sssd-ad-1.14.0-43.el7_3.18$>*3v8&eoz+>;`?Pd   9 &:X^h     2PpHH %H   ( 8 9:eG~ H~8I~PX~XY~d\~]~^~bld1e6f9l;tTulvwxyULCsssd-ad1.14.043.el7_3.18The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.YTEpc1bm.rdu2.centos.org&CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64`K(Z8YA큤YTE_YTE_YTEoW~YTEMYTELb5940459da666c85f5f0d4a451edc6e0466543978ed21f9f9761d1431db1bc8e14d5c5f62a97955489900af3471acd04b151b5051b9c37b8b0a073cd11f06b258ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90334199c7170fae14acfe145597cbf22f1fe5da70cf9d04def1af63b869f23f7fc6ea05ab82abded83b37a7733d4465521b8b7bebb732eb430cc27e16fef296d23rootrootrootrootrootrootrootrootrootrootrootrootsssd-1.14.0-43.el7_3.18.src.rpmlibsss_ad.so()(64bit)sssd-adsssd-ad(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @ bind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libini_config.so.3(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.3()(64bit)libselinux.so.1()(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libwbclientrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)4.2.3-13.0.4-14.6.0-14.0-11.14.0-43.el7_3.181.14.0-43.el7_3.181.14.0-43.el7_3.185.2-1sssd1.10.0-8.beta24.11.3Y(YYtYXBXpXv@XOX8'X6@X5X5X.@X.@X)@X#X!@X lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.14.0-43.18Jakub Hrozek - 1.14.0-43.17Jakub Hrozek - 1.14.0-43.16Jakub Hrozek - 1.14.0-43.15Jakub Hrozek - 1.14.0-43.14Jakub Hrozek - 1.14.0-43.13Jakub Hrozek - 1.14.0-43.12Jakub Hrozek - 1.14.0-43.11Jakub Hrozek - 1.14.0-43.10Jakub Hrozek - 1.14.0-43.9Jakub Hrozek - 1.14.0-43.8Jakub Hrozek - 1.14.0-43.7Jakub Hrozek - 1.14.0-43.6Jakub Hrozek - 1.14.0-43.5Jakub Hrozek - 1.14.0-43.4Jakub Hrozek - 1.14.0-43.3Jakub Hrozek - 1.14.0-43.2Jakub Hrozek - 1.14.0-43.1Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1456013 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1450125 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1446085 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1445821 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1422183 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user.- Resolves: rhbz#1418943 - If a long-running task (e.g. enumeration) blocks the sssd_be process, sssd_be can deadlock - Also Require a new-enough version of selinux-policy so that setpgid() by sssd is allowed- Resolves: rhbz#1405584 - SSH: default_domain_suffix is not being used for users' authorized keys- Resolves: rhbz#1404340 - Use-after free in resolver in case the fd is writeable and readable at the same time- Resolves: rhbz#1398673 - autofs map resolution doesn't work offline- Resolves: rhbz#1398169 - sssd fails to start after upgrading to RHEL 7.3- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1393730 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Related: rhbz#1396486 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0- Related: rhbz#1396485 - sssd_be keeps crashing- Revert the fix for ignoring sudoUser case as it breaks processing of rules that completely lack a sudoUser attribute - Related: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392893 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1392896 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.14.0-43.el7_3.181.14.0-43.el7_3.18libsss_ad.sogpo_childsssd-ad-1.14.0COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ad-1.14.0//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ca4b3c1a626bc01a7879a87361b20e1e680f2107, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=d48297b8c3fc41b10811a3401193b534769ef495, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)>>PRRR>RRRRRRRR RR;R'R5R*RRRR)R,R7R8R$RR R!RRR(RRRR+R<[|`AUc!g"FyIY2ew(AxDumpʻZw#-:HtXz)|m'A>Vyiӿȗ23åUc֕7E~6ƣf}\\bED"e@[7|ܧAQpBfUШiXlg![U.'Á䠻>Jy+ g/8Ж2O ݩZ9fHĪCGkˤ]_^>WO#u-hjnZ9sXx@i(θWq5v[볤9zƌ5*ız>ҜGuW#gbȭ!P56}0"[RFXGs}ոX`a0G|2.Yfame (zGa0WQ gVO7Tue=.EZ2+0sXкVzeNbԆ9K[%j&WuFGu1򥄫ղ;K̩#Zm{ˇ 6L`!' B#F'mRAF`W*q00}HlšOA K. v#x9*.ʧ+j5:GpN(gA_{Ib+9a01y3*͈ ſalpw>GjLBҢ%H(B(1\|GB8y>VϰА?JEPU)()y)CRDYK rNkAB;ٛʋ4h/d2Qzvht7e>^[ cm?h-0ԭwSYZ3;}S;;d4@CN t@?&O:0(ƪ!ǘG9}T/-I[X<,?MO`~mt<|$QTSBc `^&CH(b !-xP_I+=½ G;!R]lIJýEe.T$]j!N1q.aė'_7 X uSRokI3츤c!N U4B { )SRoܓi&4,rx'3i|RO]B7!AY[!xFRzZ(e  .˥M\;GȕƿӔuJE#E|IgvhtO~+d=֝ʣ"I`gkQ u샀pcsͷDE;YA1(sv ,P㈊jC. 7U|pf ˟4F.-<~< (۟"2E T Hsu_0\2m>0#/y9BRD,p۩ˇa6E]TMj4W% ) a"yY`>h&}z@6 f@9eL'*{xrs5mp]:"8Nk@7uAZLcHXsȞ3?uO;ۈ4e'jBNUhőx;sHnQ DyEo_]]o/;A'=c*%, e`񻸠[</\b+- Q/ބ;鿡nrV$IX&k@B̛`3V߃ċAM[zC8KbX'MUj0Cvsc+X|1\}aaz5NŠ bfe ?HRٵל]J(~ư_bvoz^$~}1(x'8LT s_z?GªRy~́K̄0#&sOۼT݁',4Tg,wFU!/R(l@݌ F ^,([n$t%ܺ EZ hj7~a/u@xGzWE;-%*.$CJ>^8±љU`?esPHF~K33_`^ 20DaM2qmL&pYJϭH $2qJ&EN׽eI*MoJNbHLj#ΰA$&U_!02 9%iT4C%%דUXm@#22_mZ'exg"-w/̩M/2^ZOL؉*4Gܹ`hZT쀢jF!:9i9rR\'s.w v|ՆRZJJI ^`yhDoD~<űJ\:f}HDXTXE\6 \-UA[ӯA80mBaO.zyUoG7R3rKYxm_Mƌ"_,n}DHgW#@أimG}(`m5bSىW^,Y(DM9ç$+2`MZ3?W[RRېJ@ ߌ1bTJ$NLhK鉄@)'!u\tA yҘZ5ch,^Ǧn(_b5Yz!2e9a0__V%ZOMb m~"/4eR{`g{Ls' _drGMrJr^ RhSK1k]y^dI.2~h?n+;gd6M<=`9 ԝv? U|ftJZܪp|\,敠\7eg&2†dЌ$r&s5V{${\*aG)bIUN&#.gLY6y+nCh#+w:0{aDDʈ!j)y!f_ ;Bq_JC{@D+q0d iԊ;VA;*J3IO p5 `kE ,X̏Ovc`ڪ`6bLQ?{ԼW:śRa)T|k{^X+#~HNF-:!Hsgfӓ"ăNh*hv(gu$v(%.a>ˏSli}cݹ}5FD*}tfZ6ߖmv{TӁGKz?c"n$nG5lgq圜kwNW MYVr uo;6tWx:dW6ӞȒXd'lO< >eBeLW ^_zqye{(!/8#va(-Mݜ;5fw"SZuBOiDYs7N@kx_5ld?M•9)]U[Ջ5e`Pf:Q>WEQ,6RyNf((E KATgmnӈ#MõܺqElARX,:8Fl). MHF7HF"'yy 9.?PVuklJ&X$6酅t*TdJRl \ YRY<*.ђw&W)3+{#^4ke-P'r#+nfaỢbذWI,P Rkljm`]$$y[f`tX@׆Ud ]9 f6&B`s+ЙM󕡋7&83vYIOء)|qgWC-?/~QuƛG;f[uY&>MrZpZD׌^Vdx,=ƭA'pX_,]H0w8įxqx\3"E` }M[r(]fΖ4iyQT9QXW*HZ走-U +vv'̒ܔ7w[*ˋ¬ 0\mc%Q)^{B\y$f5(iHuRj͌ݶyԐ˪(7SUƭz[;cZ@Fw"ޘ@*ӍU㧆/7ZE9M{\ZgB?lKp&Tl9n"JBר۰̲B8,bh鶋#g[Hm=q&d^OlwǂJgU( hyhzpe7hOkEz|ezs*`MqǶֱO3Tbt^꜕>sT&7A5D= v`#dSumy5 fiv\W,tlAf 0b{3 PNBs(exe?aʍr2M5 4}M j'3#085| G«7mྶ;R<c.FIh tu3yY>|\Nibo / 4'oÞRȓk#^]B`qGfcpi`#{#RvFӗG63` /^bXI8+ycז.*rv";Qu&%ahI(OЎbkUG pAU !,L~({P32׃ieںEigGjPX\>lC9a\mO'YA9p3rM1>@3iϫ@/  p@5=*\Q;pF-avc~sτ$L4|I|dhV̗ػq]ȇ7R u3NJ cQeJ2n<0nAo? =E,v]ؑƇзu?EMQsd\v/NzBϓ{wqHct|M㱫 }|x218w毠EIr o#/~lo@DJaӻ?h mJSfՏM5AXީN?p(-yp1XNQ}|- 0l" F1U'}rrTz>!(`lc H2n-J]$9O'7$) y`L:* '^`^Gqޞm1_K/SS|ˇ{CMI?Pd5/Me2s1qt&+R%tFq,þFc\T^KzϢuS.%=^6k(>{ryl]uirAe"[,(ؕnD2.pj yr?1V! 2~B>)ݱ.5;1ӟZv~J'SK'K[ Y(hs÷',=c gHe*Slz\yGndQ3"j%gHjR=/$dܫ;TJ٢t(S=[a\&9iwZK&[{G,>?Xʨ8 {ڄNu͊wk몸<͛][#Oi+.!aݹeډ,GƴE9LڟuSͺfuYg ySUfQey ٰRQ/3XjS|69LI8&Ż_lBAvRuV$0qqBOЇv ?2M48`w$~zT`)ˎ8Ync=9#! U,4S١/I.a3X ~ Mx] .ݖȆʔs$2j(g:]1Wn_~ԳJhdg*&as(.T V[++`0#kHgC"M(V ؅GsGЕC2վotuxZ%fm+w]k|X;鬌*Se-}nJg޶;]$ ~lHM+Pa F 6\qf&{B'Z)S-V1&gmۨ~d>~AR+a Cu"RyTs&POr˟\\u11`wqQIqz闸䂦p1s K-o2W/T4)|Q(q-#LV |GR6ɤ%"Ui10Ս"rC`TZ~0q˫ Oڸ]Mj Wc %eMҋBE^*M8g"=ixSj[c_O$>"e˜u#!*,0CFЅ!2z<\b}f u%!eOM\ĜM:(*qpod(ޘ fHmm63N)Kd*gqz; ƺb,m*AqmZǧI奘>]FS]i,D'v'Ka,Hj«eko؎Jn4Rj)i\0^R5YxHr-/`dO4~ wrMoܽpԌ9; Q!A|"'W@l:H`wpKg{ 2Uϴ&կQf%5b}{֯|BT?HU!yYIM.scǝ~(UÙ+-l5|:kfw'z*Əq7l4`U}Nͅpyug7oaS%[n>y|nD1Os+.rltpc >swhˏ}V^LҾ3>089ЫND `o\<5\"s:vUW暤p='HR$>82Lc! nx b~:E:Y= +r;i&BҢә2qf&b]E$ 'S J:5ZfNOCO˷zu݇"pFGh%*VB5q"{&:y 8~Ίob⁆t?'V$'! ֩qs~,{X :bc[GdFB+#E,I$f9;~v4n%z{Gb kA +#;(ȖwM5  RH@A?YIgFw;'%?v8BT_*D k q%+{`"!0tdK~6t{^Mu5 Nd}_wփULU(!,9Qy8y!.230pzwߪnBN&=ݯv5vw޶j&;7~_T4L/ֈ)6 \L0; (=iYBSdSވDY8[o@=:x[sbqgLPw…Qq1@%*!X[gn.ՒsaϾZ,QHi}JcP{ $S DNidx◘7";"rmwAJjr'B<'gN瑲ٓ! ͛EpP{lbzvR΍`Aw&a[4و.wr;x#\|4ᘽT S)s6 l,qh/3<kV^OT 1PƊܖL:_Q=7 fTؙۃ[l"Q3&N||NV8ޜڒuecL5j:Jo`v7,CJV%X{p<h,6 IQ|e"dz͔}YI7&ޑqSa#j⠂RQmx.YDSׄ 3uE4nPqX tqZWbspxK-]KX@R@& kOR`rw{。sG2_nҮyFG]s!]rRQsѬ*afj1+ `z ǒ,5)0W]"dze!VxDdxݵPbBCd+08S/h5RC[&? GxB&R(omȮ~&;?ߓס_!ThYډ"tV]2X2]=բUQK  CA.ni1By3 :6DrzL`K5fRPǹݯگI?L3 0ORW||"ânliV=cKDA;"V{mBAI&ڮ a֘M#EƎ0.6COz\3&20?*2UGÏb鏰E?P3`o.2e@$؊,Ϫpf[6>R܇eNʋ_lnJMdL7?RJhd9X78|eAN02)l3}.7tEּ Y7#GOnXvy*;ƆujH O9nQ5A@6W %Nv"~޺1ׁ3/ztxBV닑=ys: W)d%(cg/)D+~jC=-3cȭeqO0v`@P["r G!vH<} 7Azl #b !""0kb2?3Z{*(6IZ3K)tx2{#ÓR8pi 4y5yg+l&P 굉ҸpXp&UYNyJӧ[iRD%,=7/U-q΂ jR4W- _7U؍]wenymaxY ݓhoN(c"pa2AĶ2ތvvc˞:Ǽz:WJ۸26E?jI\y@j9SfSJYS<)f[P*|Q0cّD[s5ooqZ2"8pDAT罭;H*WW9]qKPɎr>y`F<ĚoQ8FKÇ{"N 󑅨ՌO11.{Et^G[%kF2vPWwh #a!)TWil<@/%\?Vh4ko/Wu +Znh" 0w.I\ v@0G<ƪ4WST4] [P (䍸w۷4IHAW@yꞼX= F O֦Ǒg8npS0=QlSDP@4z( *i(5!URHƣvh㏞WCt/q/[5VT]YQ12[YZxv $5;({ 7xou6\prEXmH@Lk τ\4qIE)Cn>ITUq$R_^@ӎqeDu1BGkw rsPt\0um[0II\8@1O>ZF%̀'U]+Q0~0X??T˜`mp%p%8} Yn矜η Иj份n7vC7߂_aW;,,YXPCDP 56^_9h?=rq,ʅ| ߈+⧋Bk?|R /AU4> ~Xv!-a-4MjvG%lgXϴ#FkHRK$x0?`*%uV0Dalçp+ N6xdc5٩*'S߻H/>5 mY?D*ֳ|q_~稔K}8hva_wb:}@r_ fvKicSB)%U]aH8qmZT}Aomri֬kTZ>%G)gTZPr- S<*^$(<ڸ׾$ }rpŠ?/ଋ2~`*W4Ln<8eF1wc#@Nʠ{MA$zdqfߴ 7 5HY+}N?k>|c:YX!Cҹ$(!v_)9M Oaz1Xp%d arӳ)3xy@ -?=BQy0@I5Ҳ|ht"fYpUMyҦuT/vh}nI1ZCdNPˠq,І!و/@_{k1OфpXJ/MqdlKpn$/NRѡz C$}SHAM[Y)mvJ@dcKq(iJSfQ Jf%o9 &nh}7j-RGp;C MZ\d/y3‡e+y2\PXu_C֡"Em/Г6&LȜ>#1 =˜42+֏6#.|T_@, fSyä+b_qD( iAAhxoqsfp &f Ĕ{Z5>aS?jcj5ؿq;FG~dXޥ{[=ѽN806CN@QROhݥV ?Zh{(l&@<{a'ܸuBa7մG2\cХJZ$lL/;eдe RߕuJ0KHNEӗͬ ޜmtH^T;Sۭ/5D>2Kojq}?z伎[IDKoZsv`M'_A4!7#ˣLax1~ވQ׼3qg?]y6}uM;LbLF>/q#;yF eMcJs7z{|P+WG0>&:9 Is _&k*^|-'!bY WpIi@ѧ-yP1HGzA-\@&gP5>&rNOA$P^cA2?;qᑎh E ?8Aj4I6cFEY';f|\1]]*RjA>.uJy!W?NVƸXi7Lͺ/:Z"d%ʼn3AVwK-H"Ɋ2̣#[EJq>.7jBXL콬}5*ƾ~Ղ]-6zal@a`=N.]jFb6@Wb>{[ĝf_ü]?ecgݷ0F=S%9ެFkXEFDCXTݬh怉,Ѹ zAyPbăPv!{eGah!EG)t`í;%ID[|-}9H>C R ݚJ.$1Jp1z*iʣ纵RcJ9lq0x_v*^X96,Fm-!%-%r*,iI/yVր_D2GWQaLJRhC+T5F5@=Wt eɵ@Wl";^<!9؄ʂdQi8Ql(@L]kqruO I<ҋHXAl\PC%6M9)7dmP38FP<,HXbpMRM5LE(__sww#NSU|9DLɍ∂|>_K=vDJ'd%cYP,@:aRJZURFLjȫ'ᰉcϪ<&z>$UҥCyY\`%tEm/ǘv@,}> qduΐQ9p;8ìp Wؗ~e3F(eGˮЪtYumL24 k-swwp>hpF(UqC1Eڻ Ѵp9: 3%n #^Gt,nrX<}1#o_|c}= rç=)EM*1qCAPi1@vto4R2ΫaS2=hf -KJ'WR3\)>Ω6S^:xvsc+NK렔 Ue)rxBk`4n7!]CBh(1ONЦܸ!HKEJnCZOxeF3Ki*D^F^`]\+Q҇|UWgrX3Gd wN5z;Q> ^񴔾7gA3y\LX&%0UEGFTtSk i:ݎ|j!H/N]H?,S\鼴{{U/McH\Ȉo$PlcRRA@oeCe&Q+c!#$ zQ' ;3r(BTxk4`{{oRfתMMsӱˤ6:~nhhT!EЄqCNa \L^!2]TJ\|ى~YЌR$2娬0qܿȆ! r[Oy*A'#̃'jibN|Ozmkc׀RiŷwqJ >BrѨ{3@uG5e)ٺADkQT^7QE{ )QQQ睒2rG}a\38^aYU滁f6(s;)E] =Uo$ |)V"IP(*biMcLDR–LJw 8('ffzcNR2T\ķ?Pc bgb|g뇙ƼB I%#W O4RbKb٣1|RoWbBˊ˚ϋ~Ը -ruR:jmʴvz7T-]I'}?ڀ @m8Foů娿/ c{IRj<{{s"q8repuQ~9D5aS(%U "\r@烨^^O{▹q̝WlQH\)ͣqX\95TѸd5{.; ߫_Oj'S]ܾc#B g -U46;'Ҫo)䳠P U"~<ؚe#P>,F_vk[85s.2z8{¶#p.}E$cUk*K:ѽ/l}Pf'7CN,]'Wy/H/j8ԎgԕއwƝ6ž5u?v?]8~h)#4FDK,l9x}KB8$ G*Ë{#tx ifVl޳(b wuMx)BjGEdygeU}Or G&+Q1pÊ63Qroj6KC# r|_C\t$9bΜ/. Bttd 2T]>Dnzs˂mZ:U6%0aײx[a*`"n5:fY`nLMX.rRc@Cփ꽆n" LռYP(g"G#px"$S^F"vh@x>9_ i%-j8Me*?]`L˥ƏG.gQ`9Q>聅;g vGhS|xK__}-+'k|Q7%޺aj&3,O6;CCp}j1GWX3ն΢̃2> f8{'i,G |݇=\O|*%)3UDr$g[$e}'B3ȭH %=:8QkJϸ{HYx.V~,Z BTG3B 8J\T 98sݚ3N}bQ  QǓpM/cݦOFNY/VʉؑOß]ª#Ȳ@Z ż [ B% J0\d`eq1.f&һ#(}NugMO1YVx$ڹ =wz@CЦPUl@uUnYhk$*u}FX_}s#6x- _fizvp:j12@^e}"CcG 4N7dm;NH{uk`@\Դ 'P7$`G6:g@h&0;ƿz Q: s=/wؕri2WS [f,ó۵g<_~c(LHL`mhI@-L1(N£\$"RN圳:aC\D'זyVȟ2w~Y~1 qU;H"c^Ч%:c78C]Zuuq/y`W T(̋]?~ []8J|Dgm7 lfE,E7BrAF{<]sV{{>ǰzHc>D֌Zc-&9wo kG/fk̪SZ/HZ{0Gg^$G%MT!6UgG7[LEGNe$hpG/b䵦9|íFŔ9\ƺ VC@Q6HwHLXɍjGYe,g/{&c}tQE8ئZ$ I(aEQ1Uux6dYFbݍ:qe*ڔ̀ L^.-8}F"? ϣin{lUo^cV`aHS?hAj\t[_-o"arvi9C3ΝV&7\E}O!v\lukB=TL ıQ!!nOwUKZKhz ҧ-WE@yhVe_ 9ĘJqpYC6\'I%e=`+MV h ȤЍ Qu@M]?UPjXmΝ謵jU=Ԫu=qX$+utY"U=669ΐsSu ySUc;b'$kh2& _hQɅְ##OBdly0-)L' ‹}Yg{*k?WHT#-w ΓpH"e? FO$~@>5N~.k]oڲuԽ #n'Hs.k.l^mp8y10I*|R{Q?OVehqP%;Ynz4TG!Zc(2'gG7))H/5?[E[v`oY|~'|8@f}9MyvoN&%wT$gX %tt4`&~2ަs+ϰ͟6|,25FX\Y&3ueqM)3`RóKf$[AqFιϖ3oEx:dʹ(o!&`8xv$ERpO\PZ]@6JH:w"(ǦO`\cwoz GctߧHIwi}~|{|wX9ڲO1粠DQ=Z27X :h7hhmW[]:13Op $]<.u4Ԍ"ŤY[cBXGb}۔Gwׯ{#Z, ᥃w@!v=SOlfCx!{ۧ.W 5+r- esC$3+I?G#,fv*dxO|kCW@2j+*?*~ XWkgA23E1XKrBD'Ypnu#Vn/dC&&o{[>u8:dݎSU5Dys|m9٨ɾ $!yUܝ[vVBIv9yD& v) v?%ҝՁ7Yujp:DZQؿqLV#M |=iǴS@fp0#AuGw]slhǠn<3Fz]T@Ay1 5)[z0lG=p {ɷU{n-C0b]9* >#7q"@'!;ԝ[T{"`sY/(sCWpDv}Ns0O=T+጖'j~q{uGoK T>ĸHY;wCK{VRb~W[*+^@H*ĶS\_BeKnԗ=y,nI_TxuDk7]Z ^]"ii-&tw>kgkp0' %c#?L\Iu|GTjaA}V]IBq_Zi`gI,^oj؟#r=;S3ӈNB<Ym0 O[},#^;bb֫iFc 6 mD?׼e:޴r\$7k%gVm۸p%:2bWRsu\&̫ՌW9}iCEqX$;., a¤Y"țuaEaez{*ƻDŎvy `꽗o34|(̐j:HR%pE&R{c#)pR#T+ڴnCA4qS3yf(]¨C?2~^ nq+I.f˄7C ȋ>PPEr09+>C ~܌ 3Js0躛iE?M'{hZ?OPܴ::@V@)Saew\Y\ywr>89bw0mVmէ=lRxA=3y np^}AebYxDC=`Q NϨ}Pï~{I7G;8CbqejJ̊PQ^ELMd0גji]-yA9j#zCn7MP퍹ҥq=+m`ޢHaMfq2H X͞ba.WrNG+`X]9Y]E &J{Wx_ԕ6ph/dal( ceyzM,镳Y"&Gz:J1mb2@D=vy r ?W?^O'ro<6.X}|| &ˈA oxuBfs[qS^RW1Ml1?߻jK'tF\7>K6FM-I }bpqq t x5;Pk2M{JgJcePUNޞvMw\Y F(3ln CLn2!ȼ7Ѭς-c{"ɗ|U]e7^P^ݐp%=OaHy97=YH#i؋ݚ$D$p/DȁD_O4:mPhY xLNdS;gE lS P(bw۵Z^n߽Nﴥ% Z~g`Z16{3V@)@E너Պ ,tDBz.г&/cS0jpzu_U)RʠELEV[&oJB`p1 A;/?-S|" K,%e+1 kk -kO0[p=~B|qI%{NC=Wy=a~ąZ:eq|}E2S&%g/eYajqܞ{I+p X:Ai4e9̵H}5b[n1ElF+/X=9 vKrPq-57uMdxblƾ-M"ʌob\M}lˢsx{[Ud ټ9[lI;3{%d?RKy-RoJߦ Er+ǩ!F w:c!u —| hI b|Bk%AӫLb}TU g+SԎu ,|:"q'AgC02촘O Ouܣ7px%*'JlHL%&[2)R1\#upjnydֱR >;c}xVGF$-'-heg6An G"Pl`4<;Dd%]'t ؋ͶPY}Y<ž Όx?ǻŤ&g"-Upg4D]'eLOkE\lf`hfÇa1GV ؞.\=`%=R^Ь-LЈC@l1*癜i:e_P2j66D.B~6tj l& y]p030ܸk{LҨq}\ z֔n[LO1Oe ,g&Ufh=%瀔>a]SKiTu2H.$Ix4 \mjkDsP'8}-&y]sBv S+[S zMc )|e#u=D78gCތ|5ոշg{7$ݪիݭx|>y #ȍ.&5ҹolؙa0N$y%,$D_xwQ9PXq5h X!39uHQxxC pXbMw6[DE2EJ#Y Kt,|^66kn)Ti«%wة@V ]Jp'KOU4i:{uU5ipN7[s贝[!X0cКP1ROUĐgI v`& +>?ˮAXQK#Oa7s?GEB |U*Xz²Ӥ+@mi}W'9R̰?_o /L/RiX(;t$YxɅƓR t=HEuH(G8a#[J;TNdu63K 6Z;JV!蜺w^ i7!>v=ǎ$Fy6n?*Ǣ:'S3M=LR}G1uEC6$aːoXnAk9r]34a:M7>gF\7BVHm t2f6"=3.3ߦ.K D02oLZ261}ϺU 7&aUPDKFA p"Z{ń9(#3fش[wVDF3K Kw?h`@K*>8US 1Ԍi@n+N):ɷeAF泎-*ǀ!Ygxݲ!_@fǕNE ZUmRODC(s߆̋<|FU;IUJ) L9 $ej{/I:yj?3dHI :i*qj7)*4tiodG' l7әf5s"Dj0^#*MaPC;v <0lKi-U韗]3&ny^ZAMX>[t `W U6بBlŭYN` 3,("oif@Qܔ@V.#O^nWUye1Uw=Mw- !$syQGXxaedBa=PV1K ^{/2rM Áj+-0ȩ^7,nQ5dIpRe3o7⇰@Mc>,8Tڏ!JU}TlD1ؙ@ʰzqJ&W-՟dC1ԼxlrmDR0EL8&;uS 1}j,&) Lb3U*4>xcv4n3Ng{Xٱ^6ܪy#̜Z;sl/)~{@(Y {-+Oy1kLBy'xD͢;f??]S/̴QU680n\%Y)._F&#fak4/I3x!3ocHv_&r5~ux1N;¥rw'#HcA MÀ1E+6t|`-Ajꬎ/:"6uw4Ⳳl ѭ[lMN;b2:X˔O6H֛<Oܛqj}'^ Qg)0I"i<:23}('@g: j8[6Lh WzE轜Lc4#ySUtQb(P.Bމ5рh&`^͵d o%eQ9=}?P9?Oύ 3ڲx -ɪ٤wa5*5J`N7qx>؉4>ն$Kjhk9\\MOS=*B,n3t e PW*lMb$4X(o w51MMqQę3t[&'/3u SƏ4pđwZ= Zi}38; s|KJA.@@D`o. .*RcCy= _ڟaa\T%13!1RWitxjɑ_N. 3H]d: @:o%_U#,ɒ|Z&[3KpFDE XnHXYPa)MSɪ qkH՝c#q{Z| orhyA*ID'; ^|T 2+yPS"Sqxc,eמ`:҆eRn,yɵ:fp9̤k9Sf"י2JXױ:>v$ڮ_}aK,%Q*–ߑ$d&iO|\WbP SH{V+hW0. dʆ;SǮ$jG=J[_QzuB*[o40PQ$XrڗKz0UGA}Gߴ*I#OgeV$K> ٥[ _\OX.a=R}d&Ǫ_M;_S:gveBC32(䛞^&,5a$<$Eջv>.)t|*Տ19>dYSp'vJdK^ՐW'NϟrC0{OAkZsž3ob'bEPYbѪlZFw+ߙp|B85_sv)w-EaCDW-/͙/M0l9XHl u>€^@u<^meRF@o5A);s-"u庐G~At}Wmu Jjnu\s8?y$9򶲾p\_;Ǫ!t6rE^dÖ`>'DԂ8۪O?a/ƶKg#ZOәe[bC$k]4DRsZ8ī<`NUr=h6ّ\&A^z=Y~s.g¹%5K C<% P73hJ*kqR֗0f;^M9ݰ{U c+q>,v,:Ao7 `]Fh)}OigQDbQflxĘtP'|֊Z_ޭwJmFx4,Xސ (D$wJ(|A<-+RPz &رN`hPK*Qk^Zu4%拴zv9W˩!q ifL7ɛCEsKJ?'UT/w7z'gH&szU?!=l{[v+q, A mO[37o.D=(C+kM15xIV6PTU}nqB6go<1f?"&m*◀C<w\_RV..ϿABSYSډBMER7:T8UҠ/$ qb,0Z7aM)MEwAB Bþ=7$+M-4qO? x讨@:R؋ dO=U#hv8Rw56{7W( lzS3Z=fFm M"\n.@3Ѱ]6(RÈ%:HB>-DLKRNf\hS%Z[4JIM4]?ʑJCDJUӑ5%6p w N!#eHhu 3V+iF2cN*e{2ncݲl<KPrW*u:ܟ6$UX˙4fNlH׏Xv;/ +wH=:O_aN_?_)Dᕪ,y6m~uPoP:rٽܜRP9izꑃҕKU(0Uq lc,p?~ul!dc\8W/|n &cccs2wДeN6PyBF `/x-aH(?O~}d̵I:+B屆(d3jUOl :鰇vFR5\;=}WE!U{% ۾f F͡AiT.~RuqE TRgۋayfӞaq,){و 7iC|3UxI7#B (t7qz0ۦvf/9%{ X;AxX(Xys m:ڑ4V_TQqW%E#I+ݛGXmXzJ] "p|M=wL뼆|wuTXNhsF iW-5x1bтE)+D!sm88 0\r9dZM38<&*-I VnrL6(~~]G/qE4f  4uȷ ekOx탽'oAǭ50`戋 CrI#wlEv`[uQށA2d؀:ɌA\T/ۀA* =!|ym0.HЎ n.Iz4fAV6[+9<@^=2 @ڵQߐ8rMa%UV,}hE O5/k*%B94Q},"8h$H;c$mUS%!YӷW 8쬎2]QK -yv.yD ų~M؉r*9CϷ=a *oG⚄2'@;_-KkŇ}BwWu.ĀKɬg[ *!p˝2#2F'/Zx%5錳Z؜}>y=8O ;}aq:%} ? $ ŋN*~D,.U'#C-?u4$>~n9b/9O| ؂3y-S`̚*ȋa|IUYdWz?QCNCvL#D&Z;@.sR$InN/Ϧe'as|r2t ϰ Ag+`@UK$S9h]/fo&z3NKLD#~ݭ$wF w ZhQ3Ú @٫y$sN+, W9Ӡ|{ustcL|٢(~ʺ}]]u7j],lŤVl5)8cC{ʚVAqϧi'HLmb)ŴHyv[;9NmZAɱ &qC/͸]B{z&׷6!s6הl%٧a縍}8Rep> 礼ƨakIi' 7/i^ N\Ϡ="8]rXTO&lw% ȷ-gVuW"8zo v \'X]'2x:dQ4f̖si|㮉}><(zFXN [OA ל\F"R4."]? u윟lZl.T|P˰Ijq3:npII2xy PIo6J:<{TN9ރ;,?ip mB\}J#fl(ͽHV~?%z1ƯqLK'{QҬ㽽JCp9n|Bz 7mǒ%ڿ"?e >y[m&AL{ӯk*$AȾJ^A%wзrK-:Jb8I'gjUqj'x;FR&mFb1H>u]km99Acd$UcHgy2zƖ-,`كp^AU_zb+- o,PD w͏$k1FU?B. xkЎ-nmO*1[K5srs1"uI͡%%2KX2H ! pz  U'&,4WCev.8@)!EvYCc#K6CX'8&96}6)DMobK+`ԟb'#i"|{|^^5(h%H#vk3)_2La mXݓ/3Uk*=D,ƃ> ޒu]Y@(7HZ"!8+I޹JRt- sZ2UiC Q]IV8#æ[42 `{0~j,\o={M7JBRZ XqPH5R_: vq yg-w=bDŽM!7H( Z)#wA'""2T ¹W*ˤ]ኾCxv>i0> :tӹ3ohIUHhs˦ƾHBwiBc+ ~΀ͼi!c6 t7 f\ت#v&V-Fr0eVo]j1|%l1bآ1qB=E U`C_EHBWNr _mz+34,fL\b}rJGM;`I qo.Ch'l~_-6Li Nr͝wMIIH:o 8|HȰ`S- zW%j2=8pu{VS˫}^hH]E.qAjFıNBEqw80Y߄ 5U?+ ;n7N7ha\>=]Fb0}8W!kz58I AKbs]=XaMΙE̥.Ƙ `&ϙK_Dٷ8W{܌r 4\/c2aLh'?V3^BT%`$Ϫ w= am ttPn\uyw 4M\z9ZVkT_E`r.rcR(\7N4<_}毹Y)b"${e[`OOg JVm vĂI>pRt4WB@ꋮĥ a(MAI-@}k1V"wMx/9YF00`҄yq("EH*6wL*ľ;VRƚV ~_ Ty ~O_WOҍqa.|g#ۅ^BNd2t%SǗLSve ?z7MM+o;&{ٔo;R&E?,m˽r[j|k%T{SA#%xDwwz ܔ A]O8"8lZr,aՏUqy= ZX>6<۬Em!81\3z37-%s}3`͢ 8,d_4t եd(]7VYEPUILbXba SqQڽkA\]䓈D G'M4[6Y¤ЁXww^*P}òц{|/#5뤒#P\#N'¤DIk˵# L=x/ǘk3 O56wmrVB_ LEH?JJ&{> Zu23"tE |x3/aU#0hy5_7-lfD-@Bp6 JIr"(a y߉J.do#BmՂTtu~/CQ@p\۳&kosoduzGH}kzQ{Kyz4IZh =GCcO,4A6d/!3[]\wvT{O'=⪅_G8h8-&J;]AW|͆=$d8MmMt!!L 3"ӫb~RNSً2䴣ui\yU;îgVH:幥o &lnv]>_XrnSkRa.XgMΠ1_"Ahlyq#7Y9?8#+&7p+ )Ϥuʠ35Ť; Df*-9Nܮ 30ZͤxĔ)8*R4ޢs:&RbpQ&IN"D84@GS |2\7094)嬕(&<8BC2Vv9HOei;]&~-$jc=J~jNvAȆ3Ĉ}f|y u7tF;y W2ѳdTw 9`+B8(([y_/&D óaZQ`nUz-WV^" ߸{gIypz;!{RT(\#>xV14`!-Tw1p%l(&f0C 0WUABZ!,.%\7(xL)3Wo B,LE oM>nRK f=!^ t⤐4V@ݕwZ?ڤ31WM iw]Y5)`N.b0K 4>;W~we,5"uUo<vxjtggm9 .aΤLsud.6Vϭ6yw 陕Ef\HObJ<GuEo? tUSUq򹬻`ȡO 1NtyWs.Nxe§^/mKnQxX7u<| j L2}6 C`< QRPUURq4nNm:NMaq:Ru@ X֙wmiPS=Ok׾ Wn@Knڢ UmۗҲ:i HP`=RS՘Ds1aO[1eQtB4jJ 23jkȊQɴNGpĞH65ʯc]HkvNB9T;\t/eE9^3l^sG\%RqJC8`*#`p޺8E+%xii~'/g(Z.% spj2a_[y_\;*}RGMhc|ʞC ZK5ݖ0EO^zO y 4r-FOხFP?F~D Zn6 JHjr}@4nwQ. xL]`V'0WZtmq h&VU~SOq9]&7*^"Z.1s'OMUE S};GL^_L >SF?r4ϋ1kTɦG-`cbuWpNb׃﫣Sj~>h>&h(P?]^2r Cw$*)́IE 4EXЀԃW% }1 )Oޡ l +<]|Toh ڐ:M( 0Lz;ЃX>+R|_ߩD~T& TnO? l%C)qH߇w@v Q*mX{Tgg` kd1xo M<9,}PcĶ5kSՈ'mDu$f{"Z?Ti%|xA/M6 -(1" !.Cjq,bH@T_KY\IױkI;k w;H"#.X_?i" #TkOKԅV=6 -7t12Zgv:Q/\tS#d',UZH)7̠g[ۚ 䤟4va1H,nDœ}bgSoG5Ui Iy3t'l&.[G}P)?O_Dkxyá_T7,"@BC_`gթͧ)VIJ47!ߠ_g Į-M6.σb$/D'/_V"A+=*?/VMYRt(vq|'U5:9qu!ByVӒ_T/4ρrAR:~mRKwHpOK =VJu+u^xHg7J,bv_$: V: Z!jW܈^ F,`}V]JtXlAs)vL>1*~We9&3^<$SjiQ6]XC8܍o k]R8`HYtH̫[$oDTaoK IEHxR ;WP3H{c%F;1DxcQ074,w7]NV+r |E8F7(R 2\51JSuVP+@{ U2<^u?N ϖK~x9 6s즷 Z3G^²>'=5v<E )g{[LL5ؐ]ʣ<6לlRRL$7]gEQo菟fI^\3'D=>ɣ.h9Gtf#nK{f{M];Ogư\0ؾm`e|EP7fat0^TZI2;PL׾P/g\}flH7a 9"8 6 +~ke^aNܲ8aj2br*dav!y`Fݵ>GGcS6%'efƖd NG8X`˓`]N]NgР v]U90HH7뀖HUHpm?W YlޖR[G9u2%AxU{ۓ\dJ+ 2\pb&v%"- 2 Z@tt!>\VʘƣN(X t JJ'>ky=X]}a]'̘BsX=٘\?3nTkJ[k9pF^bO7PIdx/.U>ew?$M δ40Xq+ZmA1ԃkʂh!ۺڽ2-C[vzgF) 6$JxD$Oie:qx*lJ 6xg! 2V˿BAG%bjܳvH`][SƲѪ%fꏭx4,}7$}DNx{Y-fW(owj29PF&q~\d}#i]jP'npuܤƤR[^_(::8(ha^EiI#/KJIߏLMLǖ,%9{6Ț5 BVFF .TtaR{Q7B݀P80r5o?)ْ~40Vve|Uy{Ŏk*q^h^V >kHE}ELi!»aU 另 MGjDȝ`5%.K 6Xs@t֢P|jZ`#y^BbB#%$- BNg2Jcw(TRݑ1w*`ũ} _Xͅ- "NW"57=&Pv5U Ljϊ +MhswbFּ*&(>ŗ5a2u|"Ա]3LsiAS6FV|fΚ)ײǎւS/JF?{a->t0A&@N8zS-^_ŋXɊ[\re"k@sB>Z8r'됅X3r2wM'CP[LF54&ktJC_Hh۲̐A9#vJH_?Ctuec/O3@?!Mcf ͋O!wp-$c41΂ê2Lҵd_N9+ z МB {@ȣVZ<|Y SB]]^ȇ^¤R~*n$gܗs-C_bux4oҶ2_nXxr.>A; ߋL!yMd$~h´SM ÒV)$\9ɬ&$$7wM81l3T͂8jL~|^Gx˽G\C})<(%Xa}yX_$ѝ=#SaB9SJ͙"_zp>̈́`Yx3(N*y3*7-!rj#qC+3\+MI`I! o?8q:@  rfi}!5fF^Ыs֘|6_(ov"e#iȏA~p )lG]qx7&2mx`.7V!j}$C)B8K;vV lcBQ颧Qzצظ5b s+0KE}4X}+UEoHG&_%|*;`Q dVQA~Wi U4XFRY2` S:φa*2fYR^{ļhv;P ƕG?LW+Ϫ/ t+/@(]x6е +d)h9AYق 67j~砬t~M_%VDlڨ>)6MBhTz)ZFkڪh|LS&jz3XK K$ EpfrZs?acppO1Evoa:0[GlLM S\`#:eWosyE+ģ^M2̇ ģP?s0X(|5b+~l\jb<C&g/K8l=3 %+0kc pNc.јV^6]RθWѬf߃ޱrAKYP_pM8ik@??"P9[*<{Q15/7UXGt;XgX+ i} 70Q6S)=UJ VGp6ql,ZqӁF-)on7XFajD-;" SD$0"6 \uR8wn+1 wAD+aZE:b R#'1l(zg- ogu^-IWj&'gT!*"OH`u/|Dy4n]m(oz/΅8Cup6M vP ٶ@#,,(2EN`,$Lk~mfռ5\RY%5n'Mљ6,|ImaIx8I!ŽU=a֟{Bhh[ lLX <w!e$:U4+sn>y 8)G|G_2/W݄ρuAI1rL#F ɗ9H+poS#'PFj4{Y <: ڶ<3CxCz^vtT~-;-i<~ H\e&iI^gLx5^dY]*%&Ѳ]Wz_0b%$U 4-Fꀟ dlUb"40>0Iw^ؒ rUHNv#Qxf ο{/珍`k"pа}GKߦgď%#AHD \U;ZvԹ]b3y1;a)+! ٔO5 y975Hʟlف#pq?19͆%P=܂ q|o1aWM Od6,t,/khFŞxW{aI{R!vڟhGvNXoЈ vL+#FPUw,=i4?vbW3)崲XmTo_H 29SX8̪O+ljd|3Jr9ti/fIS97Mu-J'*WH"2HF^X^ͯ':.nl%>?}`KRicL5R}if7gjTȿ:zY̗^yE|0qoզ6p-JZ! OtB 7PVSi=j#,6 t$G0ϸ$7Օ(/˚ 8iVP򻭅Jd8#P,;w@(ۼ>e] kf˾ZRصe{7(Y~[s4GXA-Z'X@,^M@<|s8fNTMг%Fa늈g|=.Ő\LSßa0 A.mg\Ce]'۬؇hYfʏ<`"&ⰷXD"H>zMW4UlqsH1AL|Z1>;M,"X4~W c r-pY*nݒ *{îg]g =,OlpΑKh48QBL$c3JnSj{">/mDuS2\5C9jzpccWD\ &b]_)[H0˹ gY]ubG ~|KȘ<X&"D\\{8{3Ü¥Bl|@L}lUpRJ}<#J^zQۿ_u:K N;zsR}K[(WqdD -},q5W@,s摱p_x֫YSBQPUagu;SWqM&!HڥsI/&",XvQ..*b*k @%pm>"/f?.r}"y0:p+5܎@>_'+\#kDS]*.mO:yEj0.eܽN|O]|VCC1ZCCT@iFeo|/ԲBG`2 T- ue\,睵0~>5N[VBMdOP'*7Q4ձґQhxym},dsZMn2IgАֵWk R{[zs 0iʡ|ƌ`3\\y6Xgp rRkxUv@P|Q]Ι x2H6Q&XE1FFcfX>̀w}nP1ʊԙiS8E5MЀZZ>7s~\g `H?me}FQ˗— *1k |ρ Ǟ #V/en!E'UExp,m9 s=+CQnJ΢J^ V\A֏'>}hr\VtWL0Lr8vT"uD4Jnn5 )4C,~F|ڻY@z> U9S^!/~OMeyd( 71Kq0jQ_ء(gXr5qy4t>X,PGlؔ$sƹ PK6="<񾶣ŅY>ͳH;2s[j SiANQ8_sq+Enğ Wqvw~@{$TXg`E9炼An,5>aцt3W hUswRI+O!*1A]iK- 9 gߗƜG1rXqv4<"K 3dֽ/) :!#KsuP9W>6?Q S[DlW L1573JM}Td',l?'I^ k0Zd]qLTJ]1*hu\tˮ3Ǵ޺H2:KVSVQpWVD39ENch$8ij{R ٩kjHZW3ylaoQ4ѹp[`y0jӏ>h1ٙ' "Q= K,eQuCߦA'I&6ftmW̷3Ub]7T H< ;ig?BXEN:rGLݹ  797z: 8s(xRɵ$ L3r)e@P88V1RzC+g,QI> &*@d\r £װ6:3ϕ}ZI@Hj1SUr۵yޗק;}AƪlO#/i5whɆcX7.p#h\`稖Qc$5AVUs)xs@b@`q~$-ߢ/ҡdp_jzjc럩iXYpd`QK^Lͱԋ\Pl'Ll]ȺiۡG#O敳6i$6KMoql/s<+r K+AB(K6q^'z=ѵ~ڱ,DS J *w_ٕ(X } ovŹc`!@x<:677̰ph}44]h5ip$X`vyFǨޫ>'=@м|F?SEʌC7&Q0.;Eevي~V[m<+ح쏋yB~N׭>@ *є(GY8{TfRs4 a}3סj ŗNzmhA6Nة]]i EQwYwΖe@BStgR)',fFFۼWeAhTc֏n^!X mvrG'E,8Nv0Fb &@o_=w40nb_J}S 7r14*Ȱ X|hsjx :Ө2;ӚL 57pW;Xᦒ큥~581nPT+U˨Y..*7MUMvm OT6L/}3K(!Mz cA/e!AR ]d_X]HJ~ۺiΘk%1jvsp0)KLC9Ю3IaF~sZt9ě_׃0}j9U(he[e{h.$QfwIZ;iY}S bШ|P{c cJZPQRf` ]g%)+QLk-暸Jηo7t;ZƨaἲlفWrmKcw`ݬ28ўoR`_m{$RR@ oxJL~kO~B&;PQG83'.V7okCrۺz([սx<SX!]\%qXQœ .k"A˪WKvc>54  #G9|ps]A8\:z<0^ѕ4v>[b s՚;EHƻb4VH2nX {G h:'Pp4PO(NHDtBDjSXNf/ky;n~exWzIN>#J,R H.DZ|=00cFs)fp Q埚^B  +ވ5K+c4[ i,EhD^?ҠX0g@IvQ͹lvz_$RW5֪il%O`~}Vƽ+,ǟ_ߢt( r${;ɱ8+)T`y %+*g 2˄dJ!7ON!#&,́=\Hw˘v}زEZ0{݄]^qrdF(tp{R%I4w puQ$e̢ic拺gC@+oFҔ /)H>rL4 GTXXKwtt`'[ .x>%aU,WhD}ۃ)Z4$AtH.ج-v48U ID=ħG 3=%{DbXQ>E 2}xN(SZI? UN?3e."_B6\ ؀0Tԯ- a̶yk|Ƃ=>>)sBX!sZ Bf24k'H4޸9簚.%YiSA+x68Gwϲ}rK7 'KJ.PIMHx4x<"΂? =v"\|ه @>>YvK .'L\AЇ`w,tSF\Ԛ}?~JCYe|6vI+M[9ƴQm_ dGtRs ~@^)P\,< V>Rμp E vWɵWYEM hiI@\=N |NA7+ whUEծGXAEbh9t4+H= YАv1%@Xu(0.՗#7E8b3ߣcAk Ap, j 2LA`rӐ.\&e [ #YFEfL`_,[cVI" &zHA6(Vhεបtuj;lX@Y|,\GF"9TG2ƨ˿]\9U1Rnr^zMuzjLW4CP>鳚V"Ja4ڽ܉$J[M ^ Js鋏NiO!@m/s{"^ igA|^;uͲ&|" ?9DQ Ht@-8Z< dA&Hq57V")KqLs @i'o<~3: I(\ڷEj.GfN-퉼fN, Q%bX3~A_bmD_lR)k\]zA1*qʅDSHEYuNe] ljt*LE0=g [:UԻ{[^b,g쥶V޵!F%!r'qpnH}H#GG `P^5a2!X@k#cǖXhԾ\H8Izաuk}Ulܜb(_ܾ\ yvX2oFgæ{&Nג [Gl7yTKKV{q@/lޔc@fHج o;k}^_UљOu&^Z@n79g%'7b3(z/7׏]f;sP'NP!y$k2 tytQ`](k5 /v޼ |I9X>(Hx !Sbjt*EZ!}1`牙G'I$C~.ݒ$b w^f!xsTK:w&QXx))1ض$ yJ(0rX9rb^m9 /Lp3:4Q_n PLi+ .{vg;hUrTE쟜ƄM\X7`r 6>.ĖA|x@Sxo|gam-GʳV܇II ,O/K|<&>| ZGGB&POoz8JʃrҡE~u:?̴S{ w kQyErvԭ3|A$UP(\wK%C?l=~c]JɊsƬ + b3>i(`3c9Mu"'>g'[Q(Wy1aq>l ʳ JF^ƔR-\4&8;:`x+|CDmf^j٣;#bkFڍD{~8xn6TjT'^M',Fk[8C'&c@K(ͅEfۅ| mdI&-*MXj-h-&5=8?Ɓ69zH&l 2A"Ny j깬Kҩ69^2kn*&G;rrs[`xp]$jӑQ<0z-Rݶ+廦N`s)5 6gMv1V knewk33e:=_Uk]H,׹]뎙#ׅ_Ea VQQ G}6ecꑠz|Q;T)!,y $TE%=,]sD⭷amVhIlՐ~/܀JxN3UVa͜WZ?y;SgD䐓q͘6¨N|0J?v J=$B '1#S+PlJ;ǵ%.i5cq^bE'cr쭗MEqv;Yw x \y֟12jͨ*Wp3.s';yc&_¦J_Ӝ<:k5Uö @1P(Mvk9%=5Yp2_FzMMX _AizƏyIBJMbH_8.&It<wDA f m fFf xT I[g&gYo|x^F%{BsHcwk ^Ցuv%ɬVS>.;Ė Q+wS2f~%N$jO'>M"x+|b|<Ǘ r|٭< Z ZD Z;4$EΠCnAɯj5dx{o.zPuvcP 8q |ٓ2ݨgUԬ/ *hAb>B.)}xKp:V2f2JrT25}v ;4z{>Lͮ(Ыw6M|08Uԉ - RI. O=;ۛZ? $]jp&{{.ZUAmg60L>\L܇P\0E>rm Z0sr5no:cᨱE!+Qlws!3.;|Ay0TFFiW>6}dZ}ϢB7=SwMzT_WvԪǸը40.BfGX)kKayE ^w@O] 信y1\(PM&v߮]I7vmA^?W5sb Q }wwTv(\.:'W֒B}a$ҖFyEw5 8bW՜_$;/V9߳$<|~ 5qڮyNʆ(ݘst-a0? ~>\FE6oVL _=Qc3q@=h *\D-,^ lHMv ȸ:Nl3-1/ICSIkh40 ~)rcI{;wdK^ȉ_iM'\%d"*U"D:K*$2"̣|O wS5 w,Ty>-<b#-f'@6'}ˋsd;E #,x<%})FDR$Ku8Ķ&cĊ,=foK4Dz~{iHM{t; il~|`SR Sxo2|6ȃDܢ6u6/w`$.7Gd74r$ "lB ڞ*K4P/<]N댺Kz,H:2]s vՁT7 G4s#HD6Bvٔ(' ]ͺ3!ADž/(tIAnPQaW!q`[q?| փbO[d#챀 E?Řoi+\R~rM_nÖKa)8jL]Q2 rC1`b@˺Th֒ױB@0'$--%Ÿ"cB[\tn=٠rr 7<94(Zyy~ gN%O7hg]>AFM!_Wצ&.JV%2"H72>ջD7SnaeB b>Bv8c]D_{C x^0ќ2F[V`S/a+=m/)]& z!3+<'MOih &pQdi;.Zeu5霊OAH^kaho`,E)*!e0 QG06)H7~`P%n?F~Cwj *>z95֢J7SdJc aug+BJq\!! F]W>aLmeez9ZDEEFaU%L)\d5]::]3{1)}"ħGi 5n\(䳂銮UJ ,P5SҠ, 4R<,F CβU\$yPm.j@|̧O^p0~QnQ][ LrWLkC4? ^Nu` G,)Zi\$ސ |m?we?+^my-^oApEZw9eXI *T['<Bs;p [ 6V˪~ EN{uuDK|?m{t `~⣀/#W eHܶ,v\f\f-T忀m|en{h ؆:+IV8oof"18U*Yvv\;mFmF^^_NyL&In_/ v&1r!d{eAG7bEG>.p H Qw@2ugꔀVRR0xOnk<;T;d |>莣QDqOVc vfOgQ2`1dx-;Zּ+>Cae X<-Y #ofr9^aW:Ht5_k6gg0_r8kńBc9P9-Xo9P;a{-?f?(6D!9Ga"t4V;6η3yxd.`e@]Y2q{ eOtua>|.v-ತ%t@^m $.L"ektw˄6?9+}Əw-T#ϔ[:d@s%UCtS=E>*؏*-OTiX {̗Y>|?2bJ Ⱦn֏X -kOfm,gm A(sJk ?X jˬ1ݕ:5%qMՍjãK:6jZ]Câ:;?TeS˾"bIbGM̀Tqr H?xt+4VCVeŁa  Ifa0+*ݾF;RT;]ϑYvVCs6/[PglW'b__ޡ]sF)G3د` u1OE5Zi]b$Ń0PlUd0~É%J wNwmVH)k㋀$lСSgJ>yGI{S?,IRL0J3+xIFE+?| V0 yTR#k׺w:dy4iƕ}VʺpK1[7؈Q+W 8Ae5A|d+o<Ã[7F_Yj/ؕ?ٗ3k[pd4-ۯOݢI 'SSsy=IybEd<?5+v3u}ڮT;dَQdQn-̛'PP|MFw60{``tcf S峝2\HNtK@cmE*  \)Bb>g=gT,MUgSk+5&@ȮG' ږ ~+#&8H%6\4x0vQ8*|2rFuު) }mDWW5maT΂ ڸsJ qV2NE>ܤg3z7U' 9ネX[%m@l@%"1ܚ(5Չ'(F_'Sdn~ц.G H"CQGðo_?M8}ut- Ԥs[1äl!-pY8PP );eXEezq#^I!ZFҢR9ֈ &O] ]Q @y)HB'}䵪4j}R!l^3#jR'?#J^pzx=67=kxYWԒH)N%Ɠі }(IZj൮}򡲔Bfb *oh+ɭ#x5ϴJP;cHd) þ}fgXmzvav qr7A<&]p]:'fOl+ͫb C vP"~Y^Tv9]~5>'Ŋ\ a:t/' WYu^^]C@8P)6@0 B9,O\'2/ aUj;m/6Jӹ%[ܘvd^Q7EN%&-^i925gΕTql d:QVҁܛ5\S-rb7V4_{鮟0UGv䧳n{[Ce2 J,&@3=y&Ӻ9~w$5:11JؽƤUy'#Յ0kn&QC-&$ [9@?Dʩl dYt;lCȓ藚C %R{$އHUWOr*ѦsK,GV3!PB'",`߆j:>(9Zk$[NR [}Lkw>8ЦƩHY% c f|򂹛!,\zW@*D,*W}x̐Op[侙TuFQKNE%՟ϾpNV9q}0hi V{BfwS"2?x󝶮=`&AB\!Sh4YpOU܁tDP2~|p(`DeEPLD*0Lדy@̨{#pMF7G  M+3DYuIH- 0gvTLAy8cRa=rc\^xP+ė(_bN! ȓ, hw=솟YR21Es`}?>9m6٥x- ]Du !ia,|?h r)"5"CD goB6˷/T|N읇+<)7JE?hAq ג_~֞@Dh8K:YTq3Wռ꾯DҤƍNUe=)h~Htj}{qiгtS@ށ]W]?)tz.Nj6>Z!zm[6k}? ◝D _Ryp_a{3&$MP8ggYtKCtNG/s5WHD}$ -\4ȋagO{ ^zAWH!;ƌ4Yj*72j>G/MMQ|G'u^s4'+8 " j Z ``haQF?>/ŽJ,"t =%W'. ME0jQ"ԅ l_YX;r[Zuk[DJw9.Û&~Xn1_x't9",DQLdI4ERXaW4 uGL'k9igj˶cfYnx|AXXhICX9kj?pO`\ tut./uU1oR쩜=FARX۶l~w"*Ko oS*N^m 7LL.;"_;qgem,!@,2G p)*ml0Z=CIVA@fMFv`jޯ& kH}_X[xeB΄^ziˁiM~o.ٍnX WcIf;j$j~)^ޱ,>iƋv2f|R8zDe}B̥;}{J^Na?H $E^e#$3g'd 3jTASW+=K -aY{Bݸ ;bه`NqE9BYʗ)Jϩ&FOvT X&t_ -7$XZER@rpQ-IQoR ?P,!Ydn%kJx4.9L6'ΦWb1 "%Xդ%{xCqlL!X1j* lP}T7{#(Ӗc ӥ>Tq;y3Y>Hem5v|H?&6#Tni C]ft"aAHTLpmk&Tذ9c Sm˟\i񚐹, $tUaeX{sc>U?6Lh~d6Q J䚯A{i ^|Nwb5QCW"ƽh'jg1dmYdtj{E]qrINw#)}J ~ű)_EeɹDK-"]$vw?c(\[Si` \rPK VkAW*j!)hyDbad;BMv(a8Z AK ULpDvgyv2gϯ;T9i7yB'+X!zI*?_{f#rtLb݇r\tiOYeP@V\&. ?=e([+ $! J\ÛR[)yݣ>|ׅgJo՛?EzvOyNHY.0KCH7uê UAz9S׌0 D:Շ( 7&g?bRp]>fo%سo.o0,hчasK.V$pAI@q{9,|j^CzPʃg$ZHo. j:)17662LjeVT}ᰲD`nU&ώl0MjYW]O v4$i/օ2Ƴ)zhd:9WpN rJ9Ir5z4·þzltɛm! kNGIkZP7 Ái\X!̿ݲIilK-&mRMa,a7|L&ceɗ Saed_HÓዘ*rJlLbs. Lh|D{Kfhc7kq0DShw_rW`4eSU0~*Ŗ[%2 lL 6ˋ*_p}Q~'X1Ë|^c lb4)$pP@PA_oТ$poDW;PCa?5*@{%JTbr n-1>Œ:XuOLX _}W*eg$dL.gX"_}{)Up]כa\Wȭ{~BTLzc0~3D7qfae|R&.S N@е8oZoOK5n,~2֠3@2~ "-NqgB;30A0"1 tmfI+:9y%y [U ACG҅$*&';xmYvt&~OI1?z #oٵ(Q ,>ކ55oLqQw0[LJo׿Ӯ7.LAY6aYL Uar=}qp_]k9,J"@?2d aJgEO}>FIH\+'N @ݳnO_@c~CzV=ޛpֹ!c,J=&"2>R"Г㴫<;W.q_F I ƬO>-jH}?O׮y>4}^-Wel!fa:~C$V<='˛`I^Ք hy6F}4w 4)S3ne4F&F' z$h߇:ϟ&4c%Sᛀ*P98p8e9$dz*ȗF?"ݻf~iՏ Ų;4kܑy$_rD1Yfb A nH#۩Cr:ȣoGDŽgKSYU[`ȾGd ay/^d=yu~'&dbA<2ri5Tz֞9j &E\>I&0ŧ ;8ʦpz Ts>f*bτln‘K+ +4x1ItSQ+! A%1UG7bqZOsP6k-E 4!C1u+ejYM=1*vdQ`;bʨa{9zz 16,mWT8q5U=boD'P+_YϏ5#cDe)ȡoC`Ygyb{Km; ?3ZĂtDϼ1K@'ۑuM GJ!I25bI\ii'3]D-lC}*PEC#fŁ"xVk 'kE߯rn^ʼn !Abipp\r2GI!j sNGGZWccWv(#7?jd-s` FU|>R".Nt"S G@" HJOf֔ e0 =4{eO~!%*l?4*ߘ=`h[MZkµŽx/3I Xpr-u|_ R _QY|:3l@r^SpibyF֭ZmKkIN>"e<#R&DA`wD][UR8IHCF( BX?+Z3v3\exf ɡYk ǸZiQE ،jq8iY(`,s:M!fI!2/uW[|ΖΠk JOek*R3,#ayBhjmI;lV\5Z$R2nka*p*>@Ts྄G€Mg(4$}mtvnTf4"S'm 1`*H!ip?mAGht-R8B+>cnEoy .ZN98%Dlϑ y`ZoڇPZ -%6x,en `FMe<*4fVH YHZ?I:r%A*Ƒpo`9(`;VS".ɉΩ%jsQ}}ᶷa6xJ=b #b"Lb@AHbG6ɮyǾrmϝg{h d4V8̹%[ ԐKbyKy犀l{rY%3[^Rw 7WxOlݶڎΛ/ _ RamSy{1``_@"'&ԡ|™U†Ѯ :ժ#YIÚeC^Wq̉Y>pw4hvgw)HW$x8=g$>q^e/ġfUdߨԕx\]~Cd/TtZqa% W ߘg_)ap(.@%pHwj)eETSnIީ4ܳ(MӅG^8laq}Ŋ)3 {;͛}k B8pݯ۹?NeYE11nIec`/E%KD*KB3W >GɁMZ.Li~JiJS˜`0r`|9{5 r>*b):S=AOW{gw`:I)! m'bLġ D5sSU0gR(ROo**^lU{TgiQXHTr {GP3;tJS>YJ>v}ݫ99eHst݊<St<ymD|A'W3Q> a呲>ˈU$aVUR63u3u9[ѐʾ|M~6F_V5m\ߙO#cD)AE\gݾQ%}]b0K7uiK&TH}} nSq.afA]+|5 #)V= ɱ)S Y'pּKWHeSojTη𬬵ф#׈Q__Q/b|92*- (ċ8L'sP^A\Jf-Yi^dT>k4S3X}lJ{M;sT{rBNfòRDYat&7L:"f5}T3 r%aMt!cVY:1_ֹm? "p2,la7n9;úݚ92mӞAt@@eo (=~5Nf-"S4d\0O~sxiP5$gd8|FU([i⩖i/ =b3W|Bʒ1spc[ǘFxo9\&Ev2(V(`3D Nͯ5%7gb<*JIˏcֻT_3}`OfK;9Jtβ ⮮ar@\!lKr2jeB* M*8XZ'Ta{>+Փ;TS/B'1?sj~>wJBGq] ;9%U"NM~WV5+UTഫÞ??O;y4,qJT, [Z1cA8lm3DKj֖kLHǵ_׳l(όfU5Yr}J^rAPޔ.#fڴi% !0m5AH;hpcgN'RB$Ǯi''YR̮_ЗRz¿GmK}pE,kry0ngӃ$Hp.2UjEve](`WccAyX1GZ<;ɩ vEQ!~6P̕Rgj[GWxۣp/e@d+z#$Kڣ4hTj( V$D$WdP1F3kF%pӔD#h 71۽~.$v==IifycOQ5#98ZqFv17WxՓV()ex68zHjIc*Y>*4)-S]ͯ ^g?Ɩ?)u+I@qqdN<ȥ%}w@cY4$M }⋚"H-w^e4nk֊M)kH;XꝀ./\X`j,dȳ_{AW-=A,zv< KZUQ>^d4^ϭBu_ 'o~t1Y!kd0b:Ѓ("{=uA]+:LJĎ`]/\n26VU Hb[B&^E~1S"k&68F6puJ3-<.=P_tj |EUB-[W?Z\W5Ɣq ?g36B&QŠB夛E!l- As(Rxdcx* 1.H^GUv!LL驚(6=҉$BczBMEg2h6v>+wd î>8NVGx -;IkDBmI{u0-~]X3%p'4̓;:cWG=)\ӧd&jm6 HX,C*Y!P~/g lμ-QߌJ w&|v#/bsi$!xH ËRCddLXܾaξ5cedL W%<QEGye VXJ o=ءRCέ?xO.bq1j?|SC CrS%Xo 6L w_(pGZf~u_HQJnVCA%d ҉jAUH8ъ|QW$ *z`aXu*A$Y@ut{JXo_Q;Džf6@竽ёTwDQaލΨ]HQG>Vat,Ӛ,q;` hX+^ ?4ΠzJye 4L A0.]1Dq7Vʾ/ E\ixd4l(yTC 9BaO\ň+xhW荺M(*yе>,JbvDV6b!s < i抶UGsQ/Ot~<0".ޱ=V5!XUɋ)Vp;(dX{1?8]>W_d)4!QcAHEԟWݝsg6wE1>;>dH&mʹNKv`O@p!07͡PJS٪0! `pBRO8|BJ"@3 /+8Pk׌ Eph3O8?o9 \][Fs( G>ppyRQ=RihPtt5 "[ W^+QaAoQ0/د#5.MV,fq2>}w(΁IӾkQn[+00.^x)ڳ" /X NGWk~~Wk# A !6lo5|69:-ٟ/*;K><#e 5 'WꄘgJtCHr_0/{W#=ÚK_Fb-]x˩D[@-1|ZmD7K?/|.BsmghgF2?5jR+K}BW LwX̍$|$17v@y%U [f6G_#Uf>qPTw&iDYY0 oTZ^gʇ'!5Tg 'dlGpH`[%h 0F,>k,Ae|\ݬTB[v'Kz^⪶BbjXN<.KC^*XJ˷@ږaw~J+-}WZlHA8(̿&dˮ9kd;/So!ϖclHe$DfuQ(558O‡ tǗҜȨQɜ)Tg;QvOU)S+v! G9Kݒ~lsfzUV=Zsқ,{wcy,(Q<ڞ(N쇵).,_΢Ve;hNY0W jʹ"N"݇#; Zl)'{}lƋ+d0:;Y$ﮆxI$ LAfdY'1Ut +)R1A*-R"y^ة7F֨Wp'Ydld+N\y\rX<o5y2xyL=5*F13 0JY}rg fmO lհh6[GյWDGIU_7K2:Ƒ${`@cxi EE)*]!3PiH(q.AP$xKըewvJ.s X 6nfrf0a}hytPw+ۢテo`*׭n;DרkЗC}4-܏K5V g)6qH@`Ha5|RShtjm&y(~?#❂>0_xj|ejƖRS'M ڲFAM\W6o|7߳4QI4MUn-MDw3"G IB z̈́Mža`9U}7w.; `Hl E5^S07?x}뛓D xE>q3M uo7H41%1t)Ng( *2L4dFGLkq~ g`|Z1 ከ.G(%F Aغ Pؔevk( KY }0{-)1)نȥgwg@9nv=gX9-Vs} ?iSp%l=y@ U]NӔ9+כ_Bt#ysT#ԁ)zD68UK8ϊ{ک + NzUD_a5îLKM i{hbgM5즱5L%LD'Mguv;%j[˛nz= >RV+ZĭLA 4"ΒfF{ÊO 1nuիZnykBwr@M]z8Q&P JmLNV-9Vq8x=Rw> '+&:\u)bXckJm.~}߬%>Hr!bh  qF+-u.Н87KJu-UU;6 RY'ǧyјM`I4l0D^bxE? /G݅/@Wfaf_53E |[[JpgcU̥}A I'`.T- ^n\;aWu w|,x mb"n$w"3Kq6"fJӌZb'oqpb_u!6Y؎:yfdET[tPnؘ[n`T cg#&Qy%$:qlE S4sT>,j' ԓJZ'C$хhFa|$?z ciU dȰPY-͒{Ofg/|$1(h+[ 6J;CTv[AaAlp\eOms%>(ͩ+nY6!@ sGz)k"Sƽ}7`pGZWRYVbt6\ԓ>kkqMV%s(F5x&ƾ]ajgv?0 l:l!4Ò|8E 0GBQXJ2`Gb8#5"s]Pc2^ Éx:9L!bZ[BJ9S[im*oJuJH1O@uc[\?b{FsW͓PA#b崊-OÇo7,F&̦?O~-s6;2םz'|L2azn >@gyS/Sny{Ӌ|LCw,A -{<;Fb,frHA#2`^d99sGj:P,OE}x` I@LoŨT/#x3*%Z_X_GML*M6JUYߡsY9.gDw&Hi m ak߄2i吵 +G(6I/b?t3K\A]u®ہ߆[D6Kw (mK*K7M'sӄ1sgFml>Yx|Ukr9ܓz9.ݪ /}r'JS?l{_By5!Ѥ(ccCңU9?apX%V~dO9^B^ި 9")n< yEj|ddkօ{)LDN)aଥK2S WGAh*- ZoѤa1k*gAźq}>jf\M !x ÁL^ԫen6(/4h5i2 ]]GW 2}ys[]9yd 4]|M/d?$3e;Վ@Ux!c*8S0C̵IYN!a= W4h U{ųx2 v2Fp RtXY6RWBbqcCi, RyppyK݈mXlSh1{>Zs` epǪg|Fa3'ƶ&Mw'76s%hoEb W;?(GR(hV׏.a:Y0etZ8P:!&jy|]w^emVhشk3!M;ZcW)a۵ǽa+A0}],Fo~L^$ѳN4O|$_.UH.toChU/>q >LZhXݝ:̎ T*t=S#ӳ^1*KO@ 7hY`sf%k<:f!U%څU..˫DR* .ffIoeϘsG 8Ͽ_.g;Jڧ3Kjf d-toQ|1eLOgy P:LN|LG m-m*: l(|8)AD%@ YaKrXh .Te9 S͒G%>c1ҹE@4o m\Ͳa"I7`嘂noBqb3*'Л1ah7gm85s#)@sDSU|Pu9 -52%ԛGU –'SoپȊ wo?S>!F&$2w&qp kM\ ԱC I4*R7+՟\ yk2s*N:&DʳdXeD Z c$Ia] j-l$I ֎@dp ]ï_s0وWQs(m܄&a0aU ڎ$XDg+CЗD0[tSJ!+h4싃 .Z{S7 IE߀Rww?~U10P+`ēۓ%==ƕK4el ep/8$Qc74+1W[n,R$-OѯCh^BJro5GӬ"~n*QY#02 Ej uB `> IT?Hq"o0K_Ty{Vy(Aq ϤB L7,)ۦ{&geNnxZs80z!< aʰ,#-A_VUEMipJ^鉤ݭKe%eKF,'lW;x@LPbW)# SY[{#oYG-v.QUpQMj9{4 z{QjPGm@ ӰOhp}|Fҷ& } k<c٨W[Sp2}aʗBtOHw]cJ%@Û]Ǭoz~سl0wmcp{DjyN障 =x} 4Z= 3/nㄎֿ'/wP8~jj\Ѡ);R;&}H& YE|1K(`Ⳓj*2SٴHg1S*vVSy2ԑUs^o61p+M~F2 8(8y<5Q| L!N~Nx6̧|eYBh^iE)c/ֿ~}klXѲ/  <1I#ҐC6 ~8 tb[KW,(Ӳ[CX٣H><Pj;z>7?P|+i3jyxTowYzKlگF\Yhzm xiTaS8,5̚Dzo߁'6W.J;g}~U'>UՃ (:!0f k7(bIĮ%tRx jCswQ(k;@ ?gV0.D%Ffq`pĜb^?;(8Ҿ}Ȏ\иp2[u̸7bFmfdI6VSsEԶj(;(Zܔ-SAP"q sCHoǰnvs0Lpj5 C 2@(-''2M{rzK7Ts_%02厑-'ױRV'jFr5K>GMd3$xwxw+Kb/W5tfh"*p?&oXԜ:h+q-\rt}RJv+M?xҎu-MP?crF!Dw9JWbkG`(!ʨׅyϚfe†x!\Ģ*K *yA)L U^w`G0'ßz(_DL=_b0 LCUbj_Q<:rE!t-R{Dbq_^L"1"AOx&`%S|lPbǑ}p>3.'Ԙ4z oaxz١yۊw~.eI*Idf8ґK}?(:,^F]dÂ;4zpFJ2qZ? p|Qp βnǀR†߀ؑ9!I;0C"a~rg;%w\] Y4G ]yv 򨎻Al̴3 j+] O+FgIw褑}nb`T6!w 2Tm!byDXzŞp0[r>߲zbY3gAE 5]%bJoeI!^4O\(Zi+Ŵ ܫ^PWL`!>/i!zd|OT_?F8?ۋ3H3;)1 DP] ߗ UkqpFMkƻbF(X*|dz̐T菺Ԛ;aL`șVvܒ٠Ɇ`!^K;BpQF~ 3){bTA@aܸnev( p̊aF |8.bkc1cbnj݌vAp ,oY(ވlJW ߨ, 6XB>@y4_ "aMRS a7R3-K>2p,5<5O IQxFfm݌\Jͤ5.U X2p0zXɎcoW_|,.Ճ+Ρ͔'&i\(r-Ygô+d|…%~`9q&O75%¹ >IT{X ~u$m,z渴g Y@!uekWï_e,ѮPwg Oj|*Pzanե oP&l_IWfcU"qƪ;!6P/=m&,+# &|m >:M PjhL8Igl,K*0BB?5Źm$4Ҳ-Ur6Zbl+EB@ؽf^5zI3rhrPop-/;?}{x󇅰UrK@3l:` މq=mՍ h,.`v[_E֠73p_oFPdÝS}y:R\e O<=>ԝ'ޥp=)MEH!ϵMtƧ+Ci6yW֐0#ay{vԍW~5Ca"ھya8 ϞKP[WW%Z\Չ_`_e`:яb, ;{n&GCg - =4$2@*^s'w!ț$Xw~Z U8¨6넘,1JHry`geXRk%[,oץ%?HrKĪ6`JeMFQ'Li>t(uVQx{~ 񿝽jLPBo((Z{]f4[9аB%vnЮD-͙ݦ~TntCgY͏&b<&7r3hV?;ٳc E *)p=@FMl,˗mPzFFӖI7"L fl8pPЪniI2Aw:G̛j%|u9NL띋R\l 1QhٖC@y1qYJ+da^wh\?WH1%- @Ka*ńB~RXSb2`L6:-,4cn9F|y&q r^9cƕ=n8B]jD~rr`Aɰ Nw}[Mm^iN_C脾{dJõd<*|N%5(הz'G ㈮^-h.[_;NH=>F@)Фn_Pu'z ! gԢYʷkf)OE2?+W?O31o$E1vLH4@H] podDrؗC}W%GeNâӶ m֣nR7¿UR+n)Aae<$N@Vʭq[lMR966sÂ}9bYzi+aBW{tMmZ3+OHEeD)RE~{rښoݩ/QCJ¤JPb֕bR^iBK&Prh/I28PXIFW%jhΟ$81.p+ζΗCk]Uomy1ϒozG YɅ}|+qM˱.K'0Q@f%E1+e6F|J_/obNxy`r1y@g,RhP UI|N(31B<)R ]l3zsiM4H1Wbu4D9wѺ9W*he]9NR:i|l;M^i~<ӈSY4= $سe8B/|l:NAO_.fJ 9>Ott1z()ӳAʃaL5|TiG"7̒Ν}GoK#O`6T,WD}H%UA%Aq Oj*ʡWW\) Xrof?ЦJ^p(?)D MPCȱ]6tV'} \je%I3-qAcyܺjthlZ3L]B OW&7}vOq1bQ@N_qf [Zav:|kJl!Ni4$I!!G ¼kPcɝRC{ǿޤ\[x`VFX7h:!Bd`f#TSݸϟCh`Q [*T!(R_qp!\0gصx ,=An8 22鐸&]7$a2=ܴђY;-C(kL簣_ƚs{ CʐOI|lJQKaYM-&^pIsgr\`BFxsu)pRblU̪no fۂ 7(=Җ6Cyޥ1μ8z=A/T;& KSRtsˋ-[+zQ"(p榴 g ɴױw-w8w BBN$~VnTW%m ]Pi#hr!Ȓ25|.<(:cdΙ\Q"|~gy4rfl(ɽ&2Ώo_s!rά;h;Jn4dVd,}Y߹4yY꟎_k`"pr Cgr AE/eHʌM'{dcX9 %d.fNdb -';4k0D:1 ؿQ};&Jhx]4AɦGN?h^`נo"0[`S*AZGQ]W5ҿ+ڛhR%E7 .R+(=I m=MdA\ a&)BA qyH8s͉evk .ruQŹYi. }5(K)`@$ %9jWoQjwWKp Yk]Vj4m "6aڌQ/'m(Bb8bp*Y n j9э8OI-hY֫/'4G@6^rvHxK6 ߫BGYj'2DíM>mNhNsA|oOcJّ7Bv["7h@&NAE"1&,H&{RWMLU~+fIg6b|vNw*_ԕb*AS@LzGûy0 9 6[~BY B'ujcg,Ѹx#LeQrf :G 3 Zn6+b?E&4Ć犹A3QWx)`ϼ4EY)'8pC14cňF}>*tANS|9#f᪯=Bl?d95󪔜W2bՕ:K'OWYU7u;[jHsvPYRkx@2}UJaS@sz޿R)[yydFT/ yxS_ ..Lxw%v-=P>hHT& IX"@C.;݄5HAω@+DSkeiCSӦկy?VpB_84EѐP0Mt/ 妄lEC.q!Y2T~"&4h=CrPS+0=@'&B{6p Gsviϴ=erP+v<6E \pѡqUܱIېg@m`ncP R~{7dSLK K}ܺюdLKss5Vu%' Ro>4Ϸ# f^D>zi IOʻ2T,\ ^=緌k0=[]t85 b—#^,jXϮ;0@օw7a&1Ʋ}i8tT J1uGD$׫m*7OܐJy2NJDwPOsv,W}8|y(Iގy;XmőԾ4]"sc'4 *l6Fv\>߮4b=ŖDJ, /A⊀RQݩ0<:\ '7ҶP.]@4anKZ\4CNƢ iw!\ ]c[X{换Ө;뢝jz7~ !o6G^ЮsO&HP*37>"_Y:kD/><%2Cկ#A=I%w6=6}j@&ϙӥK$'p!餢Lmt\cї5V/%L)H$c[j$ ]/w 5'y97pTyKs֫[ bfHR֡SZV߳xb#:4~ӳz}Cߪޥ%܍n|RI%SSN(ϭA^^g\B0#V[~>͌3;Xdmrg*$ S)ؼC^ˤŘ:;Ypp2^CV +/1F #qA\JSFDXC# * XCypD12~eS9~>Vsp ,*BdW3nZunϔ rCp"!Zg,Y F\n{t.cw% iHBoU.At)54q`IbCsŖE ,j*o:If1ܑ+"T vts0LΛ潧l"K3t*͛= 4~+\Q{HDNIJ ҆e>V]>ڛMi@ACTIĈ`E$XcT@ʷYe)->kc6~[L޲_EB/X6Xog㻧~b<zdN+J(hdعv x*rg6dk"˒Ƕh$ /^L&hS\k30A t:9eJ~D8R!>nyR#$bH>ސ^^v)sGEI憍`!7 ujnJʼn 1I *:SON{ivZ/!b-2_ Hxj_O$^@Oe沕6*\ۜ$42T/y [pwYx,'iIYV`mv‚  fAS @0O6`? ?j=j<;:Auǘׇ0RYѶc-&r0^ lWтs lXߢ(ы$tn܋!$8w8 [ arQ=wr*.NQ7M+OR0,0wU_7S궟: g\^_o/Bz"HFcQD߭e@G}{3{7xbG֝[C&c0k5㤖EVKhַŕvNIZ*._@e#pb$..V$?՜0i}~nc3`е~ۺ 5I.Ùʧ%x&5z\V*pCTdz 9@xijy@ 5:4:_KF媈ʘ/W~b*ӝcJxzcB˱W\h^bص8ʑ\ǫ齃S, 1=:tG͓S$z+|&(|K簅meSUj]AjkB]Q˩ 摾t"떤? &hkq`Uމ:P̈́ip/@uB"Z"+K"ۨ\G4)teQ3Ga(0|`|]\<9DeNۣ<@孎kY7CI5C-cF?9x{߾9:ԃ``DGRTef5GS^CV4mQ{+GΨ!Bl3+$Pٞ,XYل{#$J EWN>/m^(Z_XeyV%1bB:=hBVQU6UA2L8WE@}2PM(қ*(5S5"ӠkߣTGdGĐОޕjܟ~e rKFDJWx| ޝ 8"gYt`TI!VhhP s!Fz)Hb=D08ٷtu5Ra/||JpTG8'Bև;.e*X9 2_5ˇGфxG*9 h^\f |M eg1)Mq|7t!FMP*0Pq洅kzuX簓vY#v={9G*YBKbuk4jYhT: (ڣeqxZyRu? x*"dn{/>L$a; ^:^~qk$lr )?mɸ?5-tʣ9n$7J*^g,%|-&)[e+jX3C*PcaO,.>lZ3D2k)(hcz]9 ڎXuOev5 *zRLyrg9c5ik_bOONI^ aXd`+`63ݿR@| lbAA0o'_30l"޽AO\Hm}`宝z,t5>jjh%b/"Q ӆ76a1X mU?eU OheH|f dQ}cNF7pGEgzo!}J2F6WtB„y6x-,U >WJ1<"R<G7*,O_)z2PwZ`\ li/ZfzU(5owg@c7E[-=0GȨWWb:IZd]֡C&APwFյ좀"^$u1Y%eL/ £K5O{~lB`x,)yCϚwerssԆ솋Tʏ&ZHfCd=ˍ Gş=%V "G*z G#öXr+Eou >c VUG%w]=L)}^.@){ KL@B !/ X޴uaz+q>\ il-~]| w[ HR]3fk4U2&l>ׄMTU`}Fm愋ɣ! <Ȱ]G1F;M-!LsO,cIYqϙdwn .\ߨ++51X's#j|V0P8>kjj~YQ t%?Pn==AEFUP#o+x]_@jxFm5R1d;E%V}y5qa'¢ +28fvM?9SA /fėv6X4=>|T o &C,7Q`ប^gZ3pJDCPku;d_6ڴ=l<^<8XfYn@ $OiV EH>,4]V+Z-$ʂwk%r0n!x@*nЬ #!>e='i^Ϳ;nMH@{A'Mbz"tCokH7:r| \Wۄӣ4 '=@e1ɢTx]L|;9M`,4ט 8hem5tKmѽdO_rU:pgqCk C@F2}xU~Y秗 Ԙ>l' =xYmp FUCa=v❻ Rt:}Njj耭HY?@n1߭0nEO0W^ڨg< )/vfkr$C!^]fTGrvZM"} ͋`P`ߞ-H " >w\CFݿ= BQn_ixb 9Z q/h\~ ޱZ-=˄/dMYU@L-ɋa/}~0`?r۲<gc>q{?Nr]GNS"P4nr1$(Įָ~,>^. 1-A[J%T,F5eDAV4^}$rt\RUaӦb$enG"[Jv.$c9lLQ#KZy"( IZ4k|VaxaQC|N[!HmIp}ew'ѾH2A] +o魿 ;L_9ݸ| _J}P:$O+)S74P q:؝y|_pKABs_| )cN࿋1}dž@-+ 0)K cp˵ @a5&0l86(I1!@M5 g)%\P:0{fS.|0mπ cZ2P°8PG [BGT1%8KT(oos\|Zt՝vlEܗ$>bN[=zkʚ)2͖⣓N-45;M*s$Qpqe, ieEky=Z%׈|Ջ^e_"j-Dkbmqh|dz'5:&PƘ@|=rBl,|f,!*P/,_ВHK%ADDw[CNMH&pz370VGxNfΧ5\EC?xLc4-;c$kԟ1u{|^ֻJW_9 Ѽ5YK4 ELձi#C"Z!,2<_)|:'wⲾ뉌b (b{R~SYى\V54]"7MOnyH(wU \v(bW^e:吥2>;Kcv(MzFk#YDNF Y;1\J@yٲ ߁k>mtL'—cwNwqe ̟YM1hRyU2}EJ߻em>}eycRɛ8JR)EKhksVO\nlO쓿JQf+'ײ,buLԳMQ/=NeJodyÖ /DZHdCXW.5B''8m:}%dgqcqdǨ-Ҽ'CQtj>-oOX|zf:=5ct\D!Έ1X^‹40Xy<\()G(,c,ؙ5@]egG;R=M#?"d07*DY  SSޕ-QTűF&ڽ~ `vJPǠY (L&D2'-pyvѡR ETLoHSW˲9#ƟENoaPOhM#s*(wWD@mْan(YՁ؃|H AJDpIs{K_\uG 퉘ubf+aH:j98p!<1f4;,+G@(+~ ޞD嬍~=fkTR k3w[|{OS0f1C4LFh;fKv;I'N^('N%ko{By)qKuiχT8ْк][ 0L 1y~fj/gC6Qs<1(c2N{SގO ;mTc9'xFYNo<4_ZXiC6Տh7fmyyF,-sC'˴j;^7U>ž&YV^T3$C1V#o} uCNI -W5b^%bz ռ+D i*di0u@!C'! "Xf/۬7{CW?<$-T`ӴEW8,לv$˜9m :Qc[V{}x̧|(Zc%6qX((ѿS^8L/[o#7/h ~^K6Vl5-IkX ՎSNeI0f3_mŔSP؋,Y 1tM*eZOÀ ([vz*6]|1 -v/P2yïqTdy1.5kl+Ym\'8H.PwdҘ8#s嬪98SuL8u~CȄ3e}2Y+?rTX́Ӭd)ߧzfD *;wrlj Q#u.~!| FEYZlNh+N`$xufTJ9A<l+U}Ɔ ^k,Y{E ٮxWqcDlAtdݙcQNӡ6V^x4P- ޟGIQE% fUY<1e(uas@ ŏ^P)7nRUo;bRPn WH&So?fnaQ m)'b^ <1CA/)oL-i#~.D< iU@n.}Ge Kތ=׻NVjZՎ/z&8`u~Gn72qY Y%@Xag[_f:綠?[B@4{FhV06?N2Y*U2dEZ"-숬XK@vk\7 QBҳLΣ/2MH(tts9[BuDCQB|І__-ZJ_֯&g$! &J9@Άg-%o,j O1lJr7*Utܞ+h|TPv6kaSktya@a LuS|,uw3=aJH2]~(%TS;I FW{e4V/:m[.RgRЮ8}YSۧ})1+N^I2ZAOHD~