sssd-ad-1.14.0-43.el7_3.18$>Bc8%ñ(/8>;`?Pd   9 &:X^h     2PpHH %H   ( 8 9:eG~ H~8I~PX~XY~d\~]~^~bld1e6f9l;tTulvwxyULCsssd-ad1.14.043.el7_3.18The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.YTEpc1bm.rdu2.centos.org&CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64`K(Z8YA큤YTE_YTE_YTEoW~YTEMYTELb5940459da666c85f5f0d4a451edc6e0466543978ed21f9f9761d1431db1bc8e14d5c5f62a97955489900af3471acd04b151b5051b9c37b8b0a073cd11f06b258ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90334199c7170fae14acfe145597cbf22f1fe5da70cf9d04def1af63b869f23f7fc6ea05ab82abded83b37a7733d4465521b8b7bebb732eb430cc27e16fef296d23rootrootrootrootrootrootrootrootrootrootrootrootsssd-1.14.0-43.el7_3.18.src.rpmlibsss_ad.so()(64bit)sssd-adsssd-ad(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @ bind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libini_config.so.3(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.3()(64bit)libselinux.so.1()(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libwbclientrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)4.2.3-13.0.4-14.6.0-14.0-11.14.0-43.el7_3.181.14.0-43.el7_3.181.14.0-43.el7_3.185.2-1sssd1.10.0-8.beta24.11.3Y(YYtYXBXpXv@XOX8'X6@X5X5X.@X.@X)@X#X!@X lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.14.0-43.18Jakub Hrozek - 1.14.0-43.17Jakub Hrozek - 1.14.0-43.16Jakub Hrozek - 1.14.0-43.15Jakub Hrozek - 1.14.0-43.14Jakub Hrozek - 1.14.0-43.13Jakub Hrozek - 1.14.0-43.12Jakub Hrozek - 1.14.0-43.11Jakub Hrozek - 1.14.0-43.10Jakub Hrozek - 1.14.0-43.9Jakub Hrozek - 1.14.0-43.8Jakub Hrozek - 1.14.0-43.7Jakub Hrozek - 1.14.0-43.6Jakub Hrozek - 1.14.0-43.5Jakub Hrozek - 1.14.0-43.4Jakub Hrozek - 1.14.0-43.3Jakub Hrozek - 1.14.0-43.2Jakub Hrozek - 1.14.0-43.1Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1456013 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1450125 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1446085 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1445821 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1422183 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user.- Resolves: rhbz#1418943 - If a long-running task (e.g. enumeration) blocks the sssd_be process, sssd_be can deadlock - Also Require a new-enough version of selinux-policy so that setpgid() by sssd is allowed- Resolves: rhbz#1405584 - SSH: default_domain_suffix is not being used for users' authorized keys- Resolves: rhbz#1404340 - Use-after free in resolver in case the fd is writeable and readable at the same time- Resolves: rhbz#1398673 - autofs map resolution doesn't work offline- Resolves: rhbz#1398169 - sssd fails to start after upgrading to RHEL 7.3- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1393730 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Related: rhbz#1396486 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0- Related: rhbz#1396485 - sssd_be keeps crashing- Revert the fix for ignoring sudoUser case as it breaks processing of rules that completely lack a sudoUser attribute - Related: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392893 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1392896 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.14.0-43.el7_3.181.14.0-43.el7_3.18libsss_ad.sogpo_childsssd-ad-1.14.0COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ad-1.14.0//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ca4b3c1a626bc01a7879a87361b20e1e680f2107, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=d48297b8c3fc41b10811a3401193b534769ef495, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)>>PRRR>RRRRRRRR RR;R'R5R*RRRR)R,R7R8R$RR R!RRR(RRRR+R]\mBB "ӃWDfNX0=:.uڲ#77@`ŀ[)cJ[ HX3 ̲5ʖ)m@NV~r|PuCbV( A{ݷhLL-9`4&7t^mrzFtr( ԸBS3o3SE{LK+9n: ܬX\m?<:A8R@ҁFV:4[faog kXNȋr hEi+q4X~#%?DdZ-tOfNchnvnҪã4B~xƕ^Hʔ9YR-,+e'Q\8'auRx96rw#gO#=Y_"v[̩p1ʪnC ˬYX Q[Kgas+'$!9&\#sXNjCw"$fQ?At4ՠKǾ[3G?\5&u\l佤ÒeN XLFh}{*@3)h N'.&+(- Z3Т 2VbcX#joݿ l}ޘ*iGUk@?6(vf^ #4C` B~J՚wD7CS;@~ ( >]/Fr3#3 J;C]mft-PCxICHw QwQe;xh:Bm+2u @zm^6x8 g-B| ''[v"2HB);mL.Az*p3fK g%tT]*|*0߷0=JGg_2`|?d{#ۜZw,Kqզ0#P vFLEo- =G4 N ةy]#tWܭr2}(h3eˣåJ)IY_Nu& (C̿I"@_ 73|Zt/g8BVг\ ӽMVy^OM-,2?3qq &׿5LGt_(+mC? $6UՇ k&a t;9~.GcʽF Bv7Rmr:c1q c9q7n\VX*Hewoq;G#|Xˠ'^AiK&7OD-(wtru8ɸ7&ɀXA4CgߕvҘsbDVM n8y?^@j?4Gk1-Vܧ󰶈MA>UUY *m@P4pm~x2rmoE,9@yYL:lKJA5M4\lBB;AґUB[CG.VvidA^D-Dx5^w$ /7c_Ӯ{dh%L3~ -?T@+VǞ4?4+UeYqA@a8%u\SpG&xz]M56o]=!|tW42?E!46-uөCQG~Ji'V;7s {/71#T3}" gRGۻo1cuVK9ě\1]an:: !bq C KzЂKX(NPDkt;z ._z%7`CK1FE3p.f1#s .x^\Q)kr3G$SBW!s9\|˕dWQ]je-&7ah +5 #,WTK沈ڭ(l" б)M O9}> *cV+p(WAPByzS@dԫNa'dW4>5L&S>mc+8*f.m(/n>4^M5G\{2&A[G94PHdڨ|Bf5lZ:FB7HYAZ6.kriТWTN /N)Kfp(^gPPF[LTٷm\6h}irc_,w}Q%%f(؀:Y&hx#Z"Ѩ,w$䳐U$M_ֆgu=ǃ A3PK KnZ2+Xu~i+K!ǒl2gCFנ pH s?YĨīvϹI Y*( ;+]s:~ngǶwS&n;ȭຎhdS130rgD(%2*NH79L5RrPHlM䨘?-Asf)Y=O~Bmlj0:YdtWM-"݄W lh8wUeeT`i|l )PV2c*ҩ*BZv-Z ]mIUQPc$ӓKVAEOBb \#~,YюƓxTdYIz9%w-8? 艝\Ow7}y/ϸ}Md;"*@%WUYwFM򒽓U@)V:¢ҟD;Jw3{-ͥ='xڝE Y|];h`5 gO' ƪzX#ᥴqS(7JuA54uJjlPuk BV6=5YsB˭FRN= `!T n5'-n) b - #]Av\Hǻq<SMT$hHN2״(3%\P$ 8lʭu$T2\, Me4·/gf.dkւ=>LȗDy0kA_IeJ!oUSMvN~vdl"8 zBj+R=? ˆf5=^+6?Lڪ* i{1q"2 b4Qx8b[nMϏ<*#9 %W VMvnc#C4Ym)PY1<5{0>#z-Rj>+h4zuG!:± cf!媥"\ջEVx/ :޸n/1C'.Y,ƥeZѕ,T Ɨb![~ѽC1ŶE_]A~7dMXM>Zè nt}~!085;x1J Gwd[76*6VgooMbOx E\ki$cTtM&@xP[DwL Iaq;Tଃ$_2}CE)wFh#mb 8߫)İy.T}m#KpùtibRG1˻g/}'4C(#(E9N>v= W)2 L CIrex%=a$>{[}ٝ%_ahAOvʤW}n[j[zs<#FUBeAbNsQG~>GV#}uc"; T ^MO "krB+F{ޞ2{h~"`?E`CI Ua>>l+𩊅%G@29+E>|ԋ!o^$+ҥsA#[2HXf Aũw]Y}^4܆uG,9H ]JxoaNL+LfyA;Z.8mg_h|Ph0Ydurƃy~A4Yeu4W? 8-i(҃n$n<$5LoL=1E4[ (]ZzT$qu΁mm4aWQH=o!ڷ%,yt#t|5Q)@ y4rm@8nEe~JTպYum%ћrw0)ȫ'Rj}I6rRМMb[! V~/i7!]6se\_u1A!SsAK=_?8Pky4r٣kѹ)4KQ5^ֹ[v%{8[6xEs;Sȯ~;4@{y rѫ}e՛,{R2ȏ̎ (* I0V3-뽤 Sk `o^Y= MWܗ CGlv] ɻq;!Ys^u Z*>rP'my[>R*~3 ܆6t> 0Sa@Mj@>+ҫ)u݃XzK1#.m Tˆ Gn @oe}`EZ}qk^e+ 1l—V&qf?c$]6[@96e2 `Q!&5$~Iv׹ \Hb{.B((E`}}F72$XɁtc*_A-1FBȝ QJUGxQVpj-kL@ Gsf i Y8ZI\B*יSOc$qx6ܸΑBPcax?<ІFXvU+mlODҳH#V Eb*&83ʒ#4 baatƑVװi>)Vm=&ZV-HO~ }yf3)ғ5[(GS?jDs,jW@r$n\yUw >_AW6PB9aU]S>oF q{ d̬No8n b&]nCY\ aK7B)Bc3Yf|x7̢l-7]8GZk.shēמ${BDhCaSYFgW UWT( 0lM”"ݥtbVҐqܓN!~QN:Fi&:u.V=3Όk:y;G[5gnʠ⊬DV+dAql4]@ȓJklNVNѬM CHQziU>))[H6 8͜,]Q#ΨtMoH] 0pҤcU1څ^ =+3^D3(L&eM*9ǍZ)l?VirE,gpp~]h{9풊;C7U1O[q#IsqY m^Oy=CgGT*la~eCu&d6|I6UѠjB\EI;4 qsJL++k8VXsbusfeAW$~&>ɔI;eA]뗣 "Z3(8իa CG; ٘/^ֆq:xl:tG|bwH(7; $x4Јg,xF< H]iwP᳇ϵR6i]i1-M@htғO ╰nJj?/ȵx: DZq_1 "F7$v':PƽtǍ+lËr':[tJFs6 N~8eT/YYٍ($9Lmc&jQ~C ~WRPϡ@1> >\$ema QNeM1> MuC7_'P`212N0[5 ۔k[fXRq4z:Xt3tRba'ˢSBk9x`6G>`yr#~Bs)ߦщUɘe*?kkBԈ쐴(Z\q80G;^%>!1,Tը0*2WhqXs_\YO\w 6c'.t[+D*ѻ=UXlOOH!@-)iS¯ո\#CT_?׷bj==uTSůvVkE~@{t@k_*_\CL>HSrRhv0pTT;,~#l)mʀѲ{Ap0MC78e.vIww!͵~CuOC=o]rOu>M~`T6=d',Z'0\qmqF;[2DF?淏|M015EG2!FQ!>_2hd⑭fot2v l("AՃ+Oo6$5S6߬y?ohq~uۿ@[ c\G39=%c Ws1. PVť j®ܢ/Z/_Q;bo>{oR\HV$3xкPGA{հ_Mx#IGw\9f6H \WPOܕJ+)LyieFtJY,QjP\hFʷza|xmSDw>Y9*$ -RE c(e*|2UQK ]{`8êb?"{qIHg\Ȯalg8}{֭|a8S8[x` .e'$rΌ1 j?w,4u)٦60 q"ո`/^R8uSruVR BpB[8B Z2y 4Tf7hw{V m?l @[<Ds)[(\l9XMӪgy3qڢʑ 5NM> >'gb[`l@D$ /::m_7Vݦr؝8%WVys}cB=KMj)ƒYAK$^>-[=P勞JxƋJ,UmKF2f {~H!P(. 2FY*<Y$ @}g[is0B3TX[6@YĬ8!0O3lH*')iǺ"P1КcDj9y"ZCb _o}\ jŬY jNdMa4-GY׿{b<ܚzF^X1^P6o}MkɂQQ"G|Vڨ3!.@ʪTK_a1ĉe'bp~CH'iv7˅ӶTDjD;4CFd9>dHR.K6=V׿FJÍu3˰페S Mڞ$V$/ݒ(5;Mi4yYښ1`)o6UQzV/~o'J :5ig݀-R>TsbQ4p2jKPj͗`tȳ[tzҌmÏ<JCBIu(7$z`f̮IҖCBǻY:cYa@֒%)GPcItXY6N_Ϛѽ༽GaZ)a*Q7d福d-/L쏢 K^Y">FleYr'tIza`tJu`<1`62䐑K~(h#KJ2"Ϯ]`@gՍ`Gjע3@\HLm6IS `۹q4nݞXDHua o~Xb¬bX@9zlil\.m.XEs N$SGPG413N]HCЯw"VA"Wò"4 υaXo9J^Ԏs5N-20 5],d~tv0M.Qc-:T'҇\4}52LΉ=+PH 53fF۔uEqMvmOrh8BMWtq7.VuH3LU;i]55=,g> c ' j>ڪA}!@i ʧI]x~ 8}!h֭@Jͣ1_*. dY 1Lie ]jZv[~Z~T1㥚f!@Z:ii%zؑfd0}t&㳴^V=0hfz%[r/Ik[g iZ eW*~4tp$} xHB3k{ O25GѦ&/>i-@~l8@9oGqpI)ާJfbPLZK<{qt̢!i V~$OʒKdN}lJ~12뷢5u{sO CNCulT5kt%7ICGv&\ }<^+CxJC?e&:%\ױžv;hҳ\`Ɗ ealgt2Dbmާ4/҄AaPD+G-o8g(Sy5ཛn8 ppaK|(~gնXy$ba㮂j= pw(f*] "5R<?܀>|τK"*Lc\ !Dׄ>)x^3zG ,3t^u=QTWY v~duԋ8Tr]!1UJUNsL&e{sd8{uYP ƈ5xI7IOvup"<azEZaX϶Ϡ>Gs¡Xa4~3Cn x5_\~d@u!뮂R6) #)U>/36cW8ߍpE(N6Y+&IҫUWeQk|Y+D%lޙTwO XmVw!M Z;(@Nskc ]۝dx8P ̨muESȝQx:V`B?p30Wu%;yHFmJ8C\dV pY޶B|_d8}-uӉKb:Is^|HeԔ\<8tpJ_gڲ6W.2 A8;V[i]t?xnRNөCWm!1sm<2K/~c3ZX|(%Nlf%y6o'r5p65skKg̕b7f+RIphK+pzl'K;߃b _sbJ H$ϸnHP~! HUwB\qPNhC A]DIN~\ !3!}SLy>{ #r6 埢o$S $Y6oc%#ջ }F&Eл'%^xfUH7?7r|⩭Hj_ 0/RRt}G^J5Dž`;0T,G@?i}X %?e1;ݐŶڴؗY9ƦmJ*N G!^[T~]ie0u{U0q?'eU3;C*DTj&<`L6<7|Rs]) ]xILq?n/Bo<6VΪ&7y%-X9oP1YLf1r6XeO}3(Xi O&7DkŴxN*U4 pEة7gn ;#Mlj*X5NNc,D~9y0f-ȕm8ϟEfvB0ޯK,ʮro7ߥ:G7pMv:XRPlе/DuQ|Yx \~? JoJcǜ CZ vKB֎JZ0fRF G5a=Q%Xua$= y2USUlvYZ ǔG7=L|Gd[3ukS8 44%mEח:8.6G#?xf3Q݇=\7,?ռ)jIfifKIvyGB{F^ BI J~e:mI &4!4#~5Ƣn=zlN^`j1YJpN_ E+~qg0׷f`?)zK*-kx%Y)8>qnїIw&_\7k CX6{EE^/R[x펂c܏-a Ä\3| DvuN "|@JZ`-^g P,.K! %ŘT8--XDa\~fj=:4tu@Hd zE.¿,~(N*_!mOڈ,%͠U_ $`d+K̡ |{Fz-><Ӷ{ +|1Ƹ-e*k X[}m RS Q> 3 xayt (gZkkp NC{It [Rݻx>|&_7H{QXYِ\f]XEK j1p/"i*u{wQX^|UȞ2Ӏ(A |cpT?gh,y?x1b(MsSJQu?X2YWP1S^2y#EȆedB5`Kiݭ-^pSrR.yXAZsf,b#CwevESA:LXW'DnGg{Eu!p`HRﲞDWEGٰL Zէ)?#5,cOضUpQ[=GZm(Ϛߝٶ(Ǥ#+"uXL<a1>+ٱʟ^~^-)AL-אoÐZY3iUVdzrӽmTBЉ&*AvkV(uA}5ԲfGk81H}6Y_L{E b5_ebqmN[ZhQ츯tޝPăXKPE23<}ь tQ]^ecug?cIcj]-ؑa$ԉ~a>A5Y[>|S.$Mm*BpFꮉL9|׮ߋLAiv qE6jXāJ-r ,*QYdG+jNUaHwwożA@(ZވڢjCCWN[dkŅmFyP0#k}og׿w&sIf}ҕRqQ&Yבmk<&S}] <=lf j'>g<1A> {>X, PCX]͘QoQPtBJTˤjFǙ}SpmWAQ߂ sxbevo݀ZwbUJ lwK?%Ҧ#RkѰS%[sF>ְf7O.Y͇G-rU(# K*!:vby$kJiқBt [f*,`Kc(b_VL0i6nC|U9Qgj ݹiP敏]ǪOcNw٣.x1q8Wy 8H?< h#Z3xY"C5VGM끃b5p۶T(Bm+Б \\dN1M(cZH-FwepD[_KeN"*Ⱓ |` wL+p]zw1"JD]z`uu:j!x{`3Vfb&D*Mkt:+a<|QCǏ h8%@ \ʴeR5b~K2z^NP7u3tP:]vuӪ 30c՛t \AbaUkI&)^by[\o[ I}3, $ӝ{̽s?*x1} 䔋~'5dqϏhS@D#ѢRK%1sV'Pe򳳘`E{j(Dœ@gw'pju!Ǭ%A뽜kAg+E rи-R;oiX٘tFha!NDH']txkH]DrXu(?srKm %"9|C Nn5`o*#_u7v*:qV"([I'cF* ٧.17cɍ.E#7.=|jRr* "{ Δt @ n(8Ϫ;=#dXf)JA JC CE732tVcW$ŧ' :0 ;#A&jnkN`lIf84hR_`,oH=Hy1Z/9B>I7D?sCG_a<my,zBU3>oXBI0.Ө:&o o9 :^$!I:R{gRP*ɧbf{´x !pb-B#tRō$,ỏX`lZ-7M, YSj_;G"4 MV10)=q+2t[Wja~.~J@}%oq.1*wUcu"S,v16@AU 8uM<-}%D;q%B1[u#oIUâUP~)ChWe &f$Tovb-@R7[D]s`=zhjсUءW $?ѺIeQ iu׆1Vǿ!ɢ fy#$^d:jm%mly U^ai݂~ :X<3vN -͔)dϕ,+аY_X`W͍$ :IДb U'k9`C66D#'ΞCC !hJkȟu2"^~!Ѝ\)iƁ'򝬷977"kM6N&`K5FI;텧F7 .ŧxlE 9`}RmǓ <>~ȦzSOqY.cLj %ks<4.Ao ZDPTzY1{< B E0#ZBQ,g_@Xo7x܍cc!j󪄚#mtt#5Rkɬh:{^>{$tDV ̄?~e4gMwE\-I<G% Kpl!.&W,r/9 DwԻx-]Z=?O?'W ̰}Fr0Scq4j[4tFH܏xX4վk٨rc"TyS#Z1ĭ !3!$D)Ɣ?>W[wB_7%%踶V΍hȱ@s[%5ɦi,w)Lу!G* pfl1R i(ʥ/0|!Ms 05Q݀Eݶ'[$Op D$hCq؅-rT[5$C*Bt$.ODkohh䃫gѠ"&є >B}ohI}2MۤJl*OE.K(F萉;#{۱͝",')7/to_ȥHDvGQڲI0MLDiS~W7/>\+7x 'jPLL/4 gL"m]sx 1cmaZ=kF~-iΓ=P?-V\郗Ϫ5H"J/#χowb+=!Q]{Lݢ8 mgUNb~k2 C W۽L4/|BԞZכ.te/pIDv|bZNZUgkealeg4(JL\T&D@n5k^&|sazxnRXcnxSo]@Ě"p"ѭu] G:x8p;SeQ 6 SwȺkKYmK@SkOx3Mh#?aUY |bآbde ϖe+SMxպfo>c<(&m2E%JieygQ_ wg}牴w|3ܢQ&%̥ Nj1t+I/>)|"P.eO_Q<)L[2"livmfj>16q}CIbBm/|~U_=grIk?zDvA` <R 5gt|eUu6-L|X{v& J.Éx M;!"KĪ| ?rhLL$v7&o3OJW YkB@=(1:! |'2]fFk+5kyֻWI| -]!hkMLOMEUcH!#38WG;c}f$Zasܠ'En-0R6 =[YCqmZDN4nd0y7xR4:I-r $Z#S2cj&4ENð:>'Ms 㑔 QFf+>&6E1&׽c{3 #\]#,$NCXx+5c88sR 4滃  B+ڭהUK/5 vˤ&k- d!F"9_%AaysC6ã)g=% eG$iS?#K_z?nV(UYY +| xVFK`㹇xfC E~/N[ڸSg:ԿAߘ!˪ӭcUB;.9H_eJ@3Iǽ-T< o]+8`$)Y yS@ x^ 1.K-¶{nqg0"rUq͙~QTd pٰ *eqN-&B͵ iF죿{.68#,D+ vL"2Cml2xr2ɒRzZJ""^?QT ,fHu:㠒߄` .ATl4L}R ;&҈KNcJ TYat]5x:*M  n*q?iH/zm(D ~fQDLSL#ʽw !&=vͣN7Ll:l7dIx =Z 4 n>u*uQ Y&! sx1PGkW/g3Ge80sVeY }Q6zOz%؟E;<5*@0@gݳ*[l9B?~aAzhQy&O % 9]kgjrmw\-~v7A PfO t,3hF+NysPQ;N6GQؘ`>lv 7:Ctjnt銂WU7 @H_ő@̳*n>Ete"&t4 c7s˘GH~+ȃy> %fT|AK'e% !.Q.)btqTf^7LjU) dk韼WG9I2{gf|zYKe5 u n'5Cn3|HK;Q=xOe-"A]\LdM e\xw7rl (TѾn[ti]E“)[QWm4桔ZW/,鋯( 暏og=uY>0˗V kN,iRrܙ3tRD][ɹ^wn!=1e"JF=:A8ה>h%U :`\6|Ha5.( oDuEhD_1ign*I&n,*.?X[~ 侜f|n/ܯ"G  l6]$vX1kI(ͦo:4|m1Q3m "?`B/Pgĭw/Np4e+1A&}b#,G9C-#marX>?W&~o\T]@@q]kukUmYx֤[N'%C'֊gɖkQ1sũ` }щ0/U7m>7PFw&XdR7PU g1 H-`(b125W] 5uB+X: ͈",IY ;CJpԹ!e'J?;P%c*tl"9 9s =kp+nTṨټpl5NfJg\ml\eW.|D{gL0Iv5C|ڴ5 ֗s5qQIFB㚄׻pgc̚1'y) \yYL6ޒ qôr ;fCY!5xre>I$%[ݩ*\Gzt[l8}<"HH :LȾXuU:po@;sUeL)5|Akr^(e:Y}1>Ikb(ژ^2UYgcq,ӹ0x{5zZO\$pg,xo!~F? b*6aif 4)7:x\qNQ7' AaQ=%e2-B%/r1/PmU;QzIj\57]XkuQVXAtEXzZD;>U+_ge~DPv_Љ!)28h8AoEdlk4޽EҞUK"TeRdB:AȥV-$UINR/DʔA(=?c*uˌHZWNDcټ8NG| o[JY6O ۜO-3 WH- Ӻ 5`h~6Q#rʄԍb5lvVlՌ]{\pYʎ$HIZ)6*ޘFN [DvxuQU݅>hKD]sDӀแe"mWaW,_*#t-\u-x!2?* l@ i0z3q4iPI_GXܰ+R\B^g& ғywoB t,ڬ'og<'AVT=tRX 'mr3sK(%T UqIVR!ql˳+VqMͬh*m!0D/'f¤AsPN߿[[d0隆C2 E+X[obL"k'V*8~M^gNs8JY@!hew7cED#^u~(re|9FvC񎛹$r6r~ c#6y 4wA5b-=$49+z@6s,$0 jig};luک]z`JBY~P)z eBjYM9avI-TEä곌bpnc}1jB 3wAyl i_`]LJ\oK1/&wanWΉ UZToIOOD-P||z$€h:\׳.vT?>70hOהq"^>U<Ѕ/d@)%rdiw M𨼔K! -5deۦ ykvQ!,pP)oZmݗ,~\{fg.1i|7HBr~KÉu; O*5iMa5cW62ѷ+yBB?w rSmVH % ۔&h[wiE:Fn7JoqTxV*g̙ޘ䰽gG" sۆh h~8ko"xI~zoe94vyCB⿫wzj ?uvB&T k MݕRDHx惄\| SW7E/xN0?Ʉ{- N@y24G먛U YK.m2t ?6& vW1⇩uJ5|WJU׷ZVOiԼ3[qiHFWœTƊrXMv\Y7Ņ!T 0f+=O4M)kp#{ðpx߮qv|Iׅ/ SタMQ$igU9=lǡ\RFAEk޼P:` pNAJa *(]E=pO<7;7 Org\c/+sl@kE6! hޮs} sQ9؄Έ ڳ[.r/=wf$O*7iլz/Og%>` YCǑb4K%$oEn%_;g(˭;q-Fq7Lw)~DM=E^ ͋ ]abpf ᔇKf'N+mА֌йqOVpyl"nT+nyEb`w W2F>n R:cbԖ)F~JjG44Dxk6ѽVH 2&.6uObRSTn|/qIBEeXX~ QЦ5FIWt t8^ٝR~,w-uBH8=@ bdw!=sa[qE\<G1>RGvG: ziI6Ү)F:P`}įkE|rұA1YAhlp1xs|~JD5L,7]%okcP1%.9]cӂ;nnvPĭᲦIL/4N2sT*W#?#r$8Ҳ~ U& sQ-: 7!9,i$=?iVVPKRuD S&91 U7}.6Y˂3UҔG!\'uft>.g: !B2z}P% bb sCr~uk꣐ l4AMwɐa,Wם@3tTFݯfF -,390k/'o?s)ͳ.`h/<%J7pxDuF~0+핸k?NХ/3V5;s3ya&ŲoWëdN5^CM E twYe/InzYњD~u>*ӒE3dKT+JIdq.i?]!PԒ^"lz@ ~%}f/} x>f@L.Xn~*2_r^>BF$mg(kP;5OpxcWJd@x|'*9N䦑7ZUsa,yH n̈q߀#۞En/f\;enj3…k\{6\;H3#toR=p8!v\%vW?Cdֻߍ?Ѓ & 1YԏqK146S2<\W59]{"T@{v)IB ѓ%RtɘB=`$ H+(0cg/, RQE[gͦ={K)vhn8J},Vu Xl*2?̷8ފBoli"8x1xRO!f [Hf^Ȗ4D gƋKݚ]v`=^\+ָ I_E@ =o\|sUL.[*E}^^ _l ҆l+ױSO^C mbrJk S.m*)az~@t ?v+yL"NІKQrL<8$t'Sp8&E{V#T5CƌߨW{G[@|_0ncef*U1d8]p|ǁ\iĒj|,DR?6 kO,a9Neʩ])$EW/z`q(# u$U/!}7^qxYbG l POPXmC}9GDۓrk$,>e%`֋RffI{گ̠G);b"Z嶘ETxG}1#Y$K U5H;8ݵ&rcbg%^dHH#ݥklyOJMt z ĤV*k#MAL3CIb;.C6(>:H;qW4s)9b4QbiaIMhMv& aׂ2*]jhHgwlNT `etd{VqúH"Dp3A`{ MM7& ?j=ԥ(g7Kf  !*n/?dP)imJ[]/͡ǂw nhN+b#k-RS>Vx2"8葿nF^@RضG k u@Kj75AN35 !#&{-: EvBI+og퐅GN7jIhU lLJT̕BJj{A:THEZR TxvX%8׀"* N߱pLbfn}B0tRiYB Z@vaͧt+BI&++" hj=%" tal'HmM$vX;].64r9A?{ *'G(i?Г݊'xl@9]"/~`:*,UI bMNwX}KW-F5a_Xh#TFKKC|ԐEk ̼2J | +- =zvk/e~N+{z5}_LM#\_hd<}7_swDPQMYd9T̅PᛀBұ"jАq['1oCrj9k29B ֗muD|p1-9T"5FMtWie%$7z26oJ[gu=tkup>jIԴjt A9kИ6 @Q9!tb؍Abu/O[7|̟庣 A{Ʌ*~ ͂(dG/(kA)^ ǃ4نD R5|qӊׂx}gIU>M M\~v;h_0cUM<:p͉FC17Tt5iFuS j0#~AejP<-GP&tXLgw)(}Iw<;&oբ[L[ &u2̫Yq^w_OAPU RpY|霑dkH>8sVw3S=R)YIXRw&S@^eVЕcM~6s,n:h|q}{<ʏLUnl2?;kzEwvDY=[4WY)~ڲl<0ߣvF [OL. M&I#D~Ya1~D"bkE~KE^sy}֧1x_\#D<-&$ 󰄏t(ɼfK/5:BA51j˦,Rؖ-'a -M^-3)4 6}3o>6E>/E^= /a=mELTha}J.'#kH^i ]~fP"x5@GYԀ(}ȶdQNo7{Z_mHUI!IѬtWrx#߿@n%* 4~^EO95 @E `1U@Z-h8;/H5Ʊ\^Vt" +޽",3VCGY8N]z6j=YDKb3辠pb/@oA.Vg\Li>8p>`G>Y:EF6̊l{ZJcx0#=z Ϥ^q2tRIva[fFY=`ZL~sYƶ+>K r33:0ROvTNdZF>bBqB^PQxY%,`k~>JsEFtMH lԨCDj@*\bNv,|V`՚3]DedUeu(Q 5l<[jӿA%c'@L?f{c|T=cIXQO-g[1.L*I1]gxMcbR3҄S#-Ty` QF=n<+K>w|QH͎1֏5rvP&/ܫz"#oׇ4 _ZJ.AUwD3O Nx#̅ȥ(kGiHSbMd<ǎ.u}ruyJ~66ޠCQs l/ĉXmnU#N=!5\x: \$U_N6k(XC Cnod H#yyc:MWuY$'pwHciyirY[qZ#茀6Cq_Ԙ m%XYAVK6s=pDz4[ PJП)G N0zBg%=UU4ӓdbt'V4lˎֆ-HU(0J0Է u^0ܨB{Io,5L8>6; z;^HcppzݽQ G XzzF% 9'NƓ%LA %:XhPV,Yq(mTkgICuJc]Xdf+ F}uw5i戼yT[3v w{ כukCT'ctLu D_}4/ ;ګfUͤ bZ?)%q}/ Jvo,1 ; K0vfïTF`7_t8εO?މ)l H d {؅iiH RuCk>D/bk^U X+V(U)o 6::C,Ω J#kw#cPhaWLAj>ɖ{ar? r8STZ[F'Iɴh{t0z #1L}9U꩜A*TPHz'Hmaix35<܁+^7,W6pۄ6aߚfb+YyYGM'[L?ťLaj;/qM g!Uņj)Y՘I2s/VF;uB*34kB!4L|p oLh\ 7nj 3.R%=|%Pp`w@L˄Kƃ;;9*h_p[]l||s^h k'Ptf `c< F1n1ܹ߀,I+ QKCA6Q" Xf~l7*Ɍ;3}nؗCqzu!'>2:[RU4QN))K"QfhMGV&N CNk^/7zt\<T#w4m(bςESI 2lj<[em1nSK˙vtK0Dc!CޯfoZ)cUٳdhvxc8Vtc/x׊ ͂?Ml 4ִZgb)XotA=ͧUGAFb2L<Ѻ,h~=(QW/$7d!.eÈwRc, x `TRa.*}?8 JY-C33͆NXf* &Ō`@6a1#g,WkoV1K~ߗNThA,;Gǹ@p.EpAvkbH; zMv\4#E#NwDuQQnA`34JX^ ASӥ9&CLD6~h_Kh0='kaU4 V}tϟ˸_vXKp9jNK]Ӱ{Q) V>u/\u592iN&~Vs Zό9;'&`nr6&Z[_J%:a^OɯW.>e в+2~y 1:{ҝ}&8 Rˡ3Wd۵ 1Z8}M4(M4vͻqRTL_ް4iL/^niF9:5J'>Q1miG vJ߸e>DUvyQed9`= =gxL4GmZYDᔻ ejAko~giOG>"W!+`xL5Hn 䊘 ]eQQb㝁3-޲6e /hSi/sd1%>쫘E>/'8'cgt09Cה[]NΣFPŐyS0= hxbr7xރk:%FdG&8g_܆-bFqvDwx̖)R(v^}Oˇ@(#y 'zJw-^BKt3ЛFG#`Dl- RSDzwڻ1)o4b0;)y% /s^y@3frp@%eF>d&Y`Wm>"![Ɠf:G K.:}n\`n>`0fEE0m?i`P*'@(FHfųL{XXlΨlb?ƵA5ӉmH"ח`8eW6ح,fea'V%\I72͂ z&P[t-)$Fl,ݗ/!9} ksoѓ*+>CMUqvN6\@Y=VT)2=SQ.F,c( >'֌sh,csx[}yiؠ#m㗕 TMtuų)C8Q!ΟD4pT _f "9 pq ۋ(aV9> SxJ)Y8FԝWk#1&Q:_xxL&įV(wC Iyޛ /X)xw{[Z,k 4\LD糮زATRI:йXhS񝳮$.%k{A,9S}t MПRՊkBȯq7Q^$5/줔ȝSx(S{\ıpГ1|<%BJ7?O*oxLd9]]3˨XbU-]?83.w1UP`EoJ{ 0TB\Soέ+pgԕ K.NC+;ILELX|okm)\HbS CN'zWU,C ro-;]1xu &;ɪBi) #yXvGrL\i9g'mrww6Pw'|WVZEf8SWڧtĽ̹'t/'9Ҙk?rr^հCS1v"PSVGR2{eDO+a6<*TBU( <2y @HO"SJyZgsPĻK#ݬ]xѵ%\꫗bS"pP1qRxV4^,)X;3)57'Eva  裵wJ_9è)N˒PrπxgwT9Sؓmd_$Uzƕ"RpSS#6E:Is07?y&1AF27s[~B3)iLbzg^.`qg"sP8Яaaa}U /d& }vh"x1wsRLZr-]N6 8CZ?YUqBԢwM4$Yz"@0yP L*LmGrUim9x>!PtדEv`P4(IZP^V h i&wWCXPj Wz[e(NNT%3 lgYﱠ%^@BRtQLOx{l$wKgk-dǣ7YCjH@]ґTKӼ^Sg=hF˶ {ޯ.R3Ѯ=ዂAӇr[gf\XPҽ=6iI6TF&R*J cvEc![pMNjS5I:(j ` &_- Uah=NٜAuLˈ>/;k{<龃!titBr裝N甇R 2< ld'c#fM6ۡ]NǭrF\*៶Guc*M6useG?o4\t9/}Ө=x&`;R= `xDAQC0LM /%͏7F/Cm ge [+ϊ9Œq&QO/c'ڽEo/o=@!ҔM3}ea/X{j4ʼnpKxɠ__\8X\"c60&'Y$r*zmVg|G!{>JLJ6B#PݬthӽQyBrdNiABŘh_q{wA`5d4*!QxP,sG)^XQX?jp1bÃ5,vὃH>\[3r)d5|SAm4\B{YlQKeCVm>icw$Ch\{Mº*:Jfx{$ޑ-Xfz55h=0HjF|df[~uIK V+*+#{GE76RLR, _$~ƯZ?@pq71|t*1\b2J=Y5T>c3Z1) e+l?.^d# wzIJ=X*:G=ͳy(֋X u+}K 'ퟻW"] J[Hk& r 4A爳ױ{IOh t҃A\=1I_ r*쀫2/B+5MR*BuvȟޢUJQ,K2"=Cb'[s D! tPz{JǙ5 ?݊6wnD̍ Q|6:M) riסU\Zlh 9ϑdA슱!л8N`9κHE#"TDN"o _UYc.g'3ŋdjM>5u;HPGv!nG} Ab>)#ɪcCػMd65ZFsD_3ZIƳ"˗X8'"|L*IUة=kĬ(Hh|3Բ .%^cL< yYԱZQ/.=$evvWw;S4B˺H VW.ktK=q#t ӺQIkqz̅^yYalRΝ7nL)Kg_pROC6ہ0~7紌̲#9Rf I9 dˀgu 1ou7$ZINt9 PZ d6cO~z~J6Y5mU;\"|^ IRQNTU %dE_F?\&Yf sSb=)2|J̉ɤiqs*i/;gre (OQoîieQ}9U_$qڇXu]#{zSNSuXٔThJa/sۥsybHj't1Nˉ߲x%3̛;eAꋹHb3B~6.pBWmIAx_sOA+6d4@~w hvuL'6OpN~yJ\3Q|αwi$yڿ5J[PX/-V.qc#)0!Dn8%4>qkP..`Z/8K㍺|.)v[^,As3y5/Xxc* q'H ,@d5\>Dyˣ@t@N T\zv\H88q`nr3K1dz{ zΡ"ܷ/`{e=z 'I=|ԅ7>>zQI`ϜT{ܔvW pzQio|4Y|~&avG!n]kU̇~eR- Nbmeeg>ViJP6ɾ#+Rȃ4H׮ $2 B˥1 6cG1#׉P\|VVd־#]áo =<6zΓ>/{Ish}SK#PJ{o\x țvx2p0t+d0E#Ъ|t}vEvvd. yt+p/[Z+~I/gX0]/7Uҵl/L{VVȡ7ݔ<]T.%7w#VC}N2E#686 YDcg]l2xfjfJ4M|-tMr'*LYFe Ud6n"i">\=fGᄌl%tDi(c*$GT|YYjZ܋'EEbƓs:ZӳNI\%e~MeXhTpЊm5]cRU_G.GFU*n";BV%˨ՏN3q4|V[ 6<aTMmOeρFFD Du\*LG|Sͦp&oNmShX&چG{FX&zʫw.C]3R\>{ZF0#y:øx`S>~` *ptdeߪ@]L,fp h .'8DU)Q2Z0*i3tc>݂0N-7%ىSymO m聪T_f{۪PA\:"AVz$6ٸoݝOlQ޳zO5dZΙyEMuyAdV4EYSD:_eŪWpG*yAKQ\A[bة!T9|nܽ.u6᎝NTOvn%D5̗ vkj8R$Z%RO(6t:+vuآ4q|oװ"~6mNV4S'[Y iS4hԕr1:aU*g [D qAO ِHp`}-3XU ]mQ%/rsZS;쭷)&5Ͻ8zBS#Rwc0|P)VEv~F=c׿HlM3Ͼ kBkѰm|JDI~\ߌM8"媟h]c2OJû%44ȬO:+HY]+4Ǝk Wm&m8LA=PO_'@ג "2))`1sN:P'jjC$98Bw&d.G>!Ȋ^24L]QG{kYɔDl\oZqJt ; z_2d{>w̝e];cn*h*GCdܵp1ۜF'$-蓻¦d ];ٸf Z2ܜzt+G߁iΫiCtbfNLvRJ);H4wkUҜ!&il„ 2ο?3p` ,<^A&c˖D'm_Cr>̝b@L[GPSX?Cb0D#'cʡtXb]jvSnjo0 #pwoR k0u@:"tQ}WH30)Ō[x~ j-LA:ځVXBfq j ;p۰H]ln/^uߥ g6`W5mџ$'ڰ`{5:/<B<,zYAXorg1 g"ٮCjv4&jʚ[f/eR<{ٖW7^ڂ΀0$ӕ G\l(?d1ΨD! aUu-ԭDR(Ե2dpGbPyM%`CauEXҹ7E^x={"ag4 PDoA⩭vf~þW'' v7D7ՠ\@s$lKMi HNiPgjt-bܵ /|IĶ]~#blJ PwKW>3Vz5U Y.m{oHY\mqU95ܰ)4d'ÔA߀4N˵,.ULbc[/dL!dWM_XF㸩H/oG.3UEBtsy7*֧k-Y-!{{؍&n+V9~>O؉fRl<:0tV/6dCP|ay$8v*̾Zm&. m(ո>jBqn4KF =|$qM4vGnb?,p5NcFMqP+|4{!|}\7bǫsz@ ò>NZJЗb$!S]8@ &1yyoyS%TZ( him#Y {,͆?jt ֒ȣ+iCKMo!~otao^W?A"f_bEܦ?yd礼Kw41z(76@LDGxp*s#ƈ? ȉtG87^<4߈+}c`]u+{N3;1Ә}2:t E&4Q8=ԀV/L]^e8<D/XB?}4smJ !;ͅ=Haqt;%#mOh9ruة-nkxWo<8uuv ei'XWMHjd F@7eSb#Xp ,EK{u 낧N>W=C7 ]yDz|.^K֕PݛHBg3JУ;o: f}C88-cP&x.&%/ٽ R?mD~Jz$SP ^кA em]t uWqs3Ax*^lcw\м۴_/Hs?2iIH3 *0$8tp/ ѭ}\$S*׃ k=qݸ-fz%Nsi1J'0\K ykM*̾ \/CnN]&.X@ SIq[gaP٭EPkJŗhM:v[9: &v\UDp{W.8dm* !SI"{)j72[L$dF\`bd┪Zg ٖ9ك/L,{scjc\!.ATiXa[&,"w #2p[e; 1T9"|:}rqzib}2mt>N"9H갰*m扑!,CF+*n& |]na|$P.'X!״ΈOh{5H!FnVX46IƆ6 v?Ujo+-\ 3ĩi'E8K2rqs>5&ȏW9zIsRl̂[Kɣ ~1u?A=S+?HQI)k /%-C)Bݭ_10 ;,X1r`Q1K(rd(Hp0K"Y[s9W@3兩blo(oel̦d9JfČ5OpDѐSVA6}(~P YY&j9zx_-+ -Ht|e>Tʡa*vbf&G Px' p/kİ-;sEO𥾠WԨ){xK|Tu:>z::kIBؓ2#yXK6ֲHݕ),BhKkf"z(AD`t8|뇍[%c===KD&B 'fwwHV]_y_=F7(4NAu >Wфt?ZEЗ^ht/1KrAyb9JuvwKWYGeֲ醠kWi! {HY<_bR+Gn¨W#';Vyp3Z54ȐX}FдF,)P͎t>nѨ#at[\oE" cI0$׍V(Qm6wrs.0u r6vNnഊ-q79Iۅo4͛gYll7oƎ+-\E;F,Z2 ض)_tK9h/Nܩ6y<#Yʊ{TyK')osR&^4Hv m\WaxJa4{uwg.(5h{_{wNvKk`_ |#wy㱶)pW徱F/a |t< LoX^#:_A?20GKg@b6l Xp̿l4%}V6i5g7rlR+s[;zm> n$reoLɜLUef76($} X7]) Ly7kS_skhJŶFĆ@xwo<uY-6҂|^Tc?/7 V\U"sz lS']䆺uCJ_*DAR~`l5J=+'ihA7]]f&Yz(O?q-QNV CJ9i鋓]%LyKg;fΤyMA K2ܟ=MapŐ"nAƨUO;č ]mhMlJ ?aȮ%W$<ćzK-Dvl̀ʀ\޴Bv[ APbJ6lj:ݲ2zuyݾO&O0.,epk9uDH:l-ミ٧)P~70q_mLc % ԗҟ.JėtTZ"p+5~{{67rR݇cbxEΧXl e"MFC/b w/)8iDsg&ã]#]# -w4C1(to͸!N97nu@@d_zsPŪIXŽc=r,2B,YBϑdmܩ O|Tےah*sl,ECrv޳t>F4S 8QQl[8㝖]j) $zfۅ/zzjWR왢w?y<3< N]@>Cfj_2N?ITWT[˥W9f/Cg×[FRJy }WW^,^ `/tTamu~3ksZLH#ܰ*^, $#%OJIP|Ìig/ i`O3p Z' ֚$>StΝ1K&a&Q ٹ䏌$R\8Ho5jSGnqrK?mC7~Ԇ-{>[N 8n=: ~,=T];z&nѠ /~ Qce69EOl27B8 6+ct1PpbW6yϴqp!md,uvTX䗐R ®&oɼa:$3 {~5!ŀV탁q!Ӹf0 tQ2> L Rt : oh#[*Ї%bXxn7\K^{$5=s]yK +'U:aO:vɄVž&M#+` O"ˋst2*$&^֪9Se_bRĒ¿pvv|ԣ9mhJl8Ӹa{8VK^tW(Ӄ( v*􄚘ey5k:WHbm'9'?65mJP;)@{ Sy81ɇ^q9MRr64MJ&B^_8VKu|(O`."2~=˚fpf\I¶HJ8 θikI\ . JVe 貍r P:c.ajWS̆m6?{%P?-*W,ʺedTᄞ zQ۹"W`,({@Za9ZD|'t\;gqK_,aNS`ntcɠlեQo0F˳L=!*]Wйݏ1S$T=GZ1z՗%u(KQ/3)(غ̀C\HgXÞP0Ge-(2A' {*&ᝨQ݅ v Ee_#!$V36:D 0/qqΫ[S7d[[(kYV\i6 _wV\BODP dW Q\clI_`ĭ?_2_:!Qrft>b?@!0qrK:uF͉TMQ\I fVXStL/%Jw(|٨! 'ձ"H:!ec7WTv>i0f`{Zj4/5ʖB͠ NSt@48LsLtRho;xr }/RmL1SK2R~|!n~+aҋ`:'yO,HeDG 3D${dbcQ -t*褑N>.g3W""P«ep9վI~PWWPc0Cb H5ihOfc2%X_3G)v c B%j 'Ջ }/%F/?{EkZMpppڷ"#(gzʈ*]aK M i&5pE@⟶m.] Sh|(P)2KR%t.筼M=P7rT} vtO<3Y<;;6,ٽ)\x[)FAAՁPr41 ĽQӸMq R?odQ.k; R3[N(wIr ]z*m^ E- GC$~i'|n&^ҺQnՐ^<*U@quWY;-UO~IS*#"3!iXR籍 V B51s*@4JplX-Qc;UKGÕiI^hIxy3D bqVg.,,w$Mb}m)Ttnv- y+&"93ծE7{~\I7بW[N9v(OG-1{,.稨H&~IVE2Sr-&lIvMoh{k$ν F0*AgP"Hk,p Eo\]/ͨyz3S/"wo!T!l%fpU=W&NI'UtW34$ |$@[2&=M8W][>}hsR@"a?XkOq)HUחPó#y$obSUF%t8hcv1vw0_ZehYΫM~R)Ŋ+ BON,z*1ɔ;ϷE;(_.f(s&G:4܅l~Ő.t匤j E)ޏ Fż>\Z[^)#UKZ5<+5 x)Ro?nF hbHabq`!\Y^fY;?41qAkQ?I78|&6a)sq8c; -1T{稗x`(r }Sk dy\UKF9yDJ|\ㆲ v}&"Is/'_.S.o&,)Qwz6&s,lq]% .OL'x1JJu䏻[ 7x2uwkEin`tN2"s{ms * 8n|ȃ<9,o͇qUXL$D?Uz$ 0PkF_H#t"`dk/x^5u\4_6(%Iޙw/qJo9eʈFcj)ndVxo|N0;q"{Ȗ@׹Ե&AeHFjZc],/̆*v8A[Q]ZpٟO-!T<[3KTtp%ȏr1>3sWpR; ŭƁ2uzԹ chñkS-;B%ӰlhXe.[tXxN2_ x `!N6r~WT|M,i7Hy9$ 3뛜5N ӂlB\7x0M%O?F5i#')a^#! !",`X)5/cmEy;`Q)"1 ~EQ=ZruW^t"@+ +h++2TBKFي%9};F&{B6 eJB3JEY -^M9Qj h24q+'otL1̏C J=r@zi i $ 1GW3\;~JǸk/QI5Hfadג9긫w/֫tN~)XxQ shܗ A']8ՙB>}y=x=:cd7ƛbAJ:xUnQ~fVeld\Nx˙v66CX5M4Vxhe4?WA U(E- k ];9 dpu;KB CQ~:& `ׇθD_ޣ=kvD|CwcYka]?};yѯ"bN}z T]5ye-T֖1F雋uM݇쩮XلX""<bг"(3"7ViՒ*,'7j^j6SI>8r&\̎=%~?}XNG[ǾW)d@{ցn .{ ^hN ̙;tSvHΌtgŵ?둆9WܢS #<iY\f؁IHdoC_Da O渼Nղy{ďJ5~]q&J_:YUP2|ͼC 6>]Q[DM VrSؔ#B+ⷩGMNc-ki +Zg+|vKq"XxwD`RXh{j1ĕ-R __Ư/Z:G>KB2~8V@& g\Z1#R"V+S[݀NG:[?iBDOJe(#ǟ!Ĩ?92>Lv߀jA}'FMYy mr`;q`8"IƒUB԰y}E\2V),uw֙u~Mˏc0,3& doȤ tcuI3I*|8*ZiZэ#agIcpoo )ٜ`ۀ\n<$)|Ew\@qs;|gDYRUz^"1\.<7!W&$nU -lJ瓐 Շ Xܧ\')l6:#B75+=zbe俘 uSs)P_)*Dlwp7Y<2wZh70;EMw$xLg_^C \L%o>E!x*ihܬDy}O@Է/<|AZS[!rgjIbHqg: 1x%P5tRj26M$D59k=sN6 1Ծ/T}^Ds-es~ČE-? *AAs)3^ >T")e_aDe+kCƲM =(q}v:v6fHOjE+I"|Mlmj>1ۼ({? ;-ҥ+8θ4*^)DhԒ ,[t AىJ4ce隁]CR~·:}0QT*˜8NoV:D?`/dLP^~IjH9x_1^x8(3X2nٹ9xt^lG}:y^n=fץnbqΏaٌK;B:&"{dLl{PSe:3ݺ?՚KM`C K-%Ƕ5K"U.SWN|['8-^lF5sAãIEXG!9ktب?GWcAi pzjy`V<ڐ+-;s?,Fe) "XdP=[hbG{Y9j/DzSj0P )ZE^rW_[4p?, s!GɐWkChl[I"ojSLޜ1Ι1vD5N9dѐM48:^?2ZmU%FPP~M):_9;eeq%IuFfItKZW[e 'fwAo?]1*{ҌR J] ag-²MfҕD+р0HV'tCh cg#Z>&WVdW! h֐^UDz踛%&njL XxξW27͵V7}<z%;u'UWy#1lR`h8KN&u>x3f^|rxMEknҭAZL݌*u%] ~u[1?y2ĹYk~xy獆MNSuj) X01F wc':vk&U5Z<ԋte<}o7N?RXeaHCt\Q9ϑ^UPI>$n৲:7#|I[h̫_11dtwv,RCX<%& ٪X>y$`M4[VamuZm11NQkeLj:ςZq-e2SgID 5\ F_I|s?*֢H6 RD=<f!B ?9[a2ȁMC5N?ZtilN=7a˦g$=6f"CZ!c3"^hx9  ȲMWA$4Ӡ-F9laKJz ^ 6aĈ0^d"g: e0cѸljx@zxFkzNbg/-*.\*?" 4z `Q=MwzpH0k,r4{ztp[Ie&`Փh'Q=7j(T%8XQ]f]#:x~se#ڼ(Gwa4"O}o;aGDRFG{O(R (N)(qi #Qࣷ0.CvU!9β\sM&y+_!艅/nD^ \6ZN?Kg6AFSg)8:ݝ]:Cy@vG.%2QÙ gpL,rP7?H1 IdUskDža=A2y'%V(otE_]J )дI)(TύZ%(%5o}zpa,ބ-?[vCdN& ?,Z@$zXPO\O&Fϊl;8G-7)im{ GghA 0xj6xňOB?SkSq-g]{aǶO*X2t-Fև "M<]lگ[MŐ Ihѯݭ}4]3p.bjٌ;%[x.mvBS,͌%>^eŭj,1 ,K-b <9&ˆJg{ bj0r2Di)ΪFJ aSQ6lnq }`0 s>8bz^rVznE2U:*yȄ]fU=Mxn{?Dk&7/gOs?-b3+ `c^bҁ(l/T\]9 pQ$!]r񾼭s:lLMe@U3?z_TX5_z5{b!#A*u[FeQqÔ`kMmP ,(S[xt"Qk^Ť@osNk 0N xCmy?\XQ:~Z}s-[S;jtqذHBI)?ZdoլTt:Ҳ IOJsŽ " "g||pIcG j:H; Vq'e$غׁvÍol0 ;hBL@p:DsoPW OE6H<-|ylg5 u#8^h'UfE}^keX,SMKĂ"te2Y+Bzqzkex)'T&-E/(u//wQ^Պ%F.#W,3*6M۝#&ڲ$O05-cTb0Bn$dzXxoBbdZp3c4 ;dc}eT Pz)phq~4BƫfD۸,%AƤCFY?&iȇ'dΩkMfiU%Sĭ! a2LGV_9c]٫@n%[ ֯EQbշ$hVIu[H伊 WFAe1=@x+I24w]¤Ӯy5ĸucxζ,0벾 7 JnsUKƭK9-y p <2\LkD>.U~=% 8 "9-1RSfж@vub6QA h+$NFa\HǮ~.`>ȝ0+qe ![x]͖EC7愿TR@6ut˧!ZETsKQL׬RzF4MBmBt3w*,W݆! ^7Y(#q>gQu]V4ʃ!-ׇG yA̡]o\KbMKjSqrŤ߻P"QԪo۔UM٨㔼)1FM"ˀ")g #:E 86ϚJ&8 luݪDvgW*p'g: \H&1ЖTRK2#-p)? &5`kAbYֳOkO!Ȭ,*y8];^oƴo-::5_ ª $kyst~ aQ ?Po{U;3L>rJU>-AVA O0%j %iAGdJ쑞زvjϿ}@n^{֠❗M,ć;0ζ_Y?_)l|/g7H4=?~ir˂AJ:sĢ\o6GPueZIt-bȎC¶?JPmU1ՠñEߦW[|_D"''\xSK~4k#:`oU;5(I>La5l:bTŭPY"zYf#Űb=_oO5zp7UVn:>sRf0 JPYǬa2eI2 $;F_T7;5a 9ᒿ8϶㻂>QtvqŹpdUe,9eŎNRi @ w6ywI}(p ڤ+X9m;5@*5v?o($ra9H}>mPG7ӳP$7nO\}6D6 DD^1W)o% w#e 6HBS$p;KDG%MƼjbvMyϼE]ba$wT.n'NӔAtiy4>ݽ2zg#+?ur9WY;_KñsA=pNzeqRLüH՝5@w G 0m^RYTkg}\Ǖ憮4x|^`GCK̃r4-7Xj1mYrr=*@ 'lwӀ< i6pw^tva=gFLn$ i91贋''|+ v—:  SaЩI+ʘ\Qifo o.&Egɞq餙~]ݛbK֕L>^$#X<a1XiW Q ve+&i#!du|(Q[)O8hlnϩ,Y^"B|mƶ1GAL?=9j> YvhTMɜtn'v1c?Zy^*_ԇ쿯nvʂN*)(2A\Vfs;6c_O:(8x"fm3Y_B+fV˯)]F2lXmNm+~laǮrlUn峢(%p?*.h=`f[cd G2N7J.&oa"-6v? Uj :2:v#VEkɸuվY'v\R$mf{z^ {ө`gPžfS4Wddvtv:gG@`[S7/ fwZRhVnVzH_._="F:p FL l[0(|`in&$6tp}CJ?܊3x:kjqF^p_[:G5x&~ڈ o(4ת|wn;_t *_R*;$" YuG4+QJF@0KEf-P2r)R K^R>&E7ʼgN>E)Si#s]ukf@0J{DS(O_f9O fr^4 ’zj;vS:WW%sȅu~ϋBݕWD"J}/Yiz%m)Fs}zMX7/W!!2r?5jmHb.xF)hMO}?ek *QBohY B9Dm&5p2ExXm{γKifEg0VPf BGEv^ь)], QW g10tEfz"4-HO@Ja-Tv1LnKf|wr/t1Y;'YYJ,B]fTu"Jb6* 44m׹캧} )PYYp+ڽR¬f?=Z?jVRҵ?!=wCW 0cmڳ9:X!}w7лp=CU PA/ X_鸃 zSj_v&?& _+aw/NQC\IcR7S# Ct`JaI]f ]-.ji9!0o|COϛP K2΀ iGgPˈ!U߱UzAs৓lm ^ 1.X s&D&4?MەfMwEɃ^4c)] lnC)T9׭yC&֬<$rL<>Y͐AP{h!hσ6ENN#f!1cA™[@ Ԇ*\,nrC ͔v ־[%R=y QkX*8N#ѦL1؞׽W1d (j񻤃FS֊s\6s|>v8V_* RU tLܘf,ʦnyqv*a_MJ=}O>S|ZfJ; znD8^1dH'%$KrMXQ쟞Ɂ4ГQ.bA|/I` KtOq3efraQ1 ]p xwQ`[1p֯M(x:{ ldוe" ͆PPl,k/ OzQ%Xx3̓eRsJ*9U> 4,e0| O~r[--2Hm>ʼn xQ|[F+%5!\YmȞZk_-éRooyJg;M= uv숪(wv[>B^'RhAخ];~ߟY{s`D p,o5@naZz.ū ϛYKH8E1[v8j 9땁–⣝\ecn ReED:w@+hڈ\xOYWHӜ1U0,2t-[T Z0,C"puk&ŧEFDr{e~}}9 b|U}ܨq1a:I徟 git(݅l}0No Ψ v4Xnyp7`a~Giwb~InCܨm_U?O-M=[}TbK)]1ͥz<2LtнV_idDdՅJ͘AȻ0oo%iR1u{;[zQ.PGUbbTQ]]O*q1dn|V`O8^جϨKg\Fz\6uɮ-@7<_цQ{uzqzaӔg"v @)A/3':0\t|ۓ.n\U .N٨(T(6qjJ56H:3NbtH܃٩2ą3:Yu3)S=hOm^=2ڧat׺ّ@y)ֈ]o44=f.Si.1Kވ,Wޔ;ٮ<ĎSjP{A͒gj|x1/lA2Z #Qv3kP xe4!_s;5CBMR;]O`iWR QqGȻ)JM>IVA#>"E"{Ծ2ٸzVLZx_$ԫ7K Ҝ9T )x_ɒ)ī Ӣn;rW|gU+yEbE56xjUO{6 1nj~AA\dVO4Fm}^S,ڝFF 2"t{n}xAJ fu#LzlI:+bʄ5%wspJ~!Mxi pG3A3`"I=|Hx( ZEG?MasmdT 4œa5~$5v$叓v͐Hi19o36FMeڝ ~Kn1Tl:ɖ>[ٖ;\6 Oh/eeO+! aXO=?{ ꍪqbة ~>- S< N_y'ƙ1ɧfparU.`7TEp`} 0gIϭ+ ZgSg2{32K5p#!1BJPrdlƭSF̨"4X N7)+=1>7 gԬ>+LhǷWq*} kƾ :< }{ *rĵgAݘA1ъ&ڱfUj}?\;^H:ڲNᲊ#8"jw [_Mej*e5% VBmX)\(˷oHvE<[7,7 sl)@ ?cpR}߹c6 (b}lx!hө[`01 VxrMU@M9Vj#_J_o9OKs uزOqVwo&ב=LQhկ/Hj(*bh)@_wW.[2;NbU܁FOż肂JHn V,+iķvXkl̾E%Dl$ 88Rpp M.Ol5`ntP2m36'{IbˏfB?w_4Aߘ&ZS@fܟiҰT[CQ-p92˨k?YOH`ԗt}/(Iw;MnmZ7$jR 4 Z&CTא5Z_h`2l(vZ(_Zbx?po)z*ȆhˇŹ"L9 4_V{fg-8.WSQ1yd%SOe㤧 ֕8IkJ1d5r-AH%;^[p%|mh,X[4R<'a,S'~\`A"LAb2Hbxw\92&PԚo̟);Nȿi=L?(;>Ψ =a7Ede]$Ic㦐65Μ%1!k%Iqu-W/rMKsw4nTʬӁ*;tD⢷ r!MOɔT;)EA~jTAzăl8KGhX#ϧ ~$iܦ069i+mAJ΁/%/|4)&=;w 7{2K%5(v$џN EN7,~++HPJXk\g:D$X D  CTc'ױwX~ʿnKdE8R9v24--[Oa[ KY'J<"РS[qv|0%?1QIzAߛW+x^>Yg){j $EZY`lgWou?n.d4>A{PwO?q0$!gl㙋 yUͮ? VL@@jqR[jKerVC7ވ*K[/ d;e,Rg|X$#cALcr{%)T0R|Si00M͇7~-!|+nYP :<@\XPIY$g&1P&Ep'F<&op!˞dszR㭂??7)k~qn}t~U;t,m! Ԑ\?88"f4N,~NoULpl)ǥ#x]-! (q8}ꀷ\Z$*R*9OOɣV%`Y 4> ~F6^Owx (4[h6O Ѐᅩ ކFWn1r|ޤ*2@ D#kN2|\~ªe˂7dq\tQMvLl#4n +Z^ZgI]hp;3 f&y~CrS+٦'sg(>#U/6]-}37Nۅ9չeԥV,)k4P-$·2!]/(;CB_6)aanvS{oJ?GyuQ(%nQSLQZك$ hɼ/)x  i::SxK1轢`auw0U1  lOvיSay}ZO:.|rJDLJIفڜGG=WjAT3Yňy'>7$"GYYf{v:gҥ"|DunwNʬ{۟h+b]@kJGPیO%2xFtsXaF[ f.Ӕw{A/0;DPH%{(;qf+y6~ ]"gyʰ'Lb'6Ge{Bk>_Ӥ|DqZDa|R~^JP(&-a 1U[KJ0 @U죺9k/7nEA ^^9Q-7 $qLRW 3E }`K#o>a{2i{)_Y0T]x/B[ `It%O` * դtD6dd,OI=7E> LL tpbEI= *bsz8[wchH+AnE\᜷av$'XrP $RP8>݅ʳQˌ;P\ۈ#X%yM=Ft;RٝՀ>4VL s`̻N/#zh- ^m+/]"O6w4#xd% B$?|Cb:?qFS1 RCtkdəq@GNhF!:e7qpq[kH&j,C,LF^xx)/-ͳ%N^yo>]'ɸrѤ߯6J͟vJbϓX/oKˮ`!PYE)\ˣs&"ۙ06m3p#eoDI $61fMz sy~cٖT+WGtԽ&V_oRm-Ҟn9$ [XJ7lc]>æ53Z]H%ĉ_h_tY'>t,D52$M&á&N(u J(37a1OrL{<Rqɧ5xVݷ b*a8z>MN%0>v(YWmuig* (?Wj2|\>/ii-u5<2h'>ݣOBF9w=v[aeKʞLP C(8U0w!Eq<ylz2Y2&~ Te;1>հRU:.']akO k&%@rׁ>ߔom׽B(JN NżP%G@jbs oKR;aJjL8&Nz^}YyZM -; JwWg xޙ)Dҵ,4d?ka^+u錦-Hbaq)v|f5 )WcD  -e7#8B.8i&Ƞ}=kJA?Y=ҍ"}Z94UK좴Tcb= skl \RVNUІ sBwP,f\9h=5͈|/r%m Vl9Q/~}Up[39^XnL̎+X[ 'pz=\'<FYm1NA ȒP}"'#.b`~rߵ2({YtB.y,w'<كf=P %>)WC-4\hPDDfElG6\#ݱ+Ȟ|wƷoscx]FSi7\r3e`Bu?,z;zt? ʺFR+Ģ7TP{6FKRԪ8es8Y?Z6 gs O}_BYg )hE52YxN^Z2\xuƶlնd]3!~ǐ!B8LlӘitI3be5n.<')1d+A*:#VŞ[&9Q=ݷħmPw:Җ%_B,*ӸwkLZΧED{nmYښׇLb-`,"=`zMyf_y.' i ?_=F*trd_\ZQsFL~mj%P<>[HܮdHh6}EH_ ws?iA_К`L)çFaKVòw /zTZN L RdK{t; 4u}5[i6|O[nץ\ag`UhKæ"3[ +hG (kɲ"H^i]?g}V0e@òo0E*puc @:: C^q;!͓Tj-~7J 8YѹH[ˆ"!Ls+-."-i_N)l|߄k@2ᄭEY_!"5sZn0rZh:k;?k8/[c9~?V '1RDif3 βy%)烩oVga//TJhɩTZ:̬~QSi[ Ĭ!yQosTHM5&ٗg#[Ȳ\Pk7`wﳶ>]G\L)D<]Y}&5gi`?{dlRm 6*ku EHU.kF?4qcOF#r[֤z+P}qpp|Ew?%~"j:גÀ&2~fRUzTYd}mAdux2 9MQ"QW֓cufX(;TADY<DZaU(b^ MzSffi'@f9K TC|)A^o4K+VpTCOģzXP( P`y)sLXnי!GBwsݵA 5jz8ʵ%J)RܑFw+W9lJ*R}l8<>Tzv7ʨnsB;V%BR)""kO X22yH!~3X$_ 4-:: C]}td#Xts*+霱~NU +#s~ zH@>cM!pjT.f<5LrDkLdZAvbܐ|xN>5ıPEdFy+yӗ&mlЭW;a-c[1އu}Z a,㵯PL )T=ټ'>FCy,_ν e#sZݡmu[/Ab ޡֵN;=P,dbXpMa!Qw|$tYvwބn"#D_\]$hLTC3NÜ,RY%weCL\vUҌ!_FO)fQ*ECbnK‹oU:,UHV2'E~:Mw~#EB͂@"| PV=ԴG-3K7%wٝaRcOtMQi+zە)1 Js *'a%. `͞29)`:ӱuW=`;~N3SWhsL]:4cN?'+#DEzQQ]0LTCA% &Rthr]NGJ7[y#/x]#+cbmy觛))FJVt绯rH ԠR_ <pՀF!Et+0^(ű7`, )a~W;N  A~.'vnj_ʏWN Qadj~ҮPt | jg!ǽ_\@X%]F K "*Sg,<<7ѐoBWșYeR=?&G>'6$?}ώ:!j<*j;tRIbo1-DI>Ra o5lZ0h3_ M/q=ĎXaB2P~\9ĕSX=ҹ{ouՉJvN:gpI'! !R}.Rfa^W׿v\4rO/W(~]꠵-0:;qI.#1S p;4Q&⭗D_O{8X6Ht9GG|Mn[/Ccs@e}?씈P+W>Pz_&fq !{PKVފ0$5sGFˤY2Dbb0(RM_if6]Yڸ9X(p*7?D]K)2a^_5Q PCQ 1L HLl,Oy_]>`oBh$ۇ $1D(orr 2&ikU8Im \0=w16?sf^,OIMgݥtxA1訽0az/C2~XGf VL!ui >scz"i<]ߊPP& ^'\EoŜt}n4t%Wi ;~7h;mix}ȎQrdpsj(h TC',LGMSbc?+i8i/i >7Fc07l!VשdF<ȹk(qvգ]MHV`f= z-dU.'|]KT}+hg͓̈́ϧV1/KM+(kCY7 ˛?My@Upָ0mvA.#(\ļlL U"5./L@*" *UCS5:=tN}+^i&5X y/7/El\V =B,u=7Q:52[ǎ}=]͢ذъ[B3Q{tdjMYQ{ !})UmE_`[嵔hjY3dSQUC]xeT{ˆg_?,e':!1uzrڒoMІe @LhA,$Wڋ1BrUzR P" 2um| hqQ;t b7˳jb܏/jwxPM iׄ-k > 9 u$l^x"xvK5.m5@v>1JxsfvLص/*y *-dqD|\bP䏎FnTOv-y0Xt:B-32RP;dɳ B&e9~|]z伫y8xor^ZvJ%=2O3n#aޔ CTKUnV-!X?M&&_63LtKMTrw Ztgyr'pP\⒠s)5 ]$QSyhވN[[Ow7tidUNnG 3t(EyBW*mѣ_ (:,XEOǴ fKn2lB>O~ߥ\\@cN˫0Lx*c.*QFk>m%A1bӎl E$՚t0u&+p5>Cd g5VA\%x=ٿ,1u[A[p|)T'M, k~n-  Wsx%Ŧs@a8E1j5:X "@ jrk;wCn q]?fѹ2qgO6ʾL,6ʑ'Shb94ZLG(Aÿ hUg$k7k(Cf.۳ Lץ / %C|s,YvNT#(p=*.)|22OlTQ %]!v|[ {lyYr .1 "j`7 q*ˏݵP rټǴ ז^(&mbj&u+ :#O=w6II밢 =(` О\NH`AIC F9mfxIAmBzڣ1_(ēV;Ɛ&#~s~$__v9,^Lfdne։;/@d 3(D3JpU19Em?Uo 87Ȼy q%booX䃦qSȊ7d q=G$\.'u 5Md'-{>oJ`4l*'-Mn܄$pCɣWUtew{jF-XIS$δzCwr@!=<ֺpdE74^=6\+t'NG}"ü)Gwtp"6{<@[Vx(p pi"% GDGCB gD73Wr.x2dh1s橑)&-ȶ YgCB6raklv A$^P$ \0M8RGM^ʺVY`A\ &XٽkiJN5aKӽ:?'; iSb{iIY|10VYxơ{Ŵ=@ e +aN55K:6Ʋ B_ ?0rPz^o(<1xMPUD\Nn+QFN*81XU h9-k>Ie&\빷SUmA1]ru3X~%]%ڼKks#"Gnn'3د{B+oRSgh-?dt6E'p LVhhAj Dl~kb%|t02t~)>w|O+|Mzp(/*A!IIa5d0U_1]ĕ 81HOK cc_|!O!>$3O2ʁuS , 5Pʡ-yץtMR)6LϖV.RDBornϵDAr(EMU{'jr=j$ g"[C9ޝJXnaH1V>aC0 D!,85c!q&^;й|DSE}zHTXpQR"!Oĥѕ^m^z JE-Jn9xŢNTQ͋A&(hRāU e *!Mjx)aLb98g([5Fe08_Q>V[tf{ɢ-jw?d7,n{ IeC$4rmB3J|Rˇ9˔+ Wd:ve 6wJLk՜RX{μ'_̈́; it@gD Pu0!kYG裦FF+ ">qǡ|2FW:ZyFpe;tuK⡭\&BO)Y+]jXěP5pu톛_TBqJUZ\+w3I'^c<Iт::B2g>zb1Cn!ބ~]=#A%P|qϰU]5Y)ִkʁbFxZnђՠk. yMsv8tzZ:Y}_y1`{^U#.,և0ʵMI {Y$M:T å]QXk8!`rSKh`( b6mmug&#/s-;`S]ڔN2/|/wZ9 ;CE'ܢ_d4̣NȺ-MoođI(%NYϤvil&K_|`-7m6~]v>Vç;ql-9\T bev.X:[`lWpu_Urаڤ~U+J=zBA\",{~Ƽm(_?/᳤$Ch.C-MD[-s~x &?<8lPti e,4s|[ cZ#\ndI|,Ec67YPٴ`3PNvK&ΘFcktQoIPOڢSP! cs[IHaF/g^{^FInL SE_{i!Ɇ0(U/"aE%H|)dؐ*]9H9†!+wx1Hш¹o1yol֤kaVO2 2!:` pCLV[75;=Ԭ\`y1KJ^„w6ᓗYwPdKh\4\b)a@nCny(| $ipk*YX;%(ɬ@U3NM$)~4 =rY!_UY0=2J)֖ogbc?I.cU H҅!$ f+m_bmxՅ厡_>fXHX@6(6~ jc_l75&bϚ;R} FqTqdχ~O{a;C]Ζ4%v"u:C5YM_'Q:#rTkbrff~˓&48Q7"C"$mgQ4K%)ez4' CQd黋4-~\T(Lj0hF1ݎjF7LvN+̷z .PշzBݶe)S:Q| SJ # `hv8cu ?c[؁X"l&u.WuMs%B._K򌦓eޠ]nfuk5RCI8َXhJVE0($1ƨ-ޠrX9g`'*vl@B(瀞_ZADAy4z屓c00 w1Ҁ 6ʡC+(TSo*!{n?uцQYPRͩqޡsս傶Vaa`)Fק6M.WZ_ -AEJTbllu9-H AA8zwTJ`!z~-͡$Lǡ,/7>Nŷ4s"4o vCe'nsYmfC{Egζ %LVgq6Y1u+ǻb Uຌ.dL7#6ܸQn|dH#/Qm,)䄄o<ڈ aX?f#?eH.V]ӂǐo9}5Fy| s|Bzg2?"/$,\TS#xr5m47H۱^Tj7~ ZYhdXR০K[C@2jnD#V``ѤFpadrG$Nƒ"E@ax-^-Uհ?:5wm/0nCh`BFu[/Mo^Гd 4V>x6Ž(FT؎/߭ :*_)~%oӒ+Aס?Oy4I7<ضwUv+;fFnO+'q7҂*DrŢ~8'Q,::gISes"w"9wӹڿΚSv]rc rD t qY{ڟ̉e%omN f+j2k,2cn " 4$KV4W!שHRZ|8%B\0|8<5eJ2ȹNiN%8էdžGjJ"Y;#Mi`ehX ^ᩐx%4$Z׹#g~3a9Il] w*EF4c{S#?0ɵB+5هb @]2<[BJp:GЌ)w@{hD00 %ͨO!\_k{!{[ڝ )2ԣ6wmf6(+vU&E`JaбS>);aV%@AEy{ c$&܍0Nb4,dDr|&+dXZIp(^9Lꂄ@&"V!v^X 5[+MnL9\~XYsP\BѼ]>Dd9,S1[(ˬ (o'O tW1sja5/^ELg-+NL7"͕Fz䒁UƝSZnV/v*šx\f~:gZ]G!Y6}6CSv*9ԤKYcL:cJ9.u.aWĂ1=ɟoi$3rC J MN\\WZ\Z1Z.@4>u< F-c b<nH*|lIRfӏ]K)ѻ ZYU}^P<5K$\%;4x!_ANbmye4m x;td/olm^HUDn^gq -9#k$o h-,#dş+M:aJDpoK"m1x5T Zу C˿cA_MXnR|;.U#]Fyo p`OPR!&v8OpO HY1ec,"[OQDAxC:u2 ]woUހ?NV4~OSG\}-$g8b&&my 9hB5/d$N#uA˗x= !X>85SV"vN8qRcj{%#7) Vmh4 Q]F 9F(#yD"2{&~tM177Q l5kO| v}(dICyhiO*9,Eyn4`b LhcE#95*yb۹UIc"9 Ƅp%z5\pi̶pzIˍئ+@Hg̎í <*ز3?qN:7m=:5x\K(cd$r~~aC,;oՂNHH-+jG.{AcTb?/l%Nel9%WhteD 9;hZI!͘r=wfgfÓk-5uYZl KS"dlL 2r/  $/}lm >ib$,aRF8~I NxE:u™F᥹\'eՙI{Be4՗.2+rhkcXR_(x 7t|2QX hr$g+{ ޳#::κ2/IDɏV3rP%A-n Ǻn2HD-C IŽz3הɩKNs$mxG|tAl&ɢjl9i:bD|*V'e JXbA[fajWKՄ8 Lt^!Ѭ3O>8_bY:'dKV7VѶk}zm=0JkҜ̱\ce;$xpǫifK%Sfw}:&%wѴ]=m ,N:QZ@fPb:JK ր1SŒi͢ʎuBX,~,5:UTj}0bb+C|HǵPő δ$pWP2wi-!yYBMh˩K_,-uy2EKpJ}}qYGXho7^I00 wc([Lu3RUX]Cqop$'1\#3g$Wr!-&<\?\o@5ۦpgR~j[9нdr i uKj+Y&shptҬV<8gBbs}ׅ-T]+:"VdCd(qiՔ!Xc[n>?5ǻFNwu^5FCF}b% a)Ҿ))tsp} dPѭ,#?~οDE~Ʊ/h ]:J3mY~sKܾҙ l1{*^B։Ht~4H{82 Da5Z7lłBi2%]LmA*^At]sߢ tYt,p!ZJW}ǟ9 )P/Ѥnq6#+׮H_R3#no+`ϑ^{_ %r!t6hСjZF_{Zغ%/1JuUJSʕŮ?;P "R@k$?DF{tJ!ųBBW\MuO"pUb N:_6 }'>?}/mO7F> .J}L[!;)[]^I'lv8fc ţO{-|^c=,{z 4fM(( KGA 82i kΰ?d)Uq18i [U w1уa=Y&ZƱivR"}Cl5 a&yU4_݁gѲIЀa#]zI+r~~z12 e4Uo+y@%<\x61-Tinr3eҊ#TeOzaA#i-Ӌ-p`^ TLǦ]BVŐuDj_ dr[oݕMd;KN:]#8X-4R}06,NT++[:H*SpNRA'NA3"[a۞-N Š /~ F(WsXԅ7?yv QQz wkG Zr~L+w F liyZj>7 ɹLEOAZc TfȞ RV@cծL{jGko̞}zoԼ{)*Lzbf$_'@O}Ȥ UP16'ΎLE4!\m^|I(knxZz-}I"@aSf +tVÁ#W)t~|rbD*נ']z?(apr-/ٟtFx*ٚgʻgo`0xv$ħbPt׫(Vё`Mi(B ]puêaէs瑬((\ _\2v V/O7 ,1[DTȰv/h nF1|o@tv!OpfMdCM&:M]/͋}ۂ?TImLR[s+LBd%@$qK]8DCy7~ T"qA_=`*GU^櫟l5?o_oY; 'ӈ]eP^27Hb 4ve{eNxȴUH+kCeJDB1WNdXoѲ;#FL_W#5`nK\c=>>M~px݈ CNXM˯6ѭ!W c-b0cu23(0"Ĺ_Ǐ.|S,ڋǿjZǼT(_72LtFP<xq=w[\(#]Tf2( U L0gI*Y:/ȑjm>`SnaAPڼCW,ϔK*;۱w^AJ}wyw^bLw(3J/a)]8SRC m"^%[nM&r=V+YS푹a8]GXꑾvG*>(jy^C,VޛG"!FU t&Mu*1= 8hiGH $34gG}!<ރuzADytм"O] xGpLS 2ٽ.`*ޫIa%F2N3*ksN|1I+JZqfwg_jP/*J&FJC{u̓+@ 6?yA+%ܫh.]`!۞x{,= UÇk8 ^v%OFwJϧ[)%J`)ݗu; m\(W*h Σ%#]2bqJ~{؀-y/\rD'ۀtwTcϴ祅akù`Xu.!lu>8k4E "Üp4(C3{`"mj8iwqV]/(s|R_i2|aB $8ќ64`xYʅY𣝔4E!ߺ7K3A 6M@E7t(,iљu^1^l@|ԍYf6U~ڜW¡HlY\X9u2˚*]plMs5{X(֡/^/Q5Jb4~UϐM[<7h5ؼ5L@9 SK =mƧct_Ub +c Fge&=[HXnD`o Ԃ[ # Ekk;?-ek}.[ni?cCEo Du=I$ ӪX=UR,H~Ti|6j%lٞ@~o-:GEεp^>[PHqМF#XNm.{>`ԭdeXgJSm(|\wYUz_fF~yf1M+'TK4Wu{߭=Y2+W"kIŹ@læju8ر:<-,M5]t݋5Y^s?,c{x9uYa]w$ rώ.m97Rc|Jpm(q_x "*ݯ'4QBY5F'\SQU"\YAgl$7xӐA1TG#:jR_k7Po6U ̒3,=^νՓ.]S(zH>bOivf;8DvS&V5IK@-<=w_7=H) =  Yˊ]ނHL~؏)}"D+_R) `"g9%=ZC៍nD}\'v899J7= % '.Q̗lһd5ƋkTr{ד#,FJ_UapKNtxnNoz$i :U쭧 BF*Dͯ{(}E.%$%=ta;v6/ /z]vٞ=,G #;=ܮ:aH ξz2a(qFGm@cePHk( CS R<C"&j= #i] OmGFXe)wEv_Or{fX=Ffw`#IRaDn.-P#\u-kxJhvB zH&m&9z*?`n&X|#m;AMI-{5:Lϧ?2}RO,ǖZL`[gͰ=b},Ef̱we%)xٝP:6< ~~|+=DAlDVm'WW*h3"-]7voX=NhL<1 H~/6X,9$y- ĄBhl^)"|QW,*TսSDS,_z٭}b&nE7 *4A‰T'-vw邭`a AC=j0[;O@Kvh/)SzN|DJjdq'x䂖[}i 'GjE"O=x/au|1X7=vuiݚFt7<7XިE$Pź,h3V$tGnRlϣOiN`V  'z hZY٨*C.b^z !хx;t?(=(֏P8ٺ|Ŧ`%R:1M)EHߤ!CZqVA1ݺ JDAuIV]㷾gE.fhG e >䔩xXhARV[WV"g30UNșͬ@, %9;3Zvgd%*.Z? o/E37t|+fb!4EGFĀ!9N@͕:ЀV شDOB/rc,*(_:YXnLJ>]>Mկwl2oiJE_Lot{3b]qe҆ AeG.kT!hag6.(!ch+*pt+iDƭ2munAB?Ohh߯؍M#맅O(Q` L(}9(QM]4h66ܘ9X d7НsFZ%Dz3VTTa?W} - Xe_bؼ)e1LjyHY—}a"- 0W}paԳRP-iB[bT叄B ow_W7(/d[9v-)K@):=đBUOU+oi 9';dAdp}FNvGĺ )[#1^,MzgxQ=73 E?D[mSg,b23:@b]+(|`wFBΡBXWgWBz^ԏwH!9BS&ᄅ0g,. 7%cnoRsj3__>sf!Vɬoe$o؀N}}D(*lM9m(91OΊwRc#iXkv{Pk_ OU"Il4).âc,c\IObғ6\W%ekw3%9 qO5EUDl-+: ۱>yg4Fgr " ]vRuEy{9huW Oؚp/$BX~i#ҵB׉;\TDv9e/^/L]f\#;m=Y %:x?Jvx)4N 7#tple_piZaus(m$镍Lskq1/~_\= +hC}{jJjG=XߠXmiT t+gkcGCJ-Թ h|❂ly!„4ZQ5 dZ|Ӌv9ufzƦҿRX2 G߸ |6(7=a r!X͌2X*zJV86zN(Pf e xOSWs؀Iuա?Ѫ8gI5kѠzl.`,U/dÿ-wًٔlˉf:L5}(sVIl:&Sgܦ**3 XNԣv_GXg8 نA'tPwj<>Z*>GayR^+lUM8Ű WK( FŎ_t$2 9!N. Y3$C- Ȅ<ޓi۾i`aI!短tK?$nE%xd#h֡?k\ qN= 6rnpCߑЌQІ_XYU)0TVy5yd/_E|9G-Ǭ|:0!*Yt]e{+wbLQy[(@]C4+Yq|I8zgLYlX,0 QkBvyCc`tNiR* Ū26I!K{Bw`vREmr=@ `(vѣ87:ҟ_sjpv3rd`߯ě%SqyG_vpOEE•swnфNm'U$bO4"Pa=&_ BZ`%V h#- L68H-ۣ;e8[d>0zZ6<(2OV8=b2Adlà?>OZJޜ0.tJK n|"I=Uk C 4ZG8Kav[dm}/coG32^J_KJ8ɠq ~ QoEN&eL0^i1&Y0o{nnQ  ^#'_r\22~b2 7RY)ei@% ],9'@=$=vG?WA32/TEjU~眯j&69W1zc&Z0((4}י9oCGU-N33IsO3h_J3_u=q.kUXtK6 IXǽK vj[0QU5cǧlnc L]LmxM=BԂsyD>ZbA툞7RMp(A]EaIaʳ2Ysj_SrlߠyI%?Н9.ilF:|m qs݋#woTK/@n!Mp]! N|ͶEq]ikl4ie ac2!g uSVkϒ6c-ɁxajZi-+˪2V" j3RSAtڤ1ݗ4ՊVA잂"hT_ @'GtYI F﷭\Oc8D_Yu뼉v (8}<j=LUqt4HZ"xt`aBJO"e1!}^MȾ X8 r ){+t~lƋ$!ٞ3[Orn@=.}_\iHWAmN=ED{씴RcRנDwpy#[[*=A cq}ݨ*Gjk/*47tI%XVWFH %,GAEK@Q&TόP]i#]&~yȉou)al^`FDI mR~Ɛcr^VGg/u6 _]Z,[)et&XD s'eZ!ǟ`a!D(xvJ`V6B*!)ˆڎ' {QkCZ+J-d6s96Shrwb A',7Rr ,qw%r\WdpUy[C2fUPC_a7Y_4`[cPǦ;V?$\.ح .608 |R ndoA')=ʣD>8ڄ$u+덆:$惐G{w45?vPPjyF;ݴ!#0i_;Hy݋Tl(mVh1; -SHvDm\rfu46inE|XJA 5CLVךlJ  L}ԬI 5WhOIb{5Pҹ؃!0g^l"!P*7,ife\ L. :SĎykyxKHܧuGgM$^_%KԀisF#BL9&%5®ٗ5^DԁEi>}5 }\ o˵<'<3wiAcF"넂lm e}2_==b$Uȿ*k;}C385%jL$X]ɂ}PX랪B?,h,`= M9S,*#Ƚ%QMrq+ N^߬)UX}59K|F*`y4ghqF,{[IC 0j 5ʪz /|7y!38<r0೎`NCui4ƶD L}]_w4<*҂Vwyubq3bA)Ƙ ӏ)vY#f uSG b̸x5Pƪ컩2PZ唩!"5\R迊~3I䉏ЀT,ڿkM*FA1*䀫3!NMrL/2Q *^6@f& r-53KAj^U7%϶с*g=j{P&(EwIWaG'.(^z&FaUiٙčZY#a㱐ǁzuࣉbfѧ{ h7QQ'BiQa{bh']tALh$ R1 Ge6ˉۨ0mLe#nߺ&) G1: !k+\yLJ$lG#Uc3eOr( \=' )0OFU[O)HکbLå{Mm#WZ '_YXHj  xh!!<5YBJ 4BCS+kVEUd=2tKީ=&v2c"DoV1zd%iyyR rai(;H (4kdϤkyU-t<7^OgXe]:ay3aa}oc{SB`S?]nY@"טm. 7?SrSY2HLŏ\ufM"avAB SxORî* !͓q[q*?~q nlv}[m5R_! Bw\ ー"oS^|u-%n`R+P{`&Vpxs %HAp#CN|Eu*b%y} i`ĭ9UP)6N](͢u|[GB*l(VnbA> FC!Pb"jQUY7+0Ll՜i2avCD|Y5V(Ա#B|FOגjY\[Y"ŤsbXM^nW1>*"5(+EkNd\T7 VIHEHKPyˆiSB.kG![,26R)V5~?ԡ "wa;q mi@G[2^4Kox"&R#%A(E5xǔg{bSlE'Һz:daqqRrOtP@5?Xe-ՎIh9ECBS2*uTz;\sU$+(`UvdE*{Bl$c`;c:3cѱz_ht+^ّB=ѸxeDTYL3߶HB3JPy~;bJ#ܳ@KX͕~f#(<[`e|35Rod<*̓(Ҧ)]n8 nw(Ћ0? '$EuRGtBf=W&]odY{6ji"o޸ ;6GVy}FKD!eq >[4[*hxtDf|hd0On#'*ݫ?є?\'HzQ yq7qO+X͍2:BiwL88V3 bsզZ!''Y1V(|#!VYMg xϓM Lo|m6K~#bM2;?f_1pu^h]q@z֧̍"_އAa-ڪ( ƛOmR]Gg~%z~i]>عɊN-02 L~M 'i/oxsGg8Y@NQ44s]'=nt@b[!Hα[cZV,,bZn$D-|1FpC 'D YZ