sssd-ad-1.14.0-43.el7_3.14$>\ Qz\@ >;t?dd   9 &:X^h     2PpHH %H   ( 8 9:eG{4H{LI{dX{lY{x\{]{^|b|d}Ee}Jf}Ml}Ot}hu}v}wxy U`Csssd-ad1.14.043.el7_3.14The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.X%c1bm.rdu2.centos.org&CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64`K(Z8YA큤XXX$W~XX1681f7fa7058926a20c74a4f65686d09120a21277ca8900bc749f3e2df380b1bbd2d9a9f90697979304ba2edb3c14f79e596e88361a8ebf1ede9cb1e445767418ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903396e115cda209347e2af89da76b9dacbf4a606aa41c4258bb587b9c6b0c15b7da7916a271799f0415690d8c995920fa7e62b42c5a97a08167cb40f8c5a4987e2rootrootrootrootrootrootrootrootrootrootrootrootsssd-1.14.0-43.el7_3.14.src.rpmlibsss_ad.so()(64bit)sssd-adsssd-ad(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @ bind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libini_config.so.3(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.3()(64bit)libselinux.so.1()(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libwbclientrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)4.2.3-13.0.4-14.6.0-14.0-11.14.0-43.el7_3.141.14.0-43.el7_3.141.14.0-43.el7_3.145.2-1sssd1.10.0-8.beta24.11.3XBXpXv@XOX8'X6@X5X5X.@X.@X)@X#X!@X lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.14.0-43.14Jakub Hrozek - 1.14.0-43.13Jakub Hrozek - 1.14.0-43.12Jakub Hrozek - 1.14.0-43.11Jakub Hrozek - 1.14.0-43.10Jakub Hrozek - 1.14.0-43.9Jakub Hrozek - 1.14.0-43.8Jakub Hrozek - 1.14.0-43.7Jakub Hrozek - 1.14.0-43.6Jakub Hrozek - 1.14.0-43.5Jakub Hrozek - 1.14.0-43.4Jakub Hrozek - 1.14.0-43.3Jakub Hrozek - 1.14.0-43.2Jakub Hrozek - 1.14.0-43.1Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1422183 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user.- Resolves: rhbz#1418943 - If a long-running task (e.g. enumeration) blocks the sssd_be process, sssd_be can deadlock - Also Require a new-enough version of selinux-policy so that setpgid() by sssd is allowed- Resolves: rhbz#1405584 - SSH: default_domain_suffix is not being used for users' authorized keys- Resolves: rhbz#1404340 - Use-after free in resolver in case the fd is writeable and readable at the same time- Resolves: rhbz#1398673 - autofs map resolution doesn't work offline- Resolves: rhbz#1398169 - sssd fails to start after upgrading to RHEL 7.3- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1393730 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Related: rhbz#1396486 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0- Related: rhbz#1396485 - sssd_be keeps crashing- Revert the fix for ignoring sudoUser case as it breaks processing of rules that completely lack a sudoUser attribute - Related: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392893 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1392896 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.14.0-43.el7_3.141.14.0-43.el7_3.14libsss_ad.sogpo_childsssd-ad-1.14.0COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ad-1.14.0//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ca4b3c1a626bc01a7879a87361b20e1e680f2107, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=d48297b8c3fc41b10811a3401193b534769ef495, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)>>PRRR>RRRRRRRR RR;R'R5R*RRRR)R,R7R8R$RR R!RRR(RRRR+Rd0ܠ̧>%M=,pivGP!X.=@RW5L:zj KjV-߉׀ٰJ?Ëh3Cwy֫M~h##jōYaNǩ^HXaؘ}jg7O +p5ͪg+4jūgo'3hVl!ۅjbe5XF:S ϼ.ot p6Mjy{ 64KPR :yW{8N}͋f6d0HBonT n͐n,@I8/Cpe=}!'xX/]bAK/%Un dtrU?,Yoхihbw5sӪ_J GX`p⁣&!-lI|yD gV j̞O=*@+$L">D(]Dۦfpp`$С L.ۘo+: mJ'mO`?57~'>\}?Syol!lkVnS'A](oi NyEbXDk [*LTG!$rus09JLDyWRHFUh:kϥ kJ=,ԕψbӉkXxqS;E=lٶp?J`k=QнjroE#;/(/pK#D 'Wݹ *ַj^ 1";߸βWLm,鋋mw:A'󍮚X8>!L8Fܒiw8dwj56%ƵOG}'3@tu-d$#[6Χ|:c3^L'0(q01ɿlIڮbQF_Hfiܭ<*5T& ӎ̤d,YGQg&+2=G+q'_oXy1g!h - ژ(yڸL(7i>:.iGN:*߯e$#;F&UvR55zvsQ-.D˃y˻g2/AQ4SҒwuPPӆrv<r\&Y uC\0Ijo[^pCbn~ݽ~Oc}޽aux`C6e/l7IHmxyTb2bZ^w8%$\* p S!Bt{MEMEf:_~cHdQi(i?9H쎠SЕNXbP -A_8px#Tx7l="1|z@CyV#d[7'^YϜHGn.hIzBdE=-]Ĥt{~u9_0!7mzcU`KYJ2ɖyh=x?f[f'c#y-odBVX`ˆB_(?&SѺ\"Wf\]nߟJ@".}a%`:!_`"al8~̓ՎHz5wJ݃la-W~՛_XG_LIcEU 1638ZЊ}zAքuqkrtc}owqMX ర'o{gٷI:;ZԄwTn[.zp!"Gt y08x=+^ϻ9L 'U٠]$Z!)! T$JGvx,V dp T|>~7DgM>p"ȿ_7E 5=gsn;da%=f|LV& `}d[:o+/A,%b޴ǸҠ*E$h̏'0ם.UP1EN?0hDR6z84bPzEgG{TQb}48rֆ3SfC'0Sr9XeiGM;:BbjKnf('Lq_ʞpg[m OF{L$D<$ рnJ|!J<6%\RX<#n}$Ҫb2 b6iێ7v/7w;R!eUW-@(9XGQ8K9Hw]qcÿ3`OFḿ2%?"93B G)V`$+t"FwDPBGĪ7cdo78/\n e .$xsk] m*Md]dIҐ@oT/Y8X3oyu/i'~/cwH&|Kk@ (0Q={!`aQҦ;$vl/&DF kH9\`Һfn]& ^~euLvgM)}+э(əlPcLr 0r)l_I3?[jb|wMY²)[niz>ADyE8EH58~Ȟ7UT7Zi#_R͐<Ń3A=kݒs9O4 p4yֆ@GEEN:uGT5Q B Pÿ/b}^q@|QO]ân3?D;鸊{ L^:굁mb_T7D8 "ͪ@r~N5~7Ç0#0 JWEM›`Q(pIǃu_~KenqN gdF;$Q1)H+%Yv|!IC C~cDn|㎣ ` %M69b4 ].nM*IWOO*WxƨI~FydD[#چ*'˓ gNkV9$QiM$:mOyʢ>CB&%t0S6K-$*J -z*\>:3o8õQpht-E,=OjA(_nE'3#ü " b.I-ȽuĨ,}GJiېI*,U&S %`ÿܼϥ)u x G Ww>\xàW5o XmBO6x6I#zWК3y' 2]oS@]ୠ_*S2 GZ@~dsXV> 󍬺Ɏ:۹޹r&ʮs=A+&BQN!vHchlBI:e)wkCfo@jx ӶOZU ȴ~jĕ˾{2DNxTwfBaJYH gi\X"wIZ%\\,5%(Y,ʤ]Β^EPALjTfV]Pq']ā{E\ fDg,NZ>gtnٌ~ߪBO)Dv,W!f&jnS. kr>/ͽ + 1]F1Ӄ[."{hij"5Wlc$u-Ppqeb~ݽAjAxnad|׉M )P~^RjRpJQ4KKXUAnYlG,s΋>ðXmYU*beQ. jYːGQy%yZļu͕<usD)c: e³ &](phF6@$RgqC["Tf }j;q5C_ yJ=wc[&ʴ|0Xp-^={eN*^=n_3aEG>t\])7=Ju;Zo̪ X~$24D诡a*5(Q~^y#W&2BA !VA[4*{j'Wv.9dOw>[[ҙq|ʃeZ(7FWLXWB-S~7$.7sOŚÖ`&VCS=ЙӦ :c*´NTWC Ga)#!{{·N.mtVhOk䨌Zg,c*H81+@Z[y7[|oIB tسɢv@9B'*%GO"copXU.W ņѺ `)7udBqF_Ec^M_چZ6D3V&˒TuJHлfVO/h K#J:h.?qA7?EZ4x@8dDU쮌휔˛ű֋Zs7f3*.'gʠ[t= n Y8Wa`4YfVMi[(J76 2`uR )]2M=0>@qɟz=߆d<7l>e?qlVv%q0PSAZn' —qWSK »Ԑlj*Uh.H^Kɮ?mX[ Wϑ; \x$99zX &+ i;rh.VW(hd.R/K2vp9'zϜrrjbK}Smxzdbx8Й0!5 Ʀb~!ͧ .[ձjB e}F*" )o!VjNfm"K௠E.=\oٛi.!k=!ewR’(\mu*7Yr5xr@mns跠s7%oUJ)R.$^)dz+`wg$3#a҆` Țu7EVn'&BGY )(0t1?j ˰pF`LWuL 'A&.U:ǎiĊ]T@"ʨd:A߮4X$J~ñTkprz7 J'NIb4 Eh#qIGzƞ#mBs+;/]JZ|-[W gDCI΅DƾZj-ZeλB  V?J&j#M&^b+=lcTMVDܻnÜUy'[ TFoB"r79ӓWa,=3}<Si wa9}-]$6Y4x*Yn>|qPlg") MGaWQ>rTT" 6tnB1C@mZabϪBo:;?pGĶ,Wu\[hEI=H19  5)#r1vuLZE7v݇Qk wGz\5Xt7˻3/vWr ?|8g5Bf6ޫ {? A:I&ƪ1&)Kwdav};hvV .@1>O"ԯz}_ b˞v=j` P- {G~@Tp3y/5K^.l_Q]0h`) Ti9x]qivUVb RCLJU? P2l m_.pL=ߒ rL=AcZԋUx Aʒa%|쬥cA1;~q'1Y>^vFtȸNϔfἀGNU!*>̋.h:HԼRE}<]=[T*dڶBT %zBdKzK}1X)KΕF=ES~>HŌ*UVG"S]s uήH6G%)[s eQ ) c"a.KLWe!3\mdnT_ 72,v AD?h__U*1{h8ﳬ ]&\6$(ブ5O£*JC (/3fY}ԛ{`Z # `oa*$zH])_ϢHgT S`0V5N@V=yC.[w]1^ɖT(NL]-TcU9\ArnXzJ`q"n%7ǻ+Sb7"TAˀH-yH@aqNV#1 BePz?%Nlyi|p;F>QTx[@B){dJ`XX)o*&aw6N2}خۉGH't Yd?*'gt՟G'I!ޝq]hƅifTWEoM mvç/Õ%J(+8A%4~^ժ^sF|c1vruOgBI{(狳nՒn m3SKWXyYBK_|#΀IZUC:TFG'K:El2ǃa\?K#@)s5|*BfDT˧ظ~vpHe# #9 0]w&FR#bNdɥ 0^d%_R[ EWx*?R @{*@BC~Θ}DtKw(RCUqm w@6Ufe>a@N1`v5B^[j)FvS/ؽw(g8eRU%m.Ԩc&b,6D0b,JtYr{Q;"<з):;79";Օw`zi3PLwnm뼫51EHu.4F*qQ9Zy!åceHEcm_p2*aЭ\J&)k4½3(SBsfVS{ɭ)&J@x2Nn]E$M6 ]D&geISZCKV.ejerLG%0~=g\V쉏b%:@cdz[`cȿlI1 [ch(WN Es) a6a41p|Rv) ˎj.7 *nw) -b"hop4 %G[Y\nw׺O>4"M?;nW 0`ld睩bZO߻U<+TgWDxh ab]} _s2,՘"I傄l)$ 2pi5CGԔ&^sa0B(K1GcĊj!1>%K7@X@mGiZn(9Q'rsZ b\T>חAi(W/6{WuP.o_BĞj x)it0~üNթne瓽$c@Dn %y!P4&_LPDg{XJ>ίʣ-)UM :+3>C\F"2IGgx &AHM\qɸ4^;؋˼(?jV5yyۣ_P&XR<@Vֽ좠51}_.Gx_<+d`)A?ﶰ":!tLt.I=Owl' X՗(\֝dYxѡ U`.gٛ\#-i'qvEHD|Rm5oCPfsUV=RK8֣OeP^qD~.ǵPP8Q@c1?* 1Hھ|!j)s (Vf|t3YG!,Rǡ5eT+9tj_[{֤}Dkc)XtHO6v]~;h_ ~agQ+~b Rv|fd|kJ0^ͻ6MP$UD '!58~J֋dE&ᣊI:HGū*|4c]1"% %/_Dy-ސKr=&u &q# mTWZ'$:[aYj .9Ή%c/G/iUO!k]v\-( p=I?J40/џX JDxWd}DKTגy>3hYA2kQD3$+p fY㡸 eR|c ~8\M"=hͤ\bf%bjN|VZܵnҦgkk#@DZbC[LK+!TҏiEAUt?V\H)Ԃv;"i8l4o XpY52^}s͍WMtDޞR 6fhhҴ_#vz}a,}UNfeEJ03gAQVժ?HtNiRƊ6{c_E8+T- 9JIGh"cu57$)KHDe</ҿGf=5^jP;!U E;F#+/wojmc"6,? '26%3G*kKL ~ b '2~G[_=yA}>INU{F3?i`qF!Z=FY f9 A !RI0 Я:>TKM1@[Eqz̈́ F׏Y@rO$2jRl6P!mŅ(N7P_^1NQYSl2KE8;Жd&ǵnM0, ѧ!)VDȢ\Rاtu) P[.Dz]4nM ؂[!s : Z A+Ҩz CiQA1L2>^^>dU >@1`'ÅzRXY*wif]"$h=rXW?;< j`Z]R@ɠXo{z pكV.NhE@:yط:2چZ:CMsu_Eµ>Zw3{𣴏.}[_A=ꛂEYw/3OsVDZ8??!ÒG@Z<偸tWf 7'u@4 m^McW.HCQ0I!f)3h5_3TLvK p1b܊#l4 *2.;}9h# )6Đ:9o^Y^gK{}ڤ4 Z @~? ag}xg`6A92[yW Ypk_1Y(mɥ(t/1穢m%϶ez{PoY%3>.^TOfc$1}y3NiNl6d@,{C_-{{Ҏz?pX'o?0uuuI-*G(;L&=Ro9xPA_/z+&(+ C/ڋM{m!l)C+HsUrYuI#WdªVDR&ӡX!G4EmJ uCO)%JmH,P֋\@hC9KJFWMQ*cFkX ,rq4_=dkr 6lR/ca'UO8dZ9F8P"@7.cηʼЌʊPx WɁ VIYmRO@bzdSI_X$ ܊0WvGiE2aHSɥ-\$iJ:w[p$~b6yL#z(9-wutsf Eb!9u>B g){ǿ52ՃNU~]eBL$ZO -E9<$¨K.> +L{l4̶nM+AO6ؗ.}k$懅(cnn5Ѱ}tz2iENYVCtt;d=uH;li{OJӡ,4#7őΔBZ [qr3vr>jk&|9 ~ w5VEJ ^U ϲ=wJGHts)Gi hii뾴ЈtxC qcg@Zitq8UQ~&lq0)kLlIӫ73וUY5L( tnn)2| S&*c ="øU}׎zb qff>?K%LO̵mDI1gj C=Qp 6r#|b5'5=̨'2{c@Z|&ٍ&9AX2)H59xj"5.gORJl%MT%h s 'I^ uzh]y~JhFSf[ fT䀘fl?%q^~B•9QѠ׻hjp ȓ߈^1#Z: 7EZf~ 7 d ٳ3=fGգnY=",ţ.ĊF ɗ|sŏ>70ΌVK5\EᵀT!'**:Ht#op5CLaPX?R{_1T?̹3dJ-eCzVPg>^ m:ל`/C.څH9 ؂1CwgbhsDeYA^O96tMSEpwg WcK + n8 n4qDyN P"񊫦!8zCN6_-3]FEc0?j` V iQd;%:lJgP;c6TBLۘC]u:CHn$R^D1≒F4Ah[+%”}SZL1[wf~A^Eq}SٜFa K|VP!A1@~i.s!I/}v/a~|:YPL]f\v[I"( 20B$з6h;6םp*=B\љz/GBMj.U} l4Eݦt؍$*z.޵jKVzVQ7\2@lǶlKtU#GLKJ=%18ic~+jfVA|^N3d Du^;7|}?ɫ-!0uJ%&8݌ʎ"?MЅ$#^_6Q^͑_:o6re"͉ϊB}K-Ыl,_s#"S:kJf'BYw%V(0 kdpp?YaJA]Fuej&i1F[=#߸XjYȍ;vJA%$⫝̸ aECdNnMs-!F3v{8|AMi3+#((C0P99^/U<oY?5aai#>3L.[0Kj2At| @Lbнw-/٘`.ڙ. ]j`r}םQӉ Y ʘh)YmwMQ@ov{) G.cs1ì-*ɆEN  {B7<<=[&SFJ#J v ‡t&^ҭ\t`W|l Z5aJ :z7n|U+S mf`(?nB!>s@fku83J@yQ6BXi[o6g|!$NLDoJHd@@U.KWwZS0fU7<T׺ꍅ5@"ʨo,AV6|]5;.)PRwaKr lV莹gki.TUgXD$WKp׬WP:4أz2X#7Q@:uנz=\t]6g#BҬOֱ i^ !)][4( XZ :2#L ^Zꠝ-'|$ouUX R R--o_D$.߃|v*Pt:-}à9yDvYmѶaKU9B`'mK7Y*-kKɎia :9#Οk `y5OV~WI=HfHL6a#T^|8q`E'ogE+L_cMZ\"X5W)̏, m.p\} B8W<Hb="M_2Ap")cѩ .Rh[캪BO;`L Φ!&sSs{ ߲W5UӗE,e^}jMq'*^?L- ŻitT6U'o9ݍUTK%ttԢ{uRvLʍ9`$YIEBEE$\8TՙUzoj B^vhz/7S4 (xcޣb_񌆾&s`'rv+v(n[Pٲgx#nK.%#)GnA`%DI-)K3[8$5a*& `u*2p DfuX:Qg+V\jD/gɖbqA'R('ead7{(JhI{q"~wOt~^η:3{U_n &*f0gmf ]Eԛp13dvQEo4cNN=/q4ab ۅ[-*BQrD7->yWS,&֚c[NTWŒlI!R.Y1R!ۣ? Wgh2Ί8g6 s22.]Q#aV"KmyAU?JEFt[G7ttV #2Fv "Of,Lj9hOuue;gD$0P`1Ub)&+{x^fv⌕ N DgxoQ:!$#c[|?2@8v kj[yca 0blZU`fυ橅@D *:F]͒yp#۲T=J@5$+;tY=ThMYi߽q AMfȊӬ}ӕ=iPoZ%GvOIN\jL˜O P>-cade%tT(b䯻᧢*W Tr&nZG>ʦX"_'̽VL_XS)r.[Jw("l.,2NM9ϻ͊:0"w%\`+C]n⮥\U6Jםjn5 *\gNhc<'?u,( K#ǛPhN_BjRjZH+?&qpχS v֐2[K*!_hBt6~og5_9ϸQS_ )n:]JO=5pB=' 7hn49L}m(/ln8~dU&" A d#li:~V+U%p>R>t%1w5s@zL,W_ή W8C+`Gr{),{_fU, KJ0l|ٶ|3W hӑaiΦ+H+v.m]TVbNPcRYmߗQg]U:ngۗHh ʤN][tiANp+cZS7Ţ9yass!;dL=rli9Q-iM?NGtI541G~B$1}zK.#P_q\8ꢳ_A+vʹ@U eO03ж HRG: {Z_:U06\Mc{X]NWC٠ R~NfOm_NVw[?Khc/mg'q Lbe%yAr4i=LD`ӒtE j@Eu?_8^*w(I~wn'vcBf3{7W(_s7o /֯jWm¯dYqF@ix:xN5cZuOK+B00dqv~.PvNe5_0V7e/I ]Xc]@1lOF9#54NXb0tF"\ 7ˬN#-w]JhCtG%%ةIxt[XlJȴ@Z2or#H-4C?Hdi{ HXSۢsy&ј!w6H{š4/u{9@3^pDh$D]B?=) lӪ-+O9 {8{S>W>3b$ln^ru*m#jz^D> K!A'/>w΃L=M0|`Y_BɆ鬢ZYh$0"H]+Z^la$+Nkt6LL-$ *~'$z&OF)CU*4!VF?]]{_8oKGz!B*<=X4 ڷT;CVaDioʄ{e^$q1 9%Y(ƫ2^N;6khsC;tvZ/dɯA#Ӂ;1.UZG!J'*@6QͳHyzè Sz82+r]:DL@?(|ir,X3&ّ#c=T!EQʨ{B{Pzݾ_{j3bl;tmvqo@LU_W{iyI-j1ÏΡJ8 /jKE[-/@}2|LGAKE8.[HAXZL4I*_?_vC>39 ڠ$TPHY{<49#J Chim: I{vz4/RoZ0%`lKSm$:XQNE6_hH3W?cMQDt &BR*-xfF`_m_о(( u$, %yfHbxՠE_ʁnxg{Ngu>=eX9ZTp6pc|.{L5/PN!_J Uޔz|: ܳ릖ȉɉ+rx@4og#ƍ E!Kp@XC Oa +D܌Eȭ5Cj8I4k\^hHSF#x*6HX{C5YjT [Ҕi>N`V"n*ÖO?6\<=j55ӘaE,BzKj}Z!Ȩl̓}Ɍc*}"GAǝKEa*Xx١tv\}!fȫDVzFAjFI<F-`8j_n  IE$aWy`UżL!*,}1Č(A_7`DXNnQ;Y+hʗJxU_c ƱeҋP!t^:<9u/׉V@#eL P9! FD^pʻord337 cGl/BZݛx4wqw*uYpe^l/L#"z$_ ãs6\f9 ZfIö<xBBsrmID&)Ռ@ӉqmłB>)- y˝ -^q8T=6ߨt(lJ4׎5ݸ fRam._P3=Ik*k%' h7EjG'+nٯA&B0I@}^FXGj-c!\޴ W"bgyIЁP3JS v*!es1] qcM,@d0OU?3\H[[x3^LJrWc~%#/KБ9g WSO.$D퀋H{w ]o>iS瀤\G0zC~Cp}U](7r;`!)-rwև)SA$i%raQ'oo|/^v XBdX)tn18aJ|Hv] >!+9|^jpP` EBQ4b ] i̾rgxKIQT1Cp)k(!'H%ݲ˨UQclg"d"}^Nu]c{ƾ,),yYQs9[V?rۻON|Oۊ[>_${qjYO.<5|9|>X[ElT; u+2y!W3Q;n`>VMRG6w RW4e6YݚW֝?45Ńy%E ^xBJF/֔gb?p2$rr$Dqʴ'UTIGpЪ ΄[圶eFe#jceZt)t-MNl] oj1] Ճ-7Le`~5F =-h& _7ϋdyC&kW9ZA$GBZeK1nH5KL4q=|+ ѬHS]ƄU3bUEtx:9ATnaH1SXIEp ?++ޚzőa7KVUVN:(dO5ɍgKn]//E"l챎6-c?J Q#&q\Af\mh~_pJ3i.Ck)P֐!+3EG]Oevn3& :O DnޕSrZM5!)C)Cyo)ﰵTPL'{J51Qt٨y1<9`q0 KmMN@ u vZGxp\6.D_풂_hɍ&3zLY59f\$аbPߑ{ֹaW(alp`1J2 <&ӓJ9Bnx~<:,K[G\tvexy٥( 7esJW֝'TUG;,ӕ' Q9J.ȕQzR?{ΟX¤j6JZo#+ƈM b!( S],tJMEH dXNNp m˨58#;F PO_'}OǚaiUj$#Ja߶{0i/"3 XRϘ?J:ڿ~&r oxaOmzfSzi+7m3:T+BхLG>]5y,KA5)ge*H4 !B IA ]U@8aj~c OA+ϯӕ*n1`֬d<ѨdG^W[<1W&F>mRM/j(moX'STfV\{}x`kSJ]ί^]);gv0dF])?*4l`RJҢr0I9N@0 :#:b*ZWvf8Y(ܪXV is?L[&%$aq B1)Ql B*H91W v${tBHX+r_.e Ѫ>@et-}!*גIl9A+N#Lac)<w>)jF{Vɘ0\R:HD4>ӪjڭRbeh:B=[*N܋R}dRAK׹!F+\hy3S`ǽ<fD (3ƀЌiLeuԮ}lj#FssTRݮtT0 hM7'h|2q9&s$[P@(% WfkF?b"zZL _CQuCEa8Li4c^UO$Pv#-]\b $Xbv= 'H RMJݝd,[ )vT`Xbb5;oɿFrx~@xF$ȅYwGԂ(5lWN IHUr-c3k nЀ#2ώO>eEt ᆳ} fc]\WO"{Q&g`(!ef^lGwa.ƏF4c"q!P586 JYlI=ݜ*kTj1Fg4!7Qm݄ ?6H$3؁d$=ZUl)Ap] tc{!T |2/pXu01D%IJ6%%"]ý8}]WJy"q0ߙ8dtK^&ͼ9]pV~exXvdOZ!7MRZ=;TTUy=92Vf ױ)yBIaB U`7>a= o0Gᝥ Ӓ#1%m .񃺽)+Y[d( U.ķ띌Xkt T5OCdyߡa=(uB~pq EffeRn5ٌC;88N(4y\ap]|ьx;FbUHٛ +"xe,Geӟ}xntkGPy(t~*HDP!T-:6XX^/ qML`ӊǙ|vʞ(r=  2F0gKz^)S ͂_8歪_\Сp4Aܥt₯K]oA@zh2_JQ\Xګb:ק{xJ~}Q| nJ_ a*;" 19p3 I:ۦ-%2 nK\>j56L? rIurj.kPޥQpCFFL< 1el`Uyv%wsSd夛hڧ -M|'){~1Vj?ʣyequLj o OfcP_ :ך&f6z /NiBl j%oQz9q:f%'@Ig_#:|#]C Iw9H = Ή5aޖ=jUrR=C2 bhfh{^U3?4Z9\*+kLiy>ޖq|݌r|[l[!}.OYp*emFq[#\.9`0+N4<)^]wD{6$t7Ő&i#/Hi&Qި%ʭh3ʿ>΂68DH¯>2F%,onx`7C,l7ԨK@T =ͳ94G̫ >I84t1&`O`Xl 3{V?Y@Ҙ/ZV؈wb04F]!yܥ-(PAFGAcL 7f%" U/KS &'\I YRP|Kvo]z; RHѓw]XլmG]`~/Hvo{Gw݌Sz0JVؚm/:NJa WRx<04./M%>+)Qg֤N] AeBZ 5,.f?kO&RS*,y+:IEq^K"/*t} z|e^{_n`Hʃs.OE@^ :74D Ai4;^J3>"CԀ󿥽%j,\sp^% iaVME:\:S<x1Ģ:)TlOMLI3S;_fi/v+V}q=u?7*{B܎1(v{j..@+.yWa!-/ladV`E4;Ex(8:NKP."CVn!vi 6uTӖͺ lDVv}:\' xja ifw6['AF,kr%dDӅ(KD-)B(<\b+x0/F u{p|4֧,0lQQ-P3 jE $=. iK-nMq<Ǧb {b]Ԋ-y9v6;~ 6F໙bf`~g *3] VSն\ p!0sbdM<.ĞTS]J:/"w7͟樮c!@PpEG%j0q*ɿܟ0b /)ShcH1bdw+0ƛ;iav FV[ݸ `tl`$yK#RO׀|Sun_3G- j<E|$_o O)ܰ% N([qY,A]v6ktg-&#Ċ }+hXيC&c G+fU8x:aJFKEzAaop3>-VuPc3qJBJ՟/xd( A~|!es=Gzb3}D%5Cݮ>=I|fLppst6 t̸ۧWjoѺUʸdcM |8&1ȋ͔S1akjE?<9;UC'$=$SȠ(r: }u<W~N$i?41c.gX>I)dNO# xGe;2+>RzX13=jC]:3B~ xt].o8z0&pեਊ6p\9x}{C" U)Y|;M_: ] fa_ApWeY2dnڭ35H؝٫PMD@ntP,R"BB.X2"EEOM޳ƪrU앭.cKQ A^})4,O'j3_^-aD( F$ hmӊr-ӓWBV' 2Pj,692My Jx>x&qBUEj9Yq%@EwIhMB-jamcwH9^ f ({ymc%oęLM|6sQO bA΄e*%8x9W]۵Kݛ~E"pk1erji'u5 W|}56B~ۧ0f߾R=\U4I̭v}?7թTj qcFnDd{oºUN*gtTa%~㔛 Х֛_"j8HJg[$+AVT9-@8MD[d;ӘMc4JEG@CCCJmz OPD رGxdU zo"36~PnޮlǜL|i9g R42&o>I!Y9#VneCw9J $(x H$?F6C\1Sq_NɸI}N,fct5C=Q{E@3[ʺR0ږKҘ_n%" ]<3faRX稾e_,N-[v+9 $xuD'&fi ,j**͇66iX_6-{- Qsӌށd5bUe%tHȁ![6/R.1@쀛7l`PO^*GhRsX">hQ[29-b\24 u?r*\N,>y"BLb6#HSU Fx6y&%Z>ױ9l |?c>¢e0_.oCr}:9'TTsDxa* m+vz=8 d^$3Qzĕɳ;gaJk;ij_s}'0Nا#E*Qmo~VJ0t&q>|&+"|vRnayl[e4Sv PMwg)wh߂{P^ 7bqgxn~ OT&ur~`7|$mMA۲d1ywZhrȑS\Ks?ʤpYGXBoߖb/O~ vD |; )dckPü:CJz E$ %- v[.>;GXHF㵍,HWW'{Ldw͍gsZ`h>jOYiuP$8$Xwj ֞ONv P))FG+5{P>-{(a.Bѕ:fQJӡٿz(_gcnϺt؉`.p+a4q|`ۂvADsIЀz TŹE{~ӡ:J77):kv_ QAԯSТ;8IVy1 J H/~-!e PӎDvw0/d/~?a}bʂ1 "=>^Yܐ㶗K@Xa2V*!.Kɯ$x)8m],qqۙ]5Pab 'IaxTjxϒܫnᇵV4蝫I1WӿN*Ce{_L>mn㕱&g]Ope8!i,Ⱦ(LMs9!:UG'˚2¸h{E)3ǔShQfdz.Jh Y*jA;;u; mm!j\&}O䴒:)j,41EW&Ŵ4WP;C("!Qı*=,S>i_om[μMAoTqˣ T* F/¬92DUJea`މS?)e!ڙ`٨t-xՀ= a,5& KWa! eXhѽzphɀÕ,ǬL4-X?חi<щFHKЖ>3oB"\ylb0Tp ,R $f<e~Х0;Bq4hdI#J,CV ;l:Twޘb.ƥ4UwW*TFf2e[գbYsN=  γ+Zwma|QHBRV;5kx;9ʛ5eD䡒/Ų#DzMEWt<$wϛ9b竷ZѢ 1Ǚ}'avek|]E$4o{W0ۧ*se4Z$FQsuB+8SnjʔQ[M`op jDӢ-74kf=Vjo5 +F =IJPW_Ǧ~Tkl$\ɱlvd%]VkGt*V.gF܃/L, Xqԡ"p\c61` E2US1jN:,_۝je00up:)F!^{9[s v+ճ0C 0bMJC_v0ӻb)P0V(& ܱW:dp__7{η:`kt):AYxBz{ϥGG96\cIs@kK =sIdpxi2XDU~VmiY}Yلo.~2LGe(qIpΰO~p"QM~rqkh,Í1wJS1譽D!ɌR>,s WlHG9FK$ÊQv=Dud0ƅ0$rAkBu*~ݩ޼ gm irn/aYrRSۏPׂ#^r4ɝVv&b:歋s l~$Ύ<3tEgAdϾ"=xW~r#M;<˗Ǟ:?*ְԅnbX~ٹE,.GFTj|v~Ƚ8tq#k+LCYh}Y XĹ~уufT`oNbD4A~Λ,h `ga.)Hy+^|r Kl%NhHԗW7<&v!k jg4ՒK˘hȢQic!<=VKAlPOcg:]ΐ*ȃcpux._H6?xR/_Y}  "I=Yܟ9UTSļU62 ;921P@)ejpXWN*{AA ;=U[\F}kJseP$}]N&80~f2ϿU4$ Q?3gkjy}o ̂?Vo',ug&JV;:*\O(.vsF0 H-Y7TaI,DM|=;OV? bevR8J i|~ Rms`lWiTLx,x_(qlcr}gު${)p!A-xcChܮijѷ UK!jyYLJ9GRUޯ'Bc"D*!{0NeCGcK99q:7g.M>`@Z ^˜qMĠgw6%Eʹ*}Jm>/Lς2|_܈_ٔ3@= R;ژ'u>ݦ>]ϭdoyi44@  wF5 Ä(TcvL47U0A? 4M(JeP,e4c*p t׌.Z)//~r,d/ }JGO꼀`N2]cR͹wP.u4 qȣ&^ {tEnmFcB88}e*6%o꡻aT88^0ѹh};Y YP9vaa8$^,7 ?zh9- "@V6pF!X!Jvv4#HЛYT1oVWGqRȴ\r_|;`/D!{>I岱E>cʯ{m3#DکED!ql8v&aD\jx/$)5鍰DL6Y=6|U\ЀT}T96辠Dȟj6mcy==cǸ@kr:y;{>=y%Bc: 9n]k*F2ͳ!ȧ5OhtM:݅EvqdjOJkY'B saCAXq;9@jFGDNR[+rfu.(&gCjD+&0C.Hp%}I=rP,3&C1P<-8APD:WS[v|tŨk\ߩa¥ EFޓ^o`1mRFyw\]y13K"l›w|n3t bٷFLcrG]L"1$PTa(vc-yZ`s3?4EB4BYSS٦!/Йt\/W,iqB=d~;$ rqqڊY*_ӻSR3 PSGݟZlզ4-b9;0l ̬'[=%is@f֛9P]!hWvR 6.؈yʅV!nђ]'DܪQyB ؔ!z:d ŊŚ9{^ETcLFzZ^ݐ@j+KuYg Ŝ~6,gՠcOW|:_7=qRg.5>\@rm("#M5h6KoYuq\oZr#$"` dSWUV(>J !3VlIm\L#> +,ueO2[7MJFK=!>?#B)\~z͞#RB<ӝK :v*YP Е Wa2 ŏ04X \ÇЉ۹&ʶ? F)L[pTF @9u}?WZeK!){Bԟ ħv )HokO1('4 v=DĪ rG[Y>6x )J~Ƅ>)9J Љ~8B4"Rz~6s+s!wb| jP,g/S7e/ Hq䈽bg>\֧,ı雕2uUqS9pKR`j{ԩiW]NOB2 a$ ʰ/A3#s̘5̿"N߄Rh3Pǹ.xk|H=/ZeFz6. 2<XapShZ ;P4.C$.։m5@?#J`AgM4QqU?P>JKR{l*J! 4MZѵ)1Sr";LB^Q)!dE- }u@ "]s ɰHBAO[~O?V2<|l5'|$dUjlD ܎2>T2^6,3,k@FKR&''& 㑈H}"3ӘOj0QWᷚV/z/r 5g:.kQ69~r۝š7|7Uu.c3kvhIU?A»1mȎ؀ cZ7NL&l ܘӜ`~XxGM5(|D­_ve#L9n+qڱIڢW7ɝ4>Hu:l[F yɦG|"YU |qU_Ф,x;|*%0zȑVl d#PygL SӏdzRfO}"6s^,MgcPKϦ%}nf{OU_+Ǐ>'&Wk?*)R&uAH7~(pƦ~Hs$vA%g]v* )qYN P#|$xe!iw(sgL73ױE g(Sۿ`ܝnFImW-xg0+^ez1 UڪOZ'4rP o V XyលLLND ~eKHv/Ps"խ[m!խeCj1Mv¢d״D_o}N!(DEYbկ %BR7| ҆tqUv, n~pb(/7β. R;Mh(IG[G:F N}t]$%8@ 0MΌlL&k"Bm2JV"QM $>ab ]G) ;{N4%==;YN ߰,P|OP$.+{%Lά7qH =N.x^HG{_u),S+b 쌵}C/%CLbpV򥎽6/YF3X*g!ܓ>Lae ˂~7Sr t +ԮSQpz(8f+ &<]mƼ\Rߖ;L CQD5/1,dFԫWi4lhSW+ rz-{>Od!jYUu'ș@qqRVIlTᩰrW%^v^A,_TF+MmH)@x}(U_1N=W[FJ*/2c?R'37\E[:攝y܌!M;U2v4AUWS\y \8Z} v#n⭙Y (,_P[d'=:xzY9&#<+얠 DeBf;P_$3glB4K`eΞYTP!brX,a.z+aco<kQ3n1M[^>Eb}w%m5,Yʔ)"AʸHc>vnBډRo;$JA9=7OЂ9  :>ӽER`9;O`HfSԞX%bZ6e6ATWp잤cfN5! Tn&[ @<5WdŶ5pu={47qBLAe=ܿ*H}s Y?LhET^Uٍ7%U,m˹3j4#lS S)`[9J>ƇeA~^v-]j$LҺ$M& ⡅p%t  / )'Bt! ` Zb* #WҰ4r0}Ӿ݀D|:V3f!phC1])1^ 2s:+\ Ki!A"f21z`s" 5N0Ocme; j*dE}6;&F'铔j-2!IPϷqo[4b>l{'XFF-n`VёVWdMdS[Q,70&Hė;W_(c7{S36_EoHć\ZNJ]J-*?tjQA*e@Mw9CB )OMK]{ bމ?<j^ڲVV; ^&3ϯhb<:~3ZGE:G?wB^n᥌x,Jr|)ǔluQ q%e>: ch4# lf(kawd bB , nK\nǣ.du"B֐"C4 MP"ڬ3E.|>Ĺ=U0Fw9@PիǢbvuٝ;ܿ?#v[R>5B ?uEQ:)^|VuOUn"|5t7{u3uXkP >٢`*@357l0Qv|TR AMp)AWT]\S 8mٱJNom7m%QODI!bۧ,mY/%e6Q`!Sh9uwtmh+y^EA,3.p߭ gJDoF&K4d6!D]ZgL{B 64)Ot'pn"Bx>~ōLВ͹X#RR2!M8ƎPQ p`C٭kyIƈ/;-lq?^'aSUR*D=jH,Į̂ߪW<3P_6Ҳ#'5ﮛ̕c;O>A IUXÊes3GBZBpAȥ(=0U+ /Jl6Xz{2P4`ͪ buGUق;h@*ۛDCڨ<7,ǗCmç0ִߏ\t맔`qx(yDU<+J1 5;TPPdKseq~WS 3/OTVݫ 6³*(wu)jqX| gb}/򟱇@TC<)e;n_eఄzۜV,G8f*)0 ;SmMsT~o63h`0g~=OiAd[ZAW ZB3xoy#L;~}>1%5sޓP}V_co=$`j&m  1 .JKL(,tqdh3Occ dɗkb.# XqA;Zu /ݞJsIWqRw;5; t)+c~b'qYNoUXi[m۠,{KxL uKNun.ٱ>{6C݈iBxn< klWjMTO,Q͏դ)z,rޝT"GW2Qu0Z>x!C:q; Y[2X}=edMlؾ 8/(<< ]M"Ñ6'sHlX@9(ZGz{K 8SM^˨{&dnBTWq:)cI|u嶹5<7Y)nmJO/k3H< 9/QA=kEsgZS+2% Q7c'=t \eBogTLp#U,#ZYηrOw8B&qVƱ F\L\4}2+B7iJ%rq=Hi(%o+Gl9-EJB M7K1zpmhOh> ) F_5_ baV,e-w+{e>xA!TsJwpQXX=_`pنoΩlL =Vo!B{շԓ2:Xc=~I烎k.k"B-2uQ>|AG֥ ܧh;[RPێJTJK p΃!ΧJ\]7B+SB =٭VԼǎ SCԸ >{ٝ9Q? æfrr0oJb:1^ WX:NqI7Hi(3Lվ׊/]~9IJw==Qc>D!^$QeƂaQ#"ZAr&EXU/)j|ρWIs;G&2w_T]HE|ط%?eJBǗ@Ka[l>3j7?Ij(#Vwʯ)o5;IkQew3RØm%ӮŤn6` 4X%<'X1U(@XD+v;_*Q*㱆j$A6z| NEG ?}?.d &<̌AڠdQ(4:TV-GJWƤAyƩ{awf"ē:VY xέW8>-*g~3Si(nr랻ˇ<Tc8Mr'E1)3ܺ5{[6QL;$v@La~3JbF7Cji}&Kv9!L_Bs. U4(OUf5:@0\'c%˂Q{ a-f?ǂrv3LP?d[X4رdG׼r{Bb w#[[R4:]|P+U%̝jN+:>7M7oH"<Kӑ2WlV Fab稕66J'/.KR"4{97?O(})ذy ۾?lo]lQ~`\1:}ãƮ"~gNX=˵ iڸ|9>^ a﬩ozTR[@yS'pz;ɔ#| UfǘkHPC%\;-wȃ7:~Pil~2#4z e)?vhٓ3gZ͡xVLL!,9k* zq[2(aUyCc_#c y\R &5c%cZE% œ%D X#5֩y ν&m/9HAf*1g\c3)k0G)n(ijLs4&z 49PF4;˝ v$3.W5q.[Z2f8HjZ«3o_LFo™?W 63'.i ߚє*L-禧M9~Nw$-X(*r!DX E Yʫ)9:^OմRkcZv>F?;I kK7\])Ho0Lb@l=[pBw?,}zzy-hQ;_*iaJ\k(+׶@ RtLByq m}[%:F&9+~ޘDъ;AM`cșF,ǹ/d>jG~fxM\~=YHbgy8\ds!;F@1U( afKpj劦=}Ky2ܺqfض-j08aZ=֫Dd ]q| H]0rbp<}r a2`5鶌30d<;],ET=Z'@W 6ݘ!4 Kttˆ( w?T SoycGڰn-w_Qz<ZOQoE/Y)P2"*N)4"FT(di%%dt[NzpUu; ƫw)Q1X̓I 4!S Zm nxLBijSo(LJg +II:źyFk8ԮZ;0t.=z;pS_l~nC-5t&Q9n\A?848-qc ŇqncB(m؏vp4zWϣEOHj{H06C@T4' @& *{!U9xo>f uK.Q2= ]*B=ܪ Coa&T"J)}pmlM˘Ta#׆S%4Y,֮ #ҤR!8ܱD y=<$2̳Y(V[QÞ퐌<+$> bx&#>[)ͤlhp/mWK^uV.| ţV443&R $ڷGgtn 8дWc9A c`C/74)VSRe<`V={ f j㣀tY=H_+u3B|"=14f0kճk07~jJv_hgmV:O|6yL*I)aNRWS^iLG@_0覛g!ÜvF{"UlCjr{ZpViKIJJiBuU r?͔g6F#Ҝ>`wS$c_A;=r{ ȁ}D+Rԛ)̅s HصT!i>V#v⧈1 Q[ ]tؠa`aƣ, mcHO2Kd -YeR:n5*T`NIڇP:Dw6X-;KO^ 9#$5AN_(Bw.1Ur,Wl"YlUICx!GL+U5Rոw30G*J5ˮpyc򛦇u` 2 赿g.ԅzavqafUɃ:J}>($QX||Se#M &8"azvIN)hbK4GTۦNJ+Ca.W0] {pVf6~Ld>'=JWU;f1]ai^w -Br-K8MW%Eܚe_"B0)ސ=E:ZxZoz%Iu%i W~_irr(x;R,$ۇ5nɽ dLs 8R{1| }9^&.)1 ~L䊷tm5~IBU'eܤ@qh1 vnu,jPgƖ?63/dSGM7z  /{t EɅtz R N@1i{n ob@SEjXNfI[9pKr`@Q&j(ΗyEVJ t=`K$#~jN֯S4'fɽp($-F&HwLTU2>P% Y&d_kj1 ˌwQ_D|{9= @e\V`?Q'M*zOptͻHOL$,,@4zt@ӻ,S4Pd٧yFte%uqppn> `Bx<7&NS4o+ 笹6p 5_j#n[v;,XhP@%k΅П2ZTuR{:զ>y(_aJgwiR`0Zֻ?U2@*p|NxZ7[ÚhQ,|XYw,'NKȕS䈵ͣSNnB" ݬʺ̧m O ڕm1}I(+===VE56v0Xgjo~&='7FjHZa a"(n9pZ; zq|u7]B" ӧD䵁Ҍ- LcDf.lcVv2h}$6r/ 7<)6 @*.ӄa)Rߏ}l  xFvIy;d*fL akO%Y~HFj) C-yD##o}8<&ӎ~)p]u9g..)W4i]>фvJÃ`aN#NHWy0UQ!YeA+;џu)G`]Z!s&DX1t4?r>Jl&6MQ/ͯ&W]B9b߇p>ZY?.*}yxbFD;hQjƷ `량+ԊS6TV=%j b*o ~z\ Jc 

-adh""R^pV)`CR"R*'VHQ(g.A{S(<uE =W%jHSO*D3 1c-fPljek:k-5JT})Snan* bWq`BSíS8EWoׄJɓ'x+'mup_^U*  i9p؉pR>s31A%mDAe8:g?/#JU,b1^)z{<^\suV1DI,S"&37|O,f1 r7}vz59@J(w[GosT.qYiJ]y{])-S2'23eROUu֧LD~BIX/9;ΰU@>091^QZ +`zᝪKssmbT/ -$^ᤱqX, LqێyC9+hescP#4U! Ȯ1Mo``Jpd-pqHCU*nbqiJYx_ '5r 8r4.UTDѨ ñ\ԥMTna༊ Ѝ6Vڙ|2a֑7@Ho&<6و'!Iw dh\D3:+M;b2b7{ҙ`v :Q&;jv(ozu<0H@FY dבڷA֜}+]{ '7`cY+Ȃ# T-m뜌F@Q2oV]= qj  oێau;SpuzM%קǂuwYuᇪD^Ti4I~~ȖNk齌g=2͐Tt'=oo;;Ti{٪k `k }ozAҶ!-|z.[`m7c2&S-y%#ӇR=]ڒC?^bަϸFSxLyTג7،X{i U jW|>g 饟pߛdxMB&nTMBQpAyppV d6ϭVgJ%ͻ'^LRC8֊ۖrNnez )ЙxH/h}&oL)M4s1-ACh>SK)sQYͅ_RVko$?'M$^#7C3Pv4a$ _Qy&t$xk?cr_^(rlo|.X9uQ\Ѩx,%uց?}ޖsLT$,XCT.'Ž;@ UAIQi &gM;~@ԋҵ5n\,2ylwz£𓗭̍1YyzL.5 y:G5 z}h#0a+ʠGEԆA2Ai$|/Z"_\( ?ٹzX(hG$% ZTgw[V'II oH.4! MH٭_B>4z! OL!EHQ[hbgjRtRp&"X@9¯]alMrN Bs=dڑto9`sM, tz^(c=XlB֍4>KьIGJ h9_9[1B"2.lǧF֛q EZRr~?!WMx5rPOjx5oXGOW)hsIVJ,&Oq a' XOݸ%{'S'| []|>jw.[-̜(xf>k1Q'W|% aO5VKV3N'l $Yj*|^6 жx\OoۗAZIq'w|ɎHMUxzbYT 讵,+K?yQ67h6xX`^ oXj M-0U(A'VQ͸<$ 2< ~w % 5EsH"p)|2`n iƦ+WB:53g6 ~[ܡUXeOT_f7O)i%n3"KY?$P~4!tZJ_2D5'<1 O[qF[p_Pq(PRr`- d^7)TLXUge訔xtcpt~ѕ9$#ON+ RއlhC92 ](*\(7Sאc[1},hFwܭlO J.Ksf^~QjQ+#[bi&-ǐ# 9G(,<a F[9}D§cS +M3>)YKE7^dF"V̀-O^bc3+|hej?b`4k]]b_k9}xaKt幪»~؝\ _G*Xgi0"%4#a且(7p9LM_ϏցqSJ,m %UywH/5r-kLcIbiI^B1~ID$%'rL|2T{B7HD;"~-$JedZdHroJ:ɤ@էa6bݡwZ .7Ċ'h8!p.1'2xC_q="w^0Ͳl =cdL{9ϕ6:`/сg;YZ칣6(5^7ޚtObE!$/-._ ZSBW<~NP72 [9. Vx-P HԹYp-ϫ)1k<ϵKR2ܖ3>(h:E=ejYВojM{" V4{yu'`.Ff+yKq.#]I EwtՎ>-TH#L` ϢآوB= :zL̝LnF,3(PЊ򼚧S;>(sRýEfmMS=Jwf8R-}]^u@}H|Э ѥӿ,;'7Eyp?4Bmʂ:fIN)~nCrW:C2s;!LYzuwi7~#V+HIҊ:}=NQ!ༀ ai \)~cv@3!/-!cݛ 3n ړg' KveK.C-t*&W#yL8JZC{IV'~ߪbx ZL *oROUNp$%fOmpX;HTBesK_*)Qfrdjs2}J1K=T@PA6G(R/Yy=7-Zeٱ/M al ^6ݞZk/bV!W4t!{C;ט-[2MDLrG <)6wD%iU|&b/Qih-]WxM=ޭ= ~aozyU_j$3P:\OkU2=$cg DYh 4үM*KųX)ilJ7 L~7&@ B%.# :{-*82Y(bnS|Ӳ7uuMZˣȺ$fNƭĔwJlH,M.b̅B:l!dzGhV͡xBt4 ?Yt?7BZ7$Xh0KkXQk@(О:Oz/6# AQmݘޯ$sq񣨅z*FF͋2!f_\U^#,:h:2B a;8r_ӝU2P[4kб8ml$ٛR]YzۍYäK"޻PзGn% =<ͩņR;;,֕ml@߄t(䠨žO=@Upg)O1wT 4v—'^{G!) Ysjӆj3|>M0K&$t)p Mۖ?oso4ݝ%{]wR.wz2/~uq jXUs+bc}!ː/S7x,YZc^M \yBSި?7.ۧj/ M(Fj#+BJzy58Qm:tU=#\`"LʫSCF/c.:s @"Ф(fa&֏LǙ2ZX 2\RU) 2-W \rax 2Ѝ}/a~Ba+v44~?:K`qFb f.i2H8M!"sYvt787fN !,P A-@á!ECoFF &7Lƕ]R%7ާ[T-yDĆ+TDޚ,o[Қg:zBϖ" D$E:/ /A2nxFpɑ+g 1Xẓ`59X5 δ=Bp[5}Ѵ5Y&q$^fEϮ:43a\%9 {b<@P13*pLB{d>x:{EWhmsxLQDأRKa^젊Q(pq8z͢gA5sżra%X7U{G=JacK=EbxZAٗԓ*3O?$e@> '|?!ao%+T|аưUҬ͚3n kojwC4 V&9B \f<ȁa;\"0cEhk'IY e8i^^ÌSb+[MNP0Dwp#rGԓַ^RZA(W2|N[;KQ4 9Mg;;Q7O})pWSusb p{ yP3fIeN 8NILRaHD ,93)5*2ECF$K8lXrn\ 1/D2PʥYl4wLGG H<( F-}%D)@Rk}hX*GCKB*CmTYyc.ٝW`z䎦a +#W_SO mR1*{7W| Fږm4MPCZ=Wi"/\㶄uUe#.0 4d<WG\,%XDkLPIdd,)#Aq~XhF% tz&/D% q܏9Hu)}[4ϫy#Lb2FCpx#}Xp3|GW!˛nۇf݅Dnq=oQ\~t`W.v9бB-r{&<=]=>ɾT2ƴ Tf<[09L=P},x/Y6"SPc˅  lVD Y)\ղ9nb7hE$0Cx=iD8U!mvbjЁbNve{O(Azo-qZLMzb73=MQU=>F3k`Fo x nژig 2>-vioGyYkq\ `hld'ɳ " %KhnJ8~D$#-2_J譐 S"a2t,gg>=h9{, ;24m_R8,s 8![vtߞd0p W$xL ~!4UJˍҹש}tS~Ñ=J~֬i)3!"˛+5O^ՏC0A\=lN3o+ׇ|rUҟ=THl iex`S!I'LRe)\XMg6r7K1kࡺae6˃ xc cc\w\9vd;Jtv<a/+zh ’a 4O;p^;B/L{_ZQ :BV>d٩0|dn|;Pp˭]ذ٧HBmiT)Iٮ^yzxA'K4lpӎ.q2XCh??Gerf bW!_0`vTMBewD$ADNBt^Xxu3A>fX1 }ex`||%AH ﺊxBA-|XFK$YP=5HZszwR~8Wr$s?RkO#u.%ݝ wW^|Z7AT;\&5g `f ԉ9chӷ0241kVx_4Sm)%{Qb-)3hd ))'QT{1}p@7[ss=AWEN4kAwH)9$t6*x/I9Y]4=ׯK%%%aԨpwgl+>1P_W-/ Eqi}f:C#cݣS/ c~ٺ~cIbAߗ(sl4~&%^?D;35Kz_*]czotE/||IRUƔKr I85.ahShv O<#gGzxLƮX)iָi+Ft4,C}auIsuҁc⼅/7<sɟ:wzߢGgY  уZwIqdP1H_ ԊlKuw|q=x LOq14w>=dll"|ee<)W9 bޛi܉W,d&[svP3, 4nTOQj ~zeo^aw|B]!1$fCDLo Ȑk-N髻WaCRTzSO4ڼ][%A%F{l!P-}72{tғ,~50/nHL;\:$S侗E5ib`Z5fR`f-sn0jٕL4~tQNtrKLG.[*WDI aKMr cƙ30 a2[0LobE*հ! .[\_wDOu0%6GnRq{倕ן&Dʤ]P„b63yښ:GfǷt{Y,8,z&pS"qIY:Xnk7,iS2ԈM`"ľ[se<,x mh^Rٷ4Ms 0)~&IiX߳ ;C~4=/Vl otHM];̄i %@23%o8\&We:)Ro o6.[uANf 8uue(0{$9GD |2 N u͠K4/e=@Y>hp_nuE|JBs-j2 [_Z̍`럞Ģ"HlD M=䉷G <8>ѹzۀ9[e)'ݔ([(}XyI= 3ueMPט2CZ4m5&3slHuY=| *Yd^X3T7Ⱥᬤ|vƒIQv` )`8)dc3m! L#s`,xm&K6zc4͖B"wڙ3g%nH&B%(ֆ.2`& .#F?-9Zأzŧnr)tOC{ NRb1D:'Ȏa_F+Ui>EؤDkOäw]NgCF#Z^[ƌpo`;C+l`^v74`[,E]S튊"Zc&5ZT^o:D;J~+mI-aȺwMn1$ZkZι,͝䲭ׁ(T-KeQBWmWG5[o)P[F:=:`j +'FvwUG$`$SVfV>{x]2¦n-q- oY%8`,Ag8=ҕD _ě˸mz^ \ rتJ zLd_U1vrA"ak:*Cui7h`y6yAߗ M.u)}Kdk)E7c >urrNM|Bb֕)QxώT9YEyQ 4Hvny&.< 5^DM$aխAê1}իk's4޼npqV?/̫"tӝCDkX1YdIDIbϒx;8yKIq Nɉ~(8O>QL>QN1y.lotb!SunEf(Yyr0֨VML6j9߾&TYĬiތI&EFkbniKv-іF zňmtNl!׶6sXNjmL0 ` ?AHu2g˶Ap_X04&k"vx_;΁&zNsl#[ (nqɛ~0 j]-a G<^#+=4S|i=[Dv>P~Fwʵ4$𠈩.$onnW~ț]a&!]|tG< bWh 1O&[wn xw $YU̅A:BmB?ŹgLK3RVsLovNo6|7hB:&S)G-\?=#w!B"4C8 $̳i.4m:y6 \s78n|#wzgbO/>[ERKa'Kz~_kAElzx?z#xlwv\Ϋ7``CxԴUxWτlIZ5cס RD3Ya'/APLn!uNu}rA UCA#D=>2vg&iFO/7 0)>UNsv;_Bdx_6!;B|I#X_M]҃CU+7hMGR00{Ē-ʪܣ @#Bl,AG$y.&$*, camVqiA}_ñpFBdsc( MM߲P9&nZpױaʂvƶ_#MM _o`"ouX;* >l 9GT$6&Đ_`Bjs!=GſT0:%jhE(5Eݠόa;auXBD{ѴcXX?i6Gq_ML {s ] pHWk-6HD*o0٬Ѳˑ/\dz:-z ahH4jP3_XUW p4{ ϱc(-*ϱX܃MeL!@&k\X J%w0BF6Ezm₩,tP=SZ 8F6X?;DmXW鲽m 6^*ߊ<D )`A3ސD08c !ʐhd=x~"w놠"p_~HYA+{e )$O$)1?[<Ί`>]P k8Dq[c4 4FԻ|'}͡Rm{r*؂ LZRc#eڍQ^$!r$L״HMds=PSLΡ0"v(-uri7?HL9qS <ˑ3sc.wT<`ܝ`cT_Ti),⯬dcmxxF=Z)JLB);B%5С,_-u6UW<,=0D˪ә%U̵+!ÆHX ~5nu!>c[|6+RO Ubw!P-rBڂZ6}08ϰ7D^3SV.l-CrM+Z^` ^sw$AnPTI1Q.dgOϾܳL!<\gcA.s hW}៵skv[C9]wԏ?9Zȼ@BǷJ~QkuhS?g䦈U`F6Pd[#CY7([٫zb Z\GD^7?5NdtZ ojasGJ-[,X;Cq)w:1lvp5rFbQtڪrjj vuy:tĸWVzچb pCC~ݜ!ؾGU2X00+ Rx"&-q22i Ε}i@0'R̀ꌓ{OKʎ&{$D}Y.aX8K#=2ak(%4M2ozCZ!r ֳ?a),{D (|duY-nP~T/t~$V!t&ʖZ$̆:}Tk0'C- nhEftW/US ᮞ'iv湗2;a.'z‰wv3Ac2T5A2NM p}/$#6|?\F*C`JaN@ w4{slk5?qUl}#.j5xRt2uI ]?h 1*|"Њ%߯z/+֭z>>o*[Lb]ANԕkzKG1ܿ$3W24?aZY>{\drUMLӮqP)3&uv/sQGY/8gS\!ShǵSU$5C1dNW>ڴe{A|8ְc7ڭ4>G3WWPH8||,Oh@Ȱ?V n 1V謁N2(`Κop k+h!{Ѐ}6whð' FDsTNL SuLzX#z4ާnd~ZUTˁH^]yOEk;4݈Oť7[DT̖9{#ݪ^ Α\%;;;#F -A9?M 'kA bE) AO*S"4?O $+E0 JUfMJ}H`բs Ӽ[H)G[,C` ʞ0ֵ5Z(86sƴ"O6rW j rڹƢ8tRBC DgبJNf=X:}"qѳJaH">.}74 + b, af++ X/ξ~ U2zw̫U7'5Ϛz;kݿi Cʀ*)l҉4gzp.f4n>W9@o2=]~9+PBp7P#[\<{->XdnE=-퀘ˣuwb*@j̷8Ќ@kk$~1tY6bTИmLoL}G8 YM]N!'﷖"Aēye\oVyD+ ŏ@rbG撍fĘOH^W9Vbwa Y:? MJOgFx˔UJ+^֟R4jRI,#O6בYB0Oeڱq U*L}[kߥ#_s}gL‘1gΞįqA[X]\ cmfX[5V ֟+b8xxXtW:p O ~HgC31׼60)Pu<.NuJCˁxok |Y\ v\huUB^ $l%$ xZ >:_̷#rSٙ ֩BxX uVh@^0+ 7 ^Y=4:(" 9֩d^U2gŷ%4(SXU`ȋx43XO!6/m[P}`=10 pF FA.stĎg9;?b۹q:7gH?(:;kxڳT>vϚs;9-@&*iOg.cj S\BFEkE{ǢoNfjD+)7Ί%'#E `&Z`4`F7j;/q?T1{ xm*􇪌m n5:s&I.!wm-[>)5/SC ϸUjR)Ҵ4ص 45'&)آGNOS\2 ZzMM ~*x 7ș5֤H[m.@9f7G=77V+nL!G yC΢w1`55/z2 ldGc(,{,®x.RT\/XfuJyPI[9xιF/PDF%&+NϠ0˶V\ q_K"G?Fu ?8eƤQR;[ e[k_JM{f(Qc4)#q=6oʦφ?E4UX˱ ,ֶ^: 4y(-sƶv9K. ;'M0>*-&#p]0m?$/>^-g$b&IV.6ju`Q47yYP|/N]H| ?:X^,,KxU(lBݼxp0/ļ0X9V|)#rv8_[1$z,6=͟= 54_ܤ8fw2,l?ƒY\Fu}3^kpSue:eX|cHmLs<ݐK2ml\*`x٫C[d8 s$1BqF67ﺋim,HاieF:y* &(6E"6ZZjd"*m"#%܄"" vڋCJTO=ca*Lk1P"8} :VR*O d'+avL9 O2?gH 6?g <# wV0EԹr[wRfyЀsۢ3Zt s00i`gٳtJ{7rC׌/Jl9- MR^4GT 'k MÏAi4K-FO5в։yոW%r'z uտ"Ѝ9iম-ںA'˦|,w䁵óBs"k3A5i ۭڱHFޡ RZ]9Nʀ@D+MQ}+l &KT|Β@09J[i22?+j(ȵ J\ j\:)Bg!]pU<$(f h!QO ԟE@{X,zlh}'p QI9l5K͚`Mx% 6u_w7,Q ALiwϻF6|2GM5 罚T4a'lGw~ P/ɫP3YI}ŦeCG@ǂp&?AzULjLmj *Ž~Fiص W„c@xL 1돀d|vᡜWQIըN`ڔbDP2ѩmi{iT ]R>gEK_#э4{u̇`TSԟ dimũiG:"9㣱LS4,覣99 7|}Pꗃp|Kt&օjgvj&zlCB))S py«#WcSm8hF2#ܻDިlqBmp mn %`R>ms;ٺv3^C+[[" EV] *:T0d0}?\V]p#JCʘGI$w9uxxƵeB}ڟh[ c[Nk;*\&p]փg'>+Qi?2ANW~!֩o֤-1*|e]О2k3`U׳h:6rr.LMȨ{`#esbK` 5pHӰI،LI*Of-t׎'O:.ujkfUZuG%;V b@ή2'_vlAh4dM<Z1}*sՈ9i'Ma`בCoO<_ WhV^4uC8wRJZTQD8Dgۯא"HB#1~+\=o%w$gdđ?"$ <\!XٖRjFMu]&
\tޯc >v&˴g7VHu̖b~-&e]ws΁݁wm&Atgfw.psqsǃXv[i[OrOlb!|;5;4A^޲Slnï찔 p/f3'8Ö(o:aF!V`(H5DkOGWDW S.,O!W f= IIBw~@%`R3; +v[gM;$7ϧ񎥧:x>4ץ:x̓b d]&1%/69:.N`;2dV,xA 3,w 46[0zi}kl;d8\G)_>qɄ.Q,\?n#? X!&<5ְ&zFpM4"ώu 8A/M0}aF@W]&?6Ï"GWX4VYH0<^_-ZerkdbAYEp x.a5B2Zo2ȩc6z5t{hޕr0v8u޳J囨VReaRP9F&ڰ2RF?g .W:05\Gn0t}'H,j ' <|?i5'Rad5lY>6~@ǍRO,$,hp*-R̛!l̚DMN̚T]IdI]oUi0r1ئE]HaZSٽ=J$6P!5{;XwQetP_ 25Z88Vb6 6'ۥ ͋ SERg ܛx/{&WM reKǗWXg4/%PLaHBja3S HoQroQw]3vxZFhyal:$v n=#EׅurRD M'/qmSHc\Ehyu+݆BAY\ofDk$=M؜`ceph]_o 3"Kp ;+%G Z[KD+Jca $g3"XYCލbYQ/q<)7ifjfߦȣ@` 2=,Zϲ5o `8A,N7cNH[&CA( Ae{33{6YM rb}+IA$}PJCߦFb5@zz(=ӾPNG1<~-h/*$vnP(l,.'!:^Ϣi,>zPA)|9_쪫Fm?Օ׿͟fkɊUax+ FuT:MH_إYX$ZQC tE?2+X/+غCMhw s>kht׏B䛊xl|^6-ܔ|R;%I$tD;= Y^Ep O $!+ ԓ]9梊'Cbr+%]P;7T=Ġ =Ysگ '`ܿ8K*G8ixgNw kfc$Z:,#0rXEj0;cCߺW"Q;訁z /t FNrNBN[U_ ;LƽWI1љ< jWi9N0GEn[}ErD?&R4qk3U]{֕1F.ɗbk IeZI0Bw|>YbT79mƃ}@ ef] ri+L4-eޭX+J%X$χd%q-Y!0`:t8Z $L[ b`/i? *U,9ͳW4i~aS|A %Rl+Sž szK 't1S{il'kv)bWOšE[7]o.c͗u$$͛l<JbʀW_'rWf PkP:!إJ7Z]9ûVr?;\ѠyOQM}j}oK!(:$>r%Wcq5̕Wv57.qϟ$Xє뷣<ԃ.+w":!^msʰB[KxQ<3k,̣ŕϼ.ՙ*S~_z `zEZprJÝ.耸]6c1!]KDvn3K1 ,6hژK#!,wԮ>D 3gV>gP8Jzx4'#j {Zh~"l|5dtaQWTM2@ > 9=D4Ƹ<1C~&?c?O UJcF#Ʈ3~hV˺>ΊߠPEK. Cs7//iUʞ{@GbUTI<3 vVaoȽ9Lw8n"/HDѪÞ* _*ȫžmjvIDWOjfXe{T!Hl5 Wte \O؝XN[E޼y POB#|0Yɼ3EJީ<"~cU4JS{%V>7'Y2Pqc/))n@gn۹̾=6n!Sc$` W c=MeͪEakP 渼@@,5֖/`v*2aGQFVXTUⷐM0wPB~]Ief̄ÌW'FH }҅Mx;L_BށCNaԱTL1o9j@ޘ {[wp(@2PDe.B[/H,{MPb.6_ v%3'm떅lFB.܍!=9 S/)H)X._*s5j%ŤzY `.K+ #`}ܯ 84s!Kٓx9^(-1:#Ӧ:grhc@M&K 4Y0\^arQ X'||W=oIV1~rk[?U#0)5NwHT4),/!Ga-Gc2#dv^H9b *' xHpCuy,>ZSaZ8Ώ*߿CmyL $~Cζ8"pMSץ'y";"/hyjuǧ$4x4S  GD_4B '4")ƆWZQ(=G+cgKJ4URr~Kk*3H i6_wu}~HBE?Ndrc1pȝةTy. %5]ga0ݓDgQo9Lz #[c<q"3J\1 dNDU(Q~l]0Or?Y c?<{@W[Gpq5\Ҡn~?\U`Obkؐ~XK&Ek@PG>u% #}ك.Õ޲R., W0՝A7S 2PǪG0-onebd<|1D7h |ڰGqԐ,|tPE/KjkC}風5<<={[^'̇RzƋ\_pxlFv,v;/xn[@H!)ǯ]sYM- fS |<ﻭ>9(WsTդ|.{{t`'ev2U8YWx*[d7GfXV%XT=BU *R1(͓ԑ`9E#E&5jXVЇzFճ#_L" e*ؔ;[=(Vg=hcPaz?^gPC;LPX FJ&PWo {V؛YO:C0 {W9 ha dlY;\#nwYjǼd0U.0@4);y"V%.D׬,oB"($VKjUh} Olb4)t3 >|$ y CB b 0-;%QfzM8Rߔӄ)Ĩl9 ٌ g(C]dX-#־kǍ-' 숥0}Ju3YtvfcMRSiGSs.CErzQބZr qd!VzTX[h҈^>ȫ๹zɲg3.<6ֲ$}L.`"Q+wI]|m[!8N RF@92JSO_.$P:{ܼZJ4u|1*u* H@V&6TDRBǍO5wOWdgAEYuX_dً̯?0%M֝I:Oc9}7˛ϖd?0UBp;R7!+J8J0UT{8ʏq [[J6Օ+l[PICYq²D) )pщϙ+$:UXn~5\RH{+ePt3] _uuB` 6E4m^c6h o9b!2ʱ7,%q!C_KV %O+i&~tJ" atq?m}=oS 1>"Ί_Y %StLrA\)]#V95*qiStb,ҦU] zH쟄/Um޷Z3F3C}TMAL h/%˩+<><,`oyMNvENĕW_ޖH%6):/Ȫ!}n[t'JiTщn׌x'I00D%%.U+vbv}ybp\7Uax Ϋj-ϱ;8+*=*"$ϕ'u(7tj?:8'*ko[>AQr4?B *q8 ]Df_jHv& hBØpKf3I5HNn.m9sqp 0nTkHݚW' -!pkZO2*dq~ͨ8`X |e龹/kT1 '-QӈkW$XϴY ;VKJ?07\nv5Hb&:Ƌ^`#ּg.>]u+RZ[ԠZdɥWA-v REH y-FQC&GZ5Ġ[2gW3j):-$)џ93@EɁa^Ps Bא)Ykc=&;<ۿtkFBD2r&5*!3o,z%gs@ό^c_z KqqPkC4Y"%]7 Ygw>vImU}{yXз= QƢCg\WӔ? 9緎+:8rQTQF֚L64Aw({rv1|:;ZWR~5XvheTZ 72,xK gn{˞0_XeެhR;C <Jv`:A4ax&I% Ȗ IWJ]ȝ VD"b }3{ɴIrQlwzK A"1&`F.$&f %)']kIS ˄<|pk_w ?da V\S5!NLNllȿKNmh0]Pb]J &%7Dj6MVkW{!FCg[ˏqgMU1}as>-__2 Y1iEH7va?/6gqk'`-GiaI6 }ר8'QzDSлrUc>@9;ew,[s &N[1 YBx+lf7Rº%(S&xEP,zK,؀J5 rn*zOH_Sl o-*Y+I = }:**bYysm~~$V`fŕ8O)B ؕWIE1_w9z})5Յ{CE]F]?f[NVPBH;8 ne]㣗j-cEy/y'@=n,vp>pk c`~摋1ݦtB``ۨh(F qoǝb-m@TO2=(1ƀ(IKruFI{ UZn );1 dחqxPתǁ@UT:JWq"2 ) 4:ٷ KE΀grܼKfCJD M: 6-jlf-gن ?PԵw?O+HW5&̓rƔҳDMhl0 #%_։{u cO-ZK0 S" h -nQӵv;ٿ` nw<(::6}b]8Ѽ~#1Y^ p(q&8gJIs)w2v+YT(!f|x^v*Ƌa2{])|1G7hwǞk; Iͪp;`~ኍM:L7ϳ"ɞ,^hBlJe{A,||QdMh++WI0j% ˼ 2F>1|ჸlʈEg{7Nw^kl}QT{>4ªɰ"hZu0U9B;Zl ڦ)Nu5}doqgjzU%i5K& *?=M_l5=fEKk|H76҃@cA,) ^J{#.Dڛ ׭szafG^ fzl>=>FMHZXS0T[fI;ng6;<ܨh@!*"ycH%k\Ůh`ȍ;팖gmobW<ͽe\d]6ż ]/7s( eX *J}G1>9H\_ـu[`mzx )Mu)9X ٱ>@f[2Th=/mt$]87Sn)Tn;U@yAVW\fR<P/(oen֘]:3g,'^o mb[Ez|J {rQ90?K<YHS 3!\z%kiįϳQBuѕ4)K zY Ki=Ew$f T0dzYjAX:h&m)t0>Ud0.go/AB#gT@ǭ72_t ^T-/]:!#zƮ[L [:+L 8s;Ubԡ@ލq CE薂 yb~'()(! D(<. |)>TZ;bPgMdpYTQfxO_Vgx6D%ʓZl>ҦlK5;:}d;oU)=.5ݐoaԩ[nY1yYȜOFa/BCAؕ!|Cf:c\(O :Yfpí) ڂoȇKm/޽m'GyZr*3S"Y c}bD2stWF(}Ќm<P>G'28T\ &9-Ake\;Hg R7OU=%xul,.:dI/OƬq .yh6U hG;r?߸E M~&~R wAo2հv\ϵ_wn S2gՒi;gW|3|sE}4 ̾55>;_-.a6%7&wĊ=aU!SR'GBxIj$ծwڶ,+IW_Lu2ǑǛ3@tp AI>|a;՝b"Dp lzNtsoi42 )[f̖1}QM0Ccr9.?(4nޛD5nA(liY-,6V?FP: ^1v_D<͆Kk`. ӛ:zi?Z'gB&N@U`WgzgcEBM>^t31@v87]WЁT*{l&]IQ}t_ң)t@zݮ$Z=[۵69_g#Mޕ.GT ` XiJgZ=ۚNh7/`Fݤ&0fÿeaǠL&4y %Zr8R,Qo ,|¾J(1 \1m$ް-A ȝ8~ߧ7}㐩z{Pnf?.%;zWQ!=Uo)-eLd.ϖТ\inݓ<$.;SA !>D"N c=#SRITtWadOz)J`D~GlZ?%sHaRB߸lUBPn01^$"iDwo; fx5/Ez7_Brr;Q#6/(ӟ Vؚ %7z2`2+I?E͞`.Fwh6lPEI-j^{ӡ7ҋ?ք;yF0+)KiѠHi{OH]X(8rPrCpWG<,rTBJ3,w>?MI˻:A]^;FBx-Δ`Qcte/>k[|uxz7h݆Qv}7ܔK+D +50e85(e]Suh_נXMV*dSc^uBcoOkوčcbIG"G{6Hˊ+"ѷ(<}uɹ~ ;hǃKqQOVR%}(|)dh|$,t~}?[;*;t2JhS C;<-Ou9{KXula?O^u`>pq֑hư)-`+8T@9i@)+ $+e/(#i;*z OL,-SbI0 R(0.VC'6d&I~g{OH6$3݋ؾI=ni]iΑ[!H9pM}B~(iIL2W5 hn C_U5 bƧiq@,_!h-b?Snm"PE/4ԮjɔV&tda!<^RDEQI&jD_3@O}cSU/Gg2l͖^S@UF%ְBH>+S o;C@;Gi3q` GI~A8.YBev&ʔ^[omsCd˫>IJ|ϰ#-8qQ҆ t V?:h-tV=ڸĝ4 ]unf JИ'U3݇tB4$b A.uö3P鉇qTJxĤ8mț{I$AMߣ:--t8 E-ɾCj”l"䄁4A3!>篕,wct9r`ے))%Eֽb,_Vq`ps$^fPgD"C@a, ^JY)' q`c@g$0 ad s] 7H`e ~-i`1BIe<ԣGYeJl2~ZRFz:F;Qk=12[]%TOtqi\-m5`$\( :Ub@b?KLRñj߭m':c 8Yԇ#9Zw[`{ç=TJBF,.O(GstC# BT2SF? dkZz/kە32w\p~˲ @+mJ!RY,")ەF2>Z"KbǶwuo9_2<_͗m:s 25B$҄oϏҐ Il19!tfd$.V:1ϻL*"\#D WдBE~Pk}t0>1ˍ`F.7J,}yeƛWY xvWk&N8n^L|X Ӽ8 MeR4Gi-Op?({R`D(($rʪ7☐SW&Йa괯P"|o^oDwǸAϨrwCr:_5j`*0`M=-gĖᩝFRÈ'6|Кj<'eU1bZaϢ}!g!3ٚ\|KNuy\W7#;H IQ>%l R,qN@\5Z-m3vw-OF~`0uN{kDAf=EHJ߫siOdS q]oݶͰ W[jQ+JOSsn8 zOỹfm=(2K&d|[G)^B#+Qcد~#=n9 ^.p-s p'h,H%i=6 幌8Ѵּ?3yMfح!ZÃL;nԶVX:AEϲ H-WgǶkUtb{$ Q9_ l[m9zlqkF6bzşѢ{5>w`e<}13 Q.D5fdž #0=újԷ|`~ɶ@| tu;^%[+sssPUr,a^ W +%p9EoR8&/M݄RM\W_݌!r.ܽ<@v$VY,d.S18me@7WB , X.8߅Pa Ьxw9>zH/gWy$sC>iB*9,y&mV:64X~L)U A/xɣ,rOW PvZ 31d ؗP^JaǿW;Ηo9. O g8CϘA:)1ꞅ6CoP6Ͱ`ѵZgCʾHLk-EaegdV\WW\Vc =;{qP)vx1vm W8$|;qg`8bN z46>ia +rb;0i>KFmpge`0tw)G~~]v!1)ۉـ'Bu|r RQC 9#XB5R|Zz,jyC`e5߫*B? >q={]i ׃{MPDI`lkOn+zҗQ4N@ڋ gKgpa%.^ Ѡd ~F3y|TSW;P%IVh.&82Ze 5*-4}nc]\!l<԰i!kE gYbnMXx~<v&,A\3Xt6-ִo[Eccu.>d.lK6 Uu1^nA@Fi%Xb;ȎiXAJ  {$J$X(&Y­?jՒCiZIդ<_@;y2aee}ğh81RA)9ATDkJd:][a_?L& ˞]͹ +w-Afּ !X .v|0m6_Q-]HȤdҔ +71j_2OUq Uپ=5xH.F~qLI%Uv ]h{YDCWN{Lzdg A\c?v.k\jtn*Dq-MM{&I'fjƢtK׶MS Ws"P /f oy9Gl |4DyFb'3[2`d#%uh:mGC%E;E^Z) /4(mC DUqVŠ_M1GuFqiU-Ʃkfm>A9NыDK3Ȥ@}“vVM4T-(6FZ{֜K#ZKnqp5640؇Q@.sF =N6R/ca",\hxJ hZcoUp h/<WqאQ4/("p]2nF$sJvl7 ˎOȳ oa盷r-^7݁]g99!Z/%h> sxy}D_(Ivh~Lqs:;68&V%%7:vuh[QHW[#GuKe֮qm7&)޿X!*(xo_\"%>IkRafH?.2Y1J ~,zi(K4<pqa |E|wB Ft"ak`>6 sǬmr> 4}CHES;OE tN2 T#*~ +hqKY/ %y_3g>3GRuq` ~G|_)#+i>3f_xl#`/#q2rM~)F d|VM%缃r`u;Z6Z;U}wNi/d{}w"\U24e_0lnSàlDst4 ^5{/G=T۱Лda.${`TF< 2\0T!h<ފm2K6lT!41U&qrd3sbkVPykM43)γ!M>)s; Yvw% NÑVCm0,mr#^2Ǫ匂Gِ\ege!]@u2t@<_v{ 5HކpPR>ѫ>l3//bؓ3~XfCNK^+ z0CBg7 =UxsTiߕgϖҰtHA~֥Jѯ\ckGfO^R 0x߰Ғ2 JǤ#K|q9|fgi漱aLyQs)*6H$!RR3u3v~g3=y]Ua*)M$ugjӃR_;:6"ŸEMKqng= R<`)puN?Wbұ,4`D;1H-.c?@1"v/$tX ԉ$a}Luϣ!Lh ^>w *(=6=UY_z.C/eƤ.Z [MH nsז/tLBn:j܀12%3:Ý@8`q:03 tyt )+VûQ{Fl `;PS`/kEbQ+BB'pAᤗSoVx!%rG*ÑÌ [Aifn2-<7QZm':ش: ejp"Iӱk6cTHćx^Z5b<@'RH۹AnVQ{$aG9|Kg՛}xZwu/Yol٤U-npTN \ J"ر+ L;c;=cVSG]۫ƺ4#0Bs3C;݌ m @oF`D1{eKl:_ z)F$-ݞ AD292CFc"zqqӊS[#9Lćͣʃ.E=NyOfO^tpTP"ydB${Q9iXU+FtM" [+JLK:_Vꔎ 06ԻYwE }3 -sP"Τ3Ss![}~//g'yfe Ю̾:}mW[׽QN&+e5 Kؿ}!0 bt?xdf|Pp\ _K:_vj-,$%8I )\O+X T9ƙTvrnf ߙ9G"I]v8BEXOIJ}sS6> \+yF~ %:ˍȄQ!H2aƋc.mݍ^c?.aŚ pP?%4~N|q sM<d ۢ aO8h=̴X^6$F%ɱ|休0 vx d_[Jfϩ-[A[. 'S$p㦺tVh!<چ3@=B{g@|g13^ 󉂧wlRAV%N>-^7#*Y\tǦ:EU )3:~F{_WU9"V}e] AMsqCӞ `F^֬A%}ѫ<&h`)gOv$C.VYi > `4qՒrh|e} w.9;ُvi[N}_͜zM<KX+ch&UEQޣC:sm)4v6b @PVU\[P4Kn&õ6^ӟ9Cqb3׌9(6(IJ^=3ś.J?8 (i$#/>Pƒc(,7EHoFC%eƀ[>~qv1S[#_^YRH/YJ N1)mܨ[Ϣ%}&imҔLos vݳe~AbwuM! bks?φhc'.W@EN9oƑx۞w ơ UT 5/b*};.)-1:sJU_ ZJO+4a\xt(H8J#*)wqbht^(Z uk>fCWVROM+0dTbu``*DuUv!S`"HjɿnP1 2Xŝv>#9EGu(rBYD؞)@ &27#d jnb&Bm\b_\R3 4a/=Sa M <0w$!nmk!nKJCCiKCJ9'/W!6DO,rv![[;Jzww$}*7b?uY 9+ޚkҠeIXV9G6#a$Bo|52+/ثao3Ҏg‚bnggïo\֝2$78idt;&* ˆBM7“̫on]Rg+WG+:V҃;>^Z,P{Sg 3pH)M}B2c>[_l D6!kY sàul.#{В<ǫ0DvDK OŒdI4:)M~VҨPBaM"S=u\$QzdL^U& BDN{#Ԙ3U+uS|B@k1E: s8.kPꀦ=?D'U+҄RnQ٘_!MyOGSԾR~>{k{WЌBΌ>&n5  S׊OE {‹7E5$Ak0 ?*%aAMOݲtQbFm~F3 xҸ)-U<6U5>ud i@c՗`D} fIl[87.팕*(1iTJ|IZupcϮy0߿c_ Q=V7\0ArЦ[c_sBwYq/>S DA(ͼ-8g\B|ֈ"?~kqm.N/4S<G#-,W3 ~ݳơ@+̕Q36HIs/2>9Z0RJZҫb(sIɛ"{hVpqGX9WU'<'.wCk%}}eKWN۪51158SkB3:1S~D Ij =m,GFgpx3R5TEɱiɤ5$ XDwT!`?b-5Q' ,Mǃ]ԺgY4Pڭ Mqdv.[sGmO bDDͬMIvAC~Q"E2zzz+%;{ybVQ~Z8_ox&3Sȉ$- $vwϏp}AOod Q`JDgO )g^CE9;d3٢}҅K~?-6M>\LonJc;,ղ(J mn'NVZ֣Ӓ#T&Yъdy@'L{Il\8րM^,쉠Nߪ/]({._-̙2cJ#XYG9 S¹%{}iuEihfMWJFtJ`I dNiRLYIP&bgY4ţPX4^"/Cfhu7Tb"e5{[(90dd9@B00-n0I6a(S<)o3*5EBuOb"?\$8saU߷n=QxWMa-9+иi[N*Wc/&-~RO`X(ze2wIsk=\O [PqZ.`9~NB(@<2rJ\G y6 n;Y}q)5zMɓ(#f?ԛƋil9£afaS'F #X|yj/CΌ#zV`ojPI^g?LYeL / WonZE(,M'(xU~aoxV- Ӗ8yk2仑 t?*b*~] K),=sw V䃚r'(ZP?Sf)@@|[\-KQ$ ;-iuhD(tgm$1t|NN[- Ǐ$;%fd*FxbFMJmS #H`BZ'f=du|HuCc;R%&otE4'lmT4~)Oy(Д ,SYG`2g=>^eU'@8ZJAH8i"T+mƊ<߿ڵ l_*Z8`âż9mPSbT؜hR3zz\ _[|eK9C@- 6?8YHbzK$$bi"PC[ʣP*,ٷ&U'M4k$ ԟoyw(.0WKmٕzfvВ*]!OysH)X&H Uݽv`pd4)[$ވ(oR fqY2ioXVb:{E viXz`SұUUV4FitAS%B{1Ѫ)<1ufD%݋ xtݮ-Zg#f`Mz*rDP78LE8 y]:`!J;VJc0jbx*1u ZLX;w>]Yi`Qːi7 gx9μ۴Ykt`Dd e7e,Pu#~[WvqkdWbAPsPyzxߔE,|lA2[-UBBLqқ jIU>^kpl9&lŬFG%nb||Am D=FM֗=M̨SEy:r˳|>|h`=F\c9@E,#UŐe$e;S>#]<َZϩZs'̕C>!Xsvt4t(-E'͢ jw!ԪOVotQC76TK\Uk̜P!$U3\7VϊYajb`${q22صV͎TOl,J\Oʛ{XܮZ-0U>6qP3+29>J;lReّm*zG4;+~+NZhQHlz$)~Gͅwc0I.sMnG`(83I˓zO6ɲ' ػhP3?N%7!ŲS98!z~ Wbn.&\ QL%@0jKHfxrh\"-ΡO&sx~B V@W@u S JIq ^5!||]RI=U(0 |6rqG>_ uEG/PV_e1,COxi+z*"H>M5o(@Н8D^v?\U.b^9*)D5hJL|aUOf^+a7hOϕ {ώ PoH%vo LRBѯƲ֗TT9e\OEXRR8ȒH?3m<㞵 P& knܤ l3Y׼a8I:Jpw.  YZ