sssd-tools-1.13.3-60.el6_10.2$>HђKٷHE8>2?d   F .LRXbb b hb b b b!|b#fb%P%pb&'9'9+9(,q8,x93:GbHbIbXY\b]Lb^<bdĬeıfĴlĶCsssd-tools1.13.360.el6_10.2Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP password\>x86-01.bsys.centos.org CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686+ɤKS@ |5q#0EQ;ao3] 10m:*|MHOr ?sH dC A큤\>S\>S\>S\>S\>S\>J\>S\>S\>S\>S\>S\>Vpn\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F6e0820314ea3ec7bc18b1a02ec3301dcb834a52ca671d60e8bbd6e8dda29149e10acab9502ce2e73014692130c887714ab86d0c8455e3ca3c60654dd1eb87dfbcbe626e51dc7fdf478397557ae7adf0452f253bc11ddad6cb89d4d5fa8fa20087f9c819356c2781dd47f9abe0138a5b58c00d63fba576d13b27ca1040181516e865c4f8b05fae82b77e7c3d36a6b73bd717a761d707845344c65ad8b31ac2846074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e4b5ce8776a762c744f1a6baae5545d31d9d4bdcfd2db99a12ee83cd804192a1a38a9daf34044a114e85b3ee4965a4712cadb8857e38b24ca88328bcdd9c8941958dbe4f10a9270f7343dd9d7f90bb6ad02b51363ea969a23b8c4282e241ea075d09230a51dde5dac102de3ec991294200bd38d2e9a330a9bf9d551d987b0697948f560a1d2c5b425b6bc3cdfb439f6ba3335a7210d772475b29fff80ad4dc2848ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90310e7998fa63a7c5fa94fe61532f72c8f103f6563c4f6881aff04fc12c72a2005ffe255bd2d32476ca4c1799d2f0880dff0d56c9346263c9b9166d402797a9597ac16cc6ef9e7cbce3b59721c89187acaf2bf74ee83b4ee16a72939baf79d1c994987c56756375b9c6ccfc6fdd8f141087f1de1a53e2cc7f9c1b8a64812a99c30c3a967ee8747393b7634a732da977cae90cc423f89519e1308b2ffd9d6500d3bce19c9a1c8d59d4467007dfa33a13148574c3b3a56d1f7bd0a5ea4d22a294cba70ab8ee6be09e55ef55d4df5462bb87d9171bb88c9255cdbff05ad1b665ae31cad39da900dd517559c2dfb31180acbf6dbf8c44cca601699638ee846f730575edb3bc87a2ed41ad0b33f8a7ddb198baf564ee3d5f73eed3645c35397882ce809f2b218af5f82c9eebbf77d4cf98c4ddf70d6c5def9fda0c42f60632f639f43d86e3546ea13860efbf7a889f672d22308aeab4854e590a851bb4fa24fc97700e90d2fac6d79054ae2e369e04a4c073e92d8225e8ab05a30acaf0b3abe8dda766545890f5aac5c6199f40080a7eeb9854fc19219f3c01f77ed18a2634b0612ab24e86b6654a933b196c491ffe8e198007de7b7fda4ccb537c9b80b72fefb55ad1535f17778e6082028bdc12926753802980c0dcf57be393e62848a083dc42727874608858fe68353c01c6d95a9faed0a088f539d649702f6a8767cae6050cf898dcaf95c6019e6d32722fd00035cea740bc4ce41bb19bb6ca38c4cfe2e0f4a0d3f33dad94c2a3f116dee94fb53ba321249f03d4cec1bcf19b73f7c078f7d1c466adcfe632e17455f2204564fc7999edcba0264521556b2977eaf32a175e8cbd234295369b56555fa293ee5e0b19d498798c7501cb0d7d6319e225eb1716ec9fc0edfaa451fcae313edcf7e91eaef9fdccdd4bf678e2d0f6641b96cc6efab26c1eea4aef71794a708908f80b961c82161717ec4d38e1071057c37899b4b3abb27f3398af40eafe3262aa2ab33feecf21cd2a580e50c3b041985d2bc82205d9274edf5abf7a81ed70904be6633dc26d7b97f4a822b314b80fc96da3397ef3dc20c0008a9232f1f1efa992089761253a0a8f95c22b77c5c08e61bb610c280853be10623c3aeb7d99a9387a928f8ab52135d04d087a014eabdb31485a16ed13014b2be0178b0c3dbda640d4d716bef05563415f80fe1b1c7e72c16cf8229195371c25b3071b8c84ded1e4e764264645e01c79ca04e28d35ec8d8a4cfe8fae48e131b2ab89b6d644af0d752da4bc9d07c7d932dcf2935dfdd1e96060a0e918db3fe6f7d997fd8dfaa45b2461800d9ad9150efca9c49abdfe42d405cff4649794bd79172b159e6d3e5c8994924c73393b0e032e3f7483f6e2e7a73dfa0d3313996e76fef64c49f786b3c1a5c4815f6067409536b15741536bc49072fc5e4e1c4619e9d46909077a1bc9e7c4fe450efdf4ed0a2dad8b909ef1d21df0d5e88eac935c9e722983bb0ff8cbf948c85031d641cad04ab8c7a4c6bbeee8fc8b54bb9da6b4c3c5046ab861e93605476aa9eaf25d4fb1ea3afdee0006ae36b8b18a3fcb1a6c5c4394e772ebf011b7c016464839f3eab352303c22eb45cceca781af6fa1b1be86f038ee0a1551c458c692a176cfb1ac6fd31854b06abb30f989f3c0c08e4efa80499446766a5877bbd79eb8364840c8d757b54fbbd6c786e22f3a892c1634f79e6161c20bd8eb2ea1815f37dc4a1a4e25d5b1895e8d1e0deb757aac8c898c2d91ae320fd5f44fe907ca0699f8b5273f5db15caabdd336024c509aaad69c18fb7b0a625e6440a939d5b597e5651b5e352d02bdae191c9386e3b979ebb52ab2c19c8ddbb9e1c70b639bee076b4cae6e33a9364ce730a767bd5ea602bf16ea511158759fe440ccd63126c792da795853c00cff6df61b615f3637088e9b73967873aee8136a57029a66ba7707710a6159290b724004daac15e5d12eb34b4354093ebe1b473de61f66330ffa712bee030d86e74250e1d8bb7209d11714bd90c6ba4bb6bafbee663c92ace0d73520617661242ceb9a20f3fb749d86862d8cc834a75d84eec2dcec4e21c1f5df89d94cc5cfca9a5ee641b444b39f437ec81a61e404175cc65bc2d095244b677dd868c382729beb40c65b39675056c207bbcc628a6f174bad6a2d8fab7af4bb505cfee2e0c474c8c8a8b5b50beed5d5a3f60b1361444e0c57ba3ff50fcc864cfec5ae128ed14f4b704de0339d2d7494974747dd3f2f9e825da1113ebe1a94b1083a8cc4ef3605a8025bc7cdc82d85f1489c4aa19354380904482d94c0d736616f5d9f6cff3c187ee1267b28144103ed9697270d1342d52267e10a705c1af7ddf4227a6142374ffd9e27f4a7efd70d905fa35863b0c85b4bc1eb96bdd0fe0b7d5e56f0a45169d89a4503003da23e1189a9cfbfe2ff00f1f9425b5a8b7fc192fbc67c4c9490b7abbf1d45b13881202e6ebff2c4f9aa93abbe60858fb3d23d6ebe40c44b74b30601af44b748967e984e57abd73c5afa1bc2913d9797201403296152bc129b3cc136d547e63c56719f9e25d26656348f8e109aff3b0383ca9907ccd3feebfd2bfafac566da7c49904719a5c1d874f70dddfd278f1667c796fb3c2c00f12d9b519213db2dda1acac178392510542194166731042f5f84c967b50add087cd806f24f2ca1208c5c685d5c88cc2f85cd9b04a5b449fdd89f2fd7648d0b68c2e74d0c7429dd38191248983152bc2d0fe5fe47e9832d526afcbc27a04c903b0f7042dbb1788ac6c5bcf6160d2ebec752292fd9d01d3de34a48da39b22919284fba837857ef85854776014c87199f35518887a91de2811e390aa23569ed3cde3e6de935c6ddaf3908d5b440f791a7e4dee8f11355be78185b97c6162290cbd2b8ecbbc6b231ae4acf6a96178dd7058caefe06d7bf9e6aa87924712ec948046d1489e810ea7bd822bb3e4a8485086ffe1fe36067571b3d8557d391565fdec1a0caa066c1ac0a2b260a150fa879cf48a50f515414444b1d2bd3c6df4968007ebf4eeb61aaf955138377a5d405bff06ea88e9526cdbb100639ff5c2c85ff8ab042cc56b4ab6a25b33cda4c8d0004e180a6a129ea909f6ea9f113b24b4e7dae0cc032a140a66d4aa6226439e643cd091e108d28bc5bdd814ec4c822299ae948b0feeb977f53bd4b10410adc4b4fffb947a32c27cf6729f50e97f8c63952065889c2d74587c5baedcbeec1a368d0ddda626a449e6dbd77e8d6805535c543cd55c29e93c688709038a4571794dec220ecd95a66d394b0c1bfd354f25906f46b7593b2db24b10259acd2957bf0cd8d4c7a46fb8078d57b9c313d582d0710c33949020cd27ecbfa2e51ba767fd99e1aa8ee5d4be965a802fa7ea701d552b9e21a4f512bec4b026ca161eca3889c6c8a0e4e2f1110030b7f2e6501fee112fa99b9e14a3224f92d7666db59e9ab4d7164d1dcb3340812c411432c813c9261d14d810f44392b38b57d7478b094573aa4e97127a9247ca47b430f4255cfd4470d52f9a331cbaa98d3477f7ff3b0d4f7a87c4672f16af2533d31633840505e97a9ce9adbda59ecea7e7aae994039eebba5f6aaf933a61184141bd06a744395ba5b4fe489171633b2ac7e9b056066b82625f0818034a016da47e94706366b72ce374f23ab9433ca46a9c0b9197b9560c30d9ffe6fa0d9a12ae5f26c93cf5da6b44f2b703465fd73ac1d6d4335440c465e5f40f9b58498ae2f16dab232c61fc9b850ec99e9aa2f6d79ce0517c0665660dfcfa9c129fe3e26e8ec465ce1270bcb6a8d2f943d32ae1b38e964ac2841143d7c4c8d1fdceb412fe00b5494c0397e4rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-60.el6_10.2.src.rpmsssd-toolssssd-tools(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.6)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libselinux.so.1libsemanage.so.1libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-60.el6_10.21.13.3-60.el6_10.21.13.3-60.el6_10.24.6.0-14.0-13.0.4-15.2-14.8.0[[ZH@ZH@Z2gYyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Michal Židek - 1.13.3-60.2Michal Židek - 1.13.3-60.1Fabiano Fidêncio - 1.13.3-60Fabiano Fidêncio - 1.13.3-59Fabiano Fidêncio - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1636172 - crash in ldb_msg_find_ldb_val- Resolves: rhbz#1576852 - ABRT crash - /usr/libexec/sssd/sssd_nss- Related: rhbz#1442703 - Smart Cards: Certificate in the ID View - Related: rhbz# 1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6- Resolves: rhbz#1326007 - Memory cache corruption when rsync and/or tar to copy owner and group info from LDAP - Resolves: rhbz#1442703 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-6.10] - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1421057 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results ini failed user logins - Resolves: rhbz#1487944 - ABRT crash - /usr/libexec/sssd/sssd_nss - Resolves: rhbz#1489485 - sssd is not pulling groups in a trusted domain, with the Global scope- Resolves: rhbz#1438360 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-60.el6_10.21.13.3-60.el6_10.2 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH6 J]"k%w+p}:w{!zCB쫅_􎷎{8FIe}c)6[?E@6`[--:?G]9GrS<}6H'|;k{03J( -@:4~(,BEprҕL(-0D(Z[À{:%dc>֐_8FqrZc`8E7J H[ߣe(A3}X]E$2U%wӲIZk9KʉcfoOPݲ w t==mz5{ MϺ$ `)2Mܮgҵ1)oj"z \b䅪BѠl]H'~3y-`GF# dg%S{I SVF?$:CyϹǨmh!6X0O Jɞ3Tgxz7O={T#vGZ0쿅 P 2ruxi >%6^> WsS$LVd3T҇Nz|y'LڠH/d! ,L*)@h|Ӓ<T,m* حڄANB$@cE݁o\ )-ڡX-brϿ,/'{x_g Fcڷ0!m?S3*Y^v7[mlRMŁ,Hns#T^#F%y[UߗɣFy"(+M&z ޻ 3 LAKP$&)輼e Y+cufY:hW>_P>x 'ȁ~뻐?əsŠ#Ml Kx,4JeR{1A$0M Ts^Eb8f8 9k0(f*GnBŢ;V_a{4}0{~=e|_쓬V XaԖ2%mGG_mU,%o ~Vt[iR,m$qH4:#[Pk0IkVv9,AF) yg&(IF$_C!#>%NȣU,HNϒ+?8Kc7MeJWF%{b-d$gN&s9!pOYm@`75ݳqvZ&(T^=\n\.<MA($C!b aj:8+Y\V 00h>aBk+v .ߞQx^ћ@a^*+DIn4[ֽ-$+-}2cwb*Ұm @bœg}0nD}* Zgխ^Ee9D08΀ w+DP\GNUТ $j$;֨%r:ZU7x= C?JtVHo0Na|1DC&+5m 1oSq[v6+^q;66RƷ`>Pěd EC-)FJ 3o@_ BoKXP-L˓}օVqxB7[XꝠX[6XF.y4DPbd>PEbG0]29iLM0zS@D{߸uV7]V"56H&SwvM#?c|찝=`it9\&UՋGf UtNs(4%<?2zeSU[\nlInZXȊˢT"PCCz:Gr"GOpsڃExkİ'ӛ\蝵II+F!k.*O?t*̯uꋅ{]Eo9L}M)2Ԙ.GV9_e8 myyF J]+vO]z #(TOFqC`Ҧ-/%^fLa!S-n"F®-4ŋ s ~ӬR; `@76WJCWeP+Y7w,f1] C9 -|ɐ^ǽ>r _.wtNfѲ<b.$DnmJY70űs^RbcXH)h+!JH4p#2`);$:,Y*_lv[B;ρ) 'ИnPӕ j81=~Ypz쿼!=K l.F~X.ZzYDT{K PȒrٿtR%z;nuyԔݮ+l g9|1p] nSPfN!?Fp {gdiQV[1sMdu$,{&@񞏷TVٸ:ˡ#\#< )t4[EA G7I}[r@@66/Ġ,ο6Q1M7q8;q~yC~8p e2g~˟a&ZRM%MVɸr1U lU yE"Rap/_ް<`;cC>BgC=E“"z~uX{;HChIc 2g־vJ ^KH &U߯ܜ%HV r~*NkWF>L>ڷAD!:\0=|R){ h_9]B>ZD)D!͹l zʾV#?$yמiJ,2|MZZП=9L-,!ΧsLn/0-P@ T $[I')Lc񏋽qXg6"1h*RTgV|8hXi"࿚G e7g諾FY B{'/^ɀ"A %=(5X8PM9jl\!K]<}[ѭnH49 O3Юk2Iӂ,=&FLMFk)&8&TߗwZ$`7L|Zf" uE)dΑJEnYLEO!GZe&tU_]m% И5@8ǵdKqHu&SJM28[VUдPp &B\]_ShGC'E$#}Dӡu<BB e,͆"C4?+ނMfpc`JdƢ )x1G o)CMsc 4۪5^ko?:ցmr]cTE(El6 cJ9ij6*WE!<2بVضY#8tg+"W582Q'RsE8S\w({}tޕPz]vH_J7685/!2 ^1AO@CdK|d[Sک)dH%Mզ jF:gx;$uT{rKO|DӅ4&]{jG00,qvJU8G[AFJ$c)2u:5 }jxɲD,n|9 UUD(?v @1Dۗh/sCA'OGq`H ǖъRihU;۹ZtT{W5^̆C @@6!8]ŽGq- P9E+‹41X2&P<e$5P(P+B !O^bP8F4ԭ"kVA"Q H2YaI1BfLxH/TvE~{trCٯO b Y9xW"<y{EP5l | *GyQ`<Xh^`@Br Q-$OkPB=^$`y8ۯ\E20x"g+ X ?@Ѯo dx<=nͶeܦa5huFʫ(ajf>xk| /aRy#ͻJ ?45n7[V^/Y½),@!1['+Y'2 ։1!55J}w3Y3Yˠ5$uQ,Oev"G}M#Oo:^x {J/~U+G8n:jE ׁ<R!3i% "Kr"Օ; +( ,H&@Tĕ0♩2}) ƸjK[ӄGl~)jeۊ%8x<&,5/ߍj|ɤIG4ZϮ6䦲n\7[ogQe?IB\u㜝/8杜t\]>^ƣKAfXavnj_ (uQ uΪxra˛5媁>Ԗedt5SJjNOR7><4/KnCEk _% E~vq_9QiŦobB`!W ?AJ7Fey4}thtp&:XRp8mû%%q*ܬwhG9jzp]7nU mjD_ U~{f"zGzIkU?Fե sɚ,I[0mBvXd35WDÝ7bV(_I6U= pj.t 7u\Iׇ2=qNҸ!f,,haKXܟhRltGlSabj ,.,i&O@=XZ[e6L"Rgh}Fs7}u0[1稘0،1JY[H Jr8V t6kUY)1i$h;%FlTkɁSҾ0I V>ިD \)ˎ!iPAG#zCM#+gZ205 v  SRRebp&yU4{x=S4sUa m'Ʀ00y~r4] 1O9P[W"n%Pt=YCgFp -.m"v8P rr H98!F"yG҅tC2'ߴ CYj  o /`ԇa}8-+7Gz)!~Pո]#`t9ea~eb@Y*me/T^T#$'RBqjaz2zږz&w ˗mj')Tj7Sr6ɌIIםLU17/Y-EmhOf n6@M򦆄|lCiԒ0IJF1&AJ ]UkpHv/ʟ~ IijG+Ǻf]x.ՋQBh+@dgvnRK6WuuܖR'wkNU81pTF{<.dO9^u1CХ_ꠠŶE% yLY,Z]MSɯW~y˅^&}z zvA] GhAmJ3I.e,64;>~}2AU WzsCLUw9/`:Rxqk-o q._b!.DȭPi a(G (*v ~Fs\mXs²Em=L\#w27n73jJ K1關~$% hOH X}'/d LP&kv((Ŭ;SYøvڛCn=GDH c)± h9רγADDTU?l0G [N~OQOTMȚs9[6c]y1!DId_Q!, bpʵAU!lY-DzB]ih,Y[ID$ϻ͢Q~2xsâVQ#d,#JլdF9cwjhڝ?_ұı'| F2<"_v`L#vT+`,s6_.nW(x~ & x# }['@d 鿕K6i Јm|.U9I-n w'ch2<ц+M/K:0$myY<%ڄܽO|o9;j<]zEw9 ?B](K+ yf]Z֦,fb2OJ1B+pU_0ZNeZ! ȵS& MӸuga<G9nC͊W&btЩ&\=nJ8N=À_J (.{k%bd]`O؇$3{ Ǝ8tHMM&4z.o]G91ec..|@*)4G:^\#MfUz:iNq ^LK_vB!6fiKkU h$&|jPR U;|  ctd+J˞|u}ˁiUu*ͽ5JLj@ߑn[絃G6]0CFs abxĒLQNt/[d]&rnxHkz;wKNW -9]/#fDSs:M.X}=R@*.]Z1@v2B D4\m}Q5o@(ķA,Ի\s&UFRZ@a\zi͛DmƩl3G\`M{7 [Kx+P`߃(C8P9)9XA;K(KL2p% tފΪ:lV1ݩ:%tQÜN l!,Qw4{ǜr.lC~tTC4)oRQGz W:4)F F}=m+JX.U@vyy$wtڒ 32l8O(bٶ{my-By)sXA-DVV*nUk3:q;#P I̼|M{[Ln9y~Xss{C`~y55p!qrIU7p9HQWR{6B7\~Z6%<^?}dȉ]iCCМRFՙes@v}Z ZaXla?hsh\b`'$/p94YECzrYǜ7<*4C:^n<-T9e͍vسmմ)fNqySsH{FA6QO5},yh j֐F60VǕcBʶ{=Lb Qg]4VfB4SzLq>"glkO~;x@"LCjy8l哃a,fhP_{)(5h#N'P(mM\OVQzRٗQhhUmN;2xOS(oCad7 \Qь 5ϫRu:܊WPZ]퓗6|[mr"PV1wip a*L34>R\q??%c 4;+PgԼY&L=`Ґ&wߐh&׫{YPJ.nfȀ[p0Bb,F{"d4ӎOV~HaWg Q1Xh"')g@!\}W蕪Xև!eOt[f"E/brxya=r47[?|FD+V V^;a^CYZR) ڭp6]s jGA4R R0ö7-&l-u|_ k[wՉy-m6@/N2UI5=O` \[H3l+|.*RW/|75||Z{ >Kb(=n T/֮dƻdTFX67Ѐ2ɦOxB QQg^U0 ᄜ!pUW)WjA,ヒ0Dy V< >[Tګ 3'h~ <-IѢFRPGon^T`d!X4jLw_ ?LZD "Ű UUJ;|;Ϙ2Z 6Wjr!#On|cHKGveȷ"*qո-VVB.f/;\=DS.<:vωؿ>cB`l.^Pꠌ JXX#^LC47yWn;e0n/3Û#/J}i|).-ڷHXAFA|vW5(YtHfiΚ?'L~r꧷f %h.H6(ES^ JD6~,in=uxP9 +9H}KF>-ئ~*Iyx,٪2U H50@߳j_4of+sʾY地 E|+[kv-Ld]H7.*dS0♠~ \:g 1jtL\{VT~y[o$Yݔ!ίuY|*Ѳ O?&ojz>&`NzPx)|fEby]P7LL54+7 ]9ב8}tBCB'\UZe_&(yldJfys{"3`^؜Y@GА'Oiw'H >lD,PVUdո@bVK42 xniLZ@@ttp=2=\j.݅ 3&\䎖e+مQ)BQ.qRU"x"+{lUJ%mz1mQw+`^r=78ys}kkW)jȘ5|x?'=̲7sDZGOͧŞ%-FQkOsw8y$Fh &)p74>Y^5-.d1kFoڼTOE1q$S-13ʞޟW(r{Q zd'Vp&z] [!,eaZ,>u l9Qwc'67-S"Pt`lȅs Uo<䆱nF#MhR_qVlN˗ꯧ[ٷE/Eƅ bV_웫g8I=#[eVu@-'%yla2?7͛#qɛ%_YUKY=Kl[xF>aT+Yy*cT+Nap3A"ݒLII}N775kwޕf7bO ]'BDl۪2ehG9[|1BOgWI{,f4ٸ:@AXyNn*"Gs~fUM_cD^FūfkrKHٍd6VovT[Hyu]yrBb`J|9>zd)]Gwdԉ-h1^MbᡕT?HaB5»5E@'X\CS͎#Sz_#Wˢ68‹a_Sih`᭱$)X=gi7|R?@gis69[] ,p1+goJy)@j4p4O0 ҵҍk9tPWɴEeh8OȼT"\(Jt.hޯƭ}5WՁ5X+`%X lꣃ^HM-:w7pI%o;j$=/\V}kf]GDRB:U\ݲ2+x-HgAge0j5RjD!'F쫞!e|]qwݢO+tͦ, _k&}Ƣ&S.vP@Š~A4IM#vBk/8#C"TZj!: (liaQ2+섺ft)[ƆTͬLoyC4`u֟ZDkݧhOV{ !94ISI-ƥ=; =My(d929;+Zyq+2hcEgASɩB/] d2LUfq;߅; ^^H#7KԽ&tQozZ>_gDžL*9~8iB0+9"zDQJ5_6.mHY;yap MiAk~קR\FEG\uozf{!ex?dP0.N9@Y)WBmږ̠XpHOT)vPj}&x !(HvE-\ -k(ިdIԮNd4ߔHWYAA\%^Zޏ u /Y&ٕ`JL!* 8t~`. (]_P.+GuEݪ5}ˍiW;MQ%#El{7yt#i03k]b 0@U6*aMpv9`XɞNi [̈́u駾‘;#l}aTg|(&ϻG1c`*M&EU⥘^۸V5\*P Cؾ@i0iCY8cMɤ/,_e8fi}eQw]Rlܸ)87aYRxJ fE7('D/)Rf [LE4D⥼Gd:Q;to[! <L(ڢ:,EPM@'_ܯs P&ڐdmj RDrt&$Os HOw1fAݜ =Bn{ Z Xs"z@$ݭ|pX>/\XtM'~_{Ui'9O;bk=4xbWXq;[HĖǍ̈́Vq9`U8-;9q#~F#cX'bZ~4!r*\9[ẍpMju†N:c U4ƓUKrMۑH|W+ dSQ nxX>3`wC ;#@G2 @kٛTG<˓&!m?Żm#joTcj:l㕱Umy+8zQle˝9(_U}- _$ >KHy5ڮGPyxc؝v/l3Visg+0]K"귯O0 {k{hv7Ľ, GP?Ys2FoHܭA-u,Yhh,+|}e<(xqrܝ1~1D iAq:Jr ^;{f0(fvlmiQZۤk UP%<@MxDEU=$ 钇+MGߴFt%g3W9\ʃ`[:WMhD B!-2΢iM4^r\+ 0OQ .VKA~8{R5aK+"! y# Q`&sϴZwJG%OQ˛Η.&CΰY˜a;VTz8jq?cShƐyD z,J9ymdяkta) #̿W߿1͛}ģ:G9O﵇]{nןsM%Ƞo4_(9MṴ̄Qijv>-DyDZ?#c}WBT_\%"Ƨ!K><Sуx$-Ν"ŷ@!A`}%mΐ /&) {5Y)AA勉wd.K+) TXBӼdf(*,~C' +7rGiaXΤc\% UU g@cݓbat(R=(әgߥb}x&j{3 &נ) Q^׋ݼ`{kP$VFN=JN7gn$t2fEW OP QY$0Ww9s`H_@)7K+U?Fe\ {,fqE]-xfRZߍ_ɁQsQ kmx. 5'26X01iڻt?ƚ3_Wyޏ>CZ!g{/XQ dv~phv"7= NpOx8+-,}@sqDã|팿xIˌZ]&M60;x]F~MUjxy̝"&mұɾVfZ[ Ez@]N[j_-!M#B&~Z0~P#cO2I*}NuZ^^ MS9WUIɶto{S.W¬P)qJNSS@ynS'uM0ޘ8eQ0]$6wD>O|:o3WӚ/dA_*l51{dA_*?N08'}y:_9vZzv]\Y)]Gyx} BǓ̦{=Vݕ\OINmذ ֖NoXҗ7FÚ错]I@/t肋sre'Ըߌʿ~mI%N*-/l[k CH|:ē5& ?x\i3nf[J_-:謡ؒWj(ڏxS+=^ǜc@ OOddCR<2#dI^Dwbma ynR0 TIȓ0Cߍ&9`?]РLy#g } ]#C(ຏM!C3sO'Za,!.Tl)CGSF@tKUJ!t2SW|ނʣQo[nLcK0=hMJĒ(M_N/`,'^V#RrK7:-^| \J g3]g&Z>YF¹t}r6; %ٵk]t+o%2"!+Mnm$zBx#ZFmm~R/JO/v/gUNmd D--z)h>(n@^'{Λ凁Dd2-H[ub)CJ0e Ng+IK0AR(0ePWV!dEv.Lh1 i')BF搤J4Bl5#!99@/!B_9Ruj8SjGCj`1ltdWqE@'LAyz̭8GL*-;lS瞻"gV"ӓ-WʓB =V<1W;22Ba >$)4I;qcR/r^|9w רKnƥOM[<֋nW6;َA ^ed0<'re S( g6>Km l~VPhm54 ʐSlbj48Z."-ɈuHT >pN\=|L}zc(hrt W,L4|wU}Û( De#Xl-`.$wd6ȻMH:e* ҒW wZ]R ʻ{np^{4xLAĖ 8;t~mv>P|/3d 8XF )mj V^!ۼ|JvQ8uCJ`4jʵYJi[0OQCxQt޽>jwVa|t&EpsD[3׿A\l%zKyTaN3UǬ3o. Vp)VǼM% C~np1dݐ->]HmCui,!yxl6o}d:φS;29qdG(a]ЅmMc\LahHt[ڗExF9C{Pt^ZIE.hUۢ^)9#rԟv c8J6yҷ5|q݄S]kM@Gbu(nKD^u[>mTs3veH9Q^%*cyyjxb3_vY*cmq_fRk 1r "#o_Dv[ CЁJ[Ug?an*F)lfQ`l*!آZ;s T>`>:GI~:24ѫ1eɽ\A$:o_eBlm mׂ9/uw4 ,VBWb G /1]D2|J@3&}^*_GpƘO0*#[і+;B}Zk)PmYO| 8tã!2t]b\`Awv13oLOJ.ő%j˴MU(&(5UH$jÇ XxF|MKwmk<rpLIXzN myr]8O!^|OL67C8<OKjGgI%j(XE'YI8գ4tS;1'+_Ѽ_o>jaD#+y3ϗ̰Rj|VՐT}ЌHZ7be$j5ISNVYC[ĖyӬ AvU/p|qå-~%+<ޠ^a_|}j&d.8趓wE#MԀ^m.]PБ v\jL]cmw 2xwO0WDcuYfG(}0b"ֽNs=v*_R S_j'ʨ,ؕZD<`_`kͥ1lAnH9j~/':rA":ɍf ,')ŀ}4tQ0FydY(۠i5ezKڌ*?m4o7w7| t*eE[LLh5R2K {S!"3PJ]}"mW>=~ocPSdF:ED(?q~|z95=r0|:mXiDNh(AY7a7kl$ J߾*T%k̓%+ҍب^rL|%F`,V7ؾJI~ ;*-R MM(]9Pǡ>09>Fc6 D̅_T1pJ^ĕ->e/"qgs@ĔB dnPz$/iO"Z4{ =dx_f#Tc8fh媄mRXQA& ]#)MN)}B>9Ù5ӿ9dd̨Vdd+_Y=8Ѭ&d%x$,ޏ{uY*R! DF@rI/zl uT[[v2?7rT),}*M؀sPg܉dSMoMQuk)5ץ&TN9qZslkR'r_wW{p˰[i zǨK K3*Ѫ*t4d|jeKrekexx O(VȢ(C'zL,j-P-:q<9!AR.ݘX(maWLͯI ."Wq+&)l_ono]OjtR$ ҙڸxϸw]LWaoGju9F:F/X+T>ևps(-~G51X{bü:sj;>;͆`+A^a#͐?i`ٿ#a^jBGzٷrnJ>Q(;f\vA" J (_j4Tt>$hC3$HtP" 5Y[vY'r fS4,2C0. dqxjj Yp389ivNtNpɨZk(CMr@]ȷYFP.WڙZx,Rڹ I+O>]Bq$xV5aDJT4m/Ubnd\cd}k"[ l,ajZ.W-vJL4ׯLD%>tO~ `nZDL I"޲ܠ&_5ȺU&X@mZ:dM}h-fޅkŞszl# *&GCK]f+q N3J=-^H nt[%Ni">]8d$FP׬Om DB1=_ny`ɎO/܊U)HPDRak[Oo_J9z\JOm`{3rn 3Bzןv~ehDBuu)L=jw_s%&O󴏧FN4RatuVSsjEit&ƛd(KZrՀv jKRqKdR2 v8{9 VPu@A2u <i864 Gv]0LA5¨W?w !rXugjB !CT;'NJ/E: ĶکK>[kWSΎ!zg glբ?af[R냼SĖc9ׁ͠+¼B@ ;|\q̜FprC hY;DS|l *AҳpCq17W 8lZHkپrN9}^oc^b(?jqgOcS?gUpq)6~{rV )HiZ0FY*ٜ ڀ$&B1X3{}Tyݫa߷ͮ^Ca ${VUYڱNI7&Bp]#9Z M~-WVr&%пOxɏiYڮ?GDlWV\eioG}D̺ Lf؊*%H]KT+a @hhzm%6ʝf?:nyiDy8\ Ƞ%_Q8Р=-%f9# %'ʂ_n(Jq]SyF\rR}@Bl3f%Ng1k8Lu9qq %:?Q;#!-=ZY>X6jKqM'_*5]ywMD/.Ch+3W:ǘkrf:EPQ!:b_wX$laCBmC̞~++RUj{[u i8,ȈFFtDJNdM >E/e5JRAFϚQWF=AgzIDҿQC#*JN7"+L#>grZ~o]`\=ӭtS̭2~V֟)|Soz_vͦ*o'T)V2[Dq]OP(9RB%bU cQ{|Əƀ*Af S]x6nՍ͝X[?V Vjت.RZw ys1}}Sc+;buD338k+y1(uU:%Ĩ7Xʝ_Jjqk`U| Ga*r3 P[& K/`[`DA4Ilb=ex;`Sl>I+K\_3/ڰdq=2+)AA8L>)J=}WY1Xv\mڨt I^STz%&I *O]H&2T"RE:R@27S˹aop?H opMwqM`jox!g uŌӍ%2R 鱴 08Qu:f dY˓d#ɩ`l ꗐjm%#Y2om4AhԤYBѹNkx}PAf4ZBZY$S~a߲͛I?}ܽ0W z99@<%#<=/ow(U7J^nxHMd*rbytiԪMRD3vPO33VH lojO簼^sҝ -e\Ô9"O]ODWf<*_A$+}P)Dp3 = gaf N"n+C.KjA˓8p9z@U+܃SٍY<jF~4/iBQB^iG_Me5ƈt3!/tH3pm׃N!{rGqKcH; /~*'@Oi:e;(6?9)UqBK["8dkT}ruFCY(Kdti@Igb#wg,2e2k$}Ԁ0n e,J \1ZkfaM =#}eFk7[WO2y!pkv3zYi?^ͅ\7ӜUxe ]lFRA/,)O)u:NSRmw5bߍ T`Z|n qן* *XZ ^.Fg5)?wL$yʟ3z˒gL`Y1Ə Q+NEX>JFoJzh?N)v`ဇh1<G~.Z GGhjZ )y {49쇄0 yhƏ'AK(̈+k_9U Rp^ ~A`=p갼Ę=Pqjp)s&Rp$̇Fx;'љ:U+ v..#>d/=6Q =q'$va?{#Cn2q}7(\T3cިܭ\Z0)Hg6WA^L% =zVV!&(.1-,MH1ȇl?((Iь%qjQ=t'喅&r-lv:zgM6”{*hG\ b-,.޷3j4T]dNc0dVyw1@{R,WO;v$g`lGr0Zz_=hH0p:U+P-ĺ0IRcu(I3yA6*Л Xhk?TO4kZ қ7(hv!hBL>@;^!ӜNx~!?+v]( V*\3 Q}Vg",Lh~|T=:uC&󖭣WC(toz;)6`OePвd9ALUDqXqN{OWM%)hfv mT<,"8Ha>,$Yĉj,м l UvD4 qTjwN.dŗVrdWL F!`G?؇ۭkhbDd#HNX#$BGܥi5rtcdKi״ T5}J)6Wwݔ8PU%19|E IE ⨍ |\ϔZ(u]Zv~>3dŗKo1(6̝Or:m!wmv?rp.[\Ɯ=F~Lɤ螠yaї܌x'M,- djwRCzwFL d'i拏i .Ahhԏol BrsP2@"5󏠁jK|[idcyaf_SpX?0%JmFn,Ur_9U"78VJtX;*s'Hxo urWxr%X-=c9 0ԺME tǦo?>5f.bد^ b')0BA};G],4;7LlN~]sOx~סu$ö=@k핑Ї-,YvbW)pUx1(FE"{l½7S# =*e|ՆʢxMgC7Ir3}KHO֓c{] %m5[,/1l ;T$ծnmC-D*l\CTY}-}Fr-n"Ehz9$s+-}k"񭢭MuP:W s9c"| nmn C,KhI ö)OB7M1,vī5z@CK<;ubUPA1rg2$C&^*"wԸMOG0gTJ4ğЗ ~(8aWQ 9"I}ᯤ}j[#gREhx^g alLCRU!Oݳ͜- $XQK7L,L%P+p鞉bY$ jF>+gUEc nXPĸ"e|).0Z<,ͧj+NXŶz-KA]342=wgQHD95Ǎ˯!HB@,XR됗rFJ;wi>֨T@qXhS'`ќFM'~3*؇ci}Gei1:ǃ4g0KwB'? 7덦=<"׌,vM4'ǚsY@)>~3y#|H=O9oz-* $-qm=tmZ6:8e7# x_3EhxPI7>~2w B_55$ScMj 8 g\s-E 5E^*͆DoZƠ М3sߟ'{&(0'oևRˋ( q=wEa9{#D,XJmw  I6(\Y1܍ -FH) 娟n?潣G " _Xxz*Y*ޫW 5hI]D6?BvۢHåUu1h񰗷&ۍ@VLƿ vzz sJ1vك(PN2Tly|YżSbK_ٹH?rBBύh+c* r#(tE@Iz;)_Q!^ /!߹8Xb;SVO{2\I_8 `~̃5=32Ik1,46ڐ-H FaJhzwRk^}[&.7yУ?Hh>[@H",Z3=%5s)c?T4-ߛ ;5z~\)$`:xcј8?$\lVȘB7|L,xdힴ"R3\ +޼aR ,fz"(kwG!Q9Yx1+crkDZ DC$m~z YeEm1 Q绺,JfX7?>\75~L"jd/dW! r fT UaHafdͬDNkkf24-G˯U<}^- iJ'qwl1Vԝ2Z'bvo!wpiaOb_FS`"UGoMJIZj/nu@h2}S  o̲?ozC \+x_ 6[8 Q.>),;cԫg˘2B$Cؽ%N<` R qhpy\l Mqϧ7<!i"S.=+6eUPex ('1)]PsvB8r^0τC==HeG0>3S6.߼<]`KBw0KǧagfbʂgJښKH:: 7]!Pq#yr˰AdS_g*1߀\g}kўs(f ?Uddacޏ^%)ſo*{_Y-^n? WBD]zdf[q)[+ ex6 M]%R[@3 O̴>e=r Hs>h Y'0_ RUb6l =uˍ2Y1%k=`UD:= êO ,ե0WLwX" Ʈ)Pw"^b9o{B^M?\-ڞ#CbOg;e%A!t*IV/&] Ƅ`>4TUl!%hҮ 2Od{;H<-a9Ϗ>oGYj>-vO6iTu'Ȭw$F.06G!s4Q `Gg&D τrrIhۚ T(tHs4M- -ZZC6n5qUwϿW2h ̱d޲QX݈L} F0Gne6a{wj!()Gk*rf-v9T{C |t'*9Gmj#Knn3V0Ak|WMGIxڈKEq1!=fѠeLJugZqk7>r]KmœRQg}*Xt춍H`0׆Y -zs^qt!9澸_>o*Z{ %䓒~3 k\f L&*QA)2dњT|Za hZ6hSYvEy\+[xGCV^ /VA}_f Q() Xȇb;:Yͧ8zl|mH1\#ǙO` AJm,a"q"_î)|v-*+zXʆn/:y8r@k[L <6޴'VC6UBӹ7~ ۴jSGHܙQX<kd%_" o7?=  2i[Q\65[m&;,snӨr" İJ$ i3<7؛IFKUN !5:OJB Q~Gg?׻'?e,rq7fLH'?WE<05qX8z(]@F}_V0ٓ~ 2ߴ[[TN'RE"F-RW䢘pH?DDKEhv~VJc7;O;v Nn0Ul@~[f|WJ/8 G `_ - PEo!폩DJEfK94?b! S0_޴):As N]G.e<')81l(!2dT*_&_"J]vya {%ŀB>]C (%qͳK sHq"41Ŗ"$hM¦BC){s$qFz4{D>oz;9$P׍k @|X\/lF00A]`D@h#91A6gT#S|lYXz8fY^E~U5$Q%S{͓]>(l[6V{II-E HP< i%wcR $xW\vc&T&]>Kf tt\tƄt5w\I8iueURYڂ)EjHm42?L#CٕT3 N t3[^0IverUsR"4N Z?i:$[!åh$T69XX x 5 ֮?VpﮬB}mZMaf9aIGa ]ŬG}.Mj's~ۏ5zIB@J0 } Հon"Lw-! Sߦ)Z:o 簊dJ_AjldNB7wX ,tށfk~qu$o˝ѓ*UB^X拉%>KMq8Xyc<##> a@eB/|rUoT?_'hdт*!9 G*+ G2<5W9WɨI0FfLlz(GON =K5mwrLeF7w냖W=:gfO\4EJ7ӽܣ#FdG9\ž-,K*iqi\=^n}?)%Y9ԬYzl&nʟ~Ƕ&&JUR;bI0轿 nbkaC A;L%/6EOs@v[;gfܓCP< zNر+temefoV!0+tZ@!A7}{7s Z>kΖ&1o_>HXpCuV>23#+U~$<kFM{mh/ I'w^eY|g:D>X(WKECn +A{߬]!#;AO؝֛*[xa d%Iˬn4*Aio\RB t*,JAtQ-9-QX%V(dž&{k9<=Dx < jԸ+7=o a&b$fb@hƙ8&$4og(f9E.NNōWU?UI_ ?J4P.ۄ52{qd}ZSz:S0չ^Z/}HA>OLn xw Vڋ TvhǣN2Wi<19o^Ipe"Yz&*K<1j If &vxF`2j8ʩcZ 'bQ4lrz87 '|gA {BO}Z D~336IwdjZP/yx۰K+YN8j}o+l|3Q~Y'*Z$B~[!`|n&">GR"y%݄{vOhvS2m&9icrhw,4D /Rҏ8|ʥЦ*|9A550KS,Q) K;i(.I\}']jzqzA|pa8I&]1Eha.lQDu0hȬ*-8`ejg= EBZ D h ڔ<;eDljRe;U:"\!] Xl2i FR/8%JCo):$?YeH&H<a2/m7Vx_sٜJbriL8\f N^#c+IW h3of]g7zU8wne#Kd_LIc=W DX3=ϢV+Sv JNHRh2&VR{,C9Nڃy .<*+63Uk.aHEYfRFm _e#TOfKK`se*l:R4;|v)'!vC ߺժVTB780֛TOw]<TDi '?U Cjǖܾ/]s֫ V9"qB%gѳ.vcԙ Hu<u:MMf'v/D?Nj?aBWVzGn+GX+,Zt=SK@B1Ks3JyUf)>玊'!&{^&F5 |tN.RE֋D]RNr?)8z(,$?nPc5})NWq*K䀼#F#+ڣv)'ȻPQri6IJhBrWk^W ]7̻"D@ȒoƅpLl[JZ[/Dx!!gNR0Km(u^xeNv[\aq5>Bv YӇ҄k)7ܦ|fOIH[ɏیTZX ZpPBoRj~Y塥ml[8qb/̘& oore-x:&CʨD45Y*xmFСR"jf͵|i":7{ ~#,qmb Y~qQ)O]ԋBԤKk|dQqr-@b`OEq ƏV}?ܚ0C!ww$jJi%j!g|2V3|U\"?;7g }99ԞzKD>|;4oN"CSl_/|7%X5 ~NJ#HT^VLsK!ViEloW}>|ec9M_B@f;@TT1Aȑn3ՎҤ }DĽ~\g_ \_>vBȦޛ/\"Ցl i;uFM<8j78;ZzzO\'aO ҥb9OsgCoO%ْA[ZK3Fw^R'!=nAи0sgkkx_jc GJ͙pi3>T87 #0;#iuD| v}p@0z2~JU/HH;>GAaSKxMDTwic5ot CEk8ɋh}xq}i*;C)U-*Tpؿ# \' AU K?ke[$`^"*r^C{cGgYztJʆ$}<']tzQ4Dna§(2Z3u3% ;µ)U2["!u4`jIIВ4qj+o48nЏ:2Ԡ䊤P(Լ:>iC4VV͟ƾuԻՂ.9ӟe7Gq+ [/Ec?8YGqx$޼Ls9zVGR̜qf17^Vp!)@ q]; ''RP$*bcPt Bdp=zx4!y|Q].㽝H̩n}{ZEWnשJl>3Y{Q<)niͺLRcعSj\I{.f)X@7=Ho̓rJՒC.z]Bkē\ bddPue;VWPxw #q"*.͗D4?~=/>~\m3ϕ51w3g`7Сf.{&ldP+n+AU\8E3W{xÅ8dm\JϦX37gYn>agvڃX?J[>dvYٵ7- hFSJŌt0єifj mԠ*6cPʼn1L+in;@VJ0ev̪iV 8'xߎkgTAqf4&BBRWTɟ)?7Ԓ XȊ7+Sg5 jj4它y_k^)>8 0 W=n=[cs&|pW<̞*_^’ĸpSF#D'[Sf :15@C>9ͮ2 TDrڬs Хfk僂/#4_R0J|9d1(!#>~$mh|?(:H<awe64TM(6Jg$|1^p+nb4E c=i1cYŐZ!5ff>!:#7NJDuOљۉ4ͻb%c* cнc*K.#be@>3TGdž r0}Kώ$`$[ YS5E,3+.6l2OK)Ɇ ˼̼ͮl-1{Z, ȇȩ  J(eD -v>w#|.SS$RTS`kG̑-p!w&"+(+wޛd9 cLŜGn7 (R"ǎfcfAl3=d犵HۧUi_t @[Shp4嶂,ƹ̹Q ?^${t Vfw(1i,zj_~2,}Q T7'<7 veuNrLڧ Qt@x1RP=RZru+=SF B0&O|۝Q8Y>hz=%",>r/au߻uahI,:ifI)Ɨ^Z{Y@Iehg&ճ B5Ls[hO?p +&0iEy q"6X,Z..b9ґ ?S .IeG[Ӗǐ[n[/OR8 az)2 zI(_9^4.wl.w\X.wځx3it;wV9֮Ŏɣ|:뒾6 JS!'/MN'ntjSmjտpU5炡Vzßť)EX 狠Ӡnǀ*yH)Gn 2Ӛ)ʦOZaǚ: JԞ`J:En)6b5PE`F#>xiZGO%uolVjO涱lKCj0jcGVgVŒe v+I1[k5 5YA[Mk M2HQ,3KDJc [vYv 禛C8R]{>E’mКx=?wMNPx&jfXz'ב : /a1T)L: t$Mcb!iLcg&:=~LdB:gs;кaB f6wQ7d*+ܜlPvrc!nq͞XgP(YLa)GM(АGLHcwٵ (pf`:�|s3,0fҺCp@ oaVEqT=0@;9!@DDsAQ^fr|0A=73I51DB\q7}飞w86ecy7b:yǽwYab8 h6}n5Ka8XUh?A}Ϙf^Lq4Gcg\U9}ߥu`u R+o.LesuUM q_qK,Uq.,8D߈`S$k|&ʰ6ʋ(vxyE U]KIc | Xgz6Ń\Ys>8k۰#}W63vϭ)zEۓR츗vɝ|-ZJPcnJT/I k2)MIܟBb}D!0~$?ӤKas6 3tW!.@I3@G -|jAoU)g6YTQ$0ս=| vr/*G`$XR&F,{\S(J&RCHb1e?MvcN}:WLOh,?A b;P@guO"xd#>/`$O ek]zֹ51?E\X<{xyBb Ks?8%; {ƊЍRod:0o][O vkSޑ]SBumwCe$L}S.ncgR2iJWpGEv7Ex1\~,r<^~b+,҉"e]K`A_Bc|cy.z!| ]d2l̲%m#RvC7ȿ;qOeC}H۾AIL^'q#~/* a;V'yJG|V'aGhd!#V}Ƌ5zs"DgyX kC eQ"`LA+Ԏv MA:(Jʼncւ¾;{Ÿ?]\:k)l:l HU H DMEZ#?YKqP>,V4Hlv#R፦=lW=+Hx˪"\ϰ |",V3|OwZkUD=Bz0L,4ݍfS棏W7_X2(mmm=T^Zz%P̩m5ψ]Lu  sݕ܍֒3mqsXvxA' 8q7[HgVlR r+:DX_Ts`ѥtyP 9AoRogвfD{Q=D-q6uI?JQgi]$bu* *V}ݛ5┧ij7XY0AU*³Uz{N_T(:CtKw!i D T$ՉmV>HԘu(W)ՕbOV3F|mRp*C6/Q?뀭 YX)YM2{Z}%꣠C@˨Э͢-BeAiŝCy@DD:3a3fÃgp-fWu> "V&Q:KTcu3 ɓؔ6#MGive%6 z% |^/NY<~)= -@1Tm`,$^l*VOL>ш($M|ɣ |֛ 0c4Ҍ֟kbU&-iB4dy/{4shI#pwK.?ISKY/}Z t-X` 4}NϦd5uFwe\ݘψp@TOĚQe8otEYo.xx!dK{(WĀ򌑬g]  z&=1#t=0oб,WIJ(WߨeC^ v MTэ{hP%6_ #7 6[(Ubl'Y' UH #!jd [m5) c'RS:kAza]n~,xZW@w,a *vmO+7ǫ>-o@07C+5Ep(f9WK 9;7Yx pr#EŢ*2d̤a/o$t~γ,!1֛D|C"-ZQx4i@>}q4 fs腷0P#9V[#8^Zr/K?㜡{TEY+f&pھAOLd~Vr|V#iT2O:͟BA8Ԅ._ٿ68 QQ]WA*h.pe,Mֵ SL2,+q| )y<ƌgVc=0y@b ;{qmqIUz\Cֽ\%kWL5RyLe6U<:nua v{SPydl~[9ns}Sj %lb"ǃiVB'tMWe0jnc"1W n!+ kx XV_DĞo 2AὊCMʼsfN-'eE%@.i gګbFG͔rqa qRhY+P8wWv1M.kMxT疕^z@3 R#pdjPT?OSQ3.Z6ԆnK) EjBreb5K?5Ѽ葤MхFfb5 @KWLF*K܈0wRg>n[e@ M;[Du[Q *Dk70n#ץWLrt6[s-M^omKNOI8RԙɧXdk+rd6 'P&g%`*g y1p]Xxq'7^;ftGqmAHCZ4*M&=P'sL>r"a :5 앆E"k"I)\ O9 ./dDhT(4KoTtkGP(Pt q͂ _*k̎/nPwFɥ%\!B<2u;J13Vmpؚ ʊw?2pY26?eH檭WI+3f6(@cۣk)TUZPi6Oct~=2~x K:Nq<" w%e*gar7d,:7d7|hA\㺳,;yuxnM5{]N ײַOG22T./;z).ڌZe2[ӌw"kjK|^hP$dW d)HJk֔*Ai7E/^}.@ePÝU7:rNy~7MfPPoA!z csP88;ӅJPRˁBmc YFi'qe Q=1T:T2 w?o(R`*Ok$/sħ/s+B>Q (*oxa$聒x#>P=venWd~XlrxmhP UuYI$%VW=.}0bB{ԕYe12))蟦OLB ŭ06b2 ۑ=*Օ> eǹIHJ0 4lf8L/aN_ hj^h&|+=CuL^f>e<"2Z Ҩ#1'EVb,/{Hw0RW;vckuB,]”#yeOqN׏D=?y#i֕ 6xN 9B'Ɔ'^R[La#3 m!ABQR ܓRPipqoRݡ?+Xz^v/Eap=6@}fJYO2QB^рJFk#,4oY3 Er~(a9G4E\8ٌ]1ܥd eAh9UŭE WPN8at:]SHpxy7we6hDMY GqL`* iأbY2qYǧ=`iI W0~ 9͓!P<9ƞ&I ɧu.9@By לgqUwGQOI 8ˀFam\їLJ; q:LUmI]Y:ӟ-R@yC_ Cű eK*gz#b_Ry]bʬ^r4'( >-~[":v/y746(?ͫT /%AESǩ~t)sy&D+ﲂ&ML{W뇦@1"s)ZtlwWS#R%ޡ$6@giq(ll)[1 d`吀EKe=6hQ]i?2ͨfjP"˾U$:D*܈jJ<" 7e 2 -IJUb?Ldh')O}DL߆۷ ۋjS[KhI76ՌG=mےK9”!c^U]&qٻIgUsEJ P^0D >ս|_k'BlTq2 B\jӠ 5UbYlNEJIP⩭eYɣ6C֒:ބI NU} ($7S*݇٬y&Z/w#o&Tmy%/Ýj-.:Q쑶SS?O4Ņ]Æ2H!CZPr !)($liW轘kǕ^nmlY;:,@ϊ*{WAURtI7q)J&KH pxlO !q t/8qWw`#0!C˃/OLPT ^V҈nHtuk]K 7VB$&/-:" GjbA^miisUxw4ui"AAlU{<z`pOKo ^…].> nNʥSqC2b]{ CsO?m@A.itNڭ{yh[ݨZP$q.~_,^7 Fg=l9DFc/ﰭ'(.43zO{O:B83$\ꏿ>D<U!a0K_uEr!?4=/`ː-iQpߺ͂PTE[mUpB-҂W*7dײ@7ԕ`RHgurdYәC<(w[R)C%ƒh(YL X|jL#٘ U iu'% YVSfI9ɭ5E'x.N3- WLsy,β~<8EB&7Z_k% 4.I:) szljjpoeK%΂>m m#*s|<&CfXLݼVWhhnwU3RB_,R\Y7XDf:wh qX^] Sq&m0New)`Al\} k!D*&+^ E2KXSxj.i\!*NX&ܿ{nRA2`05!u kVr낫 mоٺvHVa|$ (F&`D#paN^5(:BXZ䞡!^CRG>_oe{/z#[z,_әIKboۅ0yL[fa3Q[gI$ƭKz4 7yߞ!ݬpYZ @ک7X߯Um p%R]r)ĭb(BshőO!~͊MFs}kKz ydS\bs h0+%,g/$ iu/8dO{eh ߖ @8Hӆ7ge=@.z 8H,s;і:ɳ㮠&[_b(⵳wD Wl>.I\]e51J.`Zr0+ N=#K #t؊KycWВ&4N-ا : ),܅i *_0A3-u3j=bOz_K}k](c;ѧTbRa ˯$eI;>Exs|L"Mc&_I;'I~|DZVțඃVOU&Fn卢w7]eF Zj{rP#gRKrke=p{g<l뼾rqXpYqX4͔Sg痝lFNx8M\m<- \Lgj0P8=LJ('Y}$rrd$<k)5+03b ~WKLV:0guP<#OX6ڇ[C]xC7~{.6. {b+Z$"xZwOTʗc nl" o* =Z$̀ W׸`~'y)GR&i)tx-x(.&TK4 Ҩ]\o:^i0\?e%DfM?܅f?$6Σ ԄNTEߑ#zqUti& l_|a0P2ϒcA~g;LudF+PXHO%G0m$ąBM4"Ʉeo~@إ Ki}1GpHz*~0tٮDд Tly)Y#4+*.T>JkbV^4T96Q. ;T=;'p$0#8}8(0*;_&}%xz|)K#J`+q|M 18)U(lwLFc0_ r\O5Fɼ,' J![!:Q0Sg>v/!Cc"=y+<\a2ӼډP.t /e%-Soyvb0\$5[|),.`sƔDLAZRAk;`YSQ9SPmiCe4wYw{bF_l[#AI%m]?@޴{I&ogGiJu2JcCq>cRAu (n|׾g1oN̘i7Nq#"-)m^?%=7N]pc\*+((lu,UjA\>TI~[F.:T \ֱXx%j*@U ; i"r{tA\\`2Al0D'Ǫs&MfWnt9ؽz<~ 2 !x I hjeZ*4^E{ՐH7EX{/WEV~MC%گXL>wWLݭ&}D=`hw0 ˅t Sg \+94!κitV*Gͣ(RO8ɐ~{u\,>ez|'7"1{nVOm[1* Zɋ0Zf H]Y.Yq zq ;Jd>X6ҤRr!][ L#.|9MM<ə!6#AK~pewEqU!zۜ1cbb2.0bf2G"#ђd=Cy1_q,Nqq%y@lE衜}6d|"؈rV;j!G?9-PxQAO8LXn5-W_R|>da"2fxGdKQKv>9cm;6v0K ySNEu"{ֱUWEM>\\'_6o0.ʪ@}>.g A* "@LW1ooĄ%NzS1cIyHxp] &lgq́0O;RiCdGW&4D,#uAí40U#Qpb]@zTZ73bM,l{'턙mFnD(<~\Ig}L %GnOqE#k$5 :bO{哙#]/fYξ2Lwڍ@`0gRVb>108,|ݥzxJ @hӕXfݶ!3@px^ ߟHi3<_j(]m~ɼwN{LS ߦvD,E)r6C[1b ҿk2'|-p\S\v9&SyE Ydfjk /~Ԑ=>,tȤN)0W.S^S;[간jĐFsF8Ej tueS(YGaƺK=cEٯҖ^yѕ]56-נCq7辴 {B(hN{Ib r^aqH3;'s _vmLߟ#zzH0Q;'.6\34VrOLz,!}xkҧYF fR@JI;3+ S?pd,U*6~f JՕq6f!)0ԡU)UGz.%7w쨛ڱ汞1p&'5/N#fPL?sj\G!V6m#-d+6o1PHmqۧs뫗Çg%& &%'Meo2\tEE2((+l^_>Un0D7`U)ryl/\x+[8=q'E OaL^~m1}fxE*ϮZZK$|dkgvٛ(ކmlS7@i3~n)"ĝdvQ/n :+hGFѨW -ՏѥpԾ<_6H^K$8>\D21%b9ț6ǮgmO=~Wh9){e!ܴfK-)\z0?A  C RYȐ=4?#%E#+V,ŶZVLJxfڅ;PǧhBPjirԼKKƺI)&/m%9S9-P%:9;;NYYǷ 1coڎ-Ԯchik\qع(냇)"Er"SqYVƾڽdu#[=+ЋN ;ˮcw 2UC?;sCd2Re(rPͫ ?l)r++3mL)pwTQ/],EӞ*kXx()fvҕN~=d`K]4kvF <-\fF_H!`%Nn^Ҁ`8QL~|BO`kj (% 8y/K$Omc<U k#Z@^UB:$%]CB?Je{L\t)6ՔFʆR4 漨W ?W("ܖo1uKvx'7E1PgԻv/ ֻJN:+9}4<l7bVyLEFɭ~:~B'T3fKkǠeCix! :y2ŠOB<+)z=PGl ҥ6J'vwj[BY pk,53y/bUD XgNٳR5D~izϏ=ZZTvG;@-Q9%;K8o2G[m Ga,O?4m p碮&P[J"|o62([3&pBfg"AMbg8v:,uD>@!ǧoLw;G[A+Rm9Xg\y=ȝB)g5Z^xw ]R|ӡ he~>"L^rjYg3^8Wقs /$q`~JL,">†JGpm3ImBy5#|`؝Ypt-"|`drMV} _ U)X +\~c3-604^Jc|ܱNz lBim h,9X3E{)$ =[7KK9XCLWO]?σ8Wx-@_?Bʝa1,ˠ-\Noe.Sv wRkofa٩^9zvuш,%Jgge*Э2qܶ\ХUg+ f5\p 0|3Y]IʁP.t#K! FD=tR+gB2:\cviAxR :ܘ,5lMn8km`eb*V)>Gh .=;y\t̕[%!JoHLYyzn ќAΙ_7A4p[٤4 aj)G#\9`+ӑIHvfݝύ+,);B?Zڧ(BJ}fD] ;:៏8fo^"ɛ<\01FN؎yVT.fq3Zcc7 6=zu,CԤ΢m5%Qw-$]S4՞}&[hh@>#芃2DV#:M#`(NJ3 (Kd4;Y:Du7)9m0Ws(5`0kq'F;  X`QL фWoz4R t[kxc9qj1+~fm{No)bCa6eBJ1'qfS﵅8 xCӖƸaOy 6M#K,ױV\:KRy*MpÒA `dHM_tIOJ VN՟bbmS/銭B*Ms_o_W}xhl$-oFrOl Uá':y@sgC<0 Œ1pe/DGʛNСu.P?H^EL15>n6栟p TUtB>=!ɦ~YFMuNPCu^"\5̪&5{C>ՊRY#yyc"Gܝ 7'*}EleoB]`jv=Gw^ +4lppөa٤j] W;/fu1xK3D@մ:CeipOz]{LsgaI.owN7U/N5.TvRu $_y!-+7V,B¾N WQ-}OXDk)LXA3\XC"㑟lw"|I\Vس"jBIH¬+_-%?✾q""nfyz {ZYѸy{E;$Sy>#om0V~pM@`i\od>V60Fq2=QDIn`JmLuԴ֡Qs<@9w+v0EWy-Ѣ+Iޥ}ΠByFwPgeEl>wzH{Lۘj VmYWmA9k~Yg5l*Q9H?iRSQ9q)юuoUK=RcKu3Rl-V$ }/,S~-||ⷁa|poQ~@m;Y϶:4j}ͺ5-4 (iB *@M+ƌ׷dᥟ\2k$<35`?ӁLJѰN4G%}Vڊj v1OǾZQQ#tN!,a+ v4A %?)'y | &*F/K}%𷅲snhG ŹX"nsub VYX3Mid͝4l=hNE*{~&Kt+a;N[d89#̯|Ԭ(wZg是a8aY#g\dhRfFFXX+L<\b.eqj\ ReDw("q1T_vy hO.k7X5,W7t cʃrI:)LqnK++AB;eu41Q̵p[J>vcWC[hؖ;o.R+=[ ˙QWG"،+~T)('+4:НFjoWZf6uWv=-BW0S_Ř$uUh<֑k}yA`Vg|l%"h>*H/֤ , #%KMFg\<6EoE$a7FSs o9_"(ASP8eq5!,}+nn s _W8wϷ+۾>H7] )M,cKH yAgma5+X?]h;%}aKU 2:밭e[ [gKB XڝZFO.rh 㠫T[wYU?7,{1Rm&Lr]Fah[b %=A$+?bH3;̺5)')PbI7]H?njG.Vlݞ¬,GTFqAW% ] A~Oѕc?Flɣ`\z, ϻ?2~tkQx)Q㿍E䈮?i/e1<%RNdg~lJBJo$[^3OQR}~lFre"w!f#i5*bWOIh=K!9[IRP[cZ!^voq@PQaS"IP!4X-#h=r&uxda{|R SIӲ3Zd7.C4!0,Al/2OTOft ⭰eH/ c Se^iߜRJ*U [[܆rñ%7P b ZxPBRt.,[ʎi!d DuRF-XXn '} yyO )|& PC /r?4y +zZ?0PrK\|QP=s˅rP4i#A2M&,$pԌn#ZM$Ne!l/IPAF nreӰ0ءnIZJp3j(Dhm#X+3Y -Vi._7= R RklQ(J%6,춎$XFV^.ШLˆ tGRsa]C'MmQV32KFf*WuaSc[=7a-L&|~ZOGE,F?}0Ru8MoDVY&CuDb=|tVQ9A9\O*Ua:?%hp,#;]Q "%x /WISd$qx̍~^>Tdr)b}3GAldc- li\2\5ÐHꠄ;=ʋ޵>ۉ]Gkn[!N/WtGheUrt`~@G/|F08.M[ G] W2ب!B-fԣY*F?pI^SS">O( pH%R,19bǢTY, 36F ӱ>-BL7yE($e}uˈcWEt|k ,oMbT.C,vnrY]O<0nbF3cszVh)Ӥ_GĐ?hQ6IjX.^7P0-E.uLUC <5#3&*YI^An.lKꝡ0'XYϊ\.,=B<gHt/:dI'q;UÊOKNmf{5^KσMPG f:E.z`9zbE"|u([,w&6ep~kUej(5 :w $e(BwmpF;C1&ub9q]Rm[G1|Wܨo t_, /k,ql Yan&NCyՁ`z0=P^nd&oT,#|]v bUvSA(YƸ`=edz }+~=0n,Hkc+$nSړ`^ڏo67=}^&T3ӫXCSuL5Yu }rHO!E|p'Sd; Y[>N X`H mw 3~tc;u\yƦw lgc|?zٸ+ )\WV.qKdHF!k@Ы!.@rfU:Tw- ^)E7.@x$#.$iN1TCo4F&g ̥&CZ{M{&1=ut]m(e#U#rh걒SڍPw"pmM۴CF9Ukg^0ײ'fksn[ؾyImn'tooYs0d_HJNӽY-pNe {7޷CAԨi9]tO7A`5[& mQg:IF@IXNKyd;sH!c4QNQn)\'AwyT |:ܗâ/qat=JJUZKDŽ 'ey79I:G/Z5=79d] ' HtG'T+A|Lm4rL+j&H HUbmn4AgrLj}Vu\zَֆӬp֟ޒ,$A7##C![}JK|ˣ/Ysy`F2%F_(597ϸYtp/,) ȶ[%`6C]$ 7VtPϤ-"k`H9X,rN`j p|fsؙrwQY1^<6T " KҒUw3̻$jSANdU\.[aAq ,JHj 8ivɳ ^XWatogFZ1\IfYkezn8cOZob EV3^Ki@8D0fl'WG8CaW="۬1Ʉ::%e2 da kPDY,Z,A`afG䣏.x'oWq j'K8p =,U.K̷elB+!񂁱³D뼴@hOZX]ՋL g ^^Х(S*山w5_Q+e͕qяIxe--u n9eZ=F`iz6JyQbV$_,Sс'\HeZ[  SbG4EJ 7Y_^B#_D -XG_eL2/1gьNTEV0ީ|i -hc"aŠ[RɹfH'ofٻ0j wK$my| ct55HSWrNjfg4mX!DGCK@F^TV B{yʆtUO|zxbPUX ?F;U{kn0[:u %Y߾b(Hhw;@G툲t::lYz(mve-}\JYPoZ`(Nj8jH}$Yk@*Bm,ϰ.vIڊ#n2">h I  5B7Ej/(pV䦫^3Yؚ# ~T`KGmQ$RdR+N*C:BC8BKnm]7GGg:~u` PZD~9Ѕ \ 2af-R^Otwk⋊\`1t QIՉ0Vn8U4 F>Rz`g%6Ӈaz_m,) D_ng8(-@8+iXM|]F @YBc *|T]gPE є3z02$03m$kp|a6hE(v"o[_1m<vÁ`?+|ƶCnoc:i8ɶ=M4g_Oͻ/Kl81( sZc iD5kʶFv` tNtYCH]Nj^y3lz5]&i qBZ8hˬ2Ӏvژo;*xU,68dne@4HߞP4q4Er܉- f2G/(.9WGtڗ8M'\IˎZd›aݓvY [<7@*Z4|U)w <9a KK!sx9hD&i-,ҀKW×]}a{U6NWZhvl~mBHH;1c֢A=ct$pT!=%7Xm뎥"ɦ7ebIO+2fx(P]YMGUC ߳MsKQ[ܘZVёX"?֚1"/Vf&c_bEZdFteE$q<+oƾ %z 6.;+}I6'L@^IeHw[V.``ݲz!$Qhвж&*@`߼;EgK0v6D 5%Px-tqOWsj*Ew-51$gڴXr?Ԑ\:GcŞwe9lxZ;O} "3Ue5t% $po{@A賭M#Xce6m3n\jֲlXyi(8,bhULBA(2$2{`zkR!h8Pa3swQX za>)z $ b D[q:>c{9^z-≎#Arr<@`91R8B PfvEwl f.XY@L!û@qPL&)lBQU1İ[ȺS!aJOY]g &g}aޖҳdsǿYm<`'{m< qg[.At >'sPEǰ-~q:qBq %>jx1hԈ{U}"߱|$=sBa+ E6E>u)TsU10~o1j.?;x'|F١:tPJwWˇ$&r'yFa;k,,C3nvxҾn{K1n6ܐmpC4}G5)܏D(,a]Mjư K@܀Lu;E0b)L3jP b wTЗ(qPv@1k-Ψ] հ߆T}7pP[< ItA'V1fNi ɵ7vjùvـmREc(aPID˓o%h#Ew,G@J65c>7/Y09I te)c8 P)z2i?Zsd+RQ)`8J}ʽ\/T)90TI0kFt!v[jߦuMvZ|v!y$- %P*1qBvs Pb .ojh*7zOw:<ƥlQw.YDz+1 k8H[%UM#.H50Cw9 ԾљBOaFN(d [[4M6'l.þnLLE?)nۨYްwIIC &U&JL9lx47uHWOJhj&Q l#5Dk;7Ŕmr ݘ٨ {׈? QZJt$^؄#F\w<{P JfDuӟG:ƚ='38MlQ;f$ٯ" ?fOt=&KcӳI3៎p$` I2K9E_smIYE{0 " G#a(AԶك%X@l[ĽLC|NHܦ7>cm9ܻt4TzP%vT?=%+O*xǃ,*<+G+&#yy29PҀyDžuvf5wfgFyHY:& "4O ' H HW6̨L43 ijժeA̭VBF U8~ht8}}h0/Z'FU`6ܠ @Slb'å]68Ff#'_JbEV7s:Ԋ?몯G̑s V]̱i:,d.z)3`y6dR^P%c'pV<9E3:\RaKQ썏ًנ"I0߁%Ap5W9*-嵔@ J&Ak*@[A+ Cf1x"? D); (A//ά<4{ ȯ&8h7KC,?w7B^1O5j} N#2N'`r*. )|~mejO Ab@tW .u'p6EU''#y ӊY?K7E~̓ OSK$.?l)n60 *%廢AƤvb Zaf*> Twfj{1 7@==HYG\cr@y/v4 kO/:d ܍G [ G,Mm[nkB5/z~2vgG4U;m lDcv Gtӛ%fn~(Eko`+u<-tEOɼ/+Ti;=/pWJ%h<4^}} $XlC. KP0\/-p;Ek[c3!@-ss j51X iGCl҆,][u7̞E+(N_7 7zu2_ռiRidheK{؂wPJ)쀰FH%@F^ zuqxm D=(g΁*)EUӫϙ7 __+H7?^ox _o8+~A1=.{z\O82'oОP$i1PHœjp\H3hlm=RT)SS]܎.%C_]. ­A[i,| :Pi3ic`I?W T_uPmT`4.3 ZVYb*s鰐/OatD[$/FVvth K~qW`0$}Qxˤg>_b5'vL` пҩ$>VkWn۠7U=88Lvj$P$+_.cQ6P7"3vOP֓LCSi!oőGەg8Z\\dұm_ e>Y;榓@TBh I}3d7``{,"~adW1z+ D閔2z%z}&{=+S8Qz{aįzyVj *֡SĊU9yUNetk#3'L6wz%Ï6s iY:elo#Km™E))c-0P,R`Qu t/7l׮p'ƿ,R7ED_ TOP (uH/@DwT;a3;)Hz~h;ZTA+;.I.qhv!gCtؤx_Z9K s[V|Gګ(bߔ&\_+ Ӳ<1P#t7ؽWFnq4&|RȾ&؉1kXb}K$\[801Ҵiq}:~*>z%}Wi\݉o,=kKFÖ ޖb*VT+mFrSI|Tj fyRP.d.}묧=gR"bklL%'V*&Jːq`?2UEtmw3rl2I6Ϯ>\_ۡl_}b$ݩ0^iJAZ%־"+ }Xgn}t;ĭQȭnn_ /jZ?Ei\z^uy8yφo@ A7y<=]mpE`^ݭȁO(d=|׊}__|uw6#Sa#j5ǁ \*UA  Rle(gS<ڒ%Ut։xxWy#Vtf~t3}@~ НDb^ "be$8DaO)"â)xȏ/g o,$Pncue5KWrz`| =j' yz$pr0EE|;/B$1W:%mC%Y3+#IVck lE6zݵKY{E0˳ݥOvL~Zy4(t+)(LRQ1ÍCeE7Yqi&tVpWW|‚g;,1F쒔_N.a *4|r6H =!-iŮep5^Ht@nXw Ԇ{Ւ*@kq;}GP{Cбl,uk㲓-!ej=}@MR օFWLyfnz%׋]m R.Y` |YS|)$ &2a\YahɊiEPOa44&DfDIM6 4q  *;8 .[`η#-1>|R(BvS;873D_fo'2!d3i.h7aMYt4k*MSGw.\Ȕn>ce+4;@S`KEª0V1"N 6w,aVLv:ǯ.=MAxOQ84p{FkMRh,t0]+Ixhm]~uZ0UѠtO"|aj'R !cߦWI02 Y\k/1{N;7ZUHÖ'J[fwX(0<2CD` *r3sQVj;ެƱJ7E5g4sW>ܛ~|w\?p2Yh!cnj*ԕeOG"2%!^!T]h8&c|`X])h=b"}JB]Z]~!t/432iY rpɾ{/ BHO!k l[- ur%`\(\,[fy{biJ>Axtb]O462qػ}4] \h6Wv'}:ZSx$Fzص9 @4aJH>GV!.(U/ɓ Ec\Xe>pk` 3gzˡ+\ (PǰitbZ޵%DI! \$S աW|>@(b^hGiΒ9Ѧ/rzRrn;b+,Zer=ZL='" c'!"pQ `b{ WZ*qp O K!UM$ͯJܜMWbl)! 0X"8en\v*̐(9=׶'$qhdbZ*ͣvUƠԶʑߘ̯4|P[HG.CSimq6AXB{0-x)H[KdCSCGPx`TmD=,I`AP5KHtwe n,8Sra|Ɏq ~H>v|ӯp4{Q,o5YHLy4&A3j½UXy8W.` 6=I8COǟϺꖟ>hL_K6^.޴${{Jj>5Ůb}Y<]|!ڑR@̣ܳ(1І-@FVk1d.Y>)sH<[ӓ| @!͸lo{!hdkw^th{e0hre0b7,{fkXSl# .ޘq- I&Yu,P鶆Nط=_Թ8Bvkک> <=UTZmE VT|M2wqlab?]o|*_Յ">ξ7͜[X&(Y&LGĮ~D[G-IU{&*_Oݖr_RˆP3&e^mb_1(;h$yE.#B {kxHOrUɓ9zFdup)(8 9-)UXZ$mQ -WYAvZzv"7X*OSm2[~#2&ϓ=ix,\*xoJV󬑠tMPb$G ps,_nɖ%h`qBwTӣDY tѢcŽ7%biZTxSQ^_0u;@4R5|8O4FIƉm X=dn!8%^,B;!()=i!/t?ْn-Ό-!jwLV"ޏLQ wB9 Y=:&<ِkiP|F`L}a\VuHh f/c{ϮV#4l{]^X(om"lBHT06>1Gf#vyRS #^__i]<7+!-xeQtPU/-svZCLPŅS"=['h* ~"xK`|nxXK<磜m0M3H`VՂ%ĐF&r6bNFM/:Fl*E{¾Z`laV+[pNإ<2q$YE -___Lw]B:=xΝ~y]ҮD.>d(zE% fR#:NivA_Ўv{䋾G 2xb/aWmuc=aOI69fJAԎo T4OHX{-ti3Cʸ wRP {%^7n[0ƒN_jk\ "\fJQ\O{ z[q 3z}9h<\[=8Xƚ#'WԽ+j'y?TDtӀFC %r9AO1*ҭǓj}cIU2--ĨMEi*;|w@Ê3V47E8k.}!̵[ WT8T`T̾:5A )V\j81Ԯx+XrIqD  دV}~:K2uQNɖs"{p=S} *倀8iԼΐO$"O(̘BۋoAWkk_ŒYM zpSnWw߸ȝi|Zp#YT _>?)QϺ1VO)jlAw^c2wRB~ |?K!U0I1bx"%(.ImdF%?8-ܪ6{Gu?2@a$ˆ/ {BGM l6 9tmA6*mz61!4rYU_GC6rU[,M&`1)_ gI;>hE;rD8VTo|57Og 7\[?znOIr<@ȩjjSwG6ttߨ0+B-g ,!F)EjtmYߋa>ho&O)ћ9',ghR(xB 2%Q RfClJ_Q"i(ѻaBD!KYa' {e=g{-|ܸR'ӅQc$C4BdtnqHG%c ɪ(3jc_ۂ è۽V5^LɌ;4iҭhA]Z0%<3}:2U$PmnMiU-9zcT%]P mX(t98l[:"'O+AaK]  E8*Ќ4tntȹo l64-ȏOgsѼJV]EAe>.GX)Oa%<-|,A!  L-KhϜa$K|=g'fyo>fbh@k;c7Z 5E.KH.Ĉǀ[@nG8WjœA{m릜q #vÔ ꣔r 5@@yzǻʍ47|γ[-&z%VN; %tk@]  B[T`/! bt P\zT8S|$(],iz|1-?$DJm~fThDQVR$i3~(Ug";uSZޤ3C;巰QJw ~$1{k3O( ըS\dlk vXaO䒮60➝ CWjM~@|F`)XKJD{]t7 {2:`Ts@tu(1 !KGWN]4{t[I߲lMqH&䂘v08qJkW*Bd!%Di@\;/zftty߇{|-K L5Odf!A6F2]d2uv q5&tPR-o@Y R``BA"`Q`" HM#"OZg :BVyq*hp}!R"%W̮) 0C1id9:I;KVUT4 HR]q5kqΣN|/Gߵ1579O^&~,+T:G鱗дugұ\ݼ'3/Y.Z|zJ_{mR˪ 0_EV] Ό+ebϕǢ6"ޮ)VL =};tD`FјeԷ: miW7>/ |w9a> |Y 󯽾q@bu @ d1[a JM[mxd#3'д+LJ ]{G u^HIZrGۖu{3u!Z0mSyGo h|vlZ(')%[b;}x:!~2mReQ{| ^ v[%zfj7O ȟVD6{ې_|w<ήPW[d₁!*z 'Z!UvaSh[WZB.DxIuԟv6֌"jU00]R.bb<'}A,z<~t}Q܃qHAf}N2)J gViWX>T. as/+/pVܽfTZŽНuCO0r 8+dK,2ǎb%5)+5F \́ dꫧ|kby ?[tPFfhv) ,@H%d'5iRc׮i(:u5iG_`& RDvtL"4A,v@`ɭ[筑_`:cXibvu1SKJiv< )Dy .'_e\ rDg;!'0썐Yzj.л+Y˻>85Rr䕴Օ=کuQsxg#i ;k~UKň Q?ZDex;ЀX1s<N^Z DVrV"vղ#".Lya%$9$q5![Nt*(Uł-T<(bP!ND <0 l5Rn4*6G& S'jUG\yEѴ~jo7CV $ 6l/sn+7E^e`~yg0i!yGjˡN <$g ,\  s kS.ﰖJ-VʩD6bJ B D~L™Q떝JąhM~idJJ)MBN/Ր"]F Ufaٽfx9%C꓈z,xJE3_ g @j' :[`߿p-Nzfa}t+kX#ӒAPJ콜Y}w^|~ jk)ESݠSfO?/+ \0#Og|i++"_;lO4Z/w8oBaӽZC0Y१yő+q^%YU.1O)5ܳ::% 1))>Q?_9[6yy:2q7h vV`o6Y{(M.t:8-D>(ۅBX@}j%.H 5K uG2dxFb]PïS+p+,_Y Iucn[˦R#ju*_ߴTeѐBxk }61m(qd=QKn}5my ʙ,R ^Yhq> Iszo|oslgM7HJ; 1eul4CPz32nx?$ 5.0\vy^GL {> CԃԸE>?#ERgRYKE/,y 835_臧5_xse( w9hy'McKm4 <1Oш݀ZmJcx%C~Ӟ)3r(nEyS73c̯} Gx/4S5Km6H@P=F02"fF||Ipw8͖˛"j!.+pZr]m Tq`O:,׹5n˅`@:xz.Ї4l1IJ(2c 'N9FF u1>6 ja< +"Jt &N)0zJ쩻kg?K!F*o+G*wCm}Hlww%<Ǹ IK3Tj׻;D}FjEN &GU#Ml(VkΝJ mM;,UD;n!8Hj]}6ZLq.@`4,2&I܈cabi~*q 5ڲ=0ja[o!.? 01RQËևcH{b֞2ΤYr>KiR̈L Mur#,X3ο:6դVc*:9,ըm^?̣@ /&u(Mpίs҆x'QT2pҩ!c(Q˂&dOИ3 =vGHNk޴9R5r DY6nPhkҿNa!AۓS"1MYHǣkm,4;mRqؙ((Ϯ-WSJ5\><'鰳o_U.WbjŁ1QuۜoKw)ꖸ}6 ſ=LNa5r&߭bsSL$U7ngG {c񶓃egmT%~o*#ӓvہ%Ud#h<^HY}q_K۟{p{8fQ,)Gz9\bVo.b >@4EQN^V#˕FRGLY_$w|n}S_5FWi3;9& =}S2{c`92[Њ0?|C cPm}*`r!et\ `hʯ]&8!KY%ҚjC |1,&=3/} r6~ ||Z`h}If ~rxjD)Ɓos`4=l4އ{Gp$ 5vki!g'\  i 1ϩooQ] ?wGh`!_44=&^†%?Bik vL:bw WqUHWcx6Ͷ5plvn(z }ΥZND.4+V96̰9J΅? )O9,)-+ŃOjڀxԨ'#ft| L~c&&iδދGGتfhM^F+2 ,Ыf+J/`T|k U2S*>H |W4j5PIM~hh$<@ Se%V<@*z/4UQBfmO*Wr2 q^]gNƢt1nR0RtnD@_#Q|*]88 Vv3FݝVدC+ņN3Hc8>YP-Q=3uy)K'uA9cܭq$<+A XcT {8\R kCB"ae#\`ey#+NwR&: _ 7w-;x$)PhOh'B ;Mx-ŽK?B[逸ma#fm㹅x\sV^#i7΃|a2j=Q w链A74<b- P4X_cO.} OzKǚ'Urr*C?WyZ ~. ~~#grqd^8nLjY*z'=O)Z[Q>^v|PRWìF#/l}nV w* TnZg7cEtn 1 ;&8'۷qxDdSŚV'3a\ r9F"LY< yLtb_86az+qo֮Sg+=!ag6,ug^^ygͶFڦWbCXJqegyuBW&&Yn<]\_50/c:G I(urI<Y팚 /KZYGݘENZV˄kF@6kI乔*} &rsUQF0VK2Z@-B&usjN(ߑؘRH^LI~7gĎV1c甊?)n[1tnOL=(bn%g٨B+ɥx Ë; )&Q?lD? פe׹nVmT(օ(EFay)tӔKSS>I%IղHjd:tjv'5f:="=`}0᠒ w9D!P'Sog>,!z|n|t  ѡTk=) J A4 bGLdt;Q| ն9+ .h@:;½0lu)PڂڱfVpBvGRH"[,B=Ľm ht _^ߑ&w 9iV4 Z#:n9OYYLQ4b/-W,lhv V޾Mƾ_(069`? !x6]J[ R.IdXAԘ˳9݇ؿ{RYmy/gׂ{N<t$DI^(T6IT,aT9Xq)P" N Q.vЎh1H8w/h&Jbfq2Qm0L*0@nKTՠ')HT6A2^ֲ$}=iL9zQxˬ3ڍ׌ BL%{I#ܱ@l&oy!="YxF+^ΰNo]XagwQ6ay[S6o I"v䤔ɐ@y'tֹ б`-P:1 !+sKyw!;-zx5v ptj1xcaz:e;)L=I_W-7ܡ죗U:{Ds^7gCF+6@/ &mqI#kG+kDK 57A8Т(`-XC 1$l5$oFg-̹PHyԭ1"}U%R|ېt{h2%XT/4R-r=Hc=fߧ2_RU^~y,wxHaN "AGQkGYZg\lG/\_ Yӆ)>{+`]^b;An*Ȫu\Խ 6B;'7vLo޳a 4k{ro/ѮWkCHDcϨS'CEM3Vi]pOXMT"NcN.Mn#$uj7zjx G k+2!95%Q~eS HgjpAB=w71%LM'16jΝL&Nե@U+}&pNO{]jјkMRӌr[mi鳂i4ހ4Q_*'h޳<twS.҈i6 {b5=’YkΚzyIkLX?^ ^"o%֘B\;/u D.^[ #mTs_`M~;= Ookc8kF\ח(5 eWg~+ɦ m,¨dzuP](,Ɵ.a0$WIF},oTˬxķԁ7Md1> #C]M AT0滀6By#GIo> <_wh^}Q>mBeU2պf.Ћ8QQ0jV׌/ѥ ,6f^Ͷ^208_c+Τr#^,U\_u{pWR3Q1`T4?mD=HA6%,+:x&"qA*#N+`[Y-/͔{S픉SG# 4j(~N&4 lH+KھVX~7'pf$f=q1];ԋPBrr!]UE`&2܄oE9 d _Wr{O(l\( | J uM Lzd9%L1>}WNӍ*Ԓ|z4 |v7r! qk+ 8.Ih*IHRcqh׆L($"PiN?$7 3;dH'Δ+:E|C[z`YL4)`XR3.Qm7?lN0cO3.kM =Ld95qeP\6LcW>.C3_SBɽ2X@MʴF&שW2Ks QtLlo2͌(&EOqɭ<MIĜdkN0J`Bvu_:j!W?ʅ8GSю9(޹ X(g2ݗqQ*RllνR<~XgB0 OIi_J܀ jŵb>1s^w~AV "3?lO!:oCJMP_Z-wMKCF+NxlƾF,C< HC65. {pvp0!m{ D?;7taz΢3O&Bwضrd.>2Ο\Q?h jwi]#*?$qOD\THʬH mvԠtOŪ(M5ͱi\dnԣ'Q,%N;טȽR5b< Rk"ݤMg'i g=%؎Q'ؗK3([$_c=u*+e# ef+B!ƔJ'"N&eIǠ* u5g*A#0(zw=uY9ъ:}5KWy/2I1{3C4Ogpgh;zH1PEwY"a_XT+z&[Zi;"Pi2RMF؄{E@D}Ŕ$%+0M\ZvZ) o( dGiv!*soFxmTBŹ̉5ڙj; {:qI~ 9XaNvPκgnx}9S<6 @vYxFAfp9JJ; U95\rܼ5Ad:~,?|Pw=HT5t~ p^JG@fϮmJ؞tˢ/φ:W_NCX'ـ  \kaR7-'ٯ{t1'[e@F"jeH~pqVX5=b!JKJ٤m"Ap,ݎXZ8ڤDzj:5&h1hs/+.TUr :Y13%hTis x40zW P9|i>a ']^䈛:SK;3: Ղ8>E=/=w+ԥfgR {h/];+] RPJK)p!/YHfM>9dP(Qr|?j^_ULהi}MjA%FINDҨ9B'܆tV|ϧ،:zA /oQVKpUzʤ`^M<3S2FVHwl='%RKg,is{r.cLNßȑjjLNJ/.<7Y4F³8xYyY$2jNw@@|CY!3 ]J鬉Y?m;~H %9Zt);#6C=6qgjvS&S+͏R݊Nj؊ϧ~':4jc-8 yk*"b Hfo*a;$-GLb`} XR#ݻUIr!C-M?3fewjg֩ %QS>ь6ǢW{OV F\:p;pJΩSv˪-4YlM9cyiit>9 J>b t=PEV}-\S ީ^ꈘ h@JEͽٽZX^U5=b-rܓb3@_>u+o(+"^KOAB!K웅=^TtzOEM񪊸2`y|EgU wPeH"3|ACP՝'csNqEWSXvD뺁\6)ۡ?؎G4TzD;fӬ>/^Θ7W f 'DhU0&QfAۊfdSrJUhVDW 8K,lt[_Qc͇wo0JsYK3\5g~ݍV[txaK4CPl*J80&u]~DHxT_)E22N9n>I#e 2'_X+in0s?nN6@A:k=W iZA)$-\JYݭLtrYy4^ pt-FТea^ĥݗ{D`'LZ\] )BPiD17ഖ#R܍L;`UeثFP|@;DžمXVB 0\l?= 'BqejObWqH<HeZ-@Ee{OT9![]'fO7YuaK-T#..eb{SQn8o/۫nejCE>>hŒ-`o?HAu'y?0Dwې'7i ~Yj(/)Оb8%LݛFp<[^CXlJNG{| %][REyi3JQfKj >+1'[)G0oJTA,KEPV/@O+W8 eA`YMYQ` p;;{QGVaz t=GR?ٿeNR.(EȞ4co7EaxTF=,38ՑV"ix| MEqkp!ڪ*11O0ط̞Txs3,wcPЇßd +^V ^ObՅlj?7SY>3a$:>_!4{s%;ٹXٺ<[(gjF5y'C(ŭWr(y1<|J'aJ" 7$(|2#s2M+I y1a%: y"4"M0οsSm|0*g+"Q `JB3at5R k u0pΖAsրq(ڝ Dtq\Qb@18f#lc fح8{ {K~ż}TR7?r\iG HOeAyTpe$T,"n³*ż98Kx~Scl76[mCٖf\$Sa䲜+;)(ڞ2VptA7se!hy#֎P!ɦJEZ//[QG]\M/u3yaN}rG lqeeh;[Hhoo9J9Lb?$z?*<N2pi!{nmè;0JmO8y -YNS %P`  Ne1rSK:ɑٸBձp-#FENVF'*4{fq0r%h=6`Ps +`#]: {x ~B~ +SfFI0d2T;CbR@KUE%.5! $M5p, хC)!.'< ״9T$索$Y496HoX#c:ŀUjV$nG)AOԁrAo{{Na@D$F!{ӨQc?}sᕋٟ5B<;4|uT̊:4.._Rڭ9^6E@X^w*𴬶7op8B}f!w+le_3کT("(N$}ed.&##-ˋ:kS%$|h O-Er̈́.%a!cy̦+~.kGgY+JsJlhL*Pe\-xB-;en_a.JEQfMg6 Y8JĀoRQ^72)讂hj)vq>5r]Sё"E^z!X'׌ϵAi5,F- B,j _cE{o=iL0@i%H('?Xsv?z!M} _'w ߭/ )}IC^ 9@sYHt"XX "64i7@g<4'l^2,hlË*{n_:`wڻD_ߞdwy|$Qɢe%7MkZi6%3)sG8p8ƅM~iW9-{Ө_7IeFO(lGkl|Qf'_w xBJɔ0$ 6d<er<-+ :%!!#=. k󒓀S|Kuݑ:F9w;ěi>]Ns0*=_?r!vdNSӎ6GÆ!#Mb nqY{/}gqlv߲\Y} דNʣg+cp iO܏?Jܥ~E;LڳTGDU\{M#$-H oN|3à/vѬ<$o܏!qYE>"dx\H-WaS ҝoǷU:ʵSZ#m_(os5wj흉hZ͆:Ga vZ\%{zHWAw[nߪy y}ykf@%vҎ1EO9X @ڔ 95_&dPC&4 oN͐•O?xǀL SLGoZX-Fq}H5,h&A0w*Z@4 Qw).PVUK14h=3CwAF6iMviQLwnzyZfV?Ӭj\(Z(\WWjgb9N 28 v}N1{lID!P5^Wc-EvEk4n)$!qŢ&b9z̀dI#i{3x>Tl#}\)-0SxE4;*""4^-m5}kw͇ ԯ}EzuXa'8(΂ŜH5-%_W2ر R }cDt$=-m+GgH3޷ dO"]fG#vQn7E>,%aӼK9ȈA;E]ϥb+b?K F֥jGxH F4'ѷpTg<ףKr_hAeʹ=N*k =Ƅ1ORB|>.o[̜n֟A ~Tx>E'>ks~q%)!' \Ҋ|~<.Iʩ1bSKE"߭0JxQGMm0 3H& Jp  &SQRfbEA‹P&lhq H18VS=`2KGOOii}7'|HF`P1>A*t-$;SH]ϗ hbNex\U1b-&3)^B5 6D*3YUx.zz(Y_%ŪaP sڕ\G# ! .휣(U:jVX>_4F&2| ѥŸ'kdҽՊp3 bjk6.[sQ4Za%:,8mo+I0.߶Ou5%HK DC(#n+,q!nZʘkdfDLk؂9e]uMt֪+Hcz$|j]OQ%q,ڔCKc0 FyDY,tR03gSƂ|')zht OE&ńX'X[+C; )LH}muP%ʟU&2Ipl mPaOfu\2⿣Xf/U rnppф RKl 6ɋJ'9'Z=c;(1 kfG@fD( X2<5`nfYʃ\ؽf9Z*h0 *}-o)Sz.c諼elb諧8:HL[1ǜ9-\k;xc(HW#G>J\/1<ՕRJ#*TYi6|-L/юs(`G9) ͱN+g@w}0̸F#y0ʔI iǪ̛Zl'YeNfaU- `&5 MOqb!s_~:) K9}Ef<|Fe$U#(JB>U"zQ 5>Y xrM4-֙sa^35vul{ll?$J.CT8_u7S|csfnFk I~.)SgqClPαýnwR,db>ãi|*IR!L HuΝޱ^V6o<Ei='`ޑ):ÔúJ>TF$%;b F|d")nyH(tI/9TBz&q;\EUx-d80=׏нrCt iyD˽gRv8_Υk x>;c1 oǼOx-p/OGOֹeJv;Im*YQ ^x`OF>˯3ٹSwYKf:06JuKq,u^{rrm]JYa t' L(_H}m`e87UC Z1^YԔlź#۳߶d_UcuR1ڈ&%by.r Ԋ6ߒrXйN]4ukYk k r6+oVaTLK[=ƇSWK([L0"2J߬]S|$̢MWXuy1I0Xuxt;)"i #6YX2||^+P ?g]J'GTUeQysoy&0ÈD;ю@56Ӏ,07K F{H6pq>֩7yPژZשP#@QбM%ic!׈>n-} * M dn3q ( 4Ј_^, a;Y)AK3WVW)[.Tn jߥSIҖ\K$hBsT4tLjte c ~A!GHkrl\.6?csg 3[̏[WxwmSIU3㡂[NyAH3K&':QA깢4 %Y~]E,QWS)-h~s`Kf#=lA(S<7-lrE'#)ܰ#E3Omv~cf5^Ve|!Kf#A$ϑrT=1Ͳ &ͫƿ3Gc}O#Wb8ȯ?ɻ}Ȕ{'){mJ^}1C2 ?HwAz6y`-6S!S7vXAi+KK\AS25[aB_2V%NUyIL΅F̢@ 䎇H"MyɚB0S?jj14>_R#wƽCM3av[L+̲.|*,e [`i>{l$mժ_6=PY?JA>( Df"t$;Ǯs8@҉scr˫` O׆8d 7>H{WB#/޴r ]|-zTY5ڊiig9"ɸoQŧ~ A:Xeh\PklZ'jPzy% ]( No0E=譵!@c9^\2}4#, {܇SBAlo3JԆB !L=YŎe/%\p;T;̺H&Y.DA۶k\=7(Χ96mP\kq_+ZvjLOU %h7AfN?|*BJ0 E7Z^y۾:?wfwҗx`~rodnH @>F5v)K^01q 4H$4MvGo5Σo)"0RX?G?$\ \q"q) ]3RXIaJڊиt[" l.m+Oxbd% cRt  MQO-)^߈";m"k@^=B̿O14JAoXa3O dБG(?cn`ZhCnlǮ|&>JF/C]1ӏ q8վH8Z^qa'A_Pw/̘5eJm؟ܓen- n}wYJ~xB_T*`i;*})V"pߙ,j%@=i߃wxQ'=n,M={vT+Z6`Y?v:[q~'ToW^Y|1Czy Z\5l+gR싛m@H:uoc󆇭x¬WM%yʾ%=QF'ުF2f<aN|yzP`>EeDkxr/TCTm3'z򃔫Rc]}h laY`*SJ ILMN8-5wc;&#BnDhOyjp;V~E +7Cc@,R*)[ ~:3xl#TIgç>VT&T,W8̕^eA tp`5::/ p/,^-CyAp9}󊘡T`\q&SVEK543Pe tɖᾖU٪ԃ􋢓X\8"btOoHqr;ɋ(*Zcծ} P +o:<42Eww]{KsOXԽ}ص8qv}-ݮ#eb̭vyPJ91e9~4\tfܫl>$A)fJ:@ڮ3Sd d~|Q뚤 KL^J]?GzS6R͜yšn|Up< x5Mښ$H%&ky68]gL-7:qW:S'=tuqaOY=.@[Wg&-a~\Sפu$i]]:f ȣ1B WO*u5WMEJ.3%ˮ ;5jP|0RZ(N3M2W(w²TYɢl.#B$N8-q7s}62NQ7=Sr]`u ]0FĒg$n,e[t$npqv36OCMrà9[P_ry&SrP%Æ2b )>St ~u;D{VV!Y}FcPV$Gܨt؃p6,-hF7㉞QADB{b\cI:$0to?vV)YH~ ^bT2:݂"z&,wlvD,1n^cׂ!=z[ g } :U졍S~pO D[r( ѳ8ʛ+ oRD,+ϜL&SBXb5!huXI t0xڻ/8MUYWU[RZ궴Ƅ %&wBB6T }7΢L]!ȹ `‹_8iPc"V3kYn=Л%ba!sK6kV*%cA7$9lԣ!̟yWBC}L#͵Rܲ*Ar D~W7&;DG0~yꑠ Y.=Sw9M H]xMɸɊ9ܸLTG/~Drj~ko&D$aKbN= \F2tHȅ@m"=5AeYn>0]_ ipxРcKq 'z9y?SӀ ]e0=;hF I_ʁs;@U&pӽC9Mrrv&QD~׉]jj6jscl;1K@1@ҩpԙ:P|t/>AJ󣴄Izj,QƸ6"G<6ܶJ'4ߐa~ZkM8Ԏ1ͱ1pӭ@lQd<)*TL̊XYBDMܣe`E -b'9ɨ-Vv?K۱fz" Y&PK7m[z_)γOo]:k _k=(Zݷ Ps90viBg#NE$lZ/ݍb3\>cxOm{M4oV&l@_ $ƽO^՗E[_Paq %(xU\;Fwg8\:?!*h#("hy%_5Y̧%!44FpXHr2.k_IbdKG#鎸R殝 X_x}%ꎛ\p.oWbFD0m9=9gsu(rb 4 c\p˂i>H1<m.!4y@)6Ms4/[$GB5Z)ϿWmRirP6F%'-0iVp~ FZkgG.R"Ě ^[ Rë \ AbqurKvӄ}îz3jw$iG4CX |mI #؃d? Cve tsM!c'T`}WhVf6{kNbDq۪R6[5D\<(m\\ЛD&wL OCáωʥ%|NtIJ07 >DZV^M%E!71wG'\^qftuagj]5qb _e;v$oaaA7My*N#X@ifLnj[FvBݒN1RʐtS=&|$Bvl/S (qQ>Ǖc~B4H eƚuc2)WԻgçbµ|2wKw R*È=9^6q5i(amX Ɏf%WN %فWkk t*oh532fHn9ؕ9+!VM%YTR~p1Nmfn}(|u.X$?:ٜ4CY L]g9mne'NWZ>a? FI#+6"W\t.~ҩ+jR\-OQZ-GfDA*+=~ם)&#K0-T,"x; fgI" 6vSn[ VDsP ?Ar- vtϊF~V~Ԣpi9}E1ym2[Bb40a«вkvb c$h&Bqj $'vDG=JGtwU,hU ^}炪 ; =WwMr:9Yj*fV >3% =PCRDCV|3;^kb*n>*Kŭ(i- fW@/vSRӊ2!U򼛰BH㶪 C4ɇn2jbd%f l~ Rge2Yoc4MuЖ{;pj' 0J~V|yk~Ll _Z@BA s2—䤐. 901-Cv?^kkdr`sPj>^t/ %Nߕ*Sgs*Dj"p}dyJmnOg ?b!/Mɻ RJ1Q!SQf LmǀNxKIcB?Wu:d_`A"y!>; !o*J."vS,?ʬr9t#v/^\iR.Z2u nl2-F aDa!w W{q8d]<0i󻰪7uY`nNɂ>Tkv Es~epK%h'+ f"B)wѦbWqWj/>O/$T9KrX,騊`shFqyn׀:20#鷌N2*g3zj2)FXnRFH|!`li}vNh3N#gF]~^vǨԷ~qpd&%$J%sX{+1{ۘSF0^YgÄJbmB|P6dW:o*ϟ&~0hG5gK:lSMYkIVmɱ~W[}Uw DtWORdO]'8^TYÁ8%.nG7~ic=%1Hel^IuGǦ^-7\ac]5q \MVAU(1'b)GpR%bh10J49;jܖeclov|GyOb0J߂ :&PWf2KaiE$,CWc $M]Z>&_xtrR k"Dku5GhTg#Dl=fK>B@ 0%sm#GT{FqS\N?Q fMKPfmϑNe4fMa{浲$g ~V^h?>/R52OYGg(^?̨،|qEryLS}Dxj *0r7HVų}1ůZd6X7y`]400x9F,wBm7;pJ/Hu 4TٜP1Eުy,oM3ԵJ j7ݒ&r;jc_b`D/z Eb)peşAVIĖxb5W`޵fh+X=Az)Y{H3b_l m7ѵ1 F^9'܆4;E!SR~T$`;^JnS_\! "-} 7  y>p(;Շ]{}NFGB,64r2PP3R`(r3Mj bUt 0,?ǰMd5d\B[&&fa_ˑvEI͊JIJky C E'{!lo ) qoThL#B.DЋW~d+~b@N^IAfsg Rqr}{@Jɰx.'C`݋2 K+K@Hpy̵PGOt49H}ngp䭯u iR>VQlt=8Ѻ oD5f})Qtg.\9W.Pkb3?lf89Q@?ӹY@hMzcT;ĢTp, BB{Z5l, `c)}(AJW оSZ*ձBZ`ܲS Əc Ӡ!iGEһԯkr2C'0z!-I `0/Åi`*^1Qී˦ u' .=vUNa# ԝթ%b"ҋ4 , _ H#D7G;miC&,|9:^|0>]hs˥o=qpcJOdeZ|4ǿ)Z 4U (QOQ}9^s4b GTF \~@y ~{}R'GUl֡FŀUDR Z7[6 l-g|x/| }o${ n$o7JUy (o;㩤Ss4F[950y3/^2; EcnOho\MlO_9H"L2|74 4CI~GعMmpd%T&#_/!T?i2d4BA=yߐ[ѪJmEְT᮲Mb~ ?a+ޝ5Vl hf,%"kt*~)@Q3[`A am vpQ"nD,]oxq@ו%V>C"6>MNX:Pïv7`Wo&lR eCtCQR^kx=EK]S|%X;,oCqŪ|Y`a]–=t+B%a Z5uą?RI&諨2Dc 6niː?}qAi ka u&֓6w^CfT[ݗ[|!| Q/ŒDa,AlmK]r~{ A7_MfkQj{iZ*8X+u_lYu⠙KScj`bb+]9 88sygw%qrί 唵A֌*:f,@ѝ0Lc֘9lR0xZiZ"B@8 IJbϋf XGr (:c]RWpĘ?%ЍOB)Ztވ,Zc\*_C~Fh%+-OȭzinՅu(20(B 弮 j WoQ*f`]} yp ƥ3mz;-,ADgTh64>#݇DAua aݣ9N;nokWؒ/}N'jјVf(!r;S-_BWy΂*.8+yz8ghq R5'5`&v7y3S +%NK"*Y;S=>Mٰ1O#(=6O2:%5jMoWlF3xȇy!g(8ws7!8L~4IϥFMA`jˮyY MsQF]l,]'eZ*[ROYU&@ 8\;ucMj++\:J jt;; H #q(.t+//~ d^gf5}z(NiP89Z|,-7o4^6~HIr 'Da7X ri ˭Å Qg)}# SL9(͗"PgV'/B Ca'fw>m$Pna\AiȠ y6ga2E܁L%LZմxvh?qbkw|F"V\y-0NLQZ^*Lz]FpGͽR @QfrSFP%FzQHa[A e3]]Y-Rm+xbL|/7٧,zh#i: d垯yHv}^& Ļ9`x}=7%[$LŖA)*Ĵ@aXDXϬ4uQ[V-({zhb>.И#5|o_U`y\UrQ $6 d\; n>es]vi޳kjOΤ }!Wָ p Ry=`\OTĵviv̷HQkG/p$5!!kE>kemsxث-CDʌysQ;p5ٴLO,c]Ν$B_E=7|7ާ Bb7Jl8AUEIdRap`l$h#4kX M wJ0.^{iJ1egq:T_>s %$UyX9-ى[RP}^fJH|˱e!@-f0w(tflE4I?lxɷ/b1,EQ~9\7T RTu ;Ug=3P Q`~6^4nqw砌Ͳ>ӪiDYԔZ iO#I =aokȯЈ>l J}!"]z$t?b .xNP.-yPPp_7֪ȴ]ۑ^D a0}l3=`F [p"Eͅ6;_@1^پ |BƤ/$Gbed `bk2àZAAp[{Ԅk 1;  Jc_.|gf![Hb )nk1! \vav%9l~gJyQ)%O8\Ph9ʌ-~vt&q~c3QHӒz&4l(iY7vaJ^8%$ @ږAHa Vzb(( T?=pW}?t]0,jLaC\o C (k\JTPt>GㅉTI(=`- hFٹ*ҁ˄wWA>mY^mk.Khx݃1,H5(Y֚]UqUDK gRA@O,ɲ$4"%:nmf+;F+9?^ɳA3DGݘr7J2^V/U^rf'yzm+ϬKh͚ g4d@B'wy`wS&F/ynzl&NcĜm%c#AAx)-x5hOa' {|b#׾gc N1Z\6vQ(fqj7)JX WpcWߋU! #>lHPJ͂ѿkŮ ~!_X5*ݸbk AXz}7\)_Xq|!?utk Ѭt^GXiNC֡7{߆!7  ,a "z:UL[ #Qw\S$'ΑaN4n)n٢ޮĝdJk7JRF7N=3Fڬ3Z!.°FL| nI&7 Տ0jOc(Ӛib#Y~R-3DFe|`yܿKC췤].oWH)6:a#VsC;=.AY PbYk'v:BPF߻*AJT$)ru{2E;`Vz\H ~T(G8^ 1iefɸ] 1ND̸YZRR,mH"6H݇`ED֞=-vե"7WCeHo2QHFD?!KNH4Y1P >c7~Lʯŏ Tc*=|BoHpZHx V`h&3Я,::\.P]lG۹%=pp(q `3Hcvb}3gȥлMD~<&EO0 qdZ3Qoe }s \jyU#DU~ep3]d/mulʡD˂̓2LSOd#˅q'z[/#~ r-{u PY\(q$}AN'DF7\ؽ1aOF1r'NJËKs^P@0 N# ^!($YuV+r:Xgb-D%db(]!TBOCDؐO{D8X;Sh59u0I՘CYpmS2|5N<e⺀6WP7eݢuZF)oZ⤕pR]Myͷ u$+O:pO5ƚzEMfJ8K\mE"aB4uWYLs/02ӺJfd-r2]˘f>&8k jtyh+{hm7mb4^SSED6y}%9^,SH@/$y]k*a=@#/WˑdE'T:֮m/IxK~:#%I,FoNik%mpU&$Xm;S0 R=Z8l\^`Uzcl 3 !gc)븃+Uq)AFEI0!7WA WE w /ʹ7[l Af.H@ުz)&7y wѨ[A6q)w8+-~ekJ"B| ylָtR/ӣ'rWDz_@ޥv*iS0v՟x$,Aj]Rd:s])cd@QU⟺0~9MEւoЮc=(вh ;3cmMAÓͳuۧLL 2a7TdR?"(}Z =|TVAFa_ۡ gW kF߈,VWS4-wZc!E!fCӧ5X>KӰ"MeE9Dz5jyHGrB4w ~;%wf~ ZG=roV<0 3jڝ1ΓN;}SE#@`!Aq<ъsEWV)f:{>SE\]_dn%|*sB9ZٔŚ^ TywB /.wW%m@n .m8g@1Y^2gGɅ="ߣ8oH 'CQmHN$hp'D0{pb]rfxXkDvJeI< ¸޸ɝ*|4_њnh N:oE50su0l6ؔ=1Ѥ) 4GN]^-QPeXE*t3"{TS+@xBO'A+ ̩b@tݍs ^j^*RE`9!H - >8ܟAϑ3?yjR2)RtWfu(pcmAr?oZ7¨=þGP{5m%ݺJd,)(@+EG@?S7襁 Czj/T6[p.%?_S;AjI ʃ=̿,Qj6x";h jy.578䃍s m14pY$ϲtLv[`# J#0r 5>v,@zUr*ޚ1Ivʣ_1^QJoBJOﻊ/AONpͦ%slKD71TK@lpjAN-Y$9cvjE )Yuy "mdW+>{ "z`ƬZfvE\36E'|^ qDN!T%jʠB~P,Ɂ[OJ7vyD}m ֎q*FG? lxI{Q|@aOd ~i=gcS7W ;$+9UCJ=J.Ӛ^E$a&Җ|?zCUגڥnv>Q9C{:\#TiP_UFt={"3"0w~n쀞BnngFT͂L'h\*F;*pQ%]Ee}. D~>I̅j%GɃ,LR娪!ߐay6|)5\zTvm'UV< q*kg e9nAZ.} m_CyCeK l"Zv.4XpPFbb[.{i LǙ+EmàtovjR1g!@|~Gl?BOt~NՙR+(hYz_t̟û=?3'Q6NQX+=ޝ7)uk[iDgΨ&:lSy 4R`~O K?Ңy~AQe+ɆșTL֎THǼ")-lIK!xT&t|:CYȢ HKOr1vRVA8]U͞,F/S 󰅍 ~dLdXjHQ<#Pt̔vG̩_7C٥N -*̧$9BjP~t;!R7X WdHqDS2!;}E?hFz0-s:Gⴑ?>s6q bcb¼{ 4 cA&mLV_f8[-eFvߖCCJ;wA9 B^ck^5ö#( `[keWW]VCBO&OZ9qg%GUa  V:"T Z%[x cDat {"WbZUa 0l`N`a 89&9j%рջ~Mdt8OFdBfD ">IggJog7 ο59N"x]wMzp@ bj\WȝREQM^7wW;L%=o3˟uc]O1£+(#6 0=aro1xPc@B"xJ<\#iB=TBgH?%`[G#ƥ |Ԝ]ZQg21 "v=[Ý(?mM0Uh>aYp=u鍴 [YJ یM3w;060^~\Dw )s1tFFe6$6Ф;9_ۘ/%7 ׼'䑔,$ʰFN{Ay:^Z߃Oj7Hu1NcĬtZ#MA-L8::DK42 Q8jԹs5&! CcFsԁ$w] $@x[`F9p7x_&b/(8 ߏWsÇH n5`ς4!k\GPT%)RЙV,!%!aEjs FVV(gz}Ixqψ N jmQ>XҮE:{i 3Z-S(5 )[;5LRH^&;o5|շjY 23 `J-Tvq7\U<QqU1N7܌q48@[%qcbfK-mpmʳ2Hѿ7hf 1'#4^=-uTArx%Iʘ3m̞OهE\6{0mmVeAR؝n pJpM 5ȫO_cF_NT=F5YXdp`QPHN#-:tp &/_ [63I1,v @D'Zz?i ;M>@%?pf_`/ra۽$Q ~4ӄqm@ME=ȩl/݃(H8Xz:0._UsE6%/0AeYuS<%]}HY& m@9kNVKx1-xGO DB/܈8Z3Khƛ΄!= |zu D׮Z/E3]7A$ c)OlׄTVpNm7Hѯ_Sylʰ &9C_rZCtia3=lgS$dM=uKW)?}&^ipJk rZ{V*m@]qrq՚q͵Bڴ qwڶ=xH`׳;/WeM0-N**!&qMCO5#.t|]e2A|4X)f"bF ( zAKV/Z67ϕ|?Oahu[kh5>alYZI%O|iWMjZju1Y,Y;N|[|΀.o[KI,;fH14\f+*:f4:~7Sǜ i5cq 5WDF7??JNa-N~>Xɣ',58-➆fK0AYfX$~O\5MbR1畫 cdCv+$"Lj8J˶9l1ls^RI:{3p& CwiO;f86MCqm,p//SCC\X\F5Ui) ,"*;t&UK5tCIWe{ (OFW[.yq;yn|`w ǰ USk/t<%ʤJǒyczigOt^_f[2N/W~y$~^,RY٫a^j;zR]+6܀*pV40l mJ(ټ#R:.B{?\肃1 s1ЖhHμ.՝/<ܰ 3Y(,H񝂟6Iqw0F*=X;O+%bR.jL'*JJM< sLP<>ٹ8]?F.~>.DKouV;7KU}֔"6,"QTZ@!V~nf:3ށW齃CӤr;n&FDS2#F.g u>I@Ŋrhz 0OB'd v^0EE]p/a2^({d~MGC+Ee]8~m_RjKʽ*FH~b*}yCVZq+W.ׅþ! yk~U_7d Av}НdG& +[T/ٮp/z)JհDZ+sG>8ˌ!KgS,](څGZF09S(%K98ep̻ۤPKFx -jJ\V1MLrLg5C l[VÛ۔+$8uu +' j:!Zy~&0joG{P*& ̢i pߑ(ZQ?CԂl!#x|CPܓ$C*C`BrlG):FH-/29ly(F6mC[("fPPpR:*. I?FW`rN2dX `yU_y+vl^ N/8z$Vdÿx`S06I3=uPuDUx2>c:Nɣ^ '[z1;Q~AG.bRpxјL-S(>JxqonF4_oyԀZ[1` 3[3TR {oJrSGQ N\ k\~w˔'9nQ&7L[^+B43b& 10|QJK:9m8)oi$RW2GpCR.SB}d{BxSAtkdz%Bh ,qQW9#A L`xzG?m--KߓlPBjVKYgkێ P\:r<8,jqiH Έ ΋䀯}v9u)X/% ,#!?ٕ>aJYEP-g\P$_Bi%΋54vɕl=CZUčKBwf-]a(Rϼ8}͏rFXDm[9A|gjO )X6J4E&) =]x-7}蘽vae>eFeMJk\C $YQ[u$#6r ⎆l2fK{"grˮ GJf.O-e}$~O~)gG!. ivsrų/ĝR#e~|YzQoOu@9y3Lܼf{g;뻝3[xot2g02!#%_o P5>vx 6BANS_GD5۔q0Ri-QMmF_*:J ,pEr 0O" ?FԤ#M% ({-1w㢢+zR[Gܵ791H,g Ħ!]F2Y?H18n*M>;Y-nö"(RԖ`:|T>lN^҉Vy6ARP51b + -:a ޢQ1FB-\뱗nVfc;Yj? c?3u#ՙ< j.33R&*Q0 ՐE_Bx,PMn<σ7~X*&/hC bh슃DjR5VMMl`ϫ|PkTSL=EٞԇΊ*uyKbZEBn'Q \aWYd&8?9sp:٥xiGDo64C*)$G? x/拮O }B-j*S/Hcp00 IF6{Z=%wz;>i"HKf|JAC߭A|,YLN7p@FsTA%WFrTAf^kޘ w?Iuzs+7 D[{$v\ԁ\|,TS{"Y qکpT,&K~7%6l\bbrUI_۠s5>v#?,8,~u @5-M ؔdl::qFqyKUUV-5WTRPQe2t mOJ pZ^d eh&_v븁HX+4~ƐÃy'HLQYk8.JlX=e{ɘzcM b ݽ0PJ½2M{n7A pF(|Ra kAIrdl^I\?hxhmRٚ"ߣvC}Bd5ZP*,R07 ƦBXȄbiʽ(%v+4ij3v/_B Cb[ v]"n;82xM#5 Fd^nB5>)SITC]몡-(f_K\dj$#e  RBWw񰿼 R#!aq;J%\HhvIT';t:8dJJeC _.\T]p!'Di6[/ W ?aA_trH uYVl =@G3Bw(,`WĿFl?"x[z?`vPӑdT8ӏ=BfpC( m+(1{֣BY-VV#E,A 'hGjϳ%5my*z1@8Nwi[}[Ȯ˕+ʪPB6ž1|-~2`) "&^iKܭ۔#Zi0/fc仲BC>61[!7'گŒBb/(TD@ޗn2f~ "./ȃ1v4UKoPȶ1opI xZÆFtͭ^HL'yç҉*8_^6;'<\j\a:9Nݭ5abj%8v:?U଍H2/W/<[T1&)J1012$ƗEn 1JF&˭l?1#WppO}gT^gVN*a07 BHjX<V/hw2Պ:ex̫5'kgRHT54OR&tS4Ei Lm&'[hH"?0=Ae<ԅp Nx9JT"X0xX+F>5Jl_ݥF{LQ|%[d2`yT1*edQ]F!0?W)N?/|";&Y6o"i$fŮ:,̻3 ?=̫*@Ēˤ c:Cy.̲tOpQU鸠C 6*v9gi}|ոkyGݘI/*a"\qCQK$x6ׇݓ,Ά-0P^Vg۰[:^Cb}R-#Ǔi G_VeOkP /ЕÇ#!ZiҘSνDش&d ܧbp׫L9KP^vnbU;ݧ\kJlJH,Zt8ˡD(e.=?#3lqaSg#O[} 20J5fLAs#. -x@ :~:>RGȻ7x"=C.#^0lp=KtB~bм_IK97>ʷby(i&ר{O1]+VEDb$C &U, 4렟q<@gyJ][[sr8+~=WPmMák ʏ%ClLc`7ޅ*/M֯%(af)4hkFx*!"BP1g/ bWN~-w0 {s7o\V6A,ھ)jj'%NA 0 Qtؗ!ڕ#(ITpg1l ʮ9a@:*^A_5|2v]nn:$ ޕa8)I|0?@WlqS.k'⤛,ܜo0AL&4jL-ٷx!Ƴ]n$=ucCdGGg٦;"xo4&Q4 }HL㟩CDǻqIǠW-;`}i]4Z :Ψïj\"$SA7w)LiOdygX8<M[LnVh=A8ad!+*Fי(| n#\ה~L|KˏHvy}O-rB8 h5Ϸ\7Kbz 9¦w#x_QuFFcsDu`lCClyF܈>[sU&\YpLزn5&ghEJz;p-um*a~nȹmY\%t|@ҧV CNHcתF|.4AfbeԿ1Ħ4U~wr=!S֦}:djuއ*#G K*KRv([1s!SB,\<1%.ZK&gߪ??J=C},(LbdJ ;j.6Bq;oGJKsO& 憒! xCX|[Y5Crdg :9\"c:ʏZaZw/QɀD*[dS!HBZ6TXFv_8"Azϑ0=G:*PQEݑImqK8l DC]clBH!h'+Jqy@4/ސ&HxUesIMaX\h{>̕;H ̨6BhsIdҡT=c3ވ>#lB ƍ>vnFu&arlUӭ-.䆪?/p93Q J*Sڐ??TJV%PIYqk{Brq\{ُ'Tc2ܢ^w>kzZ$nѿ rGN9s z|@j-u5Hu [PJU_6B3y+ѭOѷ4kkHgt.,|5PJ;!oM۞Xޘ}qp'Ni=p,2 yYH/BKpT5՗_'L9]:?7t=vd_JBflGV^bWa3$N?2~ˋ1< p@8ʿ#Ge v4./rtzA]k[H9V,"V G(q"r*k/sYP%}ïVCRSg >qqx?Wn^[,^+%?oݪjY.G;2UW4P"zݼGyP3vR=X/0ӌu,ejm/L8w s1=2͙j ѽCML$u!Bw;?=]!͠=H!+L5qSByLoKON(v 7H#e-sk9'C5[s֟?틒Z@چ!{1ƺt^j]:HMxYBɈbwїot,ئ-D+ngdUm(|Pz e?D_ؒG zУ}sU'1S"q ,n_-\. Hm-SIo*uySU#dj[. ?Q5ZjɪSHH/UԨKAW8e4נL]/~RRX NH  &RDvljN f~Q1 R!G|/)#h+Ѷ=X=y.qg;VlI 0]0ݖ.]k_8Oe'A6q_aPkұyVKhѭ`ΥYߏ$L`Xdm\HĪ/ҧ><~'0,Ndq nR䯓Dhhլ1;4#Mw4"tmPh'^q }Ж_Q^g20ƵuaGN{8-RP'JqG]klm|{B}FR.߄֯ɘ99ULMyiqWlaPKVd1wR0P,l#f9͆NJi@́Vzڎe9aղ=]ճ%:蔔ZmZ`_wS~mt}a{חZíkgݎzsܖGmp9a&f@܎iO:j_c92 ?TۛқC-F`amƞvF6 -Dg|bҳd#(G%gpД9|V4Kݶ YZ