sssd-tools-1.13.3-58.el6_9$>2G(p36e>2?d   C .LRXbb b hb b b b!|b#fb%P%pb&'9'9+9(,h8,p93:GbHbIbXY\b]8b^(bdeflCsssd-tools1.13.358.el6_9Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP passwordZU=x86-01.bsys.centos.org yCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686*ɤKS@ |4q"1FQ :bo3] 10m:+}MHOt x>tH dC A큤ZTZTZTZTZTZTZTZTZTZTZTZU VpnZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTZTd7e7b127decba56deb239179ca1ad550f9d1a7af1d025afa791b01329ab072759c7b46af96bec45781ee8108096588020da5cf77b593154f6d8b18013ded8bfdad131b0c47e6cfbafa199f67d951f145d6e373b1fbfa9f3749b88b03878c1c1c2e599ffb7cd15c37f6f505f8899527511241322ca0cffd3a0abdf293fdcca22eef4f6268d6b5e2f9dfa0fc5289b4ce5d48a63d72a1b7b04923114a4013b80d90074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e392be566a7ed5695776443792b81391b8cf0599d4b662fb67f3d281e915d2bf248c553abf149b4a7568c26a877ef0241430bb8e59fb5015ea7cff0dfc4fa16905262ab1ae9161bb5cd95e9e8f8578677149486e86a67c70ab696bebafc920c03882e0f68e57d2f2f84f9c100088ac8508237103d5d3f280ce1d8bb507193204781a5fa9d915f5c56cf662051c6c122a25016409bb2ffe73ce6a65fa46ce5597b8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90313b06097b136c5c0d5f655559c2cf20fab26fe76fca5c20564392eccdf0b5f50d3000aa080ad7a5881c8a49dd3da76fe1d6c6cc9269abdf8bc222819b42b9c22c75a1268599af05ed0cc0a04dd9acfd73e16a6412a5d3c0e498d4555e31c84e23425506bdda4af8cfd3b03f3564419d749f067940c0c4d3ff4e0be57991069c4fc3bcefc263239b822919149cda5ff37e4615f1f84ca34c0a1b625e3a2c687613b1af636877fa2912a36482b24bc0823c0b4f22749f376848f870a125435bed91e77ff47a91e4fb1698ce16a6091e14b9676da515362f6451be42bf4ba169e677417db216f67b03a91fc7ae16bd95b800a180d9421cdc2f4dc0475469db40419ea89929e20a817960d501a690a6f830bccdc97fce0eca83c029d23cca69bf5b25c78fd3eb592c4f9ab2cb3a846bece68363adca060e3ce994a98ca81b5e39a1e711ebdd751d5e9ce7293d68410ede3a69e6c79c1394990ea2aea526005a814b678e88f5546250961f8fe196461a7bc8eca26b4783fe9fed974fd577ec6abea703bda376ec5b5419141a902a19e988e4f1705248d9742df853cbab42301c2457d4296d67d7241a07cef458752761ba8bb724e2b9647eea0a61dd91ee240c79a21a224a1d29ae27e951de1133babf06b7feeb94680f851c8e898bf278bfc946f22111cc48c43bef44f58039b7e13f5d96972fa7b91a9b635c8e025f4f53eb774411d95efe410e12f64ca7ea89d33f87fa41bd7b44c411967c680b7274128b11504ce4d1519200914157e3ba9df7f2144fd42597a5f26c58eb4ff9d7aa7e54f162e1093fd8e3b76bf9aa1be3c4db4de63a83c7462b0c47d51dcae3150053145910ac2791378f73b979be8e47598aed0bf6a13c32cbd890a1a8e425fac4a61038f5638459a51e976bdaae341a3939ef61aa0ef40bc1554bf9cff5ecab78453d144f11c64364cf8e335bfc86a6cd797d3f7ba1591a3c01890dbce7ff38550996451ee259d84cf9d99c86fbf343b3d1cb1be9e942b14234675d8e7a351e296f72a95d39283bfd4bfdc79081fc113073438d656bee0d1430b484d67b4f9517e9e1a335dc9d5c7d37988a048246906108b3120a7d9ff465fe452c55515cc695b6ffc826ab9155d07bff1e2ab13d1f2085be637c43d6259aa920f94f408d8f8f2b1d239de59248760a97b39d664d4990be381eb364a0501bbac3f67b04b48ee635ea6cd9c7e6c56021308ca05c0b83cb0c0ea4d4fbd7a2810f60c62a9adbfec7051e2a0f5b29d34477b38628aac5f534a559bf3c0e060ecd176563bb968619af6d72d510a95212b7a8db0393079731272e190ddd161edc2ea98aebfee9977075e960eda2d85f9f1e4ee2688fadd88501aa33e5282741dde4bab11d5151eb1362434a7cbc4ece6145931276559af488a73f26319c36bb407ca226488069e039aa075e63d39c1c9d2836560a2312c6e811a150de3844c6ebb6b008fb79d8aa0cdb9cf1a43bf9faaebcfe61c74bc4b7704923ca483a906c5af3a9abe944496758fc8e8f0ad18083beb507678f3e7258d4a11c3c11c2fd244a72dfd9c83c8df1270033ee4d8f4e40293f0fe07b24134fd9c470fd1515883146784f08d5bfe4de420a01ca628a252f40713fe062ffc2412cfe92e68fe89fd46c0b6a38c09229518711f91ddcd5073bcb21e9372040ce1f635ef41d1caf1f9916196675e13a0007e42ec3d96fb39fcbde84bc7807d6d5d034d68b760788623eedfc354054975c58b79e59a378b94741cc1e08a1162835244b0fd3ce8ce3148d374ff988a79e8b12b994a9e664ba5db2d423a54500d801be898bc7049839217d8ed9b25ada18f60f0ea5d9ee69e75130755250d88fe9bc46cdf1a23416502a148708b819d763c72aff1e0d9e74d367203e93cfedfd64644fb6790e6df37bcefd9b53995b5c12cd376af384416ba54cd7a6b486bd93f07033099981735fe5a3cca9bf7e8a5a449d04c20c0c9a917f21e92757db0e35aa2d5f50f52126ccc2a56264a88215dd8178273e8ec26feb06488b39cc94bb3ab1f7b668ac0c35faa0b5816840161293c41ebf2c81125e1a5ead6914a501130cf747f677b00c4c4e60becdd2f27ab3912c5785783337aa0aa5007987b09fe5d131b62d51e4c44c0f24859dbf7f7c6c666a30100ead481f43d0cd3352f3af15147b499cc018c662026942e6dc93fe4a89506fcaecde2e6f54eef30467bc4422ed9178e5e3029b274592bef4866fe443cdd826af758d8ab26ef59bb0e66d29bd5e638afa602b9f8eb6eecde0982840dc302d5288d1c3aae408c81e1c05da6208ff91af41284064ed1866149d75229cdf9c31477e5f9e83f61670075fe73c35439e5f72368db8c7a0582b0fb75663ba8e313afb2e936290d917740515c4a6ef5a231dd83d15b2612a78208128e075999cfa225bc707d3dc3d420840e322b7f414b854730bb5db58efb2a18a216d44a9f2c71c76bd9fd882259d9345da4bfa87ee06e7a524479a3a259ba83ec126de750c296ac6d04f07ae79dee0b2fd01d1801ff04457071a4bdb34ceabc475857c8dcae38730b872e2be0c3e0915fdbcef29372eafb619a4fe9bbe13cc478cefa5ae70fee31a81ed1bbbd78e33cfbd735606b5e7e84d56f86bd3a42152e9cd068bebb4e779ae152a68185bd519bd26683eb8161fc53a69b169224ea6887dda3f92d37cdd63ff924451154aaf87b1aa486047281a5cdc1d258ab35cfc1db9f5fd27139ff80bc40dd6b1aaeb51547832eea1c30b3530ce6ce83c669b19c04832976a26098cdcc84bc7492112a6facf629db70fabae3473d30d823c0fdcdd658145372088a2416ee2d9b1b921c638cae5a8bb41238f48f94e5ca1240d87597fc0f19a16e82adf868918564908a90c69d91603676af9a32c792fca882fd9f96a6bdd493f0afa9334bae95910e1a6abdfcf1f6c246fcc9775891e955d279f998f47e3e94beee36bdb6c92c66b4a50b08246e7d5ad5b26b544b26f74f6bfdaaaf2b1f0de96026e1f123e1172b0e4a8cf81c6def5a6b9d39ff828202afd7196eb74ba0863db20efdaed6eba97eddad611c7f81116d237cae5ec8876bc6f0ad1933db1a4b041a1fb58f901850131eea8e3b374eaab9c4f8ba7fafe9461d5bc82c401e4c49f3bb82b18cd4ff1fec2142067a9ffa6bb94e58e6db8553bb59bb559d848f62fbfc12926972320c6b1ff62fce6c8e4ecd1945e5fe47d7f89f021bb6f80b8261cf8b50dcc3ecffecc5449ed8fd1c611844095d83f328a95a141efde0595bf1363485db8cd49c8d8d2064fa7e32bb8d9488cfadd483ac904addb95f1cc1a58c61566d5cedb021b0e7a00607592da03cbea0785a3dbfce092723e5e7d5a012f89b1108e4692ce8d4184705293a76fb9f56fe82692298a2f764fc49274392383f6940d5f70d0463ad0c6acf61e267f72f3feca4309ce8778d13f579fe68c8652250563028d777c1e9e58d6b35f0a2f0b2ebe0298fbdc90350cf56f0cf4881e205543cadbf4ed7ec338e1a084f1d609cfe8d60dc085f8d43b99018ae3964327c69555ffc35a598e13fcd24f4284c0aefabd661bfc1e66e1a84740000a4f2ba79fb17b36f331499b7f5f890e22663f9d56a921ff06997567b3bbbf6c6e6114f11835d1c0391dcc093618a9591c55b60246714852e4821adf67ceeec96e2fd39b79f80f3efc499d76d3f639c9e03e1047fd7c85cd8d50e82f110fdfb73a623d4e4ec14901c6c61a4dff8e18c0fb1b9a4a015b926d7a071cf1b5050ac02c9e1aec70aee74e1014b5661cc44630534d1a6cb2cb4bbe1158965683822eb952a47d193e69cc1f54700e924ee1104b8ec24ace3rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-58.el6_9.src.rpmsssd-toolssssd-tools(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.6)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libselinux.so.1libsemanage.so.1libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-58.el6_91.13.3-58.el6_91.13.3-58.el6_94.6.0-14.0-13.0.4-15.2-14.8.0ZX@YyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Jakub Hrozek - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1534618 - ABRT crash - /usr/libexec/sssd/sssd_nss [rhel-6.9.z]- Resolves: rhbz#1473005 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-58.el6_91.13.3-58.el6_9 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH69r]"k%}:w{!vQ_99e[7h  YCu. !:Ĩ%<#[yn5QTP-iGg B0o/cnawns"0Ec3&MPHߪ5EhʑߡPhM,.,ikkmܼ֗OkmPq0OBdesHLnV Va`Re.b-нk1^^ ~Usjzqm`c$ :$[^badqOP@f:ߪcL:@cp/T9vQ'wTmu1Sh/,[:JVcWe~ǟ;mO7",FRu' .}I˧OL"psY_/p}EnrF"OxbV1H[~*V.JelgDeV4l18X9T#S4 ao&?VA=D@+㢆8X#)\@B@{R'lzX?^;oJ p+8ߤWeυrΝ @[0.ЙsX嗁&`ߢc%:5)6C3K'`侉:M'$Lb uCDu5/awqHm=x9B<;֯ϹdL5n\-̻g5 #ޥ&R^v摧`Z"h&JdlY9ԯS`#b}}昑(ZG,Y1g܍FcVFf0(M;x8;Q$ Xk]_NijvvV(gaߋ3&(f3ҥx{N CT%<[b]2ϤrN L T(Zv-?7WrXaO1+˿V!S(/`XD),q| m+VfQ1[%ZoI[& Ye>C݌-]xLz=NբQ.߸;2L$uIAO8ʈ2NwxtUl<f*G Jp9(e2Ca`/G+Qy9%=iՊs/ev,13;(5*{|ᛢ7H=v|7OnYx1`_/}^w[~)ٟB8;^3esn"6RC+)L{8G`#d):[CS?pf~ܬ YW+`7 ʞk4C½\T~5+Jv_<0OS,bx0_7uʮwVNh_uI .=.B)Ț>!p|b *oՠLTt0ql/vZdimD>yk'zRжL HՓPm 1`Di< $| CJ9%{$ϕk##ٙ6,e,_Pę2jU]Xtf>FR`ʄqD6I:`f P  Əxk\eh!' ި$+·H2)n,iσd,t]I𐗔'_0!"Tc<(|YKJ/#lE$ >6`U,1ڕTt0~a\R[?Ù@ Nwp/!K?"Ӵߘ^G*8CJMi5'2[^bCV5 d_4}0e P]iR 'TDJ;tyk;/@;:}!5nX_7l/'&q*b lү%?}&/JS^WML(nVb6&NO!A=C-x5R Tk;^IN~AJs ?S 8ap(Ɔ U%kn]ԛ149XyQ qpq}Z[&`޾E3ZD]߻O #$x*q2&Ӹ"`390zH5QHJ ,qbӦEsh!R` D2qծ E/^|YM+a,5nambEQ; [ql8 (#3 $(\$O ucCy">OI3|Mχxc~݀hՐ8U$9rSBdQư/hQAD @{Ú,(S2Zm ՜yo(?_2<}:n/G7c䘫w4eҥ3j0\v4GOVL]חMێ:uLyY5j>I(|‹mUl[Ks9h9$w_=1aiٴ"K=q;*fvAg dD o3夲kU * 5g K6qJ)Gn7l]̩Q 9v-H+UX;}IAhh~~?ΐ% c+hmWž m>|yBy!\c] =)qԣYj8ޤ&\|*HשB9]DK&ۦ5Caz'fo~gf͍feWY*D,=gT<$:Z $;ͺDSٙWrZ3vc9i94|  0ך<ϩr_ub7 QOMff\+޼겪 \^:ƽeP019>6|C)rkx\g7j׷H?Aj據x/>J(MF+hHRyBDg ~FZr9ŗ=ŗYu ,XtQux/BⲄTcDY Hu7fb٬~s|k-DȤLګ\>}>+(K@Z<& EJkK,E ~T reL`؝I#ڐB\̑"[Ir"k,}xofHO\Ms6E`0nb~Q 0>?+upySFnïfe;FxjڅԞ?d7({bؒ2^"_vol䘕d©!cWkcsZ(S]i2]d4*UT|ԦvkѥG֛#2\$ d1nrihɨ Q $lZREJB$Q(6ZHAocA -T“duEQЇ`gIl𓅀!E|c4 ROW]8x1!~M FKZ6^-eWcSϢ8iI/t-K2K5hvp,'AqaW_ $wݙ#Y =Ȳ.D>h;" 2FMcFAh{pC69jtW-eQJE9 v/og(OM1U dHVLhR~ y+Fh[ҽ=|y>ݎ0˗3v4kjlP0Y?b,'-zGםTFS؞wߡgZm2]UH$3ϼ8: 7[=z I:1 M^D $3JK5_?^>w{ .DNaϻ~G` SR Ãfqf -5+UTpEJ,~N.\qM̱[,r'gUQ1pt F=i&To)1-f5`Q0I-(ưt4&#:0ܸ~9%K-23<*%_EOҗaM,#0,/äOXqL/Dd:p]4z9N׷,pou>t{]\ h-~)j]oç Lqy2IEi%pjtۻMI[M<}*8-q=m7&m`3 McX NP~uYь _xVF3/K}Y *nwd%9T} fhzY]fY}=P-$ʏc4h}%&~ ׬/fk,5g 7bɠwmCEgvcd׺yL^E=v=?0])x\1J+ֱH8(!Bs%N7v[zP6!*հ J0}; 1 cX2E :eHΛTH;OW|W\!1D5 !(vl@4з/q׻9X){-y@{oK TMG "Ɲ^g}9B$vFL H ZNЭ*xlA#VGPH ̟Ҫ4gLkD X?aRi;mBU&^MQ=? ̬gJ}4lFmSS;0+#xE'/tRUЇe1ڌk9 Hѹ/"%'兵_Κ[xpX "۠-9dLgGJL#dn/ 94e!Q騡MI54o h_ ̓di1@0dJ>՗nL"fYH62V!wᑀ737֢eSn5љ7_yʽb;Z3n)JûXxfNgN }`k^@2!ȆJeȐ5&N5ج3ǐ.BFrgr@fdX\ N9e.mgBhw\zT̲S~NqfO91I/o6ج2+َn}q xFXKA{ ~b{&)uz݅H>} e+ JNo $u;=;Z paEӛʱR/fm2ho/R]CO+sbφ<G lMk6#k+.fK9U퓩"RF}|W~h3H!\/;.9ҩ: D@%4Հ؀Z~V0QCXD#8m"5Ys?xEHk?sJzؑuP1ϴυԺQW:7n"]%*Uf =A,(N] <1{ǥН8vԎ^"QG稱y}s3شuZb {-W=ngem؅\pf)J<&f0 CęH(`N =:R8pF̳'ˇ37hKuZ?iCBTށ[9AƟgsvMrx:4Y.WQ^%F}!f6F'"Y#ΝDOmeclGXI ҾF (L'mgX$r*J:Lp.? NH`Y@} +[QI-&"@3K/Tvk ؜D; *҉<3 ъ6F;`bj4*8Q -h{aL0*kc΋[@آR$ω! /aS "zqJ`6R.7/oա85R!OŌ(=z'}vlfb(a Cߌ$yrIyБSUJVCmhߧoil=L-6K8PdEG{r&ꏵhNσċ}nq HAE[(1l;Nw% HcON HUGxDĄz<{z%xyᴗhbp;.lHKk^uH(5se7}e{ݵ6 nO.QN`D#)ɶTɌmL$[;Vq~-F %AS<|*ƟhAHSClVEp:}q{|(\>\$$^b\ݳ}~,k2Ԝ.RwNًB)Yh߭P:a$rMZF朮6}}vֳM1ߖSC޿2| Hrcj"Q!aqt_Pڋ)$ *"=jp%V)GBL\1UHSLi q&]jw*MTckT{bsfzk[J7^bCl H$VH7}f>qv˰5У>1[N[57gQ4q}%ո bۖ]cUHBĩszQ.-h74<KU?R:eʞLL?]qjܽ R,wy<ȢK1x6|3ћtt<芏=e^LPe~9UL6Ec}ˀys ͇%NBS2l'ōFA_Ɗ)iWNy~|4t,3 '387!Pk=L_#_ "pgƹYmPl0D[XɍU*PMY) v͛`)CgWS8s?U[r:>Q\ {=ڹ҄qS.mˤف[7O5םV-j,1v<ά'>9 L3U/@w;aBıuU(a)Ws,KޮOql9xuVֹm܎wY9O-:3-Ʃ^ 866Mmך \jUcw<;xphs}^2@L:*Kow+-se(!;| F;naЀ/9$c^<)uKE!:N\ !X^\x. t]S{ W۴9M$n3Yoy9H#Kۘ>*(i'كF-ۣs֨_]cdCKxkg'*pƇym P;w֔ *h:=F/},8ͮVudUa%2=Adn~xĶⵈ]y"p`".{K|b%6mseӄ9HРy1 xBeY_Aj;L$Sh'l2&2)LsHh<:mWjh{0$feOL42Ͽ`1%VXX)>ֈݣPՒ3 tMq餤l?ȧxHPչ)}Ia,%Ido-4qr*bfGUm\ӆ609EDxiϸƇGΠ]"X;'0I10pUz{ nqD z6hgQjq~HBAx0'rЏ$O(t!yWZv*)Fw~*P X`&<,?}dm ]Se(돉neKv. :^Qd}:|b {y- mx&Lʲ`r =&̑Cl'a"~߶7 hg;o>qʀBCVz$`-?j~OsՔ4_HB,"hM(DQTDLS}&!aEoX)B% E݇wL9 {K\k^;-.;=þAVQ}ǠNyn+gU ~2Ĩ|p-hYi{FE~9H%0@jsejN&3k,QWI>T%7Fd bRn''մI`Zh~pbŵ!"1M r3@CX;_*. R~.>Ci`5n)TJ^"92Qdtqee#7D mݑPx9yFn`'J?n '󗪥 7\(mF-n1D]1A0-\Ra"_" J({`RT$;. _vd1PCh|s1ybFJN.`?~jf(S_a~*LƔ.-3'ϝZou/Ɍ0 8цN:#ODnξJ)(4O*jc/['`=bޔ I!bz514mJ> Q+ɭF|Ujw`iKDQa$GU/T| L~ۈ%zN1AC ˯W0P-hNЋ\ǜ܆l%BIl*241ug]Z53|13&%ݲ  7f @Jb ]}U{82Qc5X;˫@}\x55Xmޖ~wJd@)S_)>n>{u̞>$rT:(AMd3d(FdAS 'MI"‘s~Ε,^0QlL OB3j<> -l %>!M|Ay4Y=̿([ MnԚ5~GG6/Sha@X_ /-gM>?"cZˇ;r Sଫh9msY6|)2ܝ5􈟋}$ү8%@^(и79te=sJoGfyT_4Aԃd1d3tz)OX|,7Oyf y0s=@a6 9̨k67b/ݘ |ϫsK6+ /I 跬LUJ<~DJ3iH'fLf)|Xwd[űQ1"';NwG{7c2U*7ai RWŚj=]헖6OzUBExrpQʥ?ܼ?st!cB vc0Dd#;d5ߡ3%F\=cxJ]r[8S!N"W-AA8Ds%|)onғJ_Xq&K#{n~##'m[:—m\haG-rTepzKd39zsNYkZt) P3AKсۦ\qnzO^P[VATŚ dzU* j3m}W D7XZM1"o;<+%g\:nuشd1 `[ɤ6umlD'C|H.9!>Bޜm @=,rhņ=]Db`±1At)p OTB a ^!6ꘑ)\Z~m6zKS8[5I=5:870`8ACHc{{$)ۃ(Nƅxt<8"gi!]F #f?=vҹ$3?UNԯ ѦNL"V-032)t<f&ҷ,o%3Zrj42Pѯۘ1Szwd{ 8K@P`x9ZLD$lxyV֢/a">8p *ZBScة;1ى HP(h\xTTa)ě6ә5W"~t5d*];L5/:D*4xkxR$5]dA%ezaTw۷BFQd1zO!-7t`|ZIVܠ<~)-FayH+[i;Va۲Z"%J7&O]%VTy=ȱVR^IXR}-ZITr$ϓ5n5bģ2{aMvOBgyce U?UσmpW9Xx_]VCbGH48naxJU,'x] sϫWP8QQm3!ZEAijSt]\j@%B?q/Y3:6Wu@]$,*1Lhbfir`*AK$9nq XӨi>k<I~ o>0+]Ef߶,$f1gdOsJN>ᶎ8|{>gkm> Q4![ Yl(PdV )ߒK!#MIfr(^*ʂڅ K(v 󶍒3;x,Š%mMZ1Yn3B-8 |L:@~)EǾ4.8Yf^ ? ZTi,YK,[ LaF9(Lew"k$I<[ɭQ[š5{әuúoJ%W'/8G=dfCu$C9T PS'7H57 %_}Vz?G ;153/Cw*)1Zf1Vݶx,B@%f [%_jN)d. ]\~u抶u ן<2퇀Exԇd)Ǹwf_^j-!f4y}!" 6j;7R `݁[KP}wu"C)g"J^[=g徂9R|JA]e^U!8D9=]f[mi WR gwh7o@t=WݠZEGO[4O{ q td$("kj~S]{-35 {z.^[rcs>1ճ.U R"6$^ɶa6.W|E9ڃ? dICa^ڄÜSm4@c-4w?} &'(=cZXI͗Ey\8.OaEHKJxʵ_lB(t7d">LG[0<ʼn/hz򏸝#&$,IW\—E JǠ "cI$VEEF+&4hGIЪMU1R?-,ݼM%?'_}#CR{}|VGP~FDumQ$ =$~#a ;5S[`}c ruY}ym|[m/r#iA\@o{}nZ;jZ, )ܵ}IN(]_(%tƺJPDo4Ԫ;Z\BufL]`70;|$ƿw X_Eu%Ҧ&H,4;tfY=I.7 yEe,d4P i(N5򙬻7)ޥŮqݝ١L Bpb pAԻO0 M`&2a^n3*FΔ}WU`/0',ghnvŮY.z$RIeKXaEBh~!RLiC4̗ {" }%M-X81K֡ϥ@;˹]%s!ǂ]jN0K/N\N?m#PQy kq$1{A2m]EmE:yd=ݸBA[$ ',uy8٬;Q M?>[2+ x AE ITv~_ N<#Ga<']JPaժfd|qw! >#eÊORrt0&@,<=3ɲ^KD9޳woT5P܉ӮOr{kpdlPh7hB'bC;JQqn :BdzPaҫ7~\,U̱e؈m;z eC"ae$/>Q jeKˣIUBԐ̛ M0w,Y6o mU 1Wc|-|h)]1/[^|b^^ -SG[C;'T@2GwHYa )_xH r -e̢J o[ү[ێpW!D aTjdxW!K4 gv^LoÒnZeP ӝUV+LXml @j6ܱЍMAXwXwGFRwdw:Lq*,,KZv h*Jv?<~z淓b)PE:f7lhͳ/!P-Zu ׾ڰ\`93P5LJsa@o_B`A([Sh"Ŷ2ۛ9{]pYbѱTBdb7/dFn txljttF=5Nq]ezxb)DgSɬk$4AID\#@+UBr&61`>ڏ5uw9ilZ%G 9|£nmP綘$"?q3 J3% bYG 0{kWn%sQjo';֔|85*|%SkiLTjiϤ\n4 )^#/v?|Q0zs[7@s)*d0fQj?6c:bLC?BtLz@J ֏삗t>o}b6'!ŢϐS@BBz%_$\"fѯ!X+>p*5CBTtW#W?/+eĦՖ,Lx*P>vz#(6 1"a- 85IkpT};08p]YI1L ^{.G)'=Cn"@{, 6;nIYJrvW6_A l0:kiES(`הO 'ےM{G|, )2]G<ƜAR%7H|ю݄/J^hA(ٯŽꈀAQk=oBI^{LY -HUO*t>p۩FMܐ8*'C^[wjPbzwSu"FF8[Ig8<HQXTtg(!)XO y'`"a$ l:LXa٘l).։n!G/{8D lOwVfv,48$|·N6&p<'ҥ5aa٢k)z.>!^+bpF@$LN MslZ6װ@[n\AkQd~d??JMnq"&Z R+ssw(_ܦ,WU0zZW?S[cD?[baf^ą0zlϜÍr+ƮAU l77Z6KAN˪rX37)]{HsX*ޜ', P]Lw޶]_׬!;irp2/aȅ!w; Us#udrJ3Ϧ%R'-!eIqN4tIؒ Lˑ7͈QLl V)0iQʵsn5HehjdޫWҔ|uaJu3EWC2&!#ߝH(A-\6x Y/_bפkS@9̐4~TsČG>,wp_yY[{!GHf>Fݵ:I3!H$H? !LJWf+]UGצ]xCJ4TD:L{[<bDNM l@QٰPz]m ㇰ5zۈ X_6NyE[=0~`,aԋZ~(v 1{;0&gdFA)iĀ:xr{t]}Z? Hmr1.{wT!ߦK_SoAdRW~i(S8%4LaT=8+w6o[FʼnD<yH9Z0f4[Aa5 2GiKW d!o kvҨsqloFH.|çSj6uh7 Ӎ dt@_!Ys ~=ŒrAHJ @tgMC#,ug_Rr[>s^wv?*=:k-06s;熪3\o Ϭ)hbg\ R[ k'2b)0a| RIT!ȵec0WV>k !aFoMDՉƴ;zݢK*O4!,-#/=xJ .a%Usa@"h=psX!ʢwER'=H؂]SGA371奣eSuI gdHUx_MYԭ vPikuyslv!q"ыZh:VFH*oޮ!D$5~-X"oEڗnA"OҙނD l{g)V)HO,qxREozB%0tCL2+&l3@bhBSSZx>sO=5KF;s)"DeTFEIcFǵSi@6 DG4nםaR0;T/Y2Ğ.I md-.L@~b [R-]-^33IVzX󝰚WpׯyEo/E`#IρgSg1r&kzu.moEm}>}Gr)+1I_a?rRLa@ gE88R&{, ^f7V fU'F+H)_%|E6ktt.Ǹ/* JoF%uǪ+l/hou+|e-+~>=qli_Sjc,(?Z3?" (ZA "rhD 9tvi7o9&b>M;A*:".Oqs:w᷃[=ƀK]Orʴy@^v[G//X fΚ6m}v0iNUC4"#!d˹ ITwhblEg'IQYN+o.>t]=H aLJ"N]kNԱ \*ZK_?k~L Mwb2HAZ딶a .oZ b^xaOٖ<[ݡ-7Έ8XT#:^~u>׬$?Q2omAʵ\"gH6U γVw%W˝;M,YLTF I"knMr 嬭[vBM䆻gcY0G-ƓE.I d-Uޚŵ lmXT;) ȹ../Pwd58-K Y+O$uˮB98R ).̼'wtz~=fs( !GR2x̰h:`lm{C}Gªͽqx䈚nQmʎD/jWxF[:gns'N7>Q#p$/;3 Ft5!2~)(*-zil!A0#e׺{xVJ01,%UqzQYf10Ry}UGXWkęs@_L)f(-̛d *hrNl^|;-P(GpsZFW:X'[`7I(qd8[q߭l֖QIaX rf>KP+_,=!݃5w NO[V˅:Ͻ1$LOsL7pHk*\rs q7nɝ1e 4Հ{.ge['e%f"H׹ , *AtSmM<!}5fP9HT '؆I)0(wL0!,Q^ 54)x·6tp Za)7ͼ]qDD(z a"5+*MS4 *7,Teʒ<4^dszjؔ?N+k)5b*ק٫S\o )bN~$%c0ajY5yZ.$ls?/V{ 9ErLv)yVM'$K5 a/% k~; C\\v~'$1k!l# -Hrr,Fr:I-w;O5x싽w8ҧ\NvaRU[ '$ ZeȘ"lmK2N }g5έ!3:iemRnFӓ>\'aEBNUV/=O@mNow4<~{O>y.|v+`q8iPKu3| 1] Rs~mf^y#zWoejyBΜm2CmB{QM!7Ni:^ZliwD.ha5oOcQ(.Z 13ώ$깻VQ5T3<( '>HzBg[ $ϵRT>@ÔeʻƒC4*jX:WMҽ>Y _4Ƕv$neDpUH;dPo]6= Pt[1q[=șؚ8QViNA ?Xj$h+`)+XY4z{ګ?j p ajT m!ǡݔ6U9UMecF ȐCZЙ"IiJ{L#?&1 kxWJ zyWW7D_sI,U D<'su2-6.IoB(`JB?qŭ4, Sׁ?8eF^L9i ×s/hg*`xAwx)]Xse|뻃!s!&&LC4=> S/A^I'I㗞]`,-Q̦#:53b(3I#e|dWS拣36N_OA-~H˗n]-Ȓ3#(I(l/b\@ S/s'=<|lh+PcLn!\ 1[֖i}8lGi߲" 䁌^6]쾜YѻLׅE{X|~ˆ`>-h\1iY?Dƈ*vQvBf0Z){wiio嗊֋HŬ:0}L !ކiL݃z#S" ƴ FF`}m LJ{R^G]|<] PzeV8c^W跰֏sK!Έm@7]M~vreMK>axL("o+\9Pk0\ڍ`ТY#2?i'M;ugIJa 5 qX@Us7t:bW5?m oEKg:nUՐdS`?9qw*zmphCq|x2|YA\Vym\9`cu8}=(?Maa!8$nсwL5/Kҵ7j}#T?&8CayXb|DpT$Pɂ j=!?t ,F t+}wn]Wy(DP ԰\-Z~vߘv $1jr ]X&7r& :EАI ƵE Tf+HR,wt4 }:뵢FކW]$@$m4$P|=~_B:f|3$#/%v(p^b!DOKd$G^0=pbS>( 2Lj(DJ+)}N hN К .F v@Uך7-?# GɡO-m)2w5qn p8CX;z.)' zMJ2wk1FD})*bM wozvumC= 5UA*;%g}UIvH>'K6mnJHhŋw<>MSlLreL}/9])+ZBDGp;ʰ ةFGUUv t`",)h'2rE8/INVFYӂxL=ڙW\ MV&ް HPEhpHOw (ɕںa@ƈ?*z؟#+R1p=2} d:?4)UF6S̈́h2SHٟ95'ī`e_CHP f'L%zE p"?pXG͋T}H_$w%(_O ]@ˆ^kCOQn `ޔH,3GJo4Hވ٨sZ qf$w8&|C]e[9R&RM [YR !c&o.ɾZ wnw\j8(S(V[%UrRG5H6mVAdPᮞ0-G>ZiWƛ`uj[hB iAMM72+P5X={o%6PNǴQVA&c=+f-Z-V)mLϑbnamaTK;E8># jVd\&OB gbCc7>֧(N3=]S`ܣV7H83g/VZ#)Ylp^-Z7t ' b5w ٛmB;oTd :U%߹$ccI͡Ż>bKNo[;_YmȪ7ҬY'n*YI&m?ar-!6jqYC[o@O6T&~PM&S>"j";;]Rjh\c11ct6xxo ~H.d!k{KIx+ +He}82EADIF\ޛų$~=1PԽKXz\bm/N@Zٱ|䎨3CUGi4Ѽ\id!fo[;٥rr1C@1 x.t\=MŸSXZ@"CµJn_9&˪3|3Ij/fz6`PE3{h@-*o̷kԴA;̽Ȳ"ZɅ!̖XM:s2#~+{Z0L@M p))0РLzFoϤڬ +teOH, f^ZQ.1WSXFHE@:UI.RjvQA j#l"4QLe"ZD%ӧ\hF65ş.n\ʤ"TW '2.lɍ^9ԛ_n nH}d Q? 9+:rX&m0+7 :vhWIH1=h($AsurbE%8@-h-"_f,u箍JS8+&GEo'ac$2^96|ɠ4\''`.{&XH9㽺贘Gi_ylr8`4ѬaNj:RAw۩{uRcX3Fg\Ii6G QAZk AД_QĻFN}ѓESXpؾ!\p.[qMtelfk Yh֢X'8FnG =X7L[awHL> .ʍ} 5`/xN" .=eNHFKwcY$ 4 _YJL؄}K a Յ]rvT!GTXw ~϶ ]ɵVƴ+> ¼zg[+1m;[|U)@7TI&0Wͩ~M_ë gձpYqVgݚ8?!>ٝSWrMix;eA$fJx%2/拮l%ޘczZ/RY"y]p5'\Zc[>?C&(^8qo7.jcυn׋Μ摲i1tdP^hHDurbVW1c!.8p1IwزvIj."snxBc%uJs-aE^ڨZDDe,>ǥlTA>.1~0}[FZWݚZK!i݁ܪxq1}W9m!h#iUI*n#$}c?Cq8PF)gVRNQ+{Y{H1^-B[v:Z]4`Zq&n'E5>khLr2L B wIW̓ wYfEm0es$mC-F ݭBFtScq;$͏#pe|5Pd-ĩ,U9j'[pxAaV ,FŠօn {~Cݳ?(b6iaGI?;Q ԝj+eŽ]Y?%O]/9Tƶ2hbe3'(a[9<202%ɉǐ&v9ܳ??9ȗ6e_] ظ;Te gZjzv6}pfEbF9SĊUjeT 5?Sڲҟ<,l4PɪIcMɊB髼^aXyxS,{vu.\$O+W$r!J*vt3ק; <%yĂ@-mNê^ h4H OKZ[ƲZ0E!1rؒ=颉W;c @O7 Zz - 8uꘐ*\^0&%՞?aIUӌ yy o$c49zSĔg&l\Y|gdž 'ʃ Y&!B&L}kUoM[# Smo"n˜aGt32H7zyjN=˭r7^ճ"bkgqɘh.-k!5Ow'aX!wq;FПpc;=~xm!yF rl/h7s/jzB:04]FgG6uI=3 nzbPW@P͒fY_4WhƳ!eN5V) j\N ]+rp9% z7]t^QҤWfւѼ I dH:'.ߗƪB{ I1d>zP]XEa QY\ttVgdWF P'w F7T/}h}a~)ö] Oz$d=|d)Ҋ5פf1QtP E'|<佁aSjéRܛynU}t n05#xF%/yi@;#xr/Ks@xSd[1Uz( _5&X}VN4 Q=sk/zq*؅&I'5EGCC=GjÀrR[H<6 J\eD@& +WyU6n7>'8ׇxVmdnv,6>J`XzLY$ T_tkѸiwu#V(gZdѣY1鴯?,( `)̪p.Ɓߘ nH}@[=MEϳ3WwunUanq)K`,=wfKl(t([q€9NqplhWt ankq S8Eχj?Gh1/KC;I\?EX}dBK?:W?4Ch8?:P۾3T"/cTbF /(_|i6O}bh|' 4Ql3)?ؑ^QNﯡb<MijDG/9Pu8&M);!c 5kQTzQ6M,\,хjIWS^~?U)q?< sYC5brj}$Gٿ_p$?A=E󂃨cyٶ\MWPhC;aO3QqI䢪ڳΆ9J'ؽ]1Q#nTIkM08ʼn Xcn*r&)~S,x[Ǝꋺ\Lg-l6\Q; ~H+0(nϜZ !ϣj=K9|-g}%(Snijp8F|4P,P1wt"V @H˵௨ 'k`Wx*QGJ2I`hW783 )l{F Nl'Ɣ9"lXLY1x,_PÉCA)"94tׂ}5I #n ]왠 YOk@ Pqt(/ʼnUK7Ib'Gf)(Ϫӌ弓2z 5\1i]Ǧi,M'Pm義vE:q73}2l Ƅ>@}ї^PKL:ꅞܤV#Me4?Fb΃=ַ}NoF7dx_dӜZiˀRHJR0Q8Ɍe_981:,NWf>~a{`=7VUY3Ṕ=Ms {E_e.ޮ{R}>!)XYɋ M0Hn ZXc]^ԃ=j=½MiSڿcIV33v&UN mN:K1xxbU"KRg8Wp lMhTz>lǟ:-an/ IlfɅtS ѓ? ɰ˻^]RtL ͸ O؝q WS(J2lw6=?J5uG Z{eO[S9ݭsЙ%n<8ŋ%ŸЬ})0v/w]EO/Z9QOSe䄖|d AWthYB/I z!GGixzg3.oM^vvOEQ7vj4 ȊI~xl%?"ikz̧}>H+ t(wGq[Μ&6>HZ(->"R ;qo %7D?Yj/0(:5#gPʛb/+y3,x:WZc~T2Vh+wֹR#wG".4PIMyBIgp*3ANjtWvCf%riY NP*#35\ؘ2aBƈ:HyI_ߵS:$(6*s(W=[~sd!e1Q=~==9xhI~<"x05-ь*dfn1[gRv/0m ὥAui;Mi.Y&˪ 1+?3uYRؑH8a8XAf mR9QN{U7:XAU x7[t—o@^?p.~3l+ӊY Q^91^),Z>s'DarASFO\.1֊ ;9B+4!'D~]86܅y4FԎ(;3 sX+wF{bI1^p; q~e*Yk@A+{a|8en^|J!НYN|1nT|:]IOϴLhX8IT!e{̧\h*t+b%u G ŹzںڣAS76PjG:L>Rʭ%j4n-K\ 5Bb^|ˆ?Vl:ZHi(L姉ds3pxK+5/QFH* >7<^Mpv$i,]ӡ[ģE~ʉn0\o2@ -9ƑCrXad(uLO)" `}]}{JbIQo]7G4D -݁9BZ^u!?/inҹ ਷ƇX9gv7iI@F(t@+:M TKϻ:: ϠW0=k3 u-(8mFpIb(QFʞumgs2ᖳT6?dd[x,ql曃u{nb8WHj6ҏIuup?ԆpYcP|D`6J ^אSRYtZ*ly/&z *L~q|$ZWtq۠@ IqP }|.ީļokIa=z`E89 F+l <;L$& \0Ž">ҥ)cx,oIkTV@b/`Ä At sԛ_T?RV/`|Clx |]sĸvaŽO{w]LΣ/0spO*b&KrY ~[ gv҉ReHp M[ll+eI4K\ -o#P3BJ wNM@6vPjo4{8=2g~bSOn Z }pg54,\IiuЂig4;r fo̶ExkV< :ɛ0VWi,#NM.묪'iY9WXjPx- {0oH#?\8yLPR]k; a5ֆ|*<#L XY`ѥ't4wKV2PO?^Sj'|ζǼ½jayE눐kFz+@-?MP)iIkgAtɹAb_ii\:o>x#a8bG( O3}VᝩDPg>f;s$;;#^\c> 4HӌC٠Hq8ۻыOd`\N `#LNohNGOP㩆fUw0\ jdZK3UJpTc'}>(IcWSw&΍4wƐkal>Eia}֡ؔ8oӅ rD0l.\CFk<7_kq |M& 5(x b*"5;,Q zGDX;j ֊`q1MFVMUlv)+bɥԬ3ɨxyfle.DTpf@¡*\7Ar_c8w|sƬƂ!ӭ4 Q8I %MOjҢ ْD'`Qj<ЍsF;JY yC.Qxv*$ė ԡ)$FM:xs:U%|ؔ{7n*jM9 >0WHY(HhaMErP*5NtE_kCʋ}0 4mVhx/% qo]={K1ia›([]YUMVoTbєI_L֓wF|_<;kR{PtpI 8_]ݞ{7lǁ%:((Rg1=4ע_M342hro4RIЦZ#rc$ܾ~8zv_lQ6tR sU.cEmwِn`w`ƍ $iZn<3y^(6wm6-<19"HbǸs;1]$f,V#^Bay̲6}syr.Uڻt2b,f딍da6>Uo}u ej i,?- d4 IFo4wOQLE <:]?DŽ+ ^{ &#˳Plkb\9: m%E&'YS՜eN:jJ HŴ4*H%{;r q` 2f)F__ -,rOç(4@rx.p> {-@Ou@^O{FGZ :#pp:9"stZUU/|5B{w[2@}*e3 [|~SnO ě}b^_nkZ9~֓$<2? dxEzd׷E%sa>g'qīu p\yI{?$ _,[ƠƓ~Ar@09&^,\{(zpW!ѐWz~2fI=-7Myxh wK7!Wbx5/jCelG Ebm ;)u2GSn=fNJfϘ 9K1[FdH^ ;0ZMOv JcžQOPbbIag<]0%3/>C2Шm;S7/]۠q9}#?";cVw1 FT[PB,Zp.a~*:Fj%[!dj92h\C,{`̄Gzu(HtDJٍ(  ߣf$$ >'^(#h)%a6#c\'i̼qO+v}!F)p-jj}% S[9$$S&l)0F٬IEQ8D>Sz|NC.~E_ֆ~ZO]2f`s*@`_&Ǩ;I^rGSiZNJw\!Ph%_) jAP QkC~`UCǴMFBD]D~`qI.ueNji|eש'R}uk%QϊKRx*`Z| k`җ ST(#nHb^`2=)#o, &@U,x}>3%nQ՛ ?ߙIbwn£6(=ay6P5lA }wo#RΧr%.7{w&>!@Hi٣L/O : u1%no&rCvu0Z=!qT<0v+*8x~G_N!:z]v첓ռMc#;zyb7i㩐4P\h==[P@ |[@93F{rɬ9uz"Y`=Ѩo%UA[pƵ Rt:Vb-&{J,xAn44Pyi?rdȔYX齟͗?TLYg{2+0*қIcVFo4 F&~L3 @3YđAwpjAvःEDӻ#3c^n\;Lz]8KsX!:l@ PL4fPxglyPtwl911]KqϿ7x܈_ـ4-s"ܟQbKfow&7_@ 6&1(ayʪrfRX~2=cG";Yٲ{;w?I˿aȨA|F)ΣQ|&簦\|(Fݩ EÔ0)6;+x{r%F0:XR^R; >Qn8IB{y\¯:`>(Fʡ wKHS%> 넫IoFv7@{=jA_KS6@}<9(S*>wFHg͠Kct*T)~]ǩ;ș딠 ǹ  qZ ҷUܻYڵſI]%A/VzuLYvS*_wel15.5$8(V`K2yB(hXn]ţ},rLc>|$ YP>rwVGyϜȳp'?dV1~i$bWqm(vZۭa7c\w>_pMӼKY4YbO7V,ݡjbD]lt:N2J4GgPx͂)D(lu<ZɤHcaP^ynRI_tt $نhOp(^4uA᥅Mڽ~9 )JO@ո>ohe~z熪J"s#݀.DHlߣY!⛁ѿ(N9FESHQ} ]J\ZE(cWf3d0ޛ1$Y𛧺mj71/\˗ bX򪶯z@v|(N<WCQ6'ǭ2I$ *'4EqdS].{XW_nbmO 5nZW_L'9%ݭB|b%Lq:̣h%KԷSfXXPeݦtc弼{js[Iv;- q!r+Ecm^×w.= u* d\h Wߔ o.m/?^m@R"w^ADvFj%z&*w>8^3˙-Q}8ňynuvJ6g h(~#ce)*ukݡg1PJ w2t&&oI#N#ZȅO?>_Tpa/\uЀzxuF-D!e|25A4ȸ@Cj{ )E0UM:]ȚNߤۢ H .ȱcb1+H.,&'s@րcS3gA\}$n*cˣ* ,_H/IY: "mO8|/eLh&%t"@+SmJվq1\'@ߴ2NJSxݕ ~{sp T=bV.21 ,_wqT`Koi7{t\ڒpBrh|b$R[CXʜ:(~u%Ee* H=-х$贷i̘.+/|d;Ogwh1F8Spu#f߯15 dt(ZOygLBz|E,K2m64DDZ I .ze F)M>`-^WAu1 ȞĐF:Sx d-Eq30GT ukcx*@9daM{. y\LJ%\Uf7J^'Lx2$3c5oE7?)t[o&^$gWyaht!4?|Wmۢr_/#&=ƵUu3sMGg~6zUpS;@vtwaԣP)OBao`{bb{@VR@ӣӌ<U :?9>ycҭh,\_.OkU(.kFJ Rפ~yom+%=Abb.i^BM0 I:D9  ;*jdK܁617 -7¢/+3bd>ltUK09_ԊYI`aif5yX z9ͷ:('`$g7FxaфfʣaTH3OsR=f$z o}V@m2ݴc-d(P^қ˓yy#Ȋh٣pk0bOK{I3l6vg&8nκy(9hug@$'”y J6W?W]yS8{9h/z.keڃ^cҕ.nٵ 0 gs/~ǐ.$][7 $; )'#G%8vc%e1baJMq]l؂)3TTTqESe2WL}j*LPUd7`-),jR-Nј %pT>֢H ʞDu)R[ _J}BpGF'{L" hE^yѮUY8xvjw,G%A1(@|J @UG.M@9!nCH-cx]^"I.oqi6YAI8JNK47SPY- =iǣ-($2KH }+i<7b hi"6^uN?/qZ VxwF9lwڥXN(^#cP6 UɎ5μD|Ap<, aC/iÅr,תp> t I5BPq%9#r'5יg0v#-Q&Ÿ_pFi߿94Hii1VD=N2k 3j\iK=@yf [2~[GPj_~.n]1I< P7n2)e4VyH,v@:)aU {:mnu3';Wgx<] %4۰b [k35V׮.vD䑯Lv*|n"&;<0,yE ,%BAXQ2@l~ra =ilU lVr1Vnmh#}kvRąAo>Ųa4y]-Ipg/o5~D}2X21j곰M td| cy4'L',u(POxLT<A8+Qh PmHRtZfYX=`6hAkןYuomEK0w2fMXZrF | +%]nA5*ajYMdahX-D}{8^opfߎ38 eCbwH\5 .ID|( 04p.Gu9Q6_@JUԙ;ovw 6:鎜DڰM[nHި)6 )?!f>8EPٷ{Ztbx~HĬ刑Vc:<ʸs /+%2JP2oa]2OZGɦdNw]ΎP'h!] ؏ {.z $x}d/gg пT>M.tl;U E9UMc-Uk%9ZZ]-ʆJyf^IhËc; 'b175ÕP\TYwٚڢkSgPh D LКb~Dzf|Rγ9#ю7ԏ)* ,yjp rsNJ|԰Jr*n킁yjyMCN*$+D;/Q1MVp?RUʂ>Z J_ߦCa9gKdA:CqVҮ! w9ټ Z?kC:sb@ܳԚOyRW㛵33R疉䷜kosteo3ͯpgIN"-ux`orx=~(0 +eR`|$P͏y#q Wl{h-?Ya= XAk :~ศ$f}Sv嚉+(2x2<)]+>TZ_?; !6XOmdP"]>UN˵{6d|g\)ꌖ ي0&G4u:_ Co'a8.v!Ge~&4()Ei-SRb8sE  r&xPа>wqL<ہH% " X~d]xysq%ۑZO aٹSҒrոكŃi]fd6"Ve4"GBfu lU|X^ypUeRL-18µ}R=)A =(k{| t/U(g 纖CRz B`ƌqr1c\r>)j$cg\»Xv'mc 'Ϋ6%b+{9 E vjA ;ta!6r4<E\Yw^7zt|uSx7X=*+RySE4 Nkpe)| VSb.֐cB~(MI,SS ;I ll G'sZ_Bծռ,S)s~#=L2(]Ss^=xN$-v,J-Z[D<V)[ٺN㈽7ąa;0'Yuo'yqPG+==3YƱ{x}lז8x3Ξ!2^_YнSwия~T62N$ ڮBzpy>W;e/Vm¸L ?uÜE9 =?8$(8;E@ڨ\ $ֳd+{su&(D#:k>^pk0FTLW_!LY6.{讧_ Y F X(.8: w$7@S ~XtюC"zڶC%j76BӔJ2n`tFi'BCH @]R. NnhÀ Ԟ.z]IbD}_YgʒVk‐& tˎ7&x aRo&u/+$nE d  YGVU_N3nDiKB,5Z=Rzgҫ)‚.6ENN[ ]ĥ8EEamد)ɑ/ 'J>gwjS]\E8aQq)[Odg&"U6v/q9v1c^?\y\|Rx3~*y:]%x!$`)i(\" ӝH{=L7f̧u/+GJB b$&'7{[1G l.=c@eG)Y gY]CV(2 ~"~<ݦk] n'qL _W/x_-v_!LXxTrqsH$˟7'sŽv2B&2b4 #)(ܖV"xy7_JVTd@^Ł`IOг&êM.NբRC5Y8xyYҍL؄' 'z0<y/4TR\_(\'ONdzck8VdǸ PxLPNƐ\Mg81 9/fC]0s\'ax_WLKK1rh !ECje'^v n" ϹcHU_E+pw8cWKjd6P3x2-@0b$IݶQC-遶ϰ:@)#3c7A<{ eyn{ZLIO=՛ڒ*/ M1 7yf5ɥ)V#KssV>*a\Z{Yi<5?<-"4 + u*iS)H{^Vk#ު|C1҇]E}NiRBFLƮlAеUUh4OZF޼F'ɫMNFq[P \]!޻lCđՑT ?j 1M;+Y2e]RZ?',𻗾9,4Ee^[3Pvm2U+t 6WP:ͷ%\*[/H@G , 0cUP>9MwiM7Q :Pk/N$'́vI CO^Ǻ)Rt&.X7`8U\rpN厀TNQ]^ƌvrvVPl/U0F;h/ Nc$kf`r͹ >Ю%ySRNiM(~pSQOd@h**R$%riܴ$P-A伆#7@HL9@ݢnd˭LTΝܠє -~5ˡ26po/[?,3]U]4~к$bB_If'm}RP`=վi񈭋`eQp5@CM€绶o:+}ϣdE.U.)- xVӱ]"Lxzp{@$Qf_*ZN*/`$ p Zv 0ZˇQUkv>_gi-mvq3),9&<ڻzbw Q:įXu2Ya=_ZU{:j)jb7 x8,8 `|ռMED>OPjk.~7})zM9SW5En!i_]ݯ8n"rRQ|)MF}&Wƿ^$;WF0]Sig.BMЮDH((Y7e x*K"]i „k)ivU8PI&2".ŋЉG spyK1VP U\( :"qOkWU6S\ T09[bX>Xj6IrN%A3NlueJ}æop)ϹR3vC0QMU#BOa-q+e(Cщ \0~ ̊Bz{ sl+$(>sXNٱ3QV4VkB䡴gu8ʇ xs2Dqo1 n)"~=NBO(%@+bj1V <^Fh%3$mh%ŋQsDi3,F6Do dw?Ȭ`w+.),|br-Tfږ 82Ͱ.t)&-E[?*ewp3rÎl>٪qI~x@U$g N4M]:no1J+ﱟ+V{w(񼴖Tw\Y,!Ա>i+.ӮuVj_^&Fg/kb=pl7>^?Xeg!sQ *F>s@|Mҥޥg:Bֺ/U3d ӣ~1=$*YuC؏]&B7 GT,mb[OȣН*C`=B»榩QG_k4yd', ~&ac;PzJ'f2w; B/ðu7?klFL+ ^ Zޑ©B1:,ȁxkbgWۑXi}rEU ĂSq·Z|0)aZr2=ؿϿ6c4ri ֯-HMY^p"V%[sEm$_eܮ :f d K :'ba:$z!iJewA E^]%KAI͝w %9.l):|Taxt#iF4ryāh݉?]ҿ„RE$N6zfč|۝NĘ2@%efܴ"]//Vm uFA%`b*-2SN{O\vGjuتL( !ΘAG?{s7*C-QAҭ6N2PW\rKK|iOFjq~GY$u5bԋkl{-qO j%UÓ۶*vcTgD-o R¹{ mP\`HG?M 1Lv絭hD qڟ'dTS(j@ ̔]_ee?0}›#9n{]%KZYc-z6h(2l6<Ƕw33tM-ɚL=T#dQwj8֬(Oi/c qص_-UIF踦')jlҍ)ξDXѭg4U5?ΡÔ(d-ʇ5(#k;M+ m3$fqvS҈b۬B%=CwItz;U?b;ttT0%?YfzSVh)TopD֬\ۃd朋.ۖ*<=6Q\1m83^u a}TtPx*(*8rTg.(ב EZih ;,&VUw3J/jMPs K'͏Y5*JUL"rz*ht!5<'_xQ|%FF7󾵹X(FZQx2Pre͵GH~@8W' 0_ EBg9>V; xuH!huIv!gJ<τ?YL\[d{H*-]>nh5vqGy1I\CHUgXMw _Zv@l3K cl60jBRA^i99$wm UPp-Դ`y13qڬI](36Y0vҮ(pZ0~#`F,6} J"Q#Cy/ZaI1@mvw{ )_2FHor (Xn F]Sk]q"b pXod!lg_ZyJpՅ>J(h&zp)2ŏ$!Mʃ9Z4{6G+a,_wjSBodEa9n20M·G2]~Wo"!j/>8dK _P `vFSJ9gh (UyFHg<o?]#khtY,ѧ;6ajJMEQ<9 ӻ㽟(""z}aSrpr҃YIqr^sd¨<QOoh0Tq!8uSՉ(>G=U“1/8H- OV}wu(`BrwNXE  y,5mvdz.1nX<ُ?%U@o6, u|JXW{i諁<'4#r6ʇY>/.iKee,R GW(pבF|Գ2{Sƪ`~:.^+E߉1zoL|!:a Kf['>EiY,m]XU; qdMq=ȉӫ/9Vnÿ]Xf׆O>8cX«PZy) AHAl9&]^r-{wIxul]}f;G׌4+ˮҙ]ib%b@Kct{W*, *,g+<\*I5È/wu_$|Qɦ!℗MLƱowbg%MM7P"yC~ՅM +Lكu jfZ$bI<5xj~N*;Y%9"osjbG]Mᖾzd\=k}3M4ZiL8]gv^C!.|<uJH⦯}?;_5lI@&Z7uǸR `ĭ*;hrFx%KUQO^lz HWRrvX8ΘLi4e,xE60M$E$@c=af#_NXdd#NCvǜܙ-4>ˡfF0PrYбJ\Z/ fWRR?0K@]x,=I,pa#U| * gt[CcxU_^T)ǀC8UCL8pA[,4oM i8FE;&6 MUvY~[ =Dhq}{#q"׶ `IN~ £RXCTxmAmoKIv|rr>0F1C BpZ?U:zyʰ;1xB t#iwBn6LSn\jyB4YDh̀𼻜nš W\x(\_Nۤe[V#,=2^5JԳЫu@V ݀*/b`l>yM{JCF'E8ZnP vSA AGsg U.r )ZO8ؾlq OK^ߦLo,C1sb+"03fxMCB~:/G5ɣ%f4YUus @L0U$\>mh1sb9:|Z NfET#-|;BԀ%;aGIrQ=x&D.=/=(eU8Q"%ԙ`9-:v(7APȂf- ps5FTPTA=U՗X.nXnH幟S*e3&%7=dz!/wgP+fYsԞ=m'a~3?-sv"vuJ[556eJvK{"qe`#6F LE;̾3#sW@+_ڢ HtJ) |)PBF(p_ro5%3i0| qmԚ'\!XTW/W% #\*;_X9&ˍamYwh.] T5BV=(#1H:z+0 鷫Ŭ7ÇeXY'poT@t[1ה8Nw-R͘W+ 6&jLXnFCv,j^؀>2J '㮿Qusmm:UhX6b0*d6q[^Jڢ S]pUYk FEk$*-#ZzUd)Ț O]9c;^A!{ϣIWjO&Yǽ mPJY'w8'V#갸KxVFcjf&B;KU6 ]ۥ(-6(f.1oA_;ʫ)TdvA5ne~@,DŽ@@[(Fp`$08U,wo;7:Sx>UT2sZ M-H'wn;׍-m(EqH ^@Cw@`_u9u"_/(r 76{)d'KPV}(īctPSJ%{SJ󻞨5mUQZn苤d> z8jX6x70G[eVMQ(d dxh".t(M:EWDjiyW.3f??BG6Ď;}d'~}̭f7yGy:#) -7(3\!6/Gd$  dŴJňbB45`j cKC{mg@Wo(NbTc(N‡>m\$ h Ven<1ήr0j" SUߪ%r15ݳ1ײi~b?Y- Et c̕V omv=pBWE8Sddqԣ,6 v:?NpK-ؗBɪ&2*Fa_()rqof\._8#V15](g+g#ɸa5` \ y9V z (33f٤7̈́oH ml˴4̝_g|]ɣOT=^,(@džsW80Dʟڂy> sgXU5E[N:|L#ur@7yqr9L,W8/j5Α%oh 2W_I]_̩](\nuX1,Xv\ΊEۗ@*<ٗ5dG!z-BT,ݞ60ܰ脖w1r6!$6@FB0*,Lm6\Eۉ$BUrxbqJdE  a~CM )+sL!0DbaUOYxS„_b "A>J`&v0*YNiLE%6| <hm!<]_`v 3bk ]Sjnd2 w,+=Vpw)"@̼53)Ir6?Db Q\Slܦ\olgk";̇z<8Qn}q w*k2^upkЭL~6JCwV|q!s"1ĥeӋZXbLV2t0<&KQ1`tLA;g{YWS4xI>9J*ؔhK z eȝ^OGz|f󗡴qf2OY=-0jzȿ 3!!lLC{S>jhKSnn]w|j L;vҺt1.vٌ9 (f}RS?d%om8ݱskRхu&t:×3ss#x4A윱Rl| LЏX4Xyb-t5@U(pYŁׇc{zsT_"eai{j/`bk7OKߐ ,Ԉ'l?c"BgO5?Em[ǔ-aw e%dZF?B@iݗbylwv''N3reuJ_xEd&mDHq^$ h jRSA&h޲H' Rh3jHn3u]~3 :T836X}T#x9v9|cG|:uD=|]Y ~qT´YP8 o'!1qxAFA:c{ON4SPE!hXC;8҅7O:5:sGV`Tj,W;f@fPMup oD6O;kfڞT+Pp+=Y=r Y7+]XVB&"ڀ[JgBS}O"=j}+mݮi<"ydSQ=)]B6M2F K$^ DY@$ t^cD6R>2J3uft0EļGC0mUGqz(~zQ;u W]g4~ wh 6N{k]fI3G/P; qliiM J+OH=ܤqDO  Y/N\Ų gĩV56/WKTj VŸT }J@ʊ:-}{w\`k}|ɘD<IknkyMɯ\k'h'\+PΟg<*gg Vb^!!8^)gc4N|S!#t.Z+1kT%glIe0B! 1a+zc@;[eʻbңf -rpZL<ά^fFa NfEؼ_= !"@Q?{eqg{#qk˚ Iҥf am)S!2;NxE٨Ŵ݆`#$a%ћbZ^I Ф1BEeqe >" ti}wBtUK5Ǥdp4Ky|evT6SA4WjVv)D(2Su4.yh*/74*pF&щh p%A>Źj:@1Xz7Tb;O^A<Hl@, tK0tv*jԍEًZg ݛ%|NoݔԣGhw$kgv>ºט=wx9֍%*]p~[wEU;?rZ8 "GL+a>p=ȇ zw$LGP0.[IV\W2ޜ u*:7n¿DލÙDyC}y@a%d"lp↼qQDգ ^G`^'{~vŤx{` þ'b)foRi/O*fꌓ y"[I!yÝAz85u+ܞ~%q[\vpNr {{0Z6Guߨ1X89&,T🪔{4T!՟pWrסp0aXJ(y{)Rm[J9;{Q&?΋͐蛉xި!Dd` ZVs}@4!+]GF&$Ǹ^N(<6ڶ_ -V3|Eu!=ԳDPy8sM{BqMvnp}_Hn%ۿp 1C(vx&8,J&} ϧIhTDET}S_lhţ&vOuxE3HB/`Mє yl)8KsA^jsF ] +(xT Z:\0Uz m>@':{AQ\O54v?y  m7}M1ʌ<"J :vdMCUw=]>6jLV"-iWV% f k5q 'u";`Pp|HN5j&Q!aTyI;%h07]N/[3%U֓#x܃QE.6f0pl4yC?>ɫ)|G 0G' v fjhI,DG P|UPR#PJ[260]!d2:4deb?=j["|xuyN6yϾHZE~nB7a /P~=|FN,BH0"[lPl;%s[׏r Fc1ݟ)D˹򆁯ٹ{V^bd>*DDPt vJw)$z8Vw[)>9+X7>~!@<#_SuG+oUĄo]9gy/m`(We BϲoE2Zgeq b[3ЉzfVŲXuFhs(~9Gt~(cUP6&^nŝN`,p|P2 ))5-&2ǔsm>7^!/&E7cUTȹy|-qptL>N mO dQ %AJbNSl%g1/7a{CLEԫK91]mEo5pzB<? DcWp"a]NøSxysAE#M0;fLw@ kU%g WkIku攠~K z.?!rBKt lMI]U d Q\'L}2nt*>8 vUvzKVQILA3w} Kspћo*=:BF!tFH#kGoˏ-Zpo^yH ~H9T 4O  ( Y|=0#)猈C8 G]%0hҲSTmpNLE>RJD{RA!tjnY"]Yi3酧#w _#)6WVc3]ZHD? YR˳%ٰKI$ASʌlf"]^UK5BphX9S'7EEHS3M.K* UbUd@ §U̷ uИgf3χ3ׅӄu]^]5ʦGx8$Sֲ滒m=ַW|^A ~؏thV]0~TO3͉UZ&ZiA@Ҟ2i*G6;H*j8>%Pfqsۯ+!K:˷bY-]߻'|?L~MBѬܠE%M;s,Bx^% XF//nWƒRbܮ6Ieumz @W;k-84FnP0(/٢G}ќW\"=[|7"d*<[TDwb'(&7Ud- ֩CG#*qqt<>ߑFm@a!H<٣ꉠfcMx ucVY-yYGu&:>~meY8&YD۰H0uM#gӣ2T0j qx(=T_X.2 (u%߫䝾V#NʥBPl\D0<@6GWRnmުUN ʻq%/M!܅._ ?s^pa:\:4aiv J.ĻF$xr,[lduni[U6$~ƾ{1|F&ce% w$2烈m=V &۰N{#dZ[Tq~2=R.AlXJ}+NNȎ?4E롇[ 2n=Dh"Cy$[{BcOkWps玕$3/J}ʣ f斶BS\]o<9P"b'kΝ]V1dN@v4J,{{uO#p} 6mH쵏lTAZ|7Ao bGGݪˏb vENtyRMC)-+!KQOB*!%/Nj_Eޱ^ױ[v+Յ} uT*'Zޙ!b9| *Q/>tͫa-jԈ8Zmcx1˿Gc4ŲiͼDS\2Pw_=(X<%Qx >%UOjz'i  `oҫV*3AVʳ>O'<~ggؔG`^ qθGS'Ce` >@ٱe3^_E"*N*p3b_ۧott׉WrzV,"VM2 ʮ4Fk ur?ρ{z纉٤/eU(ho,2voVmf)>΅"6EJQ/\_1NӦn9_bCnU,:*988_pMFc)&}sAtg:>h:vZ)P}XZ53Fӎ9(Bȷ݇=e*rİL4^B`(VN4@ql/|wvs_WsC5+INzNS='Y:Syx,+/&јb"YF%׭fï݅0^s5QI#wp _;9xhHq5 ilȋ7?-%_,!2yb)Q>_Őd^9Ǔ~?Pv|PdL_n\tw1Y%DE?625/hԆ>Ta^bŎ{>Em6td9r Hg:|dynC0R/]I c>mvHFgj{:O"m-5˦SgT_P.J2dbxHed mGKr(>>m9{v:b[8 ,Ea Bn"%ƥ1ikrg+уנ罴Gm4d| :-@ [DXe;8XX5KE `BѷT \ @XɠŔ>W&F 54?Ab!\Y6v\ x0@Y`W$&g &(sd(.Kv:C\Ip0kR#Md+茀g>`, z`Fę$6//솬!ֻLU`nD*G 3]&4ruˉ6%}^,ilU.!F9F)( "ɥ._$5J8D!NM}}׋K(Ju+W*a{XPdB*d OXAEry"Q>{6.ꜥ";^VbNy =T{z'ݔ[)޾(%MzmCSq:R*-9?sǝ[* 7pD@Y۞]PJwXbo(:er}c'301tb\̡tq$X\c oG/K46[8&QnjJC#Tcˋo8E+Ra] '7LU?DeU4y;PUe8=%ҬR: 6Eϡ*nV,-v܆(6z$U 1Px#^"L^jv?끸TZ i0v] L500N.(nTٰ& zATV| [90*Gfw?8޲6WX;9l@}l:X/&[hP'WUny":-lxׇeOx,& py`$0.{a@9Flsd&+SXHr$(nuiAf`VIUIÇh[yreuq%dԙ /5aRd0bAq59bmja7LV^O6 ߵ`gOXR`;X_1@'; ZTҪ٢O-*ߥA:Mfk$cc"!glʓ\Bbi񷽢[Q<>¶eܯRS eL1N@I͋ԍzR,.=*">]Ӑ$Lxѯ& ?um̎)Ŭd!zh(rД4npC,43M~{Xut"LV[J 1 0FΜ7qsFejQ}57eE4fgG埤G|KOD[ͯxv/MW]4QtR%*ne8N0HWf /tEQvlLr47J"b&d=x SFڿ̪fDQ*>Jv/BI" N܉ ˋCFڎ5 ~'(*%P`맫rzUT-׳;yx+3쥫ۨ՗[07Ryq`qӥKyvm`MSvm:pBkڹooo7d<+?"LUBYa9S =uA|Z{,2M|~m:\Ж6ߺcHTX_b]C`@~׶w㭠Q')@ִAXLWѹ]r7c-U?VƑ4Nm /3䳢q F'thBa-ӻ((V\.tyG Ƭ?]bZ^'͙_nMk$]0ׯCVˣ^Է%h^&6l4s b]ǖin[zɯ}1LqYTKm(r̽ }|!Ul Ţ p`k}D&Kb~=$ 4ܺ2$R+ +Ak}C`9Lg !n!I)@.6%Pk'tjôOpw;B1!V*}&HvQhoPdqyq(xik!4@r?4A:ْI.ɩu4C46[oBHezHsf[! slKrUq^G.-nΫ8vB}^`4ѱ q"˗jc$A?lji4fT}i_MF='A#2P Q_Ƌ:x*-Yy9ٷv7^]|cɸG Y-ȥ%ؐ#iT_߅*(U!Q &ыFICѸLaW (o~4JЙEl`!kʈ0<::RȣG=S!< `.6m qXi}ɥұ9q^-`mY"#S~PQCN]##,g v04&ʬ!YMyBN 5$U}a>OZ3(`i!@y x}ȜTΉ~C2kf=*B/c$ߥr(s\F?6Pgp_N~C,ŎEhziQŨTYGBHNFYgmJ/A+*E࿿/ӂzK/mcI2; Tq tmyTQ(<*( -eحR0L޷yijvP+~[˂l#"ۡdEˮcQ+ 2? {P[b1a|aNYjlSBzԄl ym|˖B|jGL 9sFk=p!J덐 nG~G8 z74o ȗIF)L*t$5x1AcL޷/T:?t=eCrƣE W|cnI/ǀ0Z}AKL^K#Ѭ;eObufg g\& ܛ<#`~`aFxg3 A d{4͚뵎d@s9ǫʩoH˗x!Z+yKg l/h<.lEIqRlK$)"ɀ=ؖ7n`p);UöbE5,+Ɨmܩ"(/ƞmF%IT##%?(m'r"rv=E/a5oQ澎|8qW EFTf(o8.掏'8O$8/S^4dblG ǐfgy5sCO/ -2! 80@_?GЯ,Ϥ aRd,3͢pP)nz"@ 4Ǣ#R3AcJ{ &x¯/1St?Q (09ې/O3tѣ ORv*fY7k8c5K"PqN%j7VD'Z'$32O=ƇYMF '=ʥA!9? Z=]1q!?ٙe ku1־ɏiȂ$}ÔR+ՂĪo^LIs׳k1@ujkFˡ!2x($j¸ϰfy]ˡ>G 빎OGǹ ymps}Ч[đg5e,u6x5Ê;\2}r_[3;rd&l-*tD4/Қ,W5'n8qck!u!(|nz-º$"Rqe]k% "G .Zݔ7$0^_4 U4ϗ<t]Ξw FzkR'[@|\.[E:okL i嗚UfbJ|v!$ !{3HY]Hap{:'&צݥ-])D7k z1@Oz($c%sgB"+$=y)9⽫,6B6z(LD9و̦;M =(+?CXHC7vAsdh2!Cm;%F^4 kJGq;1<-QW%:o3[8uEfsx騺5b4# 䤄o81a4 5;]h@ݳrH{'M%rR[ZY|6dc} OKR>.V6_ NQ8yN܆'.] tz@ܧ/#$Gz}=]ڹ3!M /nP򅺀vMh1B&ovOC&iOBږQz'WLb\,kl .MeisydAm! Cx[/_婬jU[JofJ)N'}b+XA=n^6}ߠ7[mtPqHa-@o:s$%J{?e`: '8mHEIΨ)lf;4pNϹ48{ZZˑ/jNFfu:tVυ Ի&Ti7Co3x@Owcmyn] ^)T ˎ] f+ߔ(@΍w?%gGhsi9:A4Ï.G2l4')xr^uQކdz+ǽ8<1V.ĩq껎Jϛ49FyGML%^Of9bG? xl8*WP&Htş0j6JHQ='*ڊab4gtmO pS:uU Śn6n7-}OgCBfwf+)É\&XW{)aT<jHMn䝎CuǗE67 ֟^Fif(7w6R/vkysoA%zhJer-xҡ0H.:\u^6Sc:@.#ߘ`)ZOSb ]>)ZQ|8/Є hI*AA%mN.XV:HgaXJfO!nMtsM,ǩxϫ߇K\YoTnus~L8$ $F.MϣB*a W\[bB|}oRc$8]~!h X^AMQz[a>nj%a  9KW:|wLFtTieefU cssS'g|=X%;+ҜlbRzLVhl)+{G`ɌcbeY,Ut]wvIWEWd66~V߼WBg4Vn_'{wTŘ ZGk 2d ?#@50~Cb^;` ļjӍc5cXo=ǤA0mZ.5&]FCxQ]񿊅9 yBi$dw1W8Tv,2?m Niq6Pkç[W]M duk`9KN C3\hZ7jL&/[ v^Тʳ'#3&tiC81~Pp;~Cp&3eNџLF)5^ '(cf(ө8k9n\q.*(mWuiIM28f!ZQs@r钀 ogy,{Sۘ0sz j3m =8+ܘ}8z}"LʿQ%ܴf8+" JDvcKC~qGVHT34[_ %~1!G"݈=B>"ȡ{ s@^h'`vu%d+uj.ȺNQY1tpéd,Foߵ4O0,a.7#-UV&􉯄nW|D2 Dbnddƛ`s4TxuLI_dBIvzY ]H!OQ#̺MqRYZvTuw+&d%Lar/j7ޯa],x>tCqp "="Jd#H;}ҸϷ{4o(DĠ -1',PjoAؖEBaq))Xl#ڹCSi]zˡ D s;lAIM2:.d[`Ƒ 'r_(ED_y%ud3He.DgM'֪R|I˃9(5 wi~douv,X-8ѣ(`Fw?M7lK  K rSH12f6\ SyZAN-g}nC^՝S,m|7^P4#=y]?9qn1+qeUHw?̪`Pra/'h܅I`{WeRxWި=u{aP_ a$2*oc6-V4zav|Ii6AU<(Ђʀg8_KXE:#Gג >ٷ?`x3îEЍ@*hd'mza]dȨey cA{Bꑭ:Q9p LC&1\^Ҝ@X66 ip IN٭L6y4\-Z^0T:L1w0KGIDdI6@MF'Źͨ^)r0%ƠE=ӈk\/Zr!dfn5оDxy!.5@vwf:iI,8 8/YA;δYdd+/Oh]F嘹~ƃ/rH֣93/QWkm~<^5 CDW[u=4ȏ耴Yeŷ;'9}s'fkLzk_X;R3Mf.+}XӟO|j!e$JiVl=6`8LoH+6 %]Ky% s~ԁt)KD|gKJa/.I/x7yMJkLZFh T|MKB gvT?l$pk΃x%heݸ"2vs**uѕԤ葬{ĽRÝ5 kս[E+GV#~jFрlT9l|f(S'y#ӌς[VqOIw*$`gw%+y)l Szǯ;I^ VxV08Bvmorr(oh`^nmmnZ /X&|l) Ut5@Y)y[@^AdzldؽMtdoVjd|K|d CPT^u?FG zZ*A{B~,Ȭ~8TL-?=ќZs!L䦞x7dHW>^w*=\)795|3-uuUq4K"TZk 9~}"bU۟ϴZg[J'hR_í =u*չӲO3-92_V3%ăk6kjȏwx]nA1ɳDy>oaB|OM^.ᜣGp8h0tH7t D??AF5CœEc"dž=`ر'̞BVVM5Hseœ~lEf@VYݱ ٤îrM (&2lpewv-v31rqz'=i+m掛*6gm_oZQax={~!3HBrp`g2X\*# 3=, i_(syٮ$|]5J&B$=AD|*Q,R9qc˭+ 3}"\u~D)R^ 7̺n3^+j?EI*-Kp7GS1z>h(X)mj %E{Uiٜmh)3*AZ6߰/s̗Q-K 3ybyG1l|`k@&g#E)PV7-!ّʑ|3fYD]wG?`w_lpMZz?{{])uU ZnfL/x~" mOQ{~(c1nhE9 lqJ4&X|fW%gXz%P/UyC;W珋mƸ=ƒ _88a Ub''UBQ>  Ӄn^rعyשmK jC$QV(\^# 藓Ǐ/68V!z#΃җOnb[J=xԚs\Ї:Yٝ^<0~y!Gxu,8f~x:!xvslqqoxԋ..fscnH'65Ұ\fKT(%й wϛ561Ik!׭B'2G2qaqwWjj(MdrwELW5^{}5zږ]nrߥyeL%e#rU^zE$m| uZ^Wo&9e? sĭu/?hXd<:EFc#>V <.D(rh$ >7L ]E̒}ba!/g}nA.c1U !Ee2u-RڷKe&A;6 ѮgߏOk M<gWڠO8 FBGeȿa yìF0avߘvLm?<mXr'h彞S`HʞB]V֥`5@-?;*" > _uث.ͧcvGK^raT[kAaAcF.pyJ$Xk5l\S>4ln>\3T ИYV D+i #BݠtgsK]23A-(!tH)J)mhd#_+M|H>yE΍jTOHBfuf=[)Oaӭ^PZqu'TG=CG /{-@) 2}It4fN:"pBx)%xS ׎1}+RS"o%{aFSS7ǃ:kaMɏ' O쐏xd9Wo 4 2J`cb0/ QKK= 6o^r8|f4MUV JXwCn)&:;V90 aT][ߓˬ?(ԅރpB5蹇yf'7H0HF"1. AaC`uղo.}i^*S@{3ԗNA߭=~јdYQs q>>JTdt`WFkYZYC]A4(._9K2ox8nd8}iDzԣ/A1lL͹,WILhjIWyߐWZ~IdR%v, ?ZlW04Ρ^8k'cHNN8 K Jy?9OfX{qTj_~bieVfmO̾a.{:$nͫ+"&g1&XHqCϻ&DB(v5ojTaNp]Qd!.ů4./OOښauŽ+6[RaT._]T(*s {StH"cϼZ;~]ayݫ]Cj ?\nz% u SD/֐D[d$%@BwB hR<}(4j5rCb5f`,؏k3b=cS%_3TG[jOFg[EH۵ȲF{׎Qm%왯@0$D{Q~6GifDf B&<񠙜_%wSgˮݵHh=z$q'~MM3T WM`6ލڨUQޜ k|Q-ir&)親H)Dzȷ֙e`] o' (8t N=B5*Ԏs-pǔ'qpVBd#5nkl €5^~y ª%]WAE&g~!Ff eND"*հڌRYLU|c^ 0Qhj&niFK I_ u,r/zTOQ[Lѣ%tKO//HGv< F:'TuUvk sFaTH(_b76 By{g|M?;N+G1'FЬ<`~j4]PftU[S|׿NvMp ,Myُ{mAo&:NG^m-~G^;#&orta{ce/J*ʥzDNݴsiuu:Ȼp@ =G=. ppKZ~KR5BgcĶ|(ƶ:aYMMkg-xD4+I) mi>Ĭ,"vPXKE[yrZKΰcj9>?rt좒JA10 ~9|ݐ aU,WѺ䨣2K5zU}&w`]meL4L CCN- lSFIYi4L̈́.j fB/غd0_1GZ}B Ҏ=` YzARVb |4^㷵K.V=SSC`vFOEi"P:²65ެ/yzcwN>]L'0s/OT7AXdRkc"52W9&2rH6zr\NbD!OٌW{Fnl?9j1o "hRih2ezf'AjVB+zR']_)ʈXWX3l뮎Fbh = "h}]s%P w5MUʔO-$41_ٴ<$X0Jp}or(Vx92VidMӨMXi 5 %}o٧C}X{|sJ)Q/B4o,oȞ89v̈́^gv. WK]kǀArkqs"Tе쭤uxҿSL%.Y4]3d 4F56&? oN +PIJJ'zW}Ȼ#/1B-~kP-xEyUzz !p5vYfpPŷర[?/ %y|{?/XyF^$dK" o~etVGE. XLpQ.Mڜe z@'B,a2v*ӧ; !j]/|mNjpo*1$ŗ 472t#f-nNI?FSsVm%Yrcp2$ȵt&З&_F2-J5I{F&yʚz{h$ĘO]A*1bf[LX!ҦU'e|+ﴄOAUG,L pH9R*lw /5\C.6dj^32y$0Z%5d㴢!T_ |UUq7$'eY@{τh I+Mt#~:'.U.̏ՃıDvha6uu /#Wҡ#&UwǓ{@ġ!B{UhUÈh?.xdcƐFZ:] N!_/Ba7n]@]9!U骃満 G]r\I%==SQiWJHw-A5-ԿL@6%!J;K"c5+,vfM:Fx I(ohu1-V,م@u<A;=@{6M5##g+NVr>_ V)ZZIIƔnFYLsjZJ9RלDO}!puZ'og'G)TMs .;^`y^'ѩ̐vj=wB3=ofř`/C!0Y{IAe?m^pme;_Yj9L4YGU5*ᇫBQX\U_ t@hN4-NzԦ"ȣʔO%U|񻄭9guN[͔wQ27𫞚гZkl̇mȫ._O" |Ã&q`jfwUGrR67*uCg3?bNҘiw&\Q"jН  jLcD.9H2ɦ>x[I:O\IJ{'bdٜFE4NA"e 0]yq3SU}1hnܳf*ފ6gw%("h^ -Wh&PĶ6-]OUkQ }/5)%NTCHCM*hF(8+}˄xF_+/{k2*Hu(*VvI7Dž6Ntȯ\Oz&xv/%E:~ϋ/!­Zh2U*شx煫STbMlb5 6xצ`l&hj~)B#{`JNvʟ>=*Vm' $p7>;u&kcMZ,;%lž,Y=ٟC&xW(r vZgvP G~N파jH&W%؍~Y(hMvsŘ/<-+otή[6'~ˏrĈ!= B=1R9=5JvGe 6S8pkKƌ ^F'!9gi^ȋPY }sM ( l7v1KgxIBcgDuw#)Ԍf9!F:ٯn;>asJ>]Bc>_k>-T7VR4B_D)C Q9jt#pLL8OtǜB/RO+ أ ʠRm'ҋQ.˛,aNil)Ro׏ tx+4;!0CjG497Nz =ƣX)^N|t,hl,-zԜzW_#* P} `/ylW=2:!ukp#?ǟ @s;D5Z2{rQ/sIIMdcpBğoΆ}h6{qSrhZ#Dp{Nkpo&a h8~-IƱifi y`V9P.E:5)e4^;:,`wfB_+@y>b/J!Chc%K瓚iJqmà[##fj9W8MBREL:iBUhpAec>L"\xȻs$Oߊ #.[|SSTkQf%EKpbηbqյ9mV8F(+bЇ6nJx,8|e9mIPzCB%L WEعpU⿊0W-(f\pf17|ylS j)Z~(uX֖s\LAYpbC'a9fΔMDX fsѫO1T^&vȳ#Let5P*?T{S$g63Z_kBX]'*ٮۘ Xܺ$%&FLje,{^ fEl}DZ^lVdUd@1To|hGox+f|@X 8wyTYAƴ-Q #/m8b/ݐ)dN3զ#:![X u~2IW h2 3=٢;XckK~z}{'6 F%QɧQŹ@Lt642*D% ؊6dmDQ4oE|vT Goôȗ0q*Dz RĿrψY&xW ,/+ޢ3v/\%}\4(_+>XbfoB؜s-D7[ϬU6+1k췹l9@"u懺L(W_6SĞ\㫅($i y&Ł/]Gg`AD ZfUR#Eu A#>=IAsw?cAϭ?@ْ'6s(1w }BD fir9V<^1_o  AS 4>|ct(w8l*aDví1[q(j(@uГ0,i&81l%Ӈ~I iL&E7d7Ivy#ňv 'ޡǭU3dsK69t;b;RΛ@aAB*(A*38~w]Y2u,ד]AkH4Bb @֣Vl0dߺOn XL=cvD/C l?.DKur5ɔuPy2H/P;4O"'gbX)lY/Uq]K8?mۭhDސnN J" vw֯`K"5C-I N"e/i. W6HH{; s]}u&iKaz֩.5nݮfiHgvu NJbnʑHobsFߠ\\vo,tȳ#OFcNk9nb yP pF)7<WRǨn ]>P"mwǂ H ڳara[e8u$ 8d݊n*4& ut _o␾t&2l݆Z/+F 5?1k+\K~_ֲ[6a6Hd=:f<I`<"نu[/ɞ v)ƒcH*zM1u{ Ʉ ;^=]u S@{uEfYUхGc~5!r)ow>iE}}S {qj~=Crui$׿X]p{ %ՓlN>/&l̈s,߿^GWX[M.u^٠]8wو)vOZ{?lEn1"w8kT3qìPwsC>RO(\ `e$8đ\i3;eZ%LR'@zhg$I^ŏ]W~׻t}ɤt@4$1}%ar4̬8A+kJ=K' @] .X\l2. EB:K5}҂VyȀr4Qo[Z|v(n]̋h}赌R5I#Ժ /]K]w>yɉv3 QdRZFvnT)uzcauC;G/Fw#os{7>2~$j;X2P`[4}|$* Òxoڏ '|g o1,|>vps2j߭Ϻ iV lȝ{6ӠyJ,Bfn 6OKsqChNn 8 yeo$D!p9'Ì( ~#4#eu?)?;K]błTS<*s$^gq8*LB% X%^y.vU6k\P)0I*.W d9~4eAyBZ_ %(&'_2k7Q%rdgWgxZ,?_9 0W^-Vp鈇 {sPpneJw'NRVyht!.%䫎L I"]bF֕]!lqqMF9лߜWq i} 1)(4oju ୸Ǭ21UzκAq\zI\ 4 94rTR4xxm K Ǟ-D$iU =Sviװ{xٯ)^,Aa]Sa4f">b`0V.= -1]RL!vg3Ϡa/bE<3c詑n(Xv.!tt$bQBH *+R`;FІԤ:3e>\g#mVdsLsh AZs&ݭvh9d@1"QmQt8( ʻj H{eas;1~ןpTguocETz<O ۉм. ) p~BK  ~hvbTRU@IC=rwLlLn,3|AFi1>Zkǩ)auݻj1FHrY?lv6f$;a,Ҷ<]ײ G qo zB3eTg4X`Q9i5Ab֊418ʠW+Pa4"(3&cC4JlH#D 'd߶b>bׯ})G] e46BV{xYkMM~%6 I?c86K+njDr'ʓi LS߾Y7aq §:֙圳܈ OZ}rac*B(d]T|I"cK{_b?ꗩ^_"^+MH?F,z1 a^Y 67sz<j(/mOi-Y3s|&_+Fߓ7V\-֚*5:K~T^DOZV@-iy#:iR1ȶX+$ /8m ,k?FP@0֢74xXˈcbƬRR_lmJ«LVj`g84@*R\O[Fo-\p򶦞vMTw u|P=m$Bn:I󾥂k;TH>6'倯H{Lm@2=y7/Y+%akB(9w@NrJ.-56$[$t# #@0[ykI }(2s+VܯF'0b,209i5OP> ']ieY;XvF$T.T{Bۑ) 3n)` "czK"pd~"kSh5z܂.?A4Ҝ]Iʼnos^вc{ $m.薟Ǡ*ZJ!;2N) -^`ϐPDg Ot'ֶ ݘ}w}Xs2y2Fw>,F YB7rd E>'0][w'p4]ƞT~;g-?SE%it. <ғJ3?搩]^EJ0GVZb| NA\92~XwK:L]N~:E 90ed؁ V!%7ǩAb!Ny-CI!& D#w O/u'a)GOj ( J<}LecV@}V/h㞟OĎ58m'[ەqzaxg£<_. (;ٜ|/|r)ݝj>jZHAiZ]Ka9Z2hߊ"Q ͟.(jbDø+^|hGI^ JTB],{Γ3-&N:iʞ֏Os,w: ;qWpSjv#Ez0Eehd&f%Δϑ_cm^/Ytq{!}qAI{g6o}1$\8^(/v@CV|ٸ^ჲoŽr)<Ro`kYy식ZRhNՃrma5Դ!f.i5hTmCJS ׊"ɯ$N:_"v;y!Hہ⋭1;wqn܅d5U ,eEV5)IC1$aIt{x hHC ګZg @I"b~6X0A 1aI> M&cQ c1 1 Wm>U8!v/3;4豥Tʈ< ѽV}cJ2D"-&.mi\NQ@ KQqNI :4Cҧ#W=`#¸bmh&w_[E> Nxv ̜ͦQ@4azvmvX161d+o0/Uߦ>G̺zI'VOMWX/Ř67)]t/AҩmX!  Kϴ{\I!Q%p^tpQF|ݰNY_o F7!YSb-cޤv'YLCf"IFBt6=qJ")_/Ex4ICzYzIPhSPuEh;Ivo,Q0J~kls2#sd=r& QVm96Cd+E^`*?88hMEɘh|XL*f3t9s)H: DjvbW[e2J<:%@ c榄(/7pǃr8bH>`NRVK% S[}@;hȉsstN('PGP0܍'$ĉcnt$RP_I'KJ̶.keN.GE??&D+s/蘕WtVqHٝ{GQqw2Y: GB|Ni~^^cnP%"e~V1BÂT:brB!ߒS? \V 8Yeb?Ϲ9:Y٠Lw_dD&=oнlʕ.z~DjZ!LBfN'W{#"n9t9jj+aY,ɹ% _?)%L%Tk%%ë7^?tqf.yɒ.c$v+K.\L[@97nj4=Dp <]CKϸItb 6Ĝ=w sΖ"[XH:Clب'֑a &d);yyY0F{F}^DESJ|SŦ_1:)(GI |N^7]e", ҂.b(uTwpVU7ў?@l;C-TzdiFh. ӭݕ Rz_75\Ȫrآa'fUN*$o9Fg-N*b̡G=cߤooB;'&[fOhsV)ɬ\_/ej !&ZElmĂޛO8ẂDzu|o`ᣞ<%oNᅋ"$9欺Zɘ޸JTG^g@ Df03䬏Sijk>dQ>M R}cc9n@U-tB#Y33_4TFY4cK MD V f{2v!a2>JP!|l '_>qȀW<@<675(Y <~Xǎyq8U֋ }!؏fB-n {^(zzw) X[_l!܊QpFEīE18i\6h-2O?p= |]o8%Cx&=ɵfNP ,rI\ܽo7\M\o$Aǂ5や0D_!ٍ{XyZyDvғŃRλou\H@Q#gNg[d"b؂G{|/ad6maiGmʁD1 ']a.bz]ʊ6Oi@b7cbrn+ܾ}SϵڻQbs5btOƝ7s>yl&O!2ƹ5"6kX֔+ N[;,qgNPp|[舷7󟝘f?5Z626*U$ < j2p}nTCs"f;%rd" D=*?nJUGEƞ|cٶ>`xk_I k𴙚3MXs~$RW_]I( r*Ӄ1@&Wxkl[_;HPz(ΏZ:@H"i 7N8%Z1rŠU.@}j0uCe`$>{x_#0ṉo:߶< t#0oF I/9r1iR#0 S$Km3g:R *+ #+#[Bmb:JVo㓈 _b9Pt=/ 罉rT$p6:4&.7Q T#ZShiRht;M.L̇xp* F8t<+O\Fcc- ^AL+:demn@nNX³ѮʐH1gO/ :=^iarAE JZYa͂/-|F[=Ł\R6񾾔gYڴ!B2y-H7= [w1ƛ4k2i%cE`ʊ0ʹ$ |=g;9tGӇ[q̝E:l\ҶP>Q#^'Qo>2o՗>iT5L?!A- LnK",.xq{:x6"0V7nE撩H[N\Ҧa>=?]hT#m.=s"/ϙw=˲9hYVD͚5+o<{Vo{Uk_C2+SU=t4{/5'?&J2tHu@eq2'M =CL殘 d1%H ]ч@j0NfOPb~k*☎tU B4K<Dq'#I+ý|ي {i o3 914"7xPT J37YhWsc}$e0„SFM]ĸMJ2RAJCJ^CrIfu9P$jK,jYnH\Z6׋waY΍s>-b@R+?mXjɗ%!zk0 v"K@-5 (|ZB<,= 4yqcV☠~\3wyc˲;M "Ѽ‹Z,7W2|wЂ"7QpulpU)V_CZt nsEyK^[6(^!oJ F H?? ׉;MP2 Yv*FBo;P'M'ym!Zt[VMҍ#  ͬG.?.TVGT BIQUbg@@V(&iT,χ]t-H$NT.ǏǎB$ O"Ic#(,1YhSE*rw ҷomaTSۤqGoimHNI8K`Uu 0bV[JNn]kZ:H+%Fɍ'+80wVt`hl΋"iOW% tkAS/4j 34<@G_cC%/P#ㅟt Q; AמzrI*FbT2`NȍAW.3[p(%dL5ߋf.,[Q&6q8g*;qqYdѾ\ib9(^ >] ,yβ06t^rdOl.C cKh_ 7hhYR!XuM¾R߈>]kdͫɆ'+C*a{Tj9@gef:$U e1:M9eW~'e\ZK|]:0_Qh^\Gs?b<l ƛņph5P9m'munwKA"{4?+~U֡Ows^#rtGn>Pl. Q kQW؜,{Y8}@&U]W)`PS@NT4U7Vq[ƸHZ̨d!R=g/81?^|br}3+Eb4BYqF$MVؿdяQB+Owko?&±g@pEwfVQJ Vab+vGPNZ@St@XsؗwϚcd[㍁f*cەwN뷗~C~ihmx9҆xj*`3F<,jUL_ʙ:fTk& ۿS6HS0ti7N!>/r^9in9)ā迮F^."R2*(P:GO9OpRxkf-kY&mXmg=y5·YUnFM䭻u&{P֙"Pj>,% L >aN6 Ye9"}=&N܎X2!>Nƽ8ʅze|^VMR~=M]`4;1v(9auaTC!xvMchmPU/ZXm;DLMagWdI@ IhwC}BXwuS5gŁ8>2ţ ?фLZoXR*[JG!vjoRwy:uڷ@o:*gH <}xনVPzB2 T2z$' #!@U0tLn r#[.sɴ@]HK^+ DpY ;wpԍX+5:9뎢Ckry<)Q\S:{HW>_w,=<$?&{He!BrYGLp;}íPjH^&R8v2-5?YtI(zE=l~]AvnтN 5\ 1F," 7FHv i;n8sqYF99v_5]4B`U CϹ |:O m,&EK]4O SSv Og<q[ )5խ)Ww+8ovw A$&:NjyJPJ8= !4PEȘE^PMLx-_XE: E^oU`܍:N.攽3#aρOBu|/{h7tL{AkGbyNڐ2+^):BLbu=J5(3c{3ʰS|07S8>TM k|B(L3-=7t3&NΕ[c*| C-u4:xnf6]:h~!%Y?s@EN﫺|bU%'Edbd Lέ'P|m5apD&/wt!xtjsQ(ջ]Q%iڢ8q9)J5ǐ.X0 '2+T˒i礑EA[tIx ;֔o`7$t: ƱhX]C65/Rtd-I ~˽Q֣4/}%f2c[L3HTiC$Z:OGAg[涣_(kd 8Ƨik,vb`Up[L5K; x&_ = &&6"%/SG:4DNC,dQeV૑(bD-}G>aq?fcp'7m,g@$Y p?}`uW:An+_L=XFuۛA 噎p 'a·.G:TXm6ق…ο؞j0. ͡>ܷcݲ\b~SXUs:Fޞ4ô Bn<;UBW{.iW5ڋ'AaƬY9I)i۔4HϦCkո{YL.Î[qaoAd,- ]K#1nbd:{ڽy<ΏŧVL Hh2vuL #лzFR&Ͳ]:|.`(gqR`F2/hD|y^+ɎxhX_2ΗZdnqGM Уd 2DWMtИᆗMO$uJBLR- fі`!U|/%ݧsl^NQý59]*EJKc?0|tsϾUIG䲱l4Jm֐WZ4`OHm ^ӻjw^wWwߍOP7am<ґ+}oĻ˷e~׳(FjѳUG8ehe l}ZeECt.D奌ho_aї>.S;?mdD=`i29l(Of` ˱%!)\^c-אmN%iJL1n*'f Bp!\+-&tPWRW^Ea+>#Gi^ 0LGjX%IY.7DPAիv5u{Tbglȵ+.ԗ,yűM~7-rӟNkR\O s*s³qaO.L/UZZgخ و0Ր0=MTNwjf?>V+CCA=G+O:ť%P M{~uQ N]U$٧͙fؾeBVɔ~0b, ߸9m!b+rOMȚ(5˱˒Z;nʇy8#vvlIyTWSoMAw~([?9yU\9iOw6nŒv7IʿďhH|&QOMyU+(M"Ka%ogm^~!"ٴ{{:]Ɩh3a#==ѩOԠ G8S!PZ8 %k9Ws ؒ5= gpA|`tb]x )sX2pްo6rK>X{-a>֣v}a挕d!mVH?cIw{f+n+PT8zWw I:=ܵ-#F Q)ԑ䣁\FD1q!ؤXGNe']LR`n=oKs'@﷈ԱȫIi?w{~9 3[ECt|gT,JrMq5ߺc)ɯ4/BgK"2 n%?0EcH;a_`@هv`UHT3[s/?iqdh+O1(m*'FMeVq{Shغ0|;AxΝ(!' N@XEmEq6;-I~[Ss_ZMYJ]P$[|"x1 gݬJ7TeqBzovQ pzPXy.39d CK04$k]h!R?[~Bb $R0}K^}"4VbwWVֽ^J! 3Kc8joi9+UK4WzV Z}<[OmЍIF4ESpWBE3wI%)o-8 |^N?*.4g~<$|hT;  ,j4(o"drw^D=9scj"#ٕ΍z*PO1k `X_i?l&lE5Qs!e+ ^{Am\,iqPgzJ2\|*(/y|&hXy?,6ZPm 5lER)۩BgDʵ]`_`j'{Pjв%Ta얓Be{RQ>[=OH{ۺ"w 7'a{PR)H4%曒y} #3sH6mIN Ńke8SB" *|(OOn[VJ\QbAm ?K0~ei/FJ|W8{ӀFwql}IvHss"/V],Pef[6cyL-U>wVo );_BY!mo6&;<͸誺ɚ)^Krj\,PMm+ʨ#(!b^pbkl@#*iAF 9^œ˲;PpnLG M ]/1uWꞟ ViT[]y^ d/Lբ(8?F`Bn(68o:kJ m,H1LżȾ..γe٢0Og}$[ 9[}-+uXeMQƝIDvQ 3%O`$N2#, dQ,mK77Uf?ۿmn#R?Fb(=H\m]6*+v51?$C}jw|f,XcT.V|g/~7H KY+λߢVG3 8 @Iʉ *ڬ°˕'D䌷obe@cVd+iXmp= /ۢ.cC &)[d}H3jR`X*ӞDɑymbt$BKr$/@Rb?SНqcmvi5~DO,(h:Tʜ\+,=nv,`E6oiVc"d2{3ZrF|.:qV~ -a<_Y!Og72#Pd+NYW\rkb񷫮0 kzF?ъHb>oz3xK.M w~_: sɪrHW9G8cr"aR)IWc"acuK<2TW8haAѫJcyC$V fآ*@x>\)`p>j;.XVOO0Tt|5άdÚҙ* T٧u@A.IT:69⯤{5^hK>b-_.)R=AQv4%nX qYx{q*z7^(HwVi7=zdf@*I~Gv}”`Q[0ԬWE+5 H"T,}Z3 0OjgC4,+ /X`d Lt:#ۅ_p&hYSfH%Zg, _޿Cq3RZJd6#~v -׍GG3I=+fa>DXa0. f-/Y8DguЧ+@ xG`FC;}s!1a Z0?E\}@3?AkUvo{+ygB>u9F "ocߘ!byݒx&*9|qkM~ŴL TJC C_4;y Q5> &coV}nbw<0(`eDGaؕ=FwٳmJdڡy9]V@TCTs=#rɨuTT!kV 7m;ԭ$R:Wq.%/S_8He.uZ+ 'aJ@o &.>0H_A@Fq4 qYϨ7t*t|ЛpR*ʩPGsK/JFEYh6dڴt ? MrbuC}s3U&B+us| 2=}괘tA`L9sl]oyMfny߷k拥i;PƒH (_"ᗋobϯ*8_pޯll! dNC)gI,W""ȭ<'UbGq0nxS'OnK*0\S"mIlk} R56LoWcOb3#DC͹0Wެ )Ô)FDb{/X;ynNtmO{\/7گ3)VBO0 $0_+ߍ*8oeCm&zm-~ /g jJ"^?H'0|ۦIo4+l$dj\dNIt20_?Fv4 Zi3x ڢQJHF a‹a#Aimŋtb%xY++`evc 1?'˚݌[Up~^} "l~$R$ DҼ~\9' 8%r5]9*KsGNlufZ,eBNB^w+h֊ O~pC Yyu}8x% X{CoX{(cؚ8& 2Ǣ.507Y8-tK(0GQ.C#WmUQ\q%|w $y~6{:]1Ԅiu|r:C]ĺTH񉿛y D"F?Q'49PXtR΢J#Z=U# a)_ t1ST)do F: &w?U.AAj".kecP3yYdG9|,H?E_7G* >n9s˘c5fjyL` ^O#jPDjT35 tKiQzq~8*4n dQe]zAiT62cz) ^9ܻ8P?/J':Խr`#cntOA?UQ:4Ť­&*v/c%rxTATlX@ ߎ\i>n{TJ-yl+TOk.vS!N[cIZ@w M]γ'Z3"%W~y3n-ڬ|@\o"+k""d\,%h1ڥ=BTHX@g^O ;4]ۅ%Q䪞gs:R:cO^+OUopMXiIх]ֲNd2t~JA<6.3ES0뫢o]/S> ȁT"tiY7l''=޿,z"$|SNx22Kp޴?|@״{pJ*L^|"Ho)\f+~] -Fn [Zõ3&M 2!ip O!vpj"}p{ R[ VRbzD -+ eb[xbZqITZ$FLrN}H` jwbq[>A>vc<\ ')X&ܬ_p.I^e ز #rAۢ\oTnDL4yì_gjco(^/՟B7֑lKefP`9ХB x3==B/wf3W-T5 v"4]+ ?e=o=6|4m_46']${h%ɒ:^Ij7x"#x'AJ$!K"N{/4$R`'W8cϡ)烘ԑW<`zBeՁ$mR FɂT G>L~EϑRp ΂ݒhx]*SC0{y<98,&ه8'fTu4b{Y&Pg9D%"gSلd6gTELZE{/$yj6otb=c@+P]'Jꢱ3S m [i<m' p6ТOs ɯ3WO:<[)F {9{s8_d(/#\ɓK9~Q"JlH[:Ɍ%{<[NP/&S?b e FM$H6lB7bFVګ,,dg:L55iU֕78ʝd:_|24E}iDܑ+goKuԈDFޚ2ؒdzl? )ce[}Ofkj)UW;+D5!QLsҹ'.0%*%q 9SZШ! rPWe?:oo5 5s^c;J~AI?ΡGw&XiDLPE;Fl LKd5'{dг@d8OF.OޞDzt_kȌZnp;UQye~ VJ %^ ΑӔe/C;>oa+u.T"%g k^Ti`٭)n?U׏6hN62*RN?9J( ^ӏǜ gi>/.^Qj=WQkn(u@\5KDb$!#! Q8p #+U3RroTC.RE  V.Nq/|Xf_VA*}>Zsv  Ǖ<#V['jU;} w[[G-Sٙ4]7~x8cAZ$h{HF~\ 5;qbcEse@S{%@z_Ahw0g. H{Õ81J_螪9iA35qLĎQ'Y=[0Fd $R.i(m8銔TkO"Ak++TWmKZlO%Y,#Q{Σ Ñ?dz@5Hk{^7 ղcC .^KdFBRX;L$m_oK+Pɕ̲wisi}vva<꥔cWUlX3w42S+;菷_ݮ<'$qTidߤKy@k/#-:^aso ‚bi \HƬo`-aЖx,ޟP|%,gEGpIW1Z%` !N+aLuWk8LQ-w2'i E1"twY/"! 7lN>-M>@X^Vx.+rM,NPB A&.}!%تOi?Iqg;vKcSF(-N@PE&\Q[Ղ(RmZ "0}?,pJ[hwq[6sm!s[YFFiVBnv#OEє9zuN̾B+i%+[4Pc;X0P/o߶i^~Y߱q!P3r Z _ӧaxj|;Qň 9{ee=|+d 76Bm`5:rJ`z-Xn Y&\cVgHz:,SɆUDB .3ĠSI䚝I2 v}}Sfqjs`OXm.%>}I,Q/BO 4ƞ{F[}9n"1n~/;$%y$Y2i4m&d- u%@<6 G&|$4ݎ~%fR\QP@&<5o@qkDj5la,p2(ASXA ^rMqF|4+x$sQmÕUۀۉAt7័6E?S5 p EYv6i+T3ĉU@Nfg=twGdФhʶ03Px"H 'O꛽XdVPT`(~!#9B)y.<j0EĈN AOwA_eV< ¨ln9ؠx0.f"R. ^]Vd|-FHWB<ԧ'naN;7CN&FZɰlRA*4'B,|PfE@&hK/W$b ͇gkpb39TGud 0bD}Q΀pɄh3wBh`k{&8dr{ ɜ g\ZA6}ueA^ijй[z*s?z;fbj0E*mv(tQb;TnVOdcoHd|ϥ9y"Sz~2) ֻ:>۩wW|@TS-z18 #+pK(u !^G;yO1ʺCr3M'o$1vUT3` ّ2ʹ}dTܘQ]X$HyNDKJrڵEYµu𚥮0T%ܻg[cmZe'$]." }-zߺR :S2X%cl[Ek QXT*(z/6 m5*EDf^C1HLl?o3rP[`C.{gTey@$TMmCHiy8Cv{,zՋuI!s$>=DZe4UQ]@L | O3@ߵew ݐa+GOEL6`)/yŬ>%1v6!tSrгQTM!]BdЗ0yn,%tS0^sWrId~Kա?tt0G1['wme7F 1@CĹ?KV3 -tN:8 VRK2RX85l&X%fI|>e/58ٔad|oaaxy;O*w)LݡX 4*aS|g͢-j(4gh[Ո[̴D>wV6p-"N*UwzI `NGwQr^]!I&~.++Y=X7P~m@y.^{ژ#ja׽ô>`逬Zxj7v "g{VjA8o6u%1e6_zO%Nyh LDq-z{dA_S%h_hFJbx+3j? nX>7$}qˆGFYVv~fR+< "G 4; ϡ7 &F/꟥63yʣ֣x>t>:^>i bɼ݀r dD$hg ߕ m̉t覓K*󐩡(kfVڻ)sA ":pDۧq7eYpe4rN6;3J( yYn9o" nX E5fIOml'cϖBi; 0..=ew\;Y>ѲV;߇&jd72 ZM0b1 ~ Vo~Nl޻ K tu@?%tM8oM68ĈJrjD{_9i=bK>;Y(`v{YJ)ܑ}pSe ,?3z*yZ"$~vtIisjK^2^5E @JjΉh6.1gt*NƢ_z-6s$FS"Jam]`#\ى. KڗȀc,&Ϩ.G|P홖D&^JlKjLF7|16jvBto󦠶ǩB= x[q1m!T3,T=8)'0N{ںXV>Ş~7HPnđQ|g}*NFZLsKй*T: 6bkBr\b'?Z.u`W^5hY+vcD 9jw̤Qs2E pmc/=绀4x=-Ph#>N)>}0+؍%E}'dVQ}W*Cܝފo*ON!Wee_̝2ra'[+Jd; F$OicF]lȵ_ d%GVc5n\V!.Zp|;\^r#Ą92V:6#{k)_Gds,&EqBhF]j_td6I 1D,.X' wz rR,ҷFKyAIlOs{Yl( ]ToisW]S3Nw8/B'w61㗿qӠY 媚Ih mT C

khWAW|(S睋VhUA9H==.?w_1/tASn ,D ^*BSzĮf5^%s#RMjnc ,9A٫!y\lm(#OIprKقQ 2Jϕ?4٧qsਾGRMz1wo&a&ThWB]yN(e uTX!DsAL-zE1s^>1hAV9 }ESz2So$Mz7,D@30DP]؅]Q Nςwru%)Q:"ߓ nGͳBp>5"fzvM ŒlQS;M`_^)"8'N5la"wXiDU`\n2_TVf{YAMUhՀ~0<>2qf e 䅨絸;?QR\._B݀Z}˪%)oT>b^6l7XenXu>>ll9;"l ϫ13!-JKȆU!2G@^ ]$CuΆ71Hpfekp*d*iP{LC(ps@7ͩ˞ ]::0hp~=>jeLb/7 bOr"$EZԢ-]t.9seC2z큿[2E7J;Ex4Z?P;Y%9i\TFu_ony'G^o(kTB1u.RY{%Ϡگ*] rtWBu}dCg3}Ulk; Am?M0*grBP4Kg~xt-B;(qjr@i\{]1۷MوuSW[J#me!g_@[ l2N WU"YtFH?I)J,{ǡ>bR3() F%GHf}xp4g {3~SznJX*WBz5oS`3IcA#!:lVc(̚YsCU`-2F9.A&jܴtb⩁sJz4 ꔩJʯZ*7SŽR6xȠ5=>80;D"-䵐_)hhmWT(јmcP9~ :LdN*óೝԱlI!Q[r:O7=w"P@ϔyoM[H=ĭ)8 (ڂֹEn⥉I-Bܮ_^uSHe-7[-#w3i3ـ~BK&,H~pIׄ5p<&uha^r"C9҉dgm4Ñ g&Rm̌ruמlXl/_OR :nG( MUE՛3q;M/@>g[c L},(c;xyu_jݺ=,IVlnWdIC2PجbȞa!,?'xDI]p}=I3 DXH(5M;2Ӏ N:29nF-<`HEɝW׽Ő\v ƞ' NZ,otQ0sWuX@&?r/ʜ=[/1E5EiԳAOnLb4m&,IP6P% z6:7*ɔWnUN$}2ne# Vr@=֠ cܧ=>8%;k| 2EiWyj0MCM c4 }wv [[zI/|h_j}}3HKvyF @xJoqe21$aF Եҡp052{k//W:F'}Ssd%2(q0c {WCvͬbH&@ac~p;m2qẍдʸdcA)| #>nl$T]^v"S-ariѷN0ۑ1 Hwhx`DO:]oebdWw)^1l0fo_`WfⓨbOeY~Aw(@"6 |((HfZE5.p*&] h1qbE$X^@Qlܶp"_'FY M>#NU %.$:΀ ?w ˆYd3Γu7pp BgoCo(tƈY̫ǬƬXb:AL J~ӊ`"G ;Stka<Ś)ڵM bVОI?@S,jTxhn/'P kdŌw"L$!orrQBO/e+3AҞFN`o vdѧhnTGNZuw]*Y=Fjt_k^@3ٚ|]Y:);WUqW>RlU4iуHs7ȝw3=~3ҏX ,;FxrCXj8DS;`::QY:<'Ȫ@]Eh׏OΊE*,@ H;]kC(u>ka|QdAcma6Pv:+m C($RiyB"K?+ ?,gU%3;@l7kN~٢'MBu{;?)<3"Ftp-\I8cb&j1p6[ӪUgE?btG v:gjكjs "~[d.5`9B&B>A/"QkxDY4kIڜש;;X98fiz]{Jm|؁em8Ji Q(3cqߌ7 2.kx] $e{BAxNoO7jU2 /!;‚`(j;0R{Kqɜ\](xɻr54k3ݙ嚋uq iAHn} @YY><fڽP`@a1*:-iDZI4~i Y ɌY~Fks$MPꄦBq(.wMi٨"I1*{̂m6v| <x\BȮ Eբ6,%vB36Q[S#*K/gԫkmd 䋾"`nsMA۴: uGU⡈le8EPl{M? ֏:pwiiʂgp} 4~҆A4BwsSU(PCMU}`IJFmʏRtr SbPIW\ ЁN8+mCD7c3[PQ謐)Naxs'CM-#m(|۹3e]dәך;-`N-ϙL戠 @B 4$=]\73*pg4Ѓ\߾2)eqx >tu5PM~DYo2&ɦ({d1}' o]O[e&Vgz{laSV{e=>1C :²ӧڢ!ZzCK7GwZ"zCJ2,̤3QCd bh,c ?܆_ԻL}5|E ߲.hwzi'Im(Ƕ#w$X܊ijC ?>Fgxb'ْ7gq4Ùhi=J: 6 R Yc(GD\v|rzsuX>M[GjEȹ+Ty)דBYh<4SM?AFǞDćW(@1T*z#.F3 l1N?Sc j~Ǝ,/&=Mny]J(&(ЎeigTMqFa4h6ey)6*&i!&1%1ζ:1swklXbS-ǖbܖǃPgeՈEuO '6ͯiX_Ěq(92=kwT.x$XHrH'QVDZ29tyɰ>$.lI,qΑ|5QTrϾ g6mD<` FAN%Խ=߅T\jr'<_+ &AG}n0Vvz)Wkդ'|v[9##oR Ur }F H+z{=_ܜ6d@ #(gK գ}`s2_2v2cEF)`$Nב+ZQmj}0X'\ @TC%qRQK9VN Vc.i 'nvucJ*9.VJM_!܇0KTxKr!=a3]W PSS5u)%KB(xBGQd\hA=kꡅ(ksS>(&AԅS,/DIN\y)W{b 7&,Ȫ/Acf3,/ۅ(6I}!(jI<фs=6a_UeSm8}Hk/( #+2op+Q2@P)A`~銐E=tRaG_ia@S)R45Z~TVYUQ;D̩%i堒LH,:6Y fq y\: 7eώ5+eK*;<=JOtIE4S:%ϡ9%)AʒOh :h 0NVo%z"Kׇ/Hɭ`:Ţ1iI௏R̞M%Rm[،7mm+ bi4r+(MXpJeEaY :x^k7FfL$r\URLG_vζ$9ԟbʊmjJU@FzR9i_&5ɱ^Z?3הQ@l"uOns׌%HEY_:ZFozduïIsT6kmݰ4G^9LElm9#dXԉɛԣ>Ni]szR ڤK7 3p]:'gyZ"+Mp_7DXY^'.3h?n:D|w yt I8C-*-l&56_c#SCx$(f3pf0<9BMФƒfNkyAG]thLS-tc4tQKUx&92%O#֯⡟wɎKY@_wjq-2`쯹wDhQm 8_Vɚ5JM|<] zx2w%NAJբ8.J*Jo$P'™Cfk`-c<_cA_sD$CTJQ0fArbA3{f.*mXk hˁnsp$yDkk@G\ J[YWJ'䡪Le5KCs=(&oLMHGQ^EIobyTGic_`ߦ7х8!X:z|5/(m2)c=]O[z~]0aԳ:Y@dE03SsX~V1!>f( eVS{*0!yQ[P 5A $ӈPLV>pIb;`5$`Qx\p8Č{8}fO’:ʝuW@o2|ږ5%gh_"mBڮ9OkřQ,!/cD,GcfFo PχiXߝ'ɶѪ S:T_l\l-/~9`+}6md&<> :$pAx} B.GKiܸ^,0_Y=$b@Kg%Q(uK4"/V @] NRG?uu=,nY\}ba&Dڮm셏|ޙ 317ϕr͍KdҬY)G*"6#Y/Bs[I?wd&>sE%xM{L΀wj7it~dFՓ_#ֿ~I@(ʤ?f ;1Ԍ}Q۽o_p쭀܎y#>bD?^Ȧs>wLo.ls=.Upy*1M|1D~?O?\ڿe23 ]}r٫u\8 ІPZjJ 8L|N)MGIK6 ڋ3FJ2*H.a-c԰f^}Vӵ;N=B@tʓT8T-W7, ݅r.OOMfd:FZ/;{WnHYy^ź93_( <.Ip&!S!]0ĠEzn0c,np>n6Ζm*Aty7M.%ʜ48帣W5=6l4\k+8Kɤ^T= bbcAezmWDTfv%'p6A?lNLQHƵp[`2g|:P2;f'X'$\Ep%ڛ WLh. pCb#ƒ^ڽk-DkUN%{S vubG$+Y]hvd3011Lf,q^*k^%֌|m ~&u.÷.N"M,C5?^ 1D?'E`$bD&R;+4lX*wޑ!M9 GkLڟo HMWluTis|Mټ#BAc՗X؄ȟ^\ߝGKs(P#ɿt9 եx h23m4U ׅU:.h5Yz=f& z:@zNb+tVb4u@n RV?":Y۪Gҳ=DÀKGgr=GRЬZhKt!4:?Fo\0NF#ér?tTĽ(2+5r>/{{M.=&}w5 F.E-;Re{f΄'!|hl tpEj ½܌CS-](pܻ}E1IZW8lE9ųǽ; H幵 * FTYBP# 'b!پ.ƛo[â3Wx!,H4r@&vDJR.>TBr!.5yzi1sFٲk}>1Q ]=zSj3XC:͑JڰtLX o RLK NGXKdžj4nW LnXa{[Z<`,ha(I鰍[vH<J Ev3z`P}pv7ۮx˛,:J= DIp%FڎXc'\#k"µrϧBj|(ˮ)JG&qNf;e_k8SsLs mq7;Qʍ+OPHTnWHaږGfyL|nlZymh 3"_#ނla-u&H@stĪkr;Pp8,ď-ὧ}hbNPl6H:yRi7@N(e qai{#l(V =֠<92~ҕwiy|# 1@q7S?LbU%Guyk96~֟5Hr:(S FjV.BY٭ n5etQ JSΝOm~4Ake+tc4@Au~b#AIvwTg& `To/+(a|[&WGpPkH|{JT}HOm殦HWn2mm̑ [:v!$T͸oPzljH#b\b)$Z7^̏8\(~ގ3KU${7M}Wpkkv(6&!nSS^py|Qr c4l5}(D^&I!ٟ+bƸq7o?CF.@Z_6;l>+5MڤʑNQDy2]lY:>궖7O#Pn>A|0])So}KT;,z >RI$zΖJ پqY%mW , wM8aCn$XN0R䇹(E9(]v/;;jg~ɸ @]3uL#pw="  a8c.sj/ GVVL vKL ًҭLi%o" g3{HK5*N%ZÖ{8n2(nUs3MJwxRԃlLeQNgNpq"y[a=W>`|+]D뙕zMd:[}){B/#>J8Zp }. p,P. :wp^f 0bZ XN[‘agxؾwe Xg1+ s-Z~zvlXPa!o:[St")ʎ=%'.AX zc@܈a.DEi#"l+.z~moloӺ1y'ϔWGˌp9߯(][]7,J,dłB ]9٩tyzt6'+I찑}G Up@:UU$3ڣl+{KTu%43S^a2*cKpx.(&HڄW9qj R~(sVx[Sh#V ]`oR_kCj %+'iqIFLsIߛUꉼ{k:|8DA]N W Ʃ pF]v_)A6^LsHbV +S FMנ"PѦ) VI: L>aͺp#Ac-xqT,)LIfIeQ ݁{=H/b| dכ6]dSb 3,:-z{]gpN].LO h֪q)+Lܾ$^#rڧ(.DةضRy6ZW|&zm22BRh𨢇DDj=@Z}?ۓYn/WE'حa#~PzĽlsƮ 5[viҎ8.8Ğ#Y__q~rn.@%>±U7HE0kwUY&:6_!YK|nk}z;b).h 28ro)_-]*a#̓bŶ8ʄ5baa9O63ܭ;5u7| i"?~qNKՔpc KZ:a 0J+8p0@_t#n%Փ~\gtfE8K}s7{ޭ94™GηA=Zd`[~ ~=^azLKW9-<a$%Ϳl"@ F4GVrC'FF8Lsw6_ ;k5\qvC%g]'`6^$ns~$4"ԠL6u!xr ˩d\KZWfe9aa7MN!_]8oK-}#dh1L:%mmTS [۔ʴ"̱h]܄ﴩ?l"s4 Q*58@X'؟)D0qָ3ղ_Al 1uލ_ajlu%)}7˩X~5mUcFҦH3o0e4Mrۀ{` ϛ'@q_6qLɐ@ф)\ҢU@p9ʁxy1'kO]R&>A<:N|.$W87BplFt&yrҁLgQ`R7G1dŠ~8:ՆqIm`xx\ Qi>y SG9hi*oh`y,sEw rO \N~x .ߏ] Q湈 YF{WXRB?%o2v^NS|pl5w dA4q'('%|_67cm&10> B% %ŋЉ(Ŋx7psxOy|&j kl$@ze2E<*RrϺՋBc-1QR{5uO-J37&)'sb\ S|83wg= B_o3Ѕ(E']CWت/kߵVj ˿%%ѳJPth%\Ki#[~ԮSyRy ;}zʽ ^3$G[MO]iRFw;Jq/c_'Ob!R0ktˁb#U^ d<ESKi/I`]uwjpż/*"dO-j?>$tNZc =sIοAݮʱ5jXk(Fx,.*ihG;fPXz(rNl5~u|ŒBN[DW> <VfX Z$EYt偻So2%Ѵܶ=ԅ9s!+̂$O>sn ҠBd4@]@t3MҪbH&и̉v-ϠUKȤ=bZF* UN>ϓ'N+90o$ƄVH%+ bk95S+B@K4&?gA\{o#ʤ;3R( - &~l1x>-xqX N ^}&]XЀ.߷6b7',S2εOjfWRxQ B`_م:-{{zPI1HnSE qK'CB*Or0&Y2o%9t5JWО0bgtONg _H>"̗%Y\ Q.ݙE Hx9[(:_k=Y+ܹ;wM&`bi<|1;zJٝ)NV ^@҈)&AVDW1+ xdLϧ;>IźrXezy, gl7Pry!VI -,|Gff)GؖP3fT K~2nF*1Tj9u]@/2JTƵ8H(gaWS()X\JFmWL3hlhaH/LW tlfk-/r7}?+M/z3j?FaBӏi+Z$0̕NS(~ύLMt_? R6t՞3AtS^-) [F6 BSCnbVA7$!0 XFL^Gq@*l*nvbOe;ep5FndUH!nyfH̃pu76V͞Y–~._Ah7,B$o9*^y{p@.3jx7E 4o-PeşGP Yb'ZQ&%U⮮"y?kHFuȟL 2'