 U*Ը6wJ/.˜Ӥsܽ6R+ !Nބb)DPգ5 fKz[n-yTeO!3#82Tp !%b9@2^q;$aAZXRO43 wP'v {]oQ:yLb=3y#a, '.Ԟ 2&3krֻ VDd ZdG!iŔ|?Wo?ޅC\r*#n++ֽ(tjlFkC) }BG}kEK/oD@W+=Wz S iɢxe=s |d`Қ{j-A 1 TƮ&gnsBa_⩴$6a4fiiȵL6 S&ԘPLMlFG>G|8Gkfc*Aī-ax^ ))^d(t(O 6@h8tRXf$cO֥KGv[I.]@~K9I:=cX_N)U[OxoC!u%p:~шf5VVmH˅YPq"m*NJdʾf=%ۧ+u=V$+E$Le_=2ה!S๠T~ȝFЌiI (ɤ۠Ljڌ!ub{<<wxܒb}g5B xq)sCJ{U49 fYyTLjRHŭ2’>DyZI~[  !مavl,k_X7'`ޫ}~YjNpB3w۞|;/4nF&gug a"c;=GJT؄,{+B#ʋb!˧2g5A>FThK5}ՃJJ P¦-̠ˎ;̢adx̏xHfA6H7S(}Bz5N~bс Z S`{ѴM7DLS-!KO> M#b-):G )% 3}>`FhHr#b9#tP )D L}ngס ɪ4>yV-mMvf}aѣ.O nDk}(N5Ie3%dk +Sll_]FhKGlY(Qp\c}%W= qM.'U70X u7n#X;IըfV Q Ir}sLfKki,ZqCő bHO>l5*6AwlF/{t"x+cKZ>-yv!ʔ--xxuČu6uZί26F_ 7 ~+3п@b`N"ӲX8݋HM+a}8v2z2+S*9$'肩*A"* {ݞX ʁ̌ZuRAԼoi!A`5ܹEq1 AxAj}8w˗7o&EEC!E2O&ϊiLC.Ks#aVa4PV iWq[QLt^!0ذMA8}A|T_'@a)KfRZeJꏽV{ @&ۄMQ/B'0Q{z|=,/O2u-u;kQJ̨NO ƣʚCG< q^H?Pqܳ$QK8P/ts /ZS4 攜BaDWD֒EM3.'mِˤS1/o$5?RFiKαBoؗ4N_>8#(Wl$y ^z S~$!%l;F'<#YQƧT;8}gJjỄƒdX.,N~tVW ;GZ('a;Ё=l!Yq^E`"[;aBUQND-"\ إXm4cxi9]%6߉Nw+&j\$.;J}o܌w|0݇{+wIZ_Tt(ߓ^yxQ ǻ#w9 NTiaG$ӐcQ="|{: ?> ',P*]I"j\ 0`hmk7I=B+-s- :.CzLy4sۜ(`6N-G$t֥٤؞pN"U ȐjgѫאT;YFE-x#ދ9"?JI"Oc`:9E"WJM @ I{U*4O@^OOC2ՄV}!)_2`M DtƾTW٪#&Fk|3.;{ɗf7?@**>Vj|OH/LaDSbjuKd6+o‚6UA@L Z -˄LY~oe~yn5#f\t0@^ѹ4 ri2P~2 IAA"d뀓bwZ)Sbcw٤t6(0=m4Fi܂}/~jS ܦyBw!?AIc)W_hصEdtۺE3\Ѱ;ޣ+(LNY>X,=@ OM̑!FUk &?WYǓ&^:]eT܆ڈDK镝0ёM0Q;mGpC7'Ȯ\6Z ">!|Tunvf f#(=iOD2J]g@ vk6cW;C䄉6Y՚0ĀS~3fm`jz:9W*ė2obI&ӡ" &HޏXuk{۫6O3isfR̴9 Im0Pֲ߳3P#`}!z'-.8݉Ac m drۤ+<;Pe+J0$M/o>k{]X@CL~USpp~\t@8Nf(äK~O>}$w&y&2.}T#nIm [+*58_0 %fM5Z8[tfJ}Qvz32׷ /z€ /i9 wR4oK)1Xo9*PWMpq~_LwZS)([hД Dr#̻wư%\FchSvCΪV] 4nN(](0{F632ciA7WQ=3̎$Kh1ڪۋ4\9Jo fXG~QҾ`!m>6!^pd =.[FPGDOdRrbć/Efuߔڀֺi#RDG?<Ҁa1Q79B=5,<#*t@^1.$!(u˲c㉷;;8)[ZіU>TԁӦŝ0/IJ8Eٙ\X%W-əsKPW3t1sn)UV@:5O{!TǔK 3Knbxf+ODMuI]_DKq(b#x?_,9H>a=B1TIsRa51 5^y"}\bAkTt_>@7o3e%_ *\%g2LvM>:`?Nq&zx592P*-my՟`\2sa<I$3\p{΅e!1(X1-sL⾗d^[ςr3@E-P/sn?Ny)ʴ&4S9}fl8VZ544 5n9*FM[ tL(upRL换 %X+qZ^d2} /PJŴ3sA`()_Q_B!^ٌv ZY Y.{/r:s* i9 [ǖnJ* C٣0%̘]*ߐCC~Ѩ͜ :>hɺlO 0tBVύxJٜYA\I$~ǯbv 0A&aРiMDӻ[2DN?{Vu)hT-@D :Iw(9FDˮ}O7^EAZV1"ǻ]+\ F_^yHuu%YTf"ēp]:L9W)nYm{ݨ'nJG{H ː*g{%ιN\[3D]a Ԁ+"bl;Df~v;;~Q{q?,z>W3a8>3tVElqz8w^F;YZ07q#Blϫ&[%!eï?!8Vf}9ˢ-LNU\fAN>'k2d@ ۦm(ӤwךZj{_ -.Xf{DX1ԉ]Mǻ־w O1¨Uƪ3AfYE,y80& )F;Qrv)$Nv5@jDn,-|䘈-@T~l8H>}QBhE9ku NDO KՁmΎ)0RrXZʆU+Swyw4VYb>3B1ۆ>35k6k5Q-I5B4T[ziH')a_%N8n5Q$̾p@uxI8р\7"|El\, ,Xlc@1E0Do7?zK B`+q R f3;qK~E~pLz;\o-H:|9r UtcZAnCܠRb;~@QIΛd~ҝWx۸*DO#0~EVP^cobGņosn#f!N ^~y7٢gQ4ϭO \@i&֩٥7[ifd7`EdEH(11J'^@1]'0Qf^Q<";T4 %~G5\Ǫ<@ʙ6IJn$5rp( QpDEiP!~1~6JɮA :lQl>$s(ⓠ?V;Z -OOF"TapP 8˓wnGno]o4qe۳W5ԿQ5ЩHЀyڂ/$_ֱ|21*3o>3fSx۲DxY'AY\e-1[vRϥ+~U&Y 53G| fQ )a*Ic2SGg[T#=T\.3Cc'8/:jOVÏ`dz`қjKZgg@x'údrCPl:|]Tg}QI.490ln.T)B!~)/dL,%Cp=7t ,3 N|.CZD!|c#zmV聭Z>h~7+stTe6bȊU9bۺ Jgfé}%ЏS,fVՁfHuM !TBy^& VsZtGnu?NԻl=/IEF}$C`܂F|'v.v9$n:=/iİ<EƱt^%2S۲oR`gyP֗E*U˂US|#V8]tX`^>~ޯ.e4E:Oᨄe-G*hl$-3kC0z'BgP; I[Kj[~a2` 3̘#-PGwAY[W6:8}tZL 1Gټـ@'nVPk` $HgyP)6p lX"|u]JYĻno \!-oZ70A[0]L->Ӗmi#3SIbUWiu wMkzR4:%?Քߡ+B" M79AJ9~HG׶sᠦuX;;t^v'80m^a fqi6ҹŠ)+6.T}o;J)nZb'rTB1gD_|8:d>W;e.{Lt!fL&gZZs3?:d"iCc+!ɽ0l#9arzñbmi5ǧg^syMd g썈g$P P&$=zuUD3ɳ}6<:=׍".T VN]9(o?8e^Uv.Ju*`9/YC5_0ReKA'lunI=<蜌.KâNWۓE/sA.brIu(0:Y\CW Wtm~7l46Po _Y5ou>8R+ J KA`Te1[iFܿ8#j(TOW Ej:: ; }Awin#N(ưe6s~u /۞kAҐ\(%p!u_MW,:3;NF  p`a([lb?{wjȺBG>9 ̄ļz@kYngyuˣMADO?r9)!N`@ 7s#a}9S Մi $5E7؀a4Mf|Yc8(:vkiIm+/1eR8ڶAa822O*NRdkg7ňvűu0x9QijSpܗqt)..0" ?UW\ H~ ^[j >+N$<d_zײbR>z8}ysNu|1=d"K.p͋RB( `]Ŭ_x SD#Dl=Q͠'/oyNuS ~5{MDLO¾ҟ]Cs*`8V޴6^fm O&=fsf:&0旤ՅS. YPzaX&៯.GߥH{+(p7˳XY wpFG?ӜQ w~5͓TX$ܡi)RC=})@d]f;myp"Yzxqt%XJP{?+o4i+K=FZ3 }QW$cc]n1ts=7.|w>Y&R4!Nk+ƜHLX1Z0~䆋Si-:;pCk2, FY֡cXf9RA* A]]IR֬L a D3 BlTKecolEXx&0i즔' RAAECyzI[F7ƾk@3#C夼oνEAl4 `Bl#u;^x[Њj/.Xoi;G< J=Z?,&[w«:kg aRP~?9ʌP"5]\>XO#G8Dg{ 6)lϵ KL5ѽzi, ' BݹcӒ2){yshp  6rTem vw6oTD"sYckrQb2Orfq1ݸ"]>ҹv?x7yn.;7uva @]MtğK!)r %3ʶW{x @A_X~޳[]Nз=؁0P8BOykb|bvYDOںőaN :&qҾ&9 yHϭMݑ'Oc`Œ^:ؼE4n7r齞{Av/+$!veuБЗOPԣvsE$-qqvMvD4[g1$0hJͼlGOq6o%(>`Yq;t õQKּ|\֝>O6 r=y=p:N4͂V )0'eƛ|v< IDR) P[+?^)o0MX墙F|ܔsy0Y;sFTT/|o#x [";l%n"]'-2Bٜ)E,gA5ϊ?}@u}LjEArƳ;4o ᪜1QYɯQVd_4:`Ȓm9{|>)kO:y)>Dn/7 dڈ ~DloSs9~suI9m0>F:){;ؠrUpzgyV7LÌԽX @wyrS'kcpQi;X-N%UGR'd&1ΈQ+.5 seB(v 5YM1ծtP,'m;X9SXõuLSJUNp<ַ:NfU@QI痸y:X-n5 ? pԦT-lh]py7ėyR=uك&oIR\ fJ:aYl<1Z.Edj?%wq<3JᬮI+ ᡂ` ȟdreg#cܼ= ܱ:m7OLV< kGwY_n\ 6g[O%8pƅ%Ѐ0[ Q*;U[\![;!!SQdb FQ{;1b8F۶l"K1֟, 3> 3<ř[!Go)slf=)7Ӎ1W"V(78|-ݒ%]_Ϣq<#-3'Zōs&p&Vo~᝼0v/VyxPraq,PF7#tVg0K^Yw㌓auǬαq4YZuB!G\N8[b{Pl;j5Tp ӋcԜr2a֌ IwsP$Oj ÿO\v4Ѧ՚Ӆ(Yx<<~Fd?X=X?w:i#}I&$YV_XR h>"S>d5t I\=A6r闌KƱ}e^kGSú={ az5+Hz"!# L;".DWgxEWb;luaVF-Ngq36ҚTE^j|"S 2LEY-2` țcWJ>ʅAdF:VsTt%\h3.̚>G#u@MSGos:S1GY[ƂT 뙸w>Ѕ?a|29QTKH0p - I&wZp?O֤.qk924 2I?\IjFy `Zh2:k7zN.}y𪅴3'IwUyP|KbkI3r`6v0fq$LK(93_}@ 1_w^mf}}F(MN=U6e< /c$m.l <>ޗ Ui|{muo : `9bF@,{ 'M^T%?mj v!Ɋ~"e cgLcT:N(V:6ss]):^[ÿ1y\֝#8:hō!tp8xhDž=yp,PB+4rc} `;_yGޥ!{5֓uM*Q/-,.AT- {33]P]avuVsմ%{!UJvrcMpEbPtol|i9ZԔ3;8.H\uTwҜiB ]`ګS8EyR44!kcd\Fw0(kb4v74YAD$rףW0L~0AIk? t:hws往U{yN,=25㌠Zw@jL=y\VeK%"hWi >%]*c,=qg-w Yvcc~7o 1OQ`#sƟ8C=f1-p%S6la{o`@'"`^[bb!۴2$7%q`O3lRz&ԟZq kԳ EJ%{gfe>%{ lW\P_[X) 8ISto9d7tjK#1v.lW Iw/lY/jVUZc$tq`Nuod +w4eu:$>)pưwzяAA'L . Fl6SLκ} H4λ,!b.,SIz>RD]]qe=. rj*yl{^<=P/ b'ZbnaBvg5څOצʓf)tE)F{DS O|:kHƈ&TI`-z/(kA8{ΠxJ \/o=?# V ȂO  .G~;R]5t^ō ~׮Kӿc۩exLQ_/G[q+6}{hx4:ٍ/GB$T" ܶcĮ@~eE+d댈o9(` H7m&l#]Z~\lr9H&\Dނ&U? ĪA}Z=UraULRvɊJw*!3L 5{WpG<1 mW{Hac+sda8!74Nk{ I΂ȌBj!{}(7f6{/^GXҨuK['Tn^R]i]'zZeEyIP(_B+uT͙]&?Z6L;3T()hSAk2#%q7T];mAE) |>o3Կm/֧Im5 ;n{䋶6? x/RNب \2.t؎C+X ~履|i'i١?{yAW-,d:^ 0"^{{'lrap-ʦ5m2$7R ^NC2.zpS)]b1TxI'뱝ᘄ:c0B=^vUO%57Я pǩ)T1Vۨ/'wPCFF >5'ɡ^[c> BAKԝ2 <9؄áP \?Hf{8?DPmzƲɯGWtnsrYBBke$-FٺG$XySRop?Lx*qKɃl[<έB lUcGFTh|@P'љR)G7V{K}F'rXrԓuK3F^W)ql_8e">QqՕqTMq)-nXhܛ`JGWM u$88'GFM_eiN2 [P{4,B u7ߺ5QzƖɮvMQpix1zcřmEufW6 oCtfn#@3Co2Drd}+GmVG#| ΄ˬR6Ia6T7n,a&m dQڨNl:\O]50'9+-qrgF">H: sw:Z[kXmtccH u}BHkE83 Tamz ׅt@͏u& Zz¡2@M' TYnrDb+¡M9OZjc8v25ٿ$XYxa{'/*KG(1U3ӡ[h:lJ)|]qG]R18O:U5k GPc"qyGW;J_T&k@5E )9&ڦΗ,,%r-`sk`c Z*z[{do.ݣO*\Ƨ%!0dr` pF7J/-[F<ۺ e/RTgm|+U"p|'z/V`Յ~uO\ ƎzH#4R&8X+bviH}UD-e/ ؋ݎ``!2D[WjN6>}Vt8-qSdXHt4D 2Dh>K%ep:} 82._61 O,}kZ zG.=(}W bP7DU?jr|\%9DAi: =zB0LvYz M\/B 5Lԍ\ ל_ aGܬ ':%TM2!S,rNϵU |~k eӔ#H[^"iqCTq#3eP(!o;BVRG [@.].=[z: pAHc ttPV? XJ==;Vez_-i)ȉkiG`,n܅ {p ϝ&tCW+ A֮w(!@z_u%gq+h y3t?Q6qx`4r^VNey3uA~Gb+}: k5nLϥN+9`$p0y|y| F 12rc`1j) c;lbUWB{ A e0:2pZj8 yLeG(.__*!s%sfl 2f^ %׀g uYjY<YIO(lgsTѝ1AVvs .HҋS-Z?Y"pp2mjOIv`ne7ت/ `QU"'E6b$]h|RBmWAo oIƘyM!0B a-L^0䉿gq=\Fb/YJyƯ>܎[O,Slt cWSR 1K4(v< NgP'0Svǘ8S> ;^Ϣ^- ڨ=/p~E,ȤӓTVC/&`lC+8=;pSVU 0i)(>&UO*!Es\Rt>ڄrb;qrde/]>+F R$w*_]<^44G ]Pȳ'eyξkqɛaI(m ؘ A&kK[u#'ZjvVVi{e[+[eNPQ7XGukjt}@.^F!T-kVwns:.DY)Klo \~d:"ԥz?jT%!#9.#ˁ{dABO{[P7Edi~jxtv53M SM-SOFT_ԊhиU N ;AQ:ӡB9wJ m9[lE5Mx q|*^k pEӦbJK ̻*J`PN t]vg[pB*Kofb `_9j6} cs!<*,>r\0rV )= RD}L kϳ*8aTe Q,IKwk )bma?gƖD1X4X}EP $ qsSsm5PZ,gvq#G+'|l_-S=b&1N2\| MɟB mhqu<˻};'v9N_^X,z MN?snPt?}|,} H=nxce{ǎU$/W/Bӗj_9{*j+7Oе,ٖN 0 Ўs 6 Bխ4Z5N|ٛr^w {Zcڗ{q Ǿ@d䙨9TK6~[4 XĒ.d +RN p+9y EP!Q9ٮ'2y8 E{:sSI"ّj 3F!A k}bR(A?ӤۧcQm:/Lu}H ۭɲ?(j{La"&rgƍ}$t&/+yY.(;}*|X(9ʞ襋I/6egF ).Ib Ip WziC\gB-㾞XRNTyo#a鮨i*m"ʑ<h yz*t5ImmO6IIQ4- XW!CJ5EcN)ˀRg(uWw-mZ:0;6ck!aM#wĺ F3$bv`.sV6 DNRphS"ҵ~gd%Tt@qƆc/OP:%r-B*IBp&maƟ!NZ7Cos\WtwPY8ڟw㝑8ʄ"Y ^6Fj^pQxN&iܘLf;[=i*.cc}'X&YI홼+Ҽ Qzl& ()xjS r =!B='K]}Ӣ˫gG|d 2%7&3zO6S -{,24å;#o]y|ͮY{~T0Su/W5ϯ#I;jOQ[bSvņ5k;Jy7d.wX> fVT_A\`/G#? ns KęirqxٚzhFc s`"/b7|ӤxZ}*2ғJp ѧL&pl"c`Y>#ddM@ HZFQ!Д ĥ@tj]m H5K: E[ uۋ~J[w)e38&&@dHpLj=K6Bse kS)Zq:M4@V*)ֈJ@R#\w#{q_ ?aŻ(H/ K{Kw"sh>21*oJhi$\"n*R`B,1&yt&RYN^4ZFlid wXsy4eGDA^zȃ&{ coai%ޤ.Ny1c Nʦ>M;Nof 0Y:>y@Km}};ԍ `X2cT+n/-Φ9zۖPou^@w`jlIjw5}aZnLCCmJlGt4*}OV2r8.d|@0?dK>Oow`Ѥ&pNZnl$ؒз%{J,vt&'Uu_Ód//6>:kp (HVK.8m(Qme <0Dp~g.`E4pDa=aH%ӡ)JBK XU(=,* A0hD'067ESزnHi? 9_swPCH3qhB1D Gi%"* SY~ж|LxtW5/ ?|MπjBoC}Je.g<=m&!,rsb~j![Xk0,_H欯 ;:|nsBC\ҁușB203 Zjp1iǒս/*2;`: As dg3Hoſ0E,S^b.>ZBښ5e뷮^x/>K%Pap(Zެ⾸sxxh{=\8!GU$ᛃqL"7-r<@ej ZJ\$xVwnz*;؊{ 難4)cf& 03Y7WJ6t]}&l~M]bwFSW31෥5 c\Ls<\~48"E/cavSA*f3hIX,2Z cki-"1>ՠ fitZEz&aF+?MA5yjst-(A$TL[PyΤm w3M ʃhỵ{|C]~Y Ά-hIF&K {ӬoÞc{ ÑSmsگr>t[`B0|Z4濆ꐂSh]NT"qt)*NV2T f| DĖ$eTj0 ^m(`,mOjAz0\kr2[[ SIKdTK*뙄rdj@8>A#|JR॓:`iW[OI{j'؋Pb؅JKNL!lVndYfyJ\X'ÜHL\f1{En&?"Ӑ1b/cuƣHSeN,H4F)AMw-H&Cİ$QMM| GZ֘Oygbj w kȟ+{]oGi3$s ῜.cӈvځY4NEO;ʑ͜Ytyї{a)2s|, Cd_N~z U#W{љ4i4PAukt! /r-YOmnL-+Ҧ !B:ǤA&&{L٭)26$;nu@&fN_azk},{t쩃 m?C0 Ww7Hq̹JZӟEԋmJKep9:J*.g@17uysܯ2 u}ArJv/|M z?@>;?zqslU {6mTk7LKX^ w҅$yKU]nՌag Li!Kh/s\xҪ4vb<4 &pn,:ק)\))q..,H56 ܌(E]tEQBwh? bΠcz-"~fp0Ƒ y-eD}ۗ3'֙[RM%:>r+=>l%?IKZ4{WL)2\ E G?>}'$"[bRK/^  >rT8ڨRpf4 ;$S"*j^ kK‚`{KK1lA$+@,ϰ<$R+jahCZYTؾo<.]<]?8}&w+A錝xإ,x(,DfFb3k-/釩cM?=l@weIs2bD<^`[PcP V#gK2ۼ mȋf (0f?Q1:ۡzwdg2qmj KX!EࠬE%X Mp$<~IXBY1\l;,$BoߧY z>`'20"$)Tk#B1cPԏJzO]i`6nIY:r&URc7!Ğe J)g>_A4|;Fj543oP[,xJa}֦"Ex`G!5@W)`Dqi7ڮ ūɔRCA&`_!-"J$+IH/zЅC<%G‘x1JuJ֫f?ך|" mhWZw OV@ +ۧ#8+WԮ 3a`H JjZ,J')H G.Yfs$ZD)׆}n`?7/?(Uκ pa%Sx_;3JF8@X)v1m8|o!w70Vǵ7jҽ*n:Of[4jx6- MXF=έs51j)Ylj׾0C!_w6.T aM5rv XB  p'fA{)W0.{)-OLؽ/j׏}ĈVFZp[tVŘ/.zt"NtByfA2BVQ ->.z8m fack*ͺ#WÐgi GW5KNp2i-3jP 9G؞T[a"lelrITܲЖm\TsMw3a8pDÙ\EX8A M]f zåN(V8bny-ZfUܑ΃QWug As9D7öa"wqr]ﱂܔQnq}j]6O6n[Favǘܦ ܄͒&7OP"=%VE'@Nޟ}45)w(/j (4G~i4bDn[ 6,Ue4PAF_"7Um6[̡ tc63P''? ̐J="#~m`xګA ҷ-AնEUƏ5̀ a`5_a ,1Q:Tsnqr+W ${ȍ?tT*5inn֡D;1q1'BZԢ%+[.+7>j IH=?`7T'mY@`$7nos37ݗ)&;rp3G^);vӳ=ZZ4[3wA;LnqJܞ_}ST^()LFΤuނ/E|s\:ib<\jnw6( fꮹ^-.9?Y(u~Ƕv o3xz Ad8~r PO/iIV(7./3x0e_^LƮI¬1Ѿn[LS 3&6xɟʕgm\z E>ʤ"g28+ʍ'/Eb)Pi9&0!{+=m)N "&l~͍ʑ9#")|%>=H1^W{~^k&d=*U|?Mvv2 2e51mʟݹ̍B1xPo7ȏrLB#3R8r eZ"|Ӧr:F=ȱkERv·XIa7sQfqy OV%Ei]d6:iR +b(8&& RJe 3}wpJ$-޸lKL֢lH%lh= cE>FF:-ޯڷIyVhsX}LM._ ɹBHYN+J"hP\yTv*# 'Z0%}22Yli6x'p5#m5g-Q)Iȵ>-ϰcFmEi IuAVFq#>a|M euܾZs%O#Z!E)Yj&|%v({b0J& A@Ť TO7S3"/^|%#ĕdX)7K/ncGȚ_­8؍B9rmM6ͣq!4E}|&@.a!Ѳu±CuϭtS:nE .6I7i߁ߒ[B NpK_*ЊΒYvʱxp먢I^H\yU1:$e<mW̮n᰹V(Zm/v$jh$ ++%}egE͈}dZ pV( 9bB=W]4̮h8Aa01nWUAa`LZgu87c쵔(\Ie%'_3d--FAzpom_rCFmLiYos#mA3m7wXΈgg;1"ܼKgy Wi $@E+Mm6唍%_4]Z;փȫyza(amEly7FјU3Sk?Jx 5lJE@j{fɿqF-ܠAE'ٟ"3)15+5'U3 4?׋(l$xQ6[)̈zfXtҧ&HO.3@l׈,*ޒߓ\=@MUXhx.iۅƟF|G!506V1˿<%w?cuhGfXXZ Ğ|M,Fmq&lݤy,pղРܘ|LF1IZ⼠S~G!ZuvM͊,i7kZ\ f7c"ظb;9z#xϟz_4@GT(=#!qh`Q ب&cwT-j.J נlG΄XZ۔&đϭ@MNz| `Nta~y!daΠ`$u`Atcߚj3}= ,B&qMm9=:w:aW|pk-AwkK 4uayZNx^%RUQ:T^r3*g2a5WCD7aʘZj,1t}f{&fg>&`Ī焀SRv1r_l2+Xh(d$eX;}͘|/7JreVT(2ɴ:BiM?6Wk N㭁C:~RSFY^\ uP I ]AXՉsՂ#߬LWg֐q3S:e&9[ȐLHY.~ 39 %ltB:~WFٵ[%-)>n-lDDI[)(ŒőReWf(;Rb\}WSɯ/ KrA>W~( &ٻ6C Néh>ɾGK=/rRW|ڭn~psD։׉(DjlQ*54 Dҗ? jC{OKe3l-OdoԺs;`QX~7*E,ZH9Rև BtYW619,oK$twF!TC# xB<:0"b`ݪ> ԵJ@O؃̺%r31ϐ(bbrl_¹JրbT̛0CC/ >zBA>ޭ l*S~CJDI$D>:'5Yv1kL>,aE8o)pjxᘥ\T ̠Djkb6KQ|IAй^M3mmk[z&xk_1Ehv10PS}ufה'l]zl,֮%eDLp1rPmi& (25=X+x8S7w2v;ٜk ?%jaSuW|2%z5OIGެ$G:յDz]{da3d#Vt[ʚ}(:}m*YiGBr-k~&pXk`빽IHIpieouswĢKHv9'= SiwB:B"n,%TDx$U.cIAwt'Lۈ('G|cf1~\f|3 AkS&9I&c΍p}vu;Jy}e?څgStrފt. KR9o 3ĤJN&7 d[BS)iQNf^ɻLHp+y6/6dog#e;AIGa'y?\wpؠ5. Z7g+ vqexn&y笯W?F?4pjB$oρ=?l(52AMt{09x&}=}Dt"^$i"+S`*&*r A]m噋6:C4{R+CTbtdU~PtP>֟P:"Y+9ubkw1 |XpPvyƌ BO%bt">clcXzg菈:Y$QtC7:ǭju*M ϕXҽ@bi+qV}?K:K*џJK&~&dTIt8=_1Ě I1|7&&,yɒ毯_S?6uID/eD8Ts(0\w0yA B2ŊS{iWwR?ПտX*4IGx],6=֢F);Jß@M03!PאKH -)q ;,}$+F$n(NͮR&NqxNb˪/L+ԖaӾ ] XMA]@eqǪ 4Ï0X+[WN<d, +GLp$qޖM#9y\KeKvS,<4c3`,F9!uIN b2 ?Ayv h'V&"2G:3:;XREl -W*6q^|sRN&ztÓfLJ -L$D*h&݇E`fQJ̞Ƈz쵢T>x 42\c-Lc 47Lc[ej'A6t$ҡ:jPYc}嗀 J"LR}B˙!,q;d -sR;Fs 6Gx$>}lbdX#teP&E1wʰUCP.tdF@? .>!#LFݦK˦-`4J3})F=at<%zmg҆{nY 7Xʚ.f S Yve*ѻIA<XҔVJ#\q9 zw5JOeՒxЃvgT nHU#r }N˂nRf℗@O, :YPfd+dKbt,@IJ-gpԲwvG\;Az.Ƶ!%VCJKi/&ڮ] Ŵ\1cPt쓡JZJM.3#u${g \trz;4G|RLՠ5qC#|50YK5wb%.a{J-,$c~DWs1}QsUE% s)rz l en ڤԔvDSjљqRyy_ :PO4{ ?Q9שG-/A(!"9?)p_&uw71Ւ^&nynBTN+4G8:51}Zkad̅M9J{Yas++NIu^e`ӿ3b`ԅ s.KT6i+dkSr˓otEHk5ߩŦ.B}$|繄ΐ:50REl,@ܪiTU͟axh@1iGl7/rX= xKB'zus#7!sBmS,^ b pT2CDZKf-*xށZ"#@rN\>`DF}1}ښ+ V~ڤ`/s ֓-!@Ѱ褮!J7Bc>O+,^>A ֈm^|ֲtJ(xD rx![Z{tFQq|dUg~륇)v50F k׻H5+!q YL~YI{ᦝ&zL$\%m9c$˴4e_TL:U?OVEV؁wzsI!#CKrj^fC}e "m6"_TnaW f:JbjQf.b413ݲf}7 ?iN>%c'ⓢfh7(< 2vT  VJ谈 kdxi-WCK'_zU5oDH(ངT_Xת$S ?&kֈ}'4%|!cnlf%zn5oZ#2odFțܹ!O 6IMA[IE9',Ձ&#1θ5HVe7;d2/_&M䌷l(mIϘ2i5W;h0n2 Ađ2(An,MEQs԰^\ 镳i㺁{́ݠAM(/_&LFaԘpktb{HdT60;V݂g:1%'hDSH,KgBATӢj4J]⏉E[6$ahNtqRsJ; #+Nn'_;y2-߼^ݓ4X[%̓e+FV$1(bJꙻ@yް%,Wbh:E˓9:LEPhAMAiAc (B'~]j@`- kKGO9(/0t,X{o#T K C II9AЕw\A_NǓSĪ/]˟[? F (V/uc v8}N qVrf+hþ\/%-i5*bW_&FoXesްD=i^%>Ƈ/Eqr (L5oiB9;gn2- umr 6Fʅ_K1vsWq3d(۰܁2AH22N9\$ @;̥O%C:}Sz1Y@%+s6ґ& NWP8\SV &{ x.Y3jQpY#AkG 5ŌQ ZE4fAW S_"g~ < Fٷ 3eϘz5@jWF[T tw:~TuY̙߃-b$zV}Ƽ^G[Sγ U[PmVnqKڥp!zuz$5a3m묌ol:Z뙁qҼd#:fueB<*AGIZׂ;pFOXgņdIO\yJز[0*Jld*q(jӘ_%AN:!5ۇP'| 73M^- oAIs~i]43Q [uk0M?Z{@\,0 ) doY=Q zpozRp> ?[-oH XY2Py|1?㩎_mX5m%A܋܏ɞox203E$4FA00fKY}@BP8QYj1lr)ѼkNLB:G?!.ujldy==4 `eD|=r*z]˟t_ o^ r#Dt7 4h؎gl hl8lvCEkd,B];qO2n6zIy=IT~r-6O̠TѴ)nDR:0{K^6BVϦޗcz$V"#"1CʙF,7WtK*$1>S |ȷh4 @E+kwޔe~zCkZ{ܓbDP'=rĂXh%ڃBwM?$I Է&meQ qsCn]e p4wL(lpw_ reݡ69#(~4Ym!,w->U,,jw`2fU9Є $dVH$Zw#(-U`>wzᯏh,qV@ufrw}uayӷ(BI(Q~1Uf فI9BR^"%73=MxajS{/o}FrЖ\y]FW8X k( e?&\Pan~Ck $p][,~#^^5??r$0;ŌyN{@">GH{" imܨbX={o"wq۷}LL@?撙#ƃ-yU]t6fx7(0rt=.zoX_bkӲXl >JSJd_y؃ Wnvt|У0FFRY{@>^: DBr_/؆AcRR=68xMW /P5Ƕ4e T&~zZzT205a>DubڂTz6c_${Nv[;wFpj&,m\Q<7 S#g7|8 7 -:[DFPM6#$F*NNn~@Čo.*`f݉gȕ%UчNajod3#fi`v /9<>Fp!+ϨSXʘCN1h@3Ƅƴ~*Q*hHj ԪrFfɄٶlw'y1t PMUZ+VAS%2n=kﱜ @̇٘匲1Uޖxᮚ?:w XjffJHy≵6[~Ϙ^!ԓ Zj B1Lm)꩑HlK,ml, $.z6M ,LHt[VzR V)uƷ2#׻yj˗ my 6,@0o.b mph4L"ИFKltXХgw,=:5ZqM!',i0ŷ\cF%tG}$@0ی*j%>i6 jYXH7ۗ㣏S_<H3 @TnBF\y;BE_ $S>V BO t0ﭵ,V{5tb`}(Mc))aKשҕ}ΐZg&܃i=؈$Nr;h:nIBL{T2ѐvԣ2IYJ" .=NUq2#'ռ.v%q!_*&_~}zUEJGY^-Վ=]M_8` R Psl ߔ3ļ ofǙ"Lo [[ٖвy+m0N 78^ TΗܲK ""5Jµsaʥ.5Զ_49ى ?kWivgȺV*//Wf$Zo&df(W"-aXmJ> 0љn/qw o탉V҆тAD' #`AE|DR=r%szQ@Zm|tuB2Ole#0 duj9tDV{de !,j嵔cVV(:ؿ|tʽC;ҕ\ƴ(V9>!(kڥpΰIi>7PXmPW {D\ ۂ()]ebg݌[RY<$Lt^j-ky *.+3慲HBA|!)RFXL6*&\ϱպDt&ΖO*F&~HYV1nEV69.mg LBl2,}e>aFGUfHNIb>t< JY>7LVpr|;/Qæ3A0,LfQhOBM;X"ҏ#\xe\C=Jqx޶r{sQ6 `)71E wp(]* !X+񦂅ރP%=QN5qySMF'97Wǟ,H XCE Ss)7;" H] ӗrFArsm)Dt|8< DD<G{YhcN˲JzuLH| nlnYCZPf-^l=7ي9>ArU5gYe`%vJ&%?1EH?7 V>T`$hA ;#T~Jϲ0C ;@i Ђx'Z^ֵYdUzm,3Kks|y2L^2 ߽NjtxR e||5NHmJ@3bW0; KY$9E1b46Bpe&fy):+stY S̍<u ; ry7 UQXGc,-fK=K`8FJSNY|IMQzeGχ![4>G-/ Gݘr+ -˻LqOVRPvS"c:iݵL}ލ|fB`EـmW u-HCV9# P\qD}?z8"#|K"d!ء耀`ݵhT咈5N$vsҢcl6 a9S`M~mnҀyGnqmKm"dKqWTN^|]sm9Ǣ:(;˶ፀw'@h5'͆,YX(GyG"_vb᫲m8o/%i *!?d9p7ЍQJ@ѯHwTvP~5{MqY;Fv! ?'׌%:'Dz(%dZw>x)e ]/2Ũ?Ҹ4zDP&.v#M‡S7N"QwG@9hz+ΨL:Th_M]4 |M. ɏ+I#`e16W樫Iw+*:;i\5.* Fs)Cn3t_uJa&wQ6 P P 䍯Qj?k5JD59VE$O^oL/[;;dEj l wbsnj6ON}6 [9Nr.1: 9k0U:~x76=uOA9k»ԙpe#]+ PRUbA:H&(֚)vjSv_dfьx=.3,XG3pxD:+;ކkHps寋XR7rB:)ӲyLym?%h3sFsf3b'+?F`vSNUUw8dUJF.:0hAycJ׼ޠNO8eC)4qU-g vdL(aeXw"h’ysBޣ8߉ U։rO75X!T TcԸL%2m7i}:KQ/[-U>S?G޼@4: TM}|!W`mQE&^¦=L,Dm~L|>Bk qUnĠH} |a$Shvȥi~"Yz1y pWBTw Cbf&n2Vw^6A/D֐7ܳ ."dޑ)sNsWFtդkҷ捍dtɡ@"؂HQ6@.[B7}ybg&`suJ#ÏdW'~yq`7#2>Q=WoX}{U78 l#OW:r4,tiU\uyD7 )AG%M~_>8̤H ߔGhǎS!a;+$8"]SSh!v%Q*;nd@c*8} ,) ymt1!RtOc4!ԃ`A4q>Feb8LJ~d"b5$op$%ٓkEp^em`6zImoE3ӳKحώb)jʸ6K!Z+_Aǘdp92/Y;oW /@w?T] q^ci^2&ē(N Vi*Vgc,iiD{@eM'S\|sYۉnX5|Zc`9w?ᨅ>s1*8Nkg$|K!l( .ƺ<u8ne$BSu:Os+,HRZ(BnqU^jf1a%cPpc{}\ȲV,A(W~} bso~9_)"Ů97\*H㖘VoĀVQQ.}d zNM i&R)WnT-JMbs>MN[%EܺWc0-o-S+t9b;b λ G.ڳx$.Oĝ,QSt (]W64=1v/9ɷI6@JP|"{cy{%L(Y+r0s[gtdhvNV!k[_ÏM!PC-iS~V  DC׮O:vИD,feǰ|QK84Yb)͐eIp 8D<0* Y#1lNnzdN`4 6Z+aPs~;3:]H?8SIgi{*j#AIW0.o]d5*&(dH| t w, lQ@Չػ#w< ߁ܡ[i8>$n=V>\m☏:'B⮟dxNU9E["a &!d0T'63*xiЪRn{!yz[`(PW?F733Ae{2LZLr`vF%(R:,9HG;!t zWSUaPeյkEf}}|dJ㣚=EQQطM=cK˞E'm3Te;A>ϯf/ BwJz1:#̗Ԍ>^*jveUW^Ÿ|i Dj_YƦmoBl7G 1_>)o^ CoN݇r,uڱ Qpfw^>S6Rυq94÷ R wA}H$p7PBl`GDऍ(l'ӜRzF\OshD,ZsxU!!вi Ↄ0bs)y7"Y dn~w{i/BxV  +ñΎM+i{ִGuB׮X&P~4 @{!rgNłbZjbφP eŬW?-i9 P,0⹭`xq[ю (ݺyWoTX $y5% +%rXUX)$?%jr|L8/ߜGPJ6yPr,},t9F #F1ȫ-0p/RqD #-Y^Wa)@,*/aEK7 |'qΝ#esbP,=G8wx+m6I׶ZqƂ!}&,;` E= Lꑠn=@Ղl ֕Rctt,BP?C3֐hXnO&ixxؐE)F{ΏZh {2wc;򼷶#( 8a \e scD*[4K!c*o@N2dA[A@[ K 3>?QǾP0v; 2~P;@ܞ g]758 PI9 Tkb֙c87Ꞷ.Ջ0fr&#n}o ! @&=pQ;\O!|*څVm+h)X0,nAӆij6lϰbMdډ0gTʶ"~Pxo NpQ-A]P;/ȵp IE"i]U}64{Bi$~-dAf )ylgdFnyM}i{X "Wqd-Ad [˯;퟾O "k}[>8y-Kil91֥S8dn͍݅VyVGY݇t fb8d%9])>Liz2VYӁg$oH oo ':g{$2%su"* TZ a?n?+Rgnu/rzT| 3-<V`땍l|"'dĕhKBeXFU,0bk# r*%X` ]4EP#7 add7<q̄F{PE񻪖'+2B}z}Wѝ2^ ΰڊ a^ ObByhUU+E{]~ހYp;kUܽ>&$!Y%)tzRбun9j}!P8@,(8P]0LZhPןԴ>LSP~|:{i%?]RDv).%[.d 圐vl KWڏbTzv!E$MqSb 0 w5a20?b{m JjP2pu R&"Ub;y8Iz^ X:ۀX O^|)uHA#˽iî/_\6]KlD@1pF: D;la_HѾi]~+$WEyei6C5FΔ/m~UNdIk]Vy^KBwUQ;Q qU#Lؼum[鐝zv-m|:d_< % Z}Y*{LiU,R1!$v?u~sd)_,fЯ6`%3{L :4u+Wi X-{F3yl^G|Cv?8|$r|2]T܁OBt5C N^:ꂅDrwO0NVOCl_|ŭ+bFΨWz/L}\~ͮoO*yX" +GM50 [>/ yQ. 69Ťkո R,{IC" bDAXH6}/oo;vg>D? !h\k}3tɴwѨk!pL[1%D),q=cydp$<>h0ڱZ;JIeMzXMǚk50Əz5>r/K}BJI2 ?*oF3E4 sܶk5@ ϘR@N*+,b\g *3^U5)\ JhLM^/BwؽR9?P3wtÉrI6Qt:j9/ 4S#|3#+x%h}h3o5,~GSs/k: (LW0P@Ba$6`:h;֌`NG,ʎ>tՉBzbqdKĎ9$W {шX/qwhnjtZ^ ;+vnl>RWC^??~yҳneP2}t"oiWJMVS^wܿ ]rlJ&Y0Dr g#e@z\z: c`^%^lqimorλz'XbImHs ʆ/N5fPg:s&Uḇh bn$:]Is(L btW_3mSM"܁v~<*Ñڋ 杖̞e#u><Qqo)Vph-h*{RB v%m!0!Z1`^,|/zEGy~kIO7aJly|^OJ|f̭Z}Zd~gC߫X]K$!u Mt ^xt0PR$j3w Ѫ.f]imnK@dMDVOi=Α(*VH 6!j=cv}`{,׋%a]zF [|X(o m  AA lIFخX ]j`r[Va zљ 3Dyׅ}7߈a9!kqLk$,} -MCe& fYN&jzj% iiK)"$n+KWE;<b uZ+#8FP:Wn"z4ߧǻMqK =POz]);!/GO⾋,ZBf 6L͋2Bwr;efuuL1Ȕ7ZO*Xt[.OvDM"rSRP`—~!p %weKĐkڒit~w 㳁/ڵ pQl '=i[u0[ee]u1Jޯ;G`gOY F Up̺;S-l(m8QJ,W{Ou뚦*IɊ29{^nld+|(Oš^щɊl>|t!9KiyS^l|Q{UnK/zngj<"[.I\;É'm+и}+\MIZ>j$HHWg?u'5%ॗy>~78VPtۈy/2e߲ᕂ<BTM"|G9eNR#dFv[҉}89@?򩟨#៝eh!(0VC֌ zrgQ rdrJ[O}"!lG? ݪoE`r`I?P[GǐQRM䧱ʈI^{]Wsxl|΋24xꦵI % LW4ٍC0<96b5H3GOZ<;fo]C,ng|b7F&i\qKBU6@.Xߪ+d~N󎅛ɳK06ayaNŷoGaODNJ~3&ݕvd^ y_KB2Q""ӻKYٜe'mA#{K=s4E_V2ו"'d*PmgѱpgZ[͐*xJ+ʹ+e`eá.- z%$\z$1?UA{ nKLXWx11 w3Ysk)Qܚ9r9)uN:W'qiז:eI }?d];̜ƆdhY7c[bdJ,f /?{)&ǎTot, ۅU-?R.X CgɎw;tv$ZiRS/Ã@QMn= DP_<3#?2-E '\\bdNhf:B pswk3Sr)@e)wC뤳`5:WtoM ?/PoG XS(ile & 4R 1O(M2BMJ`gI=_)$/tOm8h_4{W$"Ȋh%iY0 Rb K"{j`T@^%S`D kXlcDa;=!"!CQA,x =Gg[@B=S CȧlC˃Mz6#W8k.`M~:aZo3q\6bٱS2gн\@}$"sE]_ጘZ W|SJNVT0c9nLCȦ[ K]M̖J[9hx,X<ӑ NjqN ao M#$,_(e prMk"; R2zpF6-:D`oC ћ,\t}fQcym:a DCnjCj+_$9j,<Xi<pb‚&NNg IgYD".`khÕe, ; QB*dSFgMxTk(l8]h<Ǝ\caJvn26-Z |iOf$ 0qgi}YBWyz*xIa9A-zqXeVf~G}4O4պSxGmU`T=*i\Lnf!`dv"=C(|G)~TFPU BiLoVI\ k6QAqQ R ]2+Gp?r!njޡR l BR[,0k 1lLQbnR\BqX{( :+hV4ˈ|)>>K8ƅBtõyaŤ O\B)5TM h^{@Hw̲jƦ~5&*uXˊ$ ňv5\K/i&NݣCh OOp/.bS/t5žP;ޏE)&&Mn\ofQ:y&Y$$H%C-y!P1V6i֣ޔ51oIPJfP}~`b c de!Dj$Nen gb66bN1,rhY$ pCͬ\N U(@J*c\Qb9sFEq7\3d<x1dK^QDA|9`B|uY~-pSf7QZ&)yW",IU^Zc /fQaU"t,+Cs/R' 2^UFH`:94LFܑ8-dvw?s}BrްT@~fJlLNҟ?kqrhOg}90!h&L`3(ۂV=\H8{,vT ׇ$JXŲ8iⰽƾIf/GX 5_<ni~l8=ƔIhSR*d3Ꮑ(Z9{q^<q m7bٮߟ'łk2'N_hU\㕆~ ƽ߰baes|P d^s;)3Sé GEf<|;A(V/SA~ZhU2'FLX\8|r8>osuWm|9@:(UΕVVCqV?H&ߛveP>}5=tE߶~TQz{tc;&䞷Ո#-~do4evYbwGBzrE뵉Śl911˃i vHL/d8mtg{klt پc[>=RJTƺ`ïr3B=ݰx "5ӑ$WxIy Ô&=[fLJ%13jN:cHNѠΫQoiEV/dfws/[~6z3s֕ڴ$G y9DstGb%Jn}/BҮH-¥s3bB1)s3={lfXЪ` V (Sl>{-чIyT+ZP&a6V#<ļmv w٬ZMɈKjW,)\ ,C3ί{ MųC`x/IURfiBaxö7Sn:rF<tNkL=:=#ChCxӋXؕw _fPiPFGG&dQBZ]H+KM0c2ld~ռh,ZZ">޸S/MZ=Hhe:tC%҈ƊrS4=,'[r:l%{B$S!NBo}5T,z=X/^g,Ǟ'ɉ1pb!QTfcP6%e"P@ȗb@5<3}S3on̐zf4yA8/u ~]ؠtpݫssp۲js\G?5;HwqfEv[>BX ymO6&F0qo3TN-笣-wȀ +ݠny.'R5 1!ΕdtsNO %ӮeGA@[oߢbKؾ&w]qz ѱ@Qg0 `# H%FS:8Q5Ìk S4.VsA-Ppuhi;Hͣgl̕CNB lw69UwuT:RoyL(;N?/{v_!b jL6 5%烵$_ d Άqpmfθ({_0Y4^T*T\)ć c/)W܏8ٍ _װsSU:d;Qp=_~ 9xʁk9vPDn$Agyn޿\va  7 #7eѧ{53V#7k`k񚖯)퓘A÷7H<|&92^ dcX1ƃ@"ssp^RQsW!f@`-^$@AhCxShKVUs HT.r= iwHDiwNZPuh5j N&:ڵܦd{{ѩӒ1;boـ} &cIhh*z^|I-%>`1㇁&kW(nɮ8JzWFyN+BXx9aRP" .Cc&o,):!GlL?|f"aR UO[( ~[BRcxIC@%QE,l1Xl]}Uڥ̧'[qW f}j>->XO/eG a@{¹~9P Fn$>K)QEyyn0U0q9g Le&}=B'tS *fCmwꜦC[61ZwS" w<MDfY9Q7+BL1Ϸ Ӷs@|`YH\GS=Ҹa[af!hCkR2)9ä!K'X^9:|!CN.ʊ7C:EJ wIdj(zJv; M;E &UL~  l,kH xxc@8Qv_bن*]=8Vw}R|jY̒rLڷRc- B^{ukЄ$U^$ո'~dEЭ7bdAˎuMmK M ruʼb|cIqL9juݒg0o*aN81.ȏ{U@X oӉ Ҡ/HT5a8,#}ޔ᭕ƙ"(ۜ@m=fuIɾP<#Ax.e:Deֻ^^/Ap0Q.W4)bh2>}00.\$g&57Wr "O!|ǕOh,@-V/EIŠPr 9 h3!yYV^Ae$r $ {g)Nw|?d(Nt\y4&%έ1Nʏ(ToY!i@'6;* 3 B0ϔ7@,o** }iUI$jiu/~'aFţqj $V;ഽtk&ܼ H:<b 5aǶ18Wj5Z=Hm;ҿFf$ݝH`!R\mw q4l-ѕŒ VwLt?FI9wDQ%/]:#3pV`"1:Gv!<TF"{=~Ǫ x=gwJɱLHӼ^֤ u5JِQ^0A\BЪͮȘ~Ur^lVE X zO(Wۅ^k / 6::2CsL`z%Rzmp)mw /8fnե)!d֣UqJ 4NW4h>n]Vɦ &1q[!Kju!5Q]ܓ@ޥ] ڐ7Td{.mIxN[Nfٜj}p;`ިRRE~ـ0~]MtE"PO8 I*Q mXgwE0lV/JM^Ӟ(b*'q8CA'=M-ʈˤF7]YM$ْ*"&~Q%55, .[P[0'K)z37W }s23c Eo;׀r_;ː m*Fڵ d* ?4Koo=Bf\ZD3ؚ̉f FT{"wucI&*ggWe#^>C$i%Ur"O c{4K7M2ts~=JETqY >ה|Xrw5 !9v2C2o4Ϥt8vdj &$(̦h.h+jJah Ӣ$k|rm$eY2]ؓ` w~}Iz`5llyB#IT,$@KƐ{=1ڧrttˉ57`nY&tЍ[hŒ%)xϰВez7xpG|p %LT)j8 >03a9D(Y7,hUW0}ur`{'~G&8}(*-ܼ&z~#CwɟO~˰Xe7{gqavfP> }yZ>l Rȴw. sNDW’LP/-yX"CH `u/B!zcҥ:̾;@x2[o;Wʼ_m-;]uw8SdfޡxTUlfk8(soQ!p%UwwGlv%iN"SxMt^+5II*69yiu,G;;u:HUPR;[wV0Gϝq0S@ ò)BǚdYviN,PQ$8h:’9=ԩtvGajBOKU\{J_v:%ϓOah XU7D:n6?휯eg۶2]e_8QVKSYChqħSKA[ʏ@LqV-Ejd2dxqH?z̛ C擷k`(~٨eS|̳lDKӘ2?KUb4l84t-48̕InJ2 F9vWs?6 4tH+BĩHlxQ6AVb ):pٗF#ʀ"`\}ho/Xtle;o@*boP]얗Cؖ'a+`ASD23m;gB~.KʔW(R-~Ws쾸qjY91^ UcoZ.B9="FI5r>C(#b#R Rg1Rh{8 w*3d %Iղ2{S]rdc(RQ(\f;|2󖔼Eq74_;< zƔ/Jg&Z4}pi TE(H:ɟNP0S |Vk  v|8k^gF;"aGhFgUJMRF{R"T|Q6M)%%;}fXa$kJ,saiLEbQYci6P%4敘$tMtomu^rG=SfV:I8MP6R_pG Ec'['krH;Dg6" YwTf?l+P5C<,C2n/WBIy Qоk:,gxBv/EiKrI"$/o$`>>hJ! Su05Җ{57!)f8 a e;XW{z=%Z+}n mZNS]9%rf%2)|M>谍O*"Sn ڸ:)[tq˴6Lg]<9ϥ8ؿ[$ .G5=_ªay^VE:׫ 9APbTF4,t؁l܈ "+e%icix@>>߅<*D4* ]RHF":M *bF2ȘTljR U^eS({|Mu[>g/w.+2t+~)܀0s}DGW+ ~2e'7rQ1_1*VffWK6aCс4ұѳ8[$l*{M:w ~rj*Ӗ%)fcJ6HiP|9:KBOMӑϹ>1dk?Mh :.\y(`9odp3]% Md<m1@u@ n+T; v 0T//-$p1jbWʂ 4U7co]r _Ck-RK/'rf`wG!;w|X~ X]aӶaO _kV,ɷX >/ |A>3m!`:XxtZjpaV&D {ZȒZ!1GYt_9'>ܔ,b #Lou K\`z5 'h,PsY%sTu_ 2WV'{VR[ED (BV m2"*mx\!},xJ{Vڱ"Z/$=yU`^2X1xXG4S2."j9D Tu4CLd`ҼYm~DYNǰۿ%fq&RzlQݿ4 wulBS`"9! W=9T=S;[ΫEv \:SUymB H~qL6 tIѠ GJM݋E7m -Rmv)n8V3TՈԅ_}8$D*jSI!]1 5XxwbQ<' tP͑:ӬHFF'Ӻdg¹ƶN"+8Zàdc٘@ᦜQcMl92[cI*B0׋ 9򊀹xoZsOrEu/3/{K7i"uȢˈI2jol PUԳ5{CJR0-eeVK| F:=7B۰}̓e¦l11:Sޏʠ& PF}ݥ2R\IkչgV\ "SN Gtoa_n5YGh+Qxw q1F̋d3ejL{̯nP$2fMgg)EۛWe]}8HafOśV5oxDDcA>^~Q{ԱU;+OB\J$tT~dd`PK > :il< brߥI ,Q ]Z9e9zò[i^,''gF_̇r>#M&EbԧǕGUjS$XN'B L7RgG ^C>?F?Htzs#:Wr&d'RG6R вͻ-0NTQmkIvt]BT! 8kٶ YZ