sssd-tools-1.13.3-60.el6_10.2$>y)D&&T>2?d   F .LR\bb b lb b b b!b#jb%T%tb&'6'6- 6(-8-94:GbHHbIbXY\b]b^pbBdźeſflCsssd-tools1.13.360.el6_10.2Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP password\>x86-01.bsys.centos.org PCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64P02H0KS@ |5q#0EQ;ao3] 10m:*|MHOr ?sH dC A큤\>d\>d\>d\>d\>d\>^\>d\>d\>d\>d\>d\>Vpn\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>Z\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[\>[f5c397f38b0775d0cc31c67a713b30ac4c3e8fa5aa1bcb2b98a925080546fa83b94df0ad7e7e6f501583bcaf112d7f37d9a581e72ac22d193501a1f0cbe8b4434875ce29300797ea14c61a6f5396f574330416512a85246c7e01981a4197413242b03063b61c696a558cda4617e82a7c02b5e13948dc9edce397d1a7491e8fcc1d2010459a97c7ad5bbb048b86030355c73e0235c8baca4121f7841274c5bdc7074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45eb180ba6d581afaf319858c367b19f92a887d40697918e6e10cfb37fb4d3d5f69650d72d90ca2e9d64239f9e5500b2ab18a9fc9bdb32fc4d187140ddba6a6f56156350db3af3415feb9708cdeb7b07beaa673c8454aa23a6d9e27264c5fc18a308af39eecb3b573cb1261d1d1ff797e5fb5c461f7fa6566c2f2c9588ed52a215a2044d8ee186fa8e993fb3407381b7d1781e764b0aeb22c6a8e9fc193fbb030da8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90310e7998fa63a7c5fa94fe61532f72c8f103f6563c4f6881aff04fc12c72a2005ffe255bd2d32476ca4c1799d2f0880dff0d56c9346263c9b9166d402797a9597ac16cc6ef9e7cbce3b59721c89187acaf2bf74ee83b4ee16a72939baf79d1c994987c56756375b9c6ccfc6fdd8f141087f1de1a53e2cc7f9c1b8a64812a99c30c3a967ee8747393b7634a732da977cae90cc423f89519e1308b2ffd9d6500d3bce19c9a1c8d59d4467007dfa33a13148574c3b3a56d1f7bd0a5ea4d22a294cba70ab8ee6be09e55ef55d4df5462bb87d9171bb88c9255cdbff05ad1b665ae31cad39da900dd517559c2dfb31180acbf6dbf8c44cca601699638ee846f730575edb3bc87a2ed41ad0b33f8a7ddb198baf564ee3d5f73eed3645c35397882ce809f2b218af5f82c9eebbf77d4cf98c4ddf70d6c5def9fda0c42f60632f639f43d86e3546ea13860efbf7a889f672d22308aeab4854e590a851bb4fa24fc97700e90d2fac6d79054ae2e369e04a4c073e92d8225e8ab05a30acaf0b3abe8dda766545890f5aac5c6199f40080a7eeb9854fc19219f3c01f77ed18a2634b0612ab24e86b6654a933b196c491ffe8e198007de7b7fda4ccb537c9b80b72fefb55ad1535f17778e6082028bdc12926753802980c0dcf57be393e62848a083dc42727874608858fe68353c01c6d95a9faed0a088f539d649702f6a8767cae6050cf898dcaf95c6019e6d32722fd00035cea740bc4ce41bb19bb6ca38c4cfe2e0f4a0d3f33dad94c2a3f116dee94fb53ba321249f03d4cec1bcf19b73f7c078f7d1c466adcfe632e17455f2204564fc7999edcba0264521556b2977eaf32a175e8cbd234295369b56555fa293ee5e0b19d498798c7501cb0d7d6319e225eb1716ec9fc0edfaa451fcae313edcf7e91eaef9fdccdd4bf678e2d0f6641b96cc6efab26c1eea4aef71794a708908f80b961c82161717ec4d38e1071057c37899b4b3abb27f3398af40eafe3262aa2ab33feecf21cd2a580e50c3b041985d2bc82205d9274edf5abf7a81ed70904be6633dc26d7b97f4a822b314b80fc96da3397ef3dc20c0008a9232f1f1efa992089761253a0a8f95c22b77c5c08e61bb610c280853be10623c3aeb7d99a9387a928f8ab52135d04d087a014eabdb31485a16ed13014b2be0178b0c3dbda640d4d716bef05563415f80fe1b1c7e72c16cf8229195371c25b3071b8c84ded1e4e764264645e01c79ca04e28d35ec8d8a4cfe8fae48e131b2ab89b6d644af0d752da4bc9d07c7d932dcf2935dfdd1e96060a0e918db3fe6f7d997fd8dfaa45b2461800d9ad9150efca9c49abdfe42d405cff4649794bd79172b159e6d3e5c8994924c73393b0e032e3f7483f6e2e7a73dfa0d3313996e76fef64c49f786b3c1a5c4815f6067409536b15741536bc49072fc5e4e1c4619e9d46909077a1bc9e7c4fe450efdf4ed0a2dad8b909ef1d21df0d5e88eac935c9e722983bb0ff8cbf948c85031d641cad04ab8c7a4c6bbeee8fc8b54bb9da6b4c3c5046ab861e93605476aa9eaf25d4fb1ea3afdee0006ae36b8b18a3fcb1a6c5c4394e772ebf011b7c016464839f3eab352303c22eb45cceca781af6fa1b1be86f038ee0a1551c458c692a176cfb1ac6fd31854b06abb30f989f3c0c08e4efa80499446766a5877bbd79eb8364840c8d757b54fbbd6c786e22f3a892c1634f79e6161c20bd8eb2ea1815f37dc4a1a4e25d5b1895e8d1e0deb757aac8c898c2d91ae320fd5f44fe907ca0699f8b5273f5db15caabdd336024c509aaad69c18fb7b0a625e6440a939d5b597e5651b5e352d02bdae191c9386e3b979ebb52ab2c19c8ddbb9e1c70b639bee076b4cae6e33a9364ce730a767bd5ea602bf16ea511158759fe440ccd63126c792da795853c00cff6df61b615f3637088e9b73967873aee8136a57029a66ba7707710a6159290b724004daac15e5d12eb34b4354093ebe1b473de61f66330ffa712bee030d86e74250e1d8bb7209d11714bd90c6ba4bb6bafbee663c92ace0d73520617661242ceb9a20f3fb749d86862d8cc834a75d84eec2dcec4e21c1f5df89d94cc5cfca9a5ee641b444b39f437ec81a61e404175cc65bc2d095244b677dd868c382729beb40c65b39675056c207bbcc628a6f174bad6a2d8fab7af4bb505cfee2e0c474c8c8a8b5b50beed5d5a3f60b1361444e0c57ba3ff50fcc864cfec5ae128ed14f4b704de0339d2d7494974747dd3f2f9e825da1113ebe1a94b1083a8cc4ef3605a8025bc7cdc82d85f1489c4aa19354380904482d94c0d736616f5d9f6cff3c187ee1267b28144103ed9697270d1342d52267e10a705c1af7ddf4227a6142374ffd9e27f4a7efd70d905fa35863b0c85b4bc1eb96bdd0fe0b7d5e56f0a45169d89a4503003da23e1189a9cfbfe2ff00f1f9425b5a8b7fc192fbc67c4c9490b7abbf1d45b13881202e6ebff2c4f9aa93abbe60858fb3d23d6ebe40c44b74b30601af44b748967e984e57abd73c5afa1bc2913d9797201403296152bc129b3cc136d547e63c56719f9e25d26656348f8e109aff3b0383ca9907ccd3feebfd2bfafac566da7c49904719a5c1d874f70dddfd278f1667c796fb3c2c00f12d9b519213db2dda1acac178392510542194166731042f5f84c967b50add087cd806f24f2ca1208c5c685d5c88cc2f85cd9b04a5b449fdd89f2fd7648d0b68c2e74d0c7429dd38191248983152bc2d0fe5fe47e9832d526afcbc27a04c903b0f7042dbb1788ac6c5bcf6160d2ebec752292fd9d01d3de34a48da39b22919284fba837857ef85854776014c87199f35518887a91de2811e390aa23569ed3cde3e6de935c6ddaf3908d5b440f791a7e4dee8f11355be78185b97c6162290cbd2b8ecbbc6b231ae4acf6a96178dd7058caefe06d7bf9e6aa87924712ec948046d1489e810ea7bd822bb3e4a8485086ffe1fe36067571b3d8557d391565fdec1a0caa066c1ac0a2b260a150fa879cf48a50f515414444b1d2bd3c6df4968007ebf4eeb61aaf955138377a5d405bff06ea88e9526cdbb100639ff5c2c85ff8ab042cc56b4ab6a25b33cda4c8d0004e180a6a129ea909f6ea9f113b24b4e7dae0cc032a140a66d4aa6226439e643cd091e108d28bc5bdd814ec4c822299ae948b0feeb977f53bd4b10410adc4b4fffb947a32c27cf6729f50e97f8c63952065889c2d74587c5baedcbeec1a368d0ddda626a449e6dbd77e8d6805535c543cd55c29e93c688709038a4571794dec220ecd95a66d394b0c1bfd354f25906f46b7593b2db24b10259acd2957bf0cd8d4c7a46fb8078d57b9c313d582d0710c33949020cd27ecbfa2e51ba767fd99e1aa8ee5d4be965a802fa7ea701d552b9e21a4f512bec4b026ca161eca3889c6c8a0e4e2f1110030b7f2e6501fee112fa99b9e14a3224f92d7666db59e9ab4d7164d1dcb3340812c411432c813c9261d14d810f44392b38b57d7478b094573aa4e97127a9247ca47b430f4255cfd4470d52f9a331cbaa98d3477f7ff3b0d4f7a87c4672f16af2533d31633840505e97a9ce9adbda59ecea7e7aae994039eebba5f6aaf933a61184141bd06a744395ba5b4fe489171633b2ac7e9b056066b82625f0818034a016da47e94706366b72ce374f23ab9433ca46a9c0b9197b9560c30d9ffe6fa0d9a12ae5f26c93cf5da6b44f2b703465fd73ac1d6d4335440c465e5f40f9b58498ae2f16dab232c61fc9b850ec99e9aa2f6d79ce0517c0665660dfcfa9c129fe3e26e8ec465ce1270bcb6a8d2f943d32ae1b38e964ac2841143d7c4c8d1fdceb412fe00b5494c0397e4rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-60.el6_10.2.src.rpmsssd-toolssssd-tools(x86-64)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0()(64bit)libcollection.so.4()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.6)(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.5()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.0()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.12)(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-60.el6_10.21.13.3-60.el6_10.21.13.3-60.el6_10.24.6.0-14.0-13.0.4-15.2-14.8.0[[ZH@ZH@Z2gYyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Michal Židek - 1.13.3-60.2Michal Židek - 1.13.3-60.1Fabiano Fidêncio - 1.13.3-60Fabiano Fidêncio - 1.13.3-59Fabiano Fidêncio - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1636172 - crash in ldb_msg_find_ldb_val- Resolves: rhbz#1576852 - ABRT crash - /usr/libexec/sssd/sssd_nss- Related: rhbz#1442703 - Smart Cards: Certificate in the ID View - Related: rhbz# 1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6- Resolves: rhbz#1326007 - Memory cache corruption when rsync and/or tar to copy owner and group info from LDAP - Resolves: rhbz#1442703 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-6.10] - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1421057 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results ini failed user logins - Resolves: rhbz#1487944 - ABRT crash - /usr/libexec/sssd/sssd_nss - Resolves: rhbz#1489485 - sssd is not pulling groups in a trusted domain, with the Global scope- Resolves: rhbz#1438360 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-60.el6_10.21.13.3-60.el6_10.2 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnu?7zXZ !PH6 (]"k%w+p}:w{!zCB쫅_9XOU`Bcw~j?BsӺ~=0OƊh{4n.8`eiBo֓n?$:3a~حJ.oL6Yƨ\'@Jpi8ܹHXEn- ߕrfn۔n(k@2NDRRd ES`/5V >YR. < 7:'nݢmLtt*N< >B兼(@tUsK|0\ʀ,+a1[6zPvŒgUl% ~;RWQnM|Sweljj}"W\'r/^ N|KW:I^~A9ⶱfo&w>J=!T[TRa c>Рm,tFep(g1,Ϧ%c1bNk6K"OC::!}FH%1"`lY m'#:oB 8"x yeT$R S"ǖZ<1vUz%Iy9$ p==^}ƚdjFRafjhtxX:Vem#]q687hAӣ}'1Ir;{l E%>,)F!viϭ9dIa 2jZ~VZġ }Oӕl/A4'qK4WKdNCIMS*`[)4m2Ί;p+kSmjɽ&I"zj]}VBZ3Ĕ X~b>rFX-(X4`3 v+|:Q.VZީPDtu3= 0c]Xqp6OnQJw1gzZ̓`}91s5t#[c19'{[纥kx\*a>%3`4gmY#zGz `c`D349"3;5ZV?$Y)$~tgp Yu@0sW?fu<1- hN2˝}OHwv!H34 3 wIWS pPrbDg\eqlYlg\۸ lNZV{x A~`k?De< ٕZ^q&bʕt% ./)b%ZrJ"?) #+sKlfb ZBpBߵ5c J[_ZQ:nvo,Ly5]LJv;'VHl K$(AD=F5J Q\ Qﴪ>^= 2k9w)eg1ŸCE^6s}{2y-^WP #!3ځ"Gxlc3,{S :MBb_\#45S]oI~ w_Q+X·Sx)'Z 𷣣W:sV2j 'pa.k uwMN[Mrl9EHup"k~"]4ᛉO=w"j'mnJbkxVEt.QdЫ7m3ozo[G:QÕ?ቨ HGL*aQ,)Y6R4t rQtC K0֯xnv 6!ƇC"uq7Cv޻=z!;m X $"mH}O kYf%JÛT)/j .wq6M+syq+?[z#j1nmުNg3< 3>Svl!g,da2"ޖQH-w}UӎuT|4q>Bn~wFpcV/!òSM[k^{!$-E`V5Rָi]ΎY0Z2PK 0!!}sEgƢ#]I=oY^\rlQT=HJ K3PȰ3e{w&B~O*cnw ӌN@~:@'w934mo;^0,5`' 5ooUt`yM!~gEI7!Jcm;˗Lt 61lsaJ*lE5ÑrI!e ÌM)mkfo11KбO9y3n30gd])j͂R"+G;N]ʭFe3.b9;1Y=kĎ[zOc?rK&ŵ4H=.5J_@ڦ#No׃_Y.Re~[\!kUDn1ݞͲQܝS:ݟ#D4'ՈɰPu{d4-j_w*]囡ABѧ4J@oC+y){.yD&=.$g9_+_V~:B'˜A{Gzy9HI}|ث-ػFpQ d v5%RCUt)$DtrM]{ dzV ^.85)\e(;\$N'`'9#6z^YsAoCˆ\Qig*: SX w4~rY5f0i=imH$?T?L*۱ ]x>ӯ 'P n_nrMū`G3\ZRNէ[8֥/&2 _c߸i.[W?_Lr?GBLkCHd׃1Dg,(P{c[$-̺B3HEajl'u!Ut%5~ vge$;ej9QX̎{~n Q /z[F1'Qa/E5ާXb,FF 71Ao+ڡd=` Է·T?~{-29gZ SyJ+*M{gak8Ae[d3iâ9/Ģ$`FiW-H 5tp>_/n+A`Y`ɝq&ջ` Gw -|ɜƍkfrQz!Ŗ q[ oRb2V^@7]m`Q=òͽ5[C;vpBz_1^? C7K햮T푯;El~W-N}t6Қ!Ԏ{,J, lDԣe]l"[-P(R,L/<`N3^yly*+sTR8$n΢=9RW2S{9fօσ+pϏ߲82u_N_yitwg\DK7//A o1蟁jC\_)/j|e/W&~ȊŮ$|ܻBTO;ݱm( e!õ_ ϡvҤ;.N!ȎM}j-f@08~ZEFH'@Ljtqf iduą.4pe-XpS~'Tזn=ZjbLj"85 \VxOdbw_ ot9{2{F+wmV:q&8C^7wPVǦ1dGWZ:M>(ӏe(5O-P4b$̰R|\Ɣ8Wf `;.ޠkp5Hn^B Lia'v&ոgrC JKP Y5D]V3? }blʟ'Yk5LVPWV73 sqa}'lDY0Pp `^7<Ӥ I)zUdJ 6];4[y_^=E$i~HuwCQ uV&90~~<5 T*k )?v$^ȵ-*A LW<8yV_3 2v5@ȪÇ[G #D̩o ۗe@|drŠXl L|п&lUzA4x*+*~*q!EExܰwٓ91ZxQ,{eO*zo;7s9OC ad/Pl0)<Qa՚W`6d4*I~1x\S1[:Dߺ Hb.4i3"狘S?@ / R Xkj!3 dgU؝mO8KnRrЬFkm{iK-Yo:yᤔjh< `/BI.wi5 J 3o :,Uy5oNZakDHˇu{L0;[B [Gy+uB"cDCD+F]IZ2o䪗[X?#UGv3dἩ a,)lJ2p0Dd,3BK\_/*Zk' )0Ljh>5i Կf+1gƞmi`o:.8oYg?T$@U [&<Ȱ袓7㬠Ew'!hzZi[5sP<yOl̞}z4%W*L `E \{KbIwQQ LT 9XI_x2u1aΜ<(`\\U*?~F.^qD]۲|h3Cۏ $@vSiNPF '5cCsp*3S1sq.w)Ɂ繛dx$, '.Wqɶ>geJfy9$V'I @D[dB98` )A>/XP#͗w|DL Xֹ3oo '%cB%n{~x@4s x\iLS?p.A妕{>{xa%f+ VINٙMvDlvc&ߖRp!Z#LZ11z@οMF:: BRx8&n$@$8W)ddLV!~Rz'5K4x)j>f= 97RFiꄭgAX'^"I-?i `9nO kcP&,Ef׭y){b:RE@ <3Ir<С_<ﵸ[.M0\J''4ݱĂʘ3v`! tQ5`nn}2Ts[CχXiw4oHpuY24xs YVQv|6Υ$ŀZe- ӭZz-8 }Op``ÿz5j󂑄Jƴ CJ@ыvȱ<髦wkRkj?;^BDxr?ILwHQLAdV2]m:/>]sanСzP^;+j \sQT$]Iq|s s*q"+ZǓؓd1b+hQ]gX5<@T'r)>N:/LP0)*#tuxE^U]vx'/R0pGC쀪R2a7Tu>G5ABT~-Eؑ:TiQrmvL+|cbQXc6Q~gE7%ĴI47Z.DMAꟓeM|\WO$[I_ᙴ;ɂ֒dw#Dq摀" xW V'HUn:fI"2W+* _\0,H=|-}r%NK!J_] r<3,KZ0.1h`~x:{`?A>B e˜ : nɼ& Kpocw Y Q v2A\;CTxP%4p$Q=SbuZtG_ڞ=#ẌTͫ`z;&w7_cvZ0L$TlV,㬩557!(v[B~{x8s.DEP/VxQ>,3_V֘'t(ې2(G8[>w~Y8Լ\ PMZoJu^ޫʇ ]{ H!l;8F~eo; Ma{I`Ȕq}1bHFfLq.Ў/C0E/!b n? )1xK`b9{<9S72o|~68wN@q,\i%Ϳ=U'h3U8ƛwu <:pcq*o>UKs¹grzM>&}$ٓR:@C[Tw9 P%Ud~w^{&FpV;j(`)ZZ4[zpǹ$d**a~5ao,-uy(:a_o}Yy MUcӯS P! H'ri2{\C$uch8TgȂz{a͚f tņ"Q h=UIՅqy?0˞DTgOfHQ9Tꪙfu@"XQcs ͐y^a%yOgq>@v%wkhWG;_-MҊ t~?{|.OW $h(Tm5f_tx9 "+y/Ipn#̏8 oR/]nٻhs̥}9@|J <7 _ix?h?/mݐX0ruR&O]V}}B̓Л\/"qZ9/J0㊪er(Uw[kS< .:\ ~QAn{cr>M oзJ(𢆕[ Z*w6ZfhJF,X/P7Y]Y,$QwW7(RT .ߚŠtҥ/ ^(ys韹%)UH.7mUFZb=M1nD@CgJiEGL*Ԑx`zs|\C{>F%1nQ !ESYX$Ď8)Z{$TwLn˞3W0EPakυJ@D8"OBd'5H}Ceǩ;.%wR "35j|GpXPJ*>Ys0{."S@z"W jqc-ʍ_InWo\ \!ªRI+/1m(~yn!<:=b:*V⪒Z>qQuPj6b4%[|ʡTK>Ϫ֨NSUH'ɸ[xoCadESݕTF|O]{[}]þ8E.^ '޳6]C:ޓ94>ON2 w8D*pK!$@bۍtnA`)Kj0Fݻn>7 5DbH>2ˉ8wIb`Z؍Ty.&<ɕ{%S t^bbM|OF6z 7--Pn@߉"ΩYYDHێ~1}i^iq%=ݔ:*6 RB1g d-/(5#>z5Ȩir齗&rʵ }†pBG'B YdxSo{TvI XXERcrw;&' lel\[Cu zg.uu0AB{n i?`) ~?u p9" ?ZΌ&hnFЫP H'oE1mFU6"B? '~dw֙d<[mERAO96",̵24.ڳi0v{~wC6V,8[z /wʥ}Ft?w۹F_.7/ڮ yfkI* 6JoRQSB 9`QN٥sNi> ݓ2p;G|LӉq2=!LN:G)Kg q"1=!,'UeI*PܑQ 6CDMKgɾ LQ\$nG\L᩵y-2.i4Mc<um_)+w=daK´,V`Y{h,)+ ws6Rܜf$ZeSOS%&BCdYm8'L:8 4Ǖt>u!-*wEK\rĭR\⹖\H*znϹy0nt _Pf 4tGgg qD!;NM@\#i Cg Z"OA7N 9FW?Gո/ =w%VԦUE ( |5c/`e048 1B8[.FGF`'R`4KR}n+CRV֘VlTJx/h;wNGa  ~f;zX C dl YA^ؒF=+W*Qpߘy9.\6TXW -Gư.Ar Bum߯B i>F&yLPE0p&c[2Et ^01a&MIPT%;82ˀ opD=m'>VSg4`5L$@kr桘5Le7S©m4EIJ2M?~:C̗tF( >#Uc=rJ%m8u$w E3z]ŶuE]O,;ID$S0hYx> 4stpM5f qI}UߑjrwPm| WyRz1Cf8pt"Ҙ=30>0T [9:LRҿ]J \ Hs8횿$S|oG[9oY߼VK1Kt51 ؝~?!H|Qg c0ןY$ 6/yܙ:k^/HGHw)9[i GFJs%N= 3rn$6U?"{6 oD9y4^ *ޘCMpCay`-+soJ JSdc9XqNcqo _/)NM4 q6xFXh=> ˜12@#pDp<Qm-hE}i>a r6iv͈/+]t+r|S2 xԘi,a!fT/I^8TWl; p,EbFE`P0of#V>CMZ'+aZJ-!h>f3L0={>Ƥ?Ӄ+ȇv\T_sX|޷wlV]óq FXٵnV%8K`$,B2 ܖ4# 7o F: ce6kG\LIt2 jiFO|%:+Aw㻔8;iaG a1SݓĒ Z{ :XjQآ&S_ASG3X5Ul dB D)L_c|}W C ڧHw һTb=`Jc{4Y%8f:~ūp'l4P ft;xV D(:Y=ǂYjtzNCeZ}Bdpm?j׽~c3I+wSZɠ :%nƇ@ҬM, qf ސ%<3߫iBCv~i2Kzbt BǚuoGn4͛ݧ/~pxmƗCy<sGF_6ȩ$;7Q4ڕ+ ,*;UVſͭE >XHi yiH()P Z|RF?|d IyT8SB,>ZMO-ɩHp ~VH^D:sc 4oڰq4`֕EAÁjJ|Lrq ɾ3^-[:xD( DŽ5Z5̊ohmg4$'[8QΧ]jĶK9{1;i6Vrrd9ƙ+kV]Z!djq"bRwe3=w5mMIn6!HH GZ Pp˗qHVt{2rvN>?T 9ٗ_kbV `\_)/n^tZ2^dZzqm/ {[֠&ŚLgȵ'8"Oo*y-:[ kߖտYgQwD9Py]9QfQP-lD|~{.(KJhA+D&9S0pmpGz)$fTp{N)Z9b~̫!YxD*]*Gŭr>3P5]$m oIĨN/-KljIl4ޔ@HNb!){ŘO9QHA;y$+Ca_swp@a'-jLmO#;Ai'lÌ( əgc*^qwՠ:hb". xW}e4Pj!;QADctcWp:9ၤ`e_jT>,„=4AEE/ۿӶhJTg`(ASU㻒%qV+aǓٵԞ5U-}S37H# }U_ڕ+8.n=˶06Uض#4 iuA OCe`ABd{бk|ڼ?ɝlSG9v*"s9.G[wq ."Ft(xQ(_ʍ@qڱrXVxrg_YhS2=#m< { <2W?XxgC{bVrBx}ꏤ%P2B7U{#^{ 妾ƛ#Dp1e<{gʌ@jH| 5"Ҽ6QEyyLl'l]: X36gcIs럨e8X"".7mc}IM/l:O'f02` .hzvY߾oA?Qd#̾ȨUTKbv[Ѝe y*CfP}x v|q8;5\E= g\a*2,X0bc\8E-5zP쿇Ӷan z/2@Z8^?Eo`N_`)R"ˏY+?4!(dtw^^EҶ p̱+0 %9WS5FB!z`ѝuh'BΠ1$c7㬺48F8B#.9*^eE:R-̖ 8 t8p2!N_Ͳ֌71].?ID"^e{C o}!µ݋j]k-;L07D/5t =Gj"@;f nI# & L̿l }V(̖| lD+$pxwJ J-[hŦb?lJ7 ك&fb,ѵG>@\Uk}UWKFzz XǗ00Mi<}\>2()p203d}@%cd*oI7$HHkPd[n!5O4č  a62̜ T-ږ˽l>>ό3lmq:by>`(U=p! gB|,۹Q,Hj5 xPw%Ϣ,N.3\ S`<4_[6M[gm,ݼv*E#ss.J tރ;5QX\ΛCc 7t6V~Jdњ'qXqG$L70Ȗ VH9γvdΣOBczYC}: FFv]!a l \̭+ Ix\]s+j;m4\W?,6KYٻ9|bN$XYJ) FO=U?c;o @( SvdW)TA8n*U_̈́{̂=dy*X7 ՞EoRᯈ#RŌcIowpΉ#_VZnBtk5@')1փ ̴XEA9uL3'̆[LTP;l.b4dWwtPf\q9IWW(u\ꤧ*丠 d2_;_1WM{z! _ZG͑ۮ**b:jο9Q2yhcu#Y<{Tx6_w([-ad!e|0 CPL3=%kdr ɓ?nNB]@zA v0v265>fPȢ79MZz0MH~$>fgisB*nϜqkLJKvSAMpQ2] ᇦǻ# TFWB9c/ r Dj9n(t tdi%%髌ӡ M'dUs&8erhϔT3Av{W-<ɧ檹TAU@WbuG>OBo;Q\_. ޏ>vTq#cx8 i4] w*ɰ|tBcOaoT<(00ݐyKqwoIż$&{Ͷ5p~Oۡ6#E ~XhEmI|ۅ)){6)YQťخe bI2Z1=ڶ-C^ sl#.M j=|u-PlnS+LV[/u#nD?}Ź2PPp%'NxgC52aog -aw#*b^#{8)WV B˝M[STɩXLUѳ5Ez3\)>nd2O . %XļZ8*؇a2fẹbP|F6g%eZ K_,=[_yNF 3=[@M-n7~j*ʑ;qe:cyiF{pJt'qړ~84}*Ua?ؘo!'*vx?A>BS.oX|1#[6kƏg C cϰE4@~DE4%D2C)PVDQyh[cYCOc9QKKb;o(mpmk: -֬]_wC?]"#jJ>-޸hh"8AU21}[GWq{F_KEuи}[{20 Jd]z.36< jF|`{~=ju^ ܭlNOY`(Jþ^ݫBfh͹gѴ[狪sxqkλn(3ʺkCu\+G1ٓmbcCPaPn؂JѱH^ι@#^RuBč s"T=8z7ԕ">`_4<@l&Iy=n}WP0[藥@:OTudmH'Ċf4W\^ѕ-||GW_L1 fގD?Kj.Y)'uC y\ly#@a;^L$&®p;q˜T&i&IG*qv MlS3Q!z;O3 #D&;OGRSx`ϱE.fk3P낥axm {4-zUsEv=V?d>X W}BcSF eZþh]vq,#/iSz&FЛyBЃy%V: -ͣ;a{HĻ;h((@nR 3HXB>(d&7E- >;ΆҝDRssl|c1+JRzyuax48t&i뫚7X+ׂ[O `3(K=;I͇xo ɷů /~ pNkhMYCxiRh,)|M]aό=h9 }h l⳩IPj)Yp9~WQ,D{)о_\&v ~xR,"5%G[ՎbxZW{{gq YP̈EotΝҮpnhi>uà"{ x[=jQ'!VDcC(CSFq e~F܀&re(NQMO/?R2E_nHs7[q6D6q~u'¶o"Ÿ11 Y)ZR}ѹ$rzXgA|H"CQ6sumB<\+l/9Тdsi ^4|(P9) '$Uw fژђYuoY<RGMmT<_mT.~cb$$Ŧx]VdIVԹx7:Du$tlOC%Aނ5Ϥ.^=8|F m t83N5 BFYK)_p9̨3YځHQTAyې5Wmk%uZ.!o@P}`Q g?Y+B}tRR92AGn%hH1T@KT$sEÆ_wgËog"vh${#$KJYZ\5"JIK,K X.N P Vf fSH%I"i$0&c-٥ؔL$`Ѳ82(DuMd-%#Rq8*'ClsDb NoJ9f|kJX iS} 4+|R}"ONg,GMJkK>?A+8>;[= -tW\eJ#~(G{=t:q`bmW[o:}uL]|`H18pK"SņfG#߯MR]S\t~uu2l< Cqˍ| eRHQY p$#zS#4.Vc`ݫIwFIp|Nˑ?_99'U5ݜSXߋkR oiCpc7<7V7W^B 5oʠ$ʑ""1m!iWzu;0Raf|M"p#`wҾ?0,ۋobDAԗyyQj aīCk^sw$*dFΠe1c&+{@-&Q2bioPn?@i)(qeq~Uu|Wh+e| ĕ.Y0c"A[ƐM>oKIz+C+wz( ASM%fc"D:(A}FY$ziba5L;Cb_лWWRfXgwr8i Y˙OՀ$-*mK_|SOۼT En(u~ִ=EYlh^ r9>@d|9Q@=3D}A0_F 'DCNL'{_t};ņzk%UGH/4~ T#3c7iH4D'&o'nvrC]naIQJ2c>T3F ~jKrꀨnP|~@fo3 ?w S)>qJ*;'i1m +c2ĿaZAL ,N=I,FBy!퇙hQEHڬw[fZc5cʋHgdN=Wͧ]x!4Z:*' ({0ڢ5Jwvh8* -Ea!@љVSn2=w 76KͭDAv0Go3zfSn)BQ.>{Ќ99??0=6Իr")VZ1 4J,^SjZ%O1wm=Z5CeSt3Kg+wniT}%"_gpc\|q3oUAw]u-^,eV/xh4XxGR~{W92XWR2jN~ஏ(H> #fp\LFj͐ZG4P[عJ @~J=K5Kʎ;lUtleQφ@Pl] a:jP8{SBQܱP B<DLd [z+_wtb1mhw)u‹B.z}hFU+&vhGhNݧ?ylyM-pۉw'Vmm.>q=be_(QFgyŋ[@>Fչ7\5_wlE]R\>;:H[6&U '\S 34F2s{jH>']jEk{)1>Pa?%iB?3Ůa4R-et oQ3x?0cw1,~:"VR.k6椃Wo&JJŘ }p&cD&qsm|șU {9ldq?gX\.U[Y_1jA 6_N[x^ouDi\]. y[@! c޷!?00%=t8XM"K/P)ȕ_`N|Tf)mhKwD,J^@sdpWȈ )h=kOA`GL, <8 Z2gI&;gFDjSC|=w X)xT1*whcfV3YuTu-v lh-6W0UK"ɌbŅeȆ6WfVOAjث-Dt:ϲ/¬M9ɵy4vjGoۮlR KV`V5Bё FSv-w4ݽJ7E0|[J- 99j{_Xͣ{̋ b.Q(IgME9G! @<mY9 fZ}%0qzqƭqc?p+e>wYF1˻]~MN"&2C>iQS(˚芋^Juᮦ^/!pivuOSؔљ糴9D@ Il' "DZ| [Wӑ:P5(r%GLx?`:}LG,%I<:v̌}^&lgV"ymGSfo`]-;#6&>KMcϚa> Jm !n WLK0[z =<'Y U0/xFX"`;Z[R͇sm}Q,'Pz W?2ⷳ]C/ <^ 0 m(wE=󤖖HQ0B ^3D&:-tYBne4؏`!'IA”rSѰs:M7FW:\uϛ&ϳ!20:~Um\ I;ǟ _UZ*:f|\8YؕvcRF0Iڣ2=LjW6R*#6V,!րC/3z$ {%hx$M\%>kHLQzu;g_u`EY|u;ᐑed#g.,\>]JVf'(pA1%d B)]YPx%ꈱ1h[٪WTo# L~AP/vCaU;q"Sk='p] `&Ծ!y93FU!`z\{sMgQTZZ)pL7ZM􋧇e; {b!Ձ׵`*/N;ICFF%DV@jhV֜g3{mSH膂cu:8e4'f2J sƷY=s1xnXѝ^,ЖIŢZ ԹtYz]mDWo33.0^Lb酄Pg!'1;e"5Ж}Cߖ)o# r2{z?,RQaҽ^uR̵4M8MFedgNučؗt|TP[qRN-i`nu5וk.6Vw]Ql u}frJa#⤁ghta==e1L$dr(n։ɉDևq vUFe@P=3FǀOco׉E6ޭs ɧ i:qe/O:㰎 Zd̄|nm Ɣ]b0)q2 lbMNveok4M=es<'[לN~6} SLjD!U]7ƭRpH]`P~+ WURm-?(jw&!%Jf~l\>+%,52oc||;Sq]Ǽ6ߩO]U-՞H1~)KnPg8OH\>zL"`47f +%@SÿXq~j(< 1AΨR>40zK$n?c Yv@>tcǮ@fO}TZF<1v؇AJ1!嵎%7%dN} ^L뽪m⑇ZϦl>NbxbjfO6qgȞ9vX77O.\2`pW IzeTMQ\Q|C:@Vmr:qܻP|ia5v2Όi2,Uc+JeIGu:VٴVS+C BӴf ٘IUͻjnڑ؏yYԡVNlBm੆[U'ˣXsTq|/k7R#}?=k f+|93' $9Av&~7>'GR0ހEskw%b]LtxeH;m@ ~F`9q.O}aq 1OeUQqSڄ,|q,}[:Q&"rIIIPE: *茢* ytFISCGG?(: YK^r(. lV. Q\ bq:pKd:#?ˁk>v~|D>'x|t^V?wUG4E/չtkKrb*fX!P 6Y" SFDч1MDme '>U9>|0rjr[|KnH21$ch+S09 (죁B=EwQ2t!Z#,}ae/j'Zm۔fNcmôU2O`PNկ^ԭ~6 'bNzH-6v-vGԎt#AD0 ܚ$xP!a2Wq@@91D|aұ n.9vM2{[ʊ$&mi!^oS"ʭIĪ^?i-:s ~DO}M+cImc2))a\"c[,72ٶ!_'}#F%s83'Bq4&Ynϸq'~|hMj:l8g0WnkɌI3`Wtˈ-f] \pPQԠx„1B6+.#{ivR"~\$  R(mAwn40Da-Q uQ vJk #*rj_7y2GN#x fT+kd8G+:6Ws=/7bPPw4(ӈf{I!R#Ƕ> I;l]ЂA*s]&2'ʱ?YV:N⥟1+bpUcPZp;l8ҩ(8)Fۑ|_8\=)xc{g#5 o {K `Wv>lwrv1KOu.,LA#‡I 㬇M. gNbnƽ\<BޭCti*`VZH DcPC'ְ~2UO%J&v.s@G~wR_; ~FoogT2F_Q-~Q әD Nf/˒ i;I QA u2UR" hN)@)QVuXa ^o!K{]l}&ay5#h:O[R8ͻMKǯ a/&3ãM ڼHW;..{7!=S(׶E5eZU̩ո!Ψn`H&-Y%FL{խ8L`{jRB+?yUY04ąkMB):2ޟ;HB?6<1)3 lR>dž"G;3&|Z@$ޒ??p7wYA(j$H.G Zex. ԿG), ̪1Y$8^6q9~ Or]P$.IaL2W;3Vi|{>uo$@-~GZ-!(oaݍ&֋$Ru3H'o?ӘÛu~7m!%*\T`gLUІm*:s9p?bW~Ϭ܆EAOnI?} “,n#gTlC-v/{wA[}`e=xFh vo#G¯LHpd}\S[T/ kK'1qNI{1+1 w&(YCp,k<:Q5a|ȣ`tevg)dЦ,>JzuFbȶ2.h~xTP$n')-w]RaKD'JZz]e:dz֛-M0To^_j2 7GZƢaBdH u+JI<;0bFiVtbHEt3=LIߊ :+vSG`~.>_/ 0ԒֻՎbZF!&f6tsLa4 w;P+u,Ϡ zAʺz&NtcXU 2ÌBRmĮd\]ɥP}NXRgڎˆg.&=PP?46bv]pI$z˻06mhwhxidA"YTQQm&%n&+{+hl.YLA&$T Q5AS&t55 ås3ED~Ú|)b:P66MD1`*t\p$wPEU_1V1,+Vh 2d] 04T+ňQuǀL_jPU!`FtN=u%ߡϏpA@,3~+̲4Y37OM<7Ka7YsUmHN; s$ώE9GW6nd)U[83=:A5:Zo>J}fFؘ+W̼rDmmT*;${Z|.`ӞLj!2װ֔y\\5Z4 <}@S ްo:$*0pF ܕ98oYX#4Բ9Lj#́]<@o9u%d|.y7?|WnyuxWtGQ ɱ fB6]lq F|Ztc5m狂!vLV J)lqtUTpl\~pٕQW;_}pZߊh3NxEb| uz ԅ}As̉ p_mjY_grdz[iڹidI EM5#]ງL\|VlGc$ >J7hLdN.JqX4/''qӞэd[zń2=up`Z "mu0۽fGGeaa < %3&9Zk ;: ZS8˺6(OW_^ OeR=PuuAEVXEG7#29 %@8Z– U~Y5gy @1?*:Voe|gj;Ƈ*??2nF̻v]1׽lB%)pnCS9ú7{Wd) C[z3W5zW4G=kk'#CGk `hHDQ83SS Ѧ5L0{Чo^JJ">X EJe'G4ϡD.u&7C!ޚр̸qß i[}ŭrQlp[],lE8^So^rq=@7w.xAtks'QxhnGD츄gʘH֐.1͍䚲*8\,vg<Ԕ?CZRvaC @J%ZMr=AOk ]d iqH>K^AhYmԃF-BE!wp KE_&N ѣA`2 ~gLA!+cXQqOLz1_%g&w5K_fv`TTzBkhtwg`)h>+XZ\o"EJ^F#f#^~{6V4 sqh%Osr2)auUZۋ>L$}XHcW”i-7 "qN,\J#Q^[8Q!jŴQ*;Д4F/OQ ÷կ/'0jhC",-IlO܌Z뫑bIzh[]HRr7,e{be\%15R<W+DN#n -oF?Kv`T\0+NQ4$9 z dzn&.j\im(6Ew.G:I +RZ]uBn+1)Z! 5Rb-0;O&whϹ^ƤRݘSzMC*x"{$)^6Ue6fٶ37. HKԄ2LPGN[)9QXL"_N\\ L#BAT,QԂS0*]P9B˼4n `Yth?>F3ć`!R))M7Du]wn fZ>359gp+\SGaf.CI 5[T>ҿx1Xث9jsSNVIuN-@^{ѽ,I5&0jk^ZvE3}䚵s @貍U}iKz9 ocfDx-n>|EqiZ^>)@MA+-# zHuSzGv%6MTuhJ_{R6ۧJTܿ4_`^FI|ulNO ,yVjru?H, mf>L/R4*=@P M hFMV.?A0gJmEd*u, Kvo/kLWa&^b@%--LqŬ+7Ǟ>/>zIȜ|`ߦĐMVG{v E[*7 ܇QB8LJ#/8]tE6D4rd5D2 zoL&NLAa@:/i Dwv|LVc'9jvXĕd7ʋYs!#1M+__< t7rȭִ$jVK C9dKe#pVhV/#0w2S[ uV^KwU냄)]|FZݺKi M3+e1ѶGb>^Ēa9=bRu(eM<,bc PPcg@f[BHp$ Vxy队7|d@=ލS!mb,Lه ď nM*:(CjH-9 =mFDK%^Ճ5XLx9ԤSXz4'w+D+a*:;z8X q:]ua9w}so[n-o(I)Kk< 7]aXw%ԓZ͑0lҕ)9y|Gq"a3'35e]\̈́x ^E(T& J˯[1HLxELCOm#O4Cp3J18:ޛü.5p=DkGD$OWD-ҙ-S\.)s#ζ̶#WbZ Yw7̜F?*hA_*e"B !Wf g |$@-O,Bح]d>~$Q} wIV01FUY9A'v,[<ҕvzJZ{~Wa8NC8])Q+F@=Y<3Ĉ%/9!JEߨv+ bK +)t DQyBϤ+%U(e-]j'8k;rC7kת\W*K- %M]`L! -F_Pwd%^3rAK7cW-%7apWӅ^{,r]ϠfhƯ"un׏"FQI@Yu)%~4 *qgc{2ux"],9BfC #j 2m'iUz$x9D0V%RP`k^z . .,"<)4p8)ˈ6/<I8u]B V!(GYTZbqs__сdp3G7߭FxK-t$RLB=|b%!,ۼgkWT1UW,dw' Nb"URB3W4?>㥒㝰}SU_WǥYCkL H]@ )i ˚%6n]X(-eA"alق= zaW0oǃL;)-YCZɋRO\7_A'";sLK >|T830raV=V\Y5$l^尛eP6brIRkhFt:yA4+1W+5b.\qYDd,N<RSxׂ^ C#'WדLpykќ0tkm+[v;>DT>]V=?˩ ۖ ꝉo//@$Scצw&D'&I ĥP㸭[9QdbF]js^fۭDxεM-1Fc/G &O +)SՈ3dÆtGw\3Բ1ǮL̶jkfg(VwP 3(;3ݝI V/4&Մ(&ɩWCw-L{1ȯȚ=ciODGww{%#ٿئ{=z什֨Q˙ -&G-7O2 7dXb~듗]k:)V-f`X[H` ^F<=GLHH@]Z79-,J`It΄_\G"3FÙx1@*VK-5^F~r Wu7(c:8z`w z0/h+ xƹ95 sӠ2Dml-C ]r`ǥO9607}f^m'snG0`^ 7?H ݁/>NUW662:cFGc#N) "J?߀ E(BJӣƓ e.Bw~ ~XSyA!@B,!G}ݜp%רBvF#H*V5VC$Q?]@kԗ[:Wbv6Y^~GWw+.rX*,a"-o؝ʃصyDBC$-NLN`/4`l"q_Vҍ \[0ԼX/[`RHpl[Q)& qE - %͔˕o\yN|6OHkg_z 9GC؅5͇Ͽ>Xy=5tVޔ 4g\TWU$.m(연Y8 I-[?Nnyi$@nՕAE5o p/>3W aϰ^5BN`@IAދq+oF>C˩b5%zp$Wҳ?cx*D,C'>9D p =,DӪcT< ?E lD)OW h\XB~rpw\_k̈P'nā gts u'-RmkL$x"b) V,l \|G_g( N$$tpxbsF4fcuϮv.HT"wH QP[|W Y!43xd^ d&VMGC>զ t< :೓Qv^gݺ\O$>󵩄E'$sY*rkQ EyF1)1ԓ=f'آ>5X3ko9){?4Dl'J0^nMv!jblQ̍eC }0!-'e֫qۙJ o#f zσ B JA!۟L^w|;/eӣPw.NRdHl_aV/ގזL t8tR匃 I22 .溦}NG ]Aa3oZE(b;_ \nATmbJ?ɚser'cDIZr֧Fy՗Є-\{)_H{Y׍.XPt+ZAf@`MjyRb 9i}C۩m ?biT԰jڊ_(\.wη/-H "D}|?xp.஍m$`H|TiM{|/>%Gf~:=H^.Gm A0mf\ DV49'JRup_3]ܐԡ׼a7!.r$.H'MCye4_O2޹z- h6?1c^/0[Bǀ,|#+Fffpt! =+BZ.*Ae:}n#q*~? =WΑubȩ\k$Gv*Uz/!!][A_1?\0).+?HG&KHs^I]7= jPԋ+& a}w)ʑ},̤5(Y JNv q:|SF=+Y1 *9#x?w]6#jH*'H @b! Zfohi>TC$(ӐkNM83u5qz!v»IAwo 6 lP.WTMxn[ Qouj s'VTBfd8 {0KK Ԓ--3zyriGyGS 0Bbf蠣h@gq8 }ɶP ۘnkiwYп΃+J&;thRXY.jt `#bh}sAdžj(-DuF>D.,mMɂM&:˜1JHսH,4s>Hfc|sesmBtljJ)bqͺK3/o}>s Gҳ;@)RtGdhl؇b|U5 ȷgxs*4lx!JD^}֋4$Mq5il_:s$w2멨شy=j D/Gχ&P@90WNHbnyfbɛ&S-˜6RǨ)л Ҷ߰׶Њӡvxx,.L]e3Ri[ᩦK<7d^ʄͪ28s(!ލWrQz?PǨ'j9!4>})GGϗ1A ?S$؝gI4R~\GvOh&7%%s1x-ADzfjʺn81*34e䔓+51qf6zVȳ;gK{CmB&s ߈r Ȗ^3&gxgG+jNL!>m5=C\ \0Oxhz(JKkP t/<-E&ֵZeh+r楙.5d ^͟N*hyܒR],Ng9%PRGļRe˴ Pp(GzQ:/՜ZgZ U_Fbzv:a1b_F⸑Pw^2zM , 6/[çHjN:go~c/K@y25@4*$ OX5s*%6>-̢ iE.] qr2fE(suQtr$1* 2 !cYƈ7~SG※D!U]Ћ˭S*&<ŁPI(i_B)YQ+AcǽZnԩ:1S"PD,3D@lSДM6a WxF?B6V>=P˛j5hyR`6 ]0jsʂ{aGOOOh᪹g"VGGrAo,/tQf" /D)I[}K C!2Wj rž ̢:a3z[?q}+2mgO_* 5:b 9 SȥO-=@Z%2ä\۱:2?Mi$y/2Aony/ UGR~O0#\H Yt rn,H­Lfkj NL{hB1lp_6LoKqVrrє[E8^yX"Ğ3\7m8U@]9;+:(T#tV!R5,s5IНbw p9DJm-2!\VL|!|R>[15T:ⓞsUa-i뎂GEJGm?-:Q j)<*K4y0tTqF4qIVڀ5ᆾp=Ak :x \>3 ^xWS;E߰{5 ̔2yDJ-@ ?n>ͦ(]#J.εvaDзˆdqcĿH4;?Ya옐t&4wPDl;mqz6Zղ-FRtW;X-BK.l}ѹ2scC˅cFϯN=i x1s1.?VEpÑǿ$/[NQ 4I~ =]db⚷1i"'iFQD<'f:Aw/Պʯ䠱\vuBS '5% ,ރ[+}7{"*!rk$ F'NN'n|GhCS{M&;svJWnf'R_dvfZ+pMTTaK:Q/3M#= Տ%%ݶM)P}oJo*ŋضy冰OOf~@^s<7X T?}9ZNCa%;SbmFVh/l77  NG]b nF)'WmµWZḟh?BѮU' 89 X𐨊QKq3T ސ.ڐ-Ay`2#!jڋ]E9G$HꩊUmuGH=7zzr eA{ b&ze֒^~I=v.8:%tp.VXxfDfzsZb3hǏX4[~abQ&ѧ Yq/"e='s#0d8 Ըb: 3z ʁf`Rgtz;>>HцgܙJǜ*>Śf_2)7pkg+~-_"ϯ)IKV(`W4[@.-_Yl+3_9j͜/C6L.\59a D8SY1o L'$2WIS5R熱BqC*eLϪ0xNNUAbDHSFAff*nTɊ+-(\=#V_ /Pԅ~ږȕYu'UzV1dIf r$I!?VAG3X ʸ!_+ =/ NppN`#wZXlRJ!}f2:1OqX8tSRK=uͪݟ$9@c(N{4Vc.w ;ܹac{xY~P04b#UI0(SwY,-57~ƫo_V]ѱUIC:/{ʣJG Pz4\W gvw\g"[rL{XcuUe.VѬ /q$kA֠ti HtBt pY|UBcWf6P;PYj9GO,'=#@r˼7y$jxuC+\¹@g*LY }i֟.V5N[ڐ6fsvƌ 6# Hu86UM*%v:w; Fm&%q$mNŦ#LeZ۠Ж̢; fi2ڋْ%Ucs4@`z B^au[&Dss%@*愱$K9)0n`pY7E!oa^3ȺoD*#o "jw<F*U*8]WOM9V VNFt_t\YO=ql#7)̳ .ԃǭdU3G lt|GBI 7h/){*s ͋R ?QlWBI/>_0]tn-K JZ~38vˀvA|$21@ߍ` t^^P'C9MP0y#ݮeѨg cգ}Vu+Uڐ;6%u`$~1PM7 Hɨ^{Tq372pplbaQwҧ]dv e߼zU޹5{8DG&`FOkx& PVt.:}O-ݍY}ЪlmnN7-MLj.[ziYk "B-_+xiz7}>e>s$0eK|T4A|++3h2Qu"t9!/`YxGs,Q2(m[7Q6rU?¬z>'!9o#fObaTUjIo3t?IC[׊3IAb9 @3Ts2@ u4i6-: f|h'R!Ŭ#c~h]Tp=p_[^3p8 tgMjlYNv.*yt@KnMdky ;?+h/M*>p$P*%*71Jބ"><;@%նe? ~Ė݆tr B4QE} cdLCTWj(;, DYy;ͧW y`ǟg[3=\fdv8d{[Hb<)ƺpun\*~e?쮙>֊]cĠ]"TWEqMnDL]POd>xXNeE7۶ufM/$AV)6"x{&!8n0oT$*wOiEQB1]Lمf>^>*%ٸ7cS} d|v"!SZB4Q 7gκJ2Hww o`sfi"CVUu덫r"grm^WQs [`'0Fp5,"vZl^ -!fk arz,B.镖< x{nY)„U?6 LCr<4y$1?x_F`I5Il\3m~TK#rIIs mE_U.uA@sgiZUzX-w]|9@hw BwbyZb1qL=TbvͩQkn0*<ٗ>ySDbsNpVD2l>fqStm˦/001l_w6#w [8fǾZR'NY1fQk*{ zSԍ[}^J@ׅ -mCrpBFRl|5?( XmNF9 `AV|jyMdg Bg>)Y؃|Dn!QeBxd`ȞQA]q"|MjWy(. Q>6ޭ (/CW>鰆@% ^|h7މ0YE*X1 y]Sߵ?k@]$3ALG~3UFghBz>49@PP`,OfrɱimYDnsO\(>tb#]^PP$Բ`YÚ1(>F:55I6kag S?W[ӱ#0_Eqd+ ?2VD yXR6=q,k:Jz5>K66uY]dܙ$WX zs͉EKʊOP ´Ws'btOPiUן;7 Di :2e_/ T5Z3QN}%L)B5$FS&N_ ) οnwA;!!wp ᡢFL|h- k3Oxȥ(KIL_FpQff䡌Ȩ{8YHLve86FwFy)&jN4E"8n4r.jOX c7Da &LgNX3l.H^Ш1R["s! ;$n˹*hܰF`򃱄ұ>['y)"Q~7|;?~%:1.M -簂mծ/S@D&@i⛳Tsm6Gj4yQ'qG\"d*t!!eS—4L"4G f DmJJsRꚁ {Şq7O|O6Gz_G0ԟ} |ӀT)#A9ⳛf\&;߬ ac/),wƧ!<|l:R+q$F#Nc!D2:f<\)S=cgBRC$_-=̇Qki;IJ%ETl>+ +/Ρ)|HVs3)(J) Ƿ^,j=Z첓*$F4{{!Sd=cޝfhJE,\#G珵\?zN;tޢTDN 3lrJ kg5<-8DyCWu[I\~,튲ޏ0U\H:_T# yc/$$G?1xkG0!7XN(B5Nl6mjʒ:}SpC;`*^3LrWrːEhi`PJ(cZfVCoOf1%mzOrب{*,4_~$Rd !D==uk`&Dד2a9LKͧmQ_c#Z -怪oEWG66 F \Ŏ:e{k$rF;Dlif%+05 6. B 6I&vlU`*X[0cGr b 0K6ٺK."wH*^_zǯ(e{S{{h$fv{nd0^UPرnZQ!5QﮪtkRt- c57S X`ߺMT&SZ| _̄=*K: .čJ]sRSȸD7 \QK+"DHNɃ@O^  FߊE .Cֿ'&eK!iɯ[S95gm ,&#hWV/]:W?>DRDD. kS{ j2ܠGD:pbܠ-I)ޣmT "Z)"OW=ªZP&DJm@5f&՟/'GN ;1$wE*(`^&EK7V%~SIAp7-:Rn3О<vf |Y cnh}2 o|aʹ %aޅhp]B7_4=*>/Ka#UYCTf5a sܼ]IJwS1sܝ d!RnIKL~9PqU,`!0 q1X͛0׿+6cЧ=bO,#S)\ 8'2DT!G`x*+j <" Y4 lk[!TĹv~GضT>1άb5P 86 썱1By|{[FQPT;Vc2٨ksg NKJ}i.R.AffM E|`~\{Du)j2UR( q{yp4RG~C N]k-ŨMg0M5ۇ3Iǐ~8UQ|WS߿ĞGvZҞIYR31cTA4¹n{)xK2)C24v{[EKPVώ;Co}a*C둏+ܘPW'J1gf\ťhm[:?obQt`7>[9ch_Zu`mط^ ϟ`kǫ wK.A$sZ ̳{;b%Q(Qvf}g.Y=jԿ2 gk ꐣˊn$-ٷ'dYHgS֨uBf>hW" _Kx8/PݚNqT/JpnKͷ,sm-I8ʨ-mz@nD%u~q6k%'У|a^@1؍;^bɉwg %Y*M6%7hJ}F6@ aGu@'KT;Dx| ƣ֯pthVxUZbm7wT:Vf=",]dҵLͣ/>:`d+Oں4h qX~)h‚͸3І9Mh"h/Sd`-`y 0*zee0LM1m g !^;>F[7wWb aHDqt)5>BvYrzQ۪Sp?Ik=Kaeш(ϜվW?"GDfOֶ+` .or\7tjJᗳ4Oa&~}AoZa Ml?(7wnG/,|TT ~t)+$YΠ7h[o}PLֳ:RvO<&GA=IaHՓm䣼iӭ nF9,NVbvUvcSNQ6)Iry3;p53E+7Q)nj*1u[2d+x}Hb<4}Ȉ1Fn^& nV'DxNZ=ԏgC뵭6E&.3|져/196nPyqPFLKz,(gYV/qJ~)H:eЙA2~6@:*K}Fw*"Ҡ 9{CB\ARLq?iǃ3A6Qc>Ns ܰ5*Μ@/5iaE:g)K'_wœ7aHneFuE_ѫ{*GfŻ0+gb8ZTxJ}2kHOJzi!e$U49AV'x%LNjR_MK&x-tnP{- !MP }jkQ*fYɂJ6G``k oaZ>֔b/WzY5_`b+dG &PcTe$Ov5rOl[Nvv# 1|Fv[(a6yw,@3K&TttIPj,<^)fg9[Uc5Y-r'R@HLi/4 Z:=P^͵C̑"K?iz(Chk5Oiђ^dBi Bc)$-8ޘu 6N8h'Ļ |o'h=+%'_Sv8Æg 0~DIBHOlsG~uSzPz0}F*Ay&A-tT#0eSۑ{35x?Lk0l=qԵ,t@V<:&?> W*r@批_'4T:Z85^Xʤ*(@ys$m>?n-*9[̓Bi2)́QxB` / C".:em`/^Q!`(.t |!xc7?]B| p9٠0goSFBNky/v$ 2ci7ΰD{g+kv֣z}2z/;g*݉l` rhE*]ĿV'?9mqsߏfPֵBa6VQ!oi_սAq}[ tJy#+I?`Tq>N;d Bvɚ7xi,I?剶6)hIx!e3o"zKVAھ`v tzQYpI:yK7&QI@Ls;5&Wm {H|D"9[i,N5 Jˤ'YR<ΔYO7Nw T]a,o5韂  #KIiL(6CSvrBi-V90Dv7ycJر8,m .˒*m(̃^JHM̖cݷ6M;mm$ r(cXׄ>2 y;58!sakvN k -nF@'tRbXoa!x͈t e+lTg}Qhg^>[%lrs焩 YuyՕk2i h(#+(ySͿ4Wc Wި rʒ1 -o #7I9;ɒF>i1*V'iٻDqn5Ɓ"?"G`/JyLw0>ICfT MX#F膙.SnE9P1])DctPZǑ5"䡎ѮwY EFZBl(~pOcJ=.4s"D)BC #ĒOL/ XN{z΢Vfnv=]ƚQ:+s򪣄~̍cA VfPȾCBz@DcS#0+gBѰW( S&Ya'*ovgr-tw]c'!WKr+(YOJ%@ȁw2w؄1/IX/!)2{Rebt4tqpmɼu1ь\bM1T/CWO)%(eOC rДTqY}K(&J,u^EFDv1V}q8 eB|'ݬR墣}ȭvܕ7uCV8?,LgC(ps6])Kp#X4 Z&Xe_AV%a$M}ƣ‹*T.݈VzQ#-Lhly֭Kh%i,5>hi!&DK#Ql!桝vD<"|ۚbr/yiﻁ*"U=e-LjٶFm>r0rb=oK?Ga_a Ŕ?aqv _ .ju#ĵr7XC56lz~`NMGqpx`A$ڛ]3TOlԞs$hY?%YhEj@PO/jGBnjoѳ!\ёܿUUm<7Lij%O2xF8@D:eս\HFN,#)FC QZöWAFUWGnm+6B6eXU[@=#a7C ~?w)8NnDv,IK~_ ]}ћQ^~1O7q݇$Uv 䛾#*kn&O`5bZH|lb?i(@mSO*?/ +mFj/1v4g4su忒xU[vޢUf@4[6OcbFK,g<JQel mKYl?W;Q8zot9ҀնՆEDfL0G@Y)Gof<ȸv [3P.}?Q}Ƚbk~:gZ ;S~RoPg2 o2Dm5`h%&^D&)s }W] Ev]WQԆ$H  z8@Y,Ѭw-Nccx"4_jWe1 q%bLu0&xDO2D.׎~Hm"e#Z6 q=K/dIt]4"4TIRz ,(/C+]Ml}&yvN(@njbg)}~#?çr:?{J>@=t҅ʵB!Ubݏ jg ܡj>N~/\$sL@j$\Qte[r9IpV B#B❳Gro#h|͙b0Ye\),`g)V.D5Ad y,y3J g'(miF@g07%#Q+&7>YtZeՓ?(OvC4@Iu]U,\6"ǖHƷ]@Eu KXF,+)b4\}nG([P-Y\i,dBSGJ˜ۭ=fA}эwJc%LȺX&UPCMx wiP*hi*rρr(R֬si\ݔFx8f|5 ᳙LNv_Xs|=ޖްJO`5N;g=O7KEN{"إf+ԈYJDɦ;as4 ,;շ^e{V֍|HI=ڴ!ckopV㸯TR !)-uLP1{6WJ ~a^$BPH^0Ѕ}h5⧋TPgR,@S-Z<Ab{K%>Ir6w'd/r ٵ6T.TlPLQSCkɣvl3Sɮ~9|CEvv\ǿ&Q%y/ HJv[נo!`R `dAGE`PA;lN?aH5֣Ɵ:.-Z r"a!)H|}2XhY{6L/b}-r&{D9CxMf62h!IOx+-êsﶬ ِ>;Az ;"4„y"-CYW`:?*6 H{Dd`Ֆ2!ǹ>Ӝ%DJ|;! VUb`D_szU+* ˘{{ ^<vpwN]9H旻Ad'8Bn.ÌMAU4Ƣ6-q8WA]@PL[[2\6hң>LHM̀08Ia$c!oȿxČ8 @/y(W*%,_7rTw,6jizH&Vx<]C%Ksk$&Zye/!q/YVqo qUp;Skte}Knv8ʱyOXXq<6K:L})NAo*z u: r]^h>8pt1K;m{: 9݀KHӺlRo- u&'l2g>ua1Q֧ڬ2]b7.qlsﯮ[j )۠,xDIƃ->c`⧞xN_S:y|DODgx&0]݊rW<8ڋ &V]a} reqI$L·7R1tEt|D&{dA 7 G!#ZH$ADHn}7|G7#Tc]oZ̼* R /jjwB (3p{R DuZnJggx))4auc~'cf]ZۦL\5̓CY(ұom t3a$|nr!!,tW&tc YUwMZPÛMƬ\4VVp:bY̞)rx-61 +r5Z`/%wtcJB U&jnQ|ѨJ2cy;U Qu+B(T!b.Kx"Ongj \gx-i쯡WAA:3Xc[H2tsB,8KL$_1,aC1-F ofl•Wz9V$gHgP7Iw:ƓNjzG=Pb,њ8;TdfkA,ᢕ xA"T;ڼ;~eƀMneߔ?. Ajsm4F9ÊC\E9s"4i񲏢CۦRE <17li 圧N:TܱVWp)59 ^JPW:qhPƤ~wq au@til.b 1(*KӖTJHLN뷅L+aJEtɒvE(+rN"ބv=6wȡp,qJd٭'Jc3ܔ] e̞j_N^-ij7a*$0ׇ Կ́ A\>8ge\tE9:SP"#tz^οlq+ E<~im+9kJFyQ\Ŝkth^E q$Z&Ϊc)@,63e⠤w,ڨ>obSbl3i-AB>T<l@wRVHEi,mH4R_.(@/BNt qe:]ipkj #w[!PCb+˞TwmצCߛ@ ol\%dݐ_ob5nc `1pz*81{qE sNtxMX8v=_/ E;+-.㧧Ḙ[M (X~jgs )xջUġk2~c!CM[}._0Sb 8)/r*ݩ>m2p8!7۶"?[K`H:"5-g$:y.!w',ѪRN(j8lY#+C2asQج0Jv_n&$9S~}@B*]@1j؉EONf3]4#\利|ƦHMV w8TVTcZm;'S T[yg`#~NL{+OU\Jxѯ(+avy`b;|SFIǞjka>1}l c!POǍ ,f)8P=Dfft|oLeك"Gv,EPU3D(E"rz~Qx6? ^ Օa0`WT*Z#< ʹ$Y7ߓ 7ϜP@ kp}{GyeB"߯4|9O]dw_t$4t.X#j/9E::u5I물:K ?+WO6>YZg-ٽeGsqOcX`5?yAʓKƎ7g*[}\)<8[\ =(Q#fV."uR;Lߓ`6CksbRی"ԉo4~UR)Z6?n j94ɓfǟs)+)c2)U_p%'>>:mNt7. GH,);;0|Ӈ! V$IǒM W,JVBHۯWQ٥ OCWM/KEed!?W `vYvS" =ϡgqR%ƤA-_>^}se#@oτ =v"opn^{0.05rly}zQ ڑuzwEXDEfFPX6bY dA 5L[Pvג#U#Uq“&"U|FO"cRlAPDW>S O%p^e["ЯE`Hc+xqV %,|4bEkF]Q;Ljzd-ad{ho8cPs+g54*En4YDnh-u~n5F}=X%Ԡf޷FYbu'ydފ+ @]!?8E28{ s"QjP^H:[NOdLZb5OxT/4h|k*q[tJ& !H(ĹB: PTE+x}E1;K}er/o)~Xx\bUE*~Lm, "]nN@Yan6<*J~qOIv2sǹrP?oND-4{/)x#P9f (Rg2R_rjrgӄuQAI?eke!n^uѥ{F7zܳ(p (op?-۶_X-a;iP>Ӷ.h]ؼ+t_ 7Bw4+e}/:Sȑ%{OA\/>^w8ձ?z&e,r/V(s %A[}Y<* BA )qS\f32$YDxߌ'A6pB j~]FY+tA'OVwǍT=s&DSD,WXE$RFew)'n]35I9mP}:^UQ^n;9Ɠ'ƧҀx+7`NhUKc[5[j>#63|eH9╗!m6b@@UKk *y>ww[G#+5z$]"wmo!Ѐ\vp޴VEsgWĈC_dKoU)+a(׷0nï-=M[6',ߥcAUڬ)P: 5T; s$Ua.#p)Z=U}"2[ 4ţ r2e*?ϒ8zX&iyV)t?,FݶQf`W7 Ӕ^u)w8b_ۈ|LO OTv*<"fy%K '2,$tB/GOAUC*F} %WC J.@̈ҔVa0`^Ur,kim]k"C}arCe?98 9C*S1Ki`L.Qڑ:p!NѲ[kHcҴ ڐ"V"%ʃυ+\,&/NR'l FQ>͝wSہ #5?×Mͺr|/FzyURsPX6~ e u&ׇ:*?$ז_RPpwBӑFżP_.llץP3/tiΚ@'_) ffLv-1Rbi|d1 j,d'XAZ$v@ -.xN^FF9rnӛ'|(IlԬ}Uz0g#);cJsnJ p蟕VN˕? 8y`0;3 [>MZW/S/Ucp9{"K ֘ $(}AG[H9XCāyŻk/p+P|يyO c$&9hbޯ=\Bg"Zx*VMӨ&ds8pL46J:M푤 l)D-.`-8%`-EA gJKx ?"TpF :6)n03+ 疛F3Z5gWѷs&o_n9WR &'|7.A%ݚ+1 ((.V.JnHGm,iCy^Yh/eg7dAe|jSZ#[;yHizͲ͘uVVݚi6ALuiOҽ Eܖ %p?#˲c9\ބ|R#B"z9[/|j$O ^M %| [v/ J$/7Au=/TA^*݂8AԾB8U88jO:|A̼zBd4-kUi鱨B܊<:$/G!-Q͏<L O%?3K0QՌC4ѱS:H^T7BE *;ڞ(3^*˒LHr\]V>8VrŅ1'{6$wyF^ s=_BlA]t!ȡuɳK5AC2zhYGڄ1t Y^-SgO%Pp.`^!oCnx7L] Ƴ\(m8NX`h{6,l 7uk[s-2-_VŊ,>[cF[,Eԋ>V,q8Ѵ7m70n:Ӌz:Wny?=j4/ 8V!TQRI\E,gD"/9nՇ>ӿ>\So:jVOH$\{O,c2bDx>wb9F<[#.޲o7 G$5\H^?yJq؎:%l79Ѕ&@p_s0;1±MWǃ)ǝ-<X& J8d+´`d2~b]@HO~>,JpE0J jV&^<',}kF2 qCHGߣ9i0zUpƟAcLAWO6i>+ ү'Kjmþ < ݻ<̬9Nch¯jf{C/cz'Gij i3Z (o c1rݢT03mD(~#q\9+ A!Hȟ6EK׫՗2}0%@ jIRS筣.ڕvo6;3v$|(;}?~ӡnz(9gDrzemYs.Z{HC4ME;_ArL Fۘ9!s{a7t2wՔBpAL)۞"˹lCZ S W6p;~(^>6 I`r*$WQ0^& ʷoTָx\ɜr6xE@}TIث|E!XMȐr,ݧMξh!|yӆ,#,థ'x{ѫiȆ\h]U#1,>pqQW{*7 gɶz&ƙI>pr3ҺIm߇j;|A0;>rzi5K4 *6ܴUuDf<—ǩ[!W;J_X҆w9 6)8 %\[)u'Tg#g$p.D1.<~q~E+hG*PMwH%RRbN)Qf)c/gՍ>`?toIy(bQ0ڸn8ƤU}z;kn}"ՉM ͺB,ḧ<*)ERFf3=6W_POQv$vxF)4]Hy윉*ϻ,5]P I^ap^#1eMI:NKgNFܫ>=fH ?&t~ FRJI kn߈LNOqȐ~?_ Z(n3:W}KCF1XkZV%"n_}=ncKPbDbLr }CJ\VVs R4`UyCF$q Q6mjK-tmKVh|d3qskf2dqw|_Z(=|ICCK2 + 3,д(Γ01핻ɼc\yVy*W]z1w΄1Y[vgR{fٲIgE`f)مgfL]"WCvoffdϒx*~I\4 Jk$1<|K푢D4@4v}KCC!P]giTp }"G^Q {L7}'USo [*^)W҈2mL."*$Bm*- W;ũ-y %DLv*;i!NJV-{ϓrw>0iS /R0^"OThw1IB[l&3 Him;xoN\ǂBe -ߥ[5{_<)uf3G듯ދlкA;Ԋ hve_EHTbMio23O*8*Q*X5{l)uly8u5n"e]ݲuɠ/>E >|}k qWteJ?>Fʹ=aAo1'9^ES'D"=,B̻ʎ@×OY)GTfmq[Q%P&2~&/ 11ov {Hۧ}2n=֞PAJY1ډ OoqnՐFZXtck1 A)<(L>JŮyk֒Tt7E閿RQ~Λ Tk=B (| Oc"n_鵘sllMYu/hjabTB {ẓs=QQBcbڥ\'n1T߻_ăiȄtXuT|+7YDgWBrfE~2WE xrq_0/P,NYgkFLpXU }_K-™vM51; ,- ;maBCywSw|ts_vR6$JIƙ*P?y7n uд[a! ;2聃 A_ek`#3ǿiZ9t&ƤKC@xLT)\;HxI&Vh6B7RxYo_v㮁Kv}"SeMRE{S+zWkQِ=]7M:U؅M̠<~ߏu@"ѶDmp#ڃqђW[+ ᭬)էypǦd#^<.XvJ-{{01/)}ټ:-g)PG~G n5fiDUl(y,|His`(& 4$yVd#N8m؅xhG cdx?)Z =-5SHW7c'9̹ {0NU-E!vm Fqdf5슪F | ؑ@7+<%1NT8i~wN sj.P}dD_ =iϕ@~R<~;eHh'/+ R|J98OMjVp`"`T {ϨyĔȳ"8󰟌b"|H9NdO%AwI+d(<1M4¬+)ɳs`G^Hb Dj 87W\ɐHu렢'BL7sZ#*VBeʲ 6M$GE?$(C4;z†OlQ,[=`)||rQ~Ro({ ;S)J#~qz [@aQ6pD3,VW:YbHjFy&doHR4sԙ*cK1$-Ƃ  ;ޗIJSHҟjqE"qw*1d8 Tձ+_[l+GяDK14A2 }J1Y(,ߒjnsD C_|Q;22Ho6>rEnVIcy` 6O֙Ϭ,AK6#IӚX$vzpcNI~c=[%h$^EdAfn^ktV`fez^첁SX)">dxARVYo<>T;$.^GO' ,uz{Vy#oIڽv0D_9X5fvun) %惟nwнy&Rԋ,Àz؆,HmD'KO]+]Ǯl"$/4ȱO^}`B䊨`%Ee*I30@ {cͬ1 ]#B ].mJ۳aּ?d1^n,-PIDF2G!p<􁰳)R>;/Z,Iա|zHc8ҚF.`yii w]tF9i]5%$ ?og>ZwcN,dkly"ZHFlBľyy9v? k qO"X 2<=Fv4s\ )6WԒ?H9wQzJ| /a8aueu8eMsW4@qY|(EH3H boG<~M'֑9"cQvjs  p_;+-R1}Nkp. >)aY~b$-D!($ "fz S.>egӼ_줝,`ӸȅTXV~śWbN) W.>mJ#8M{+\B?2e [oV4.{uc22 "%HC/SC"lqHeoKAi=l/`IgÁL_C?>-ڥFq%i^vRs/=gQ&~.if tAjw׆/!R;;Q~P/t'M {)su?K$x$Wt̓'Sx43Bhl ϝCWV8R4Z˖a,I/NS:ycbA r\.JW6I5PjqtoTNӂl \鴼wd(ϭ["DhZ@3?7G]6)m8}(ӵk~ b@7tKD|3 x<;=m ."ܭs!zglwW>HY' /( űzA9? )7nb}v;fg`5xRQح?h=9g55jWQۘ+耟6l4HdsdKC;">= AgYZ=mc0%u-"c%N WMOo-1&e@p$^|9$ȘIľPK fNpM^rX3su<#Sd#浲jb Uc EYM­J\Ajh^T+;8s׷p 4y+.=gٛtҟ՟Q x9s< څ0QPzwN.KEZO-v6wu>TGU9Aeoi\;ZO!Le],`fi!Uw) m (.pC>*D泥M S}&m F),{鉎 ; qsy{EPb(,|#vO#HBPpy2QV-q;iM#<\K.xw v ^VAʑ+c eܰ^f74һsAf8_"r۴Bfp\S()F Z},7t}.ߌӭJ^f ^ė0Sa^] Evgk䵟TIN`RHzb~ 0|gbI*&/Q5NobҍF+b>hMdpD1Ǜ`=zdQ/I%El}N3sQ*8X^WK%iOkU +Fjʷus-|ӯ,HiN?Ek S$E$ʿTmBl;ژ.= ؠm8#CGdbmN^ƶEQ=uo #} ;ewX~c|C#yHKbs۩S4V1$Q~izxD1o42Hd r,ZB~ԙ`,tPMbL$V&!"M|.>I`C04c(Gizꈠ]NE; E0Eʛ6U۾Rl lcL" 9,@ XC yVor!Ƹ Uc:Jj9. S |2<<\~^1uDH|(IRs:ݺsOM"8A >Ҵ\fc65PG 9Kì. JKCzl. f` xB"r^UšX;嚂AfTٌsڠr htVu;8rs6!ohEJ~:*Z<ҧx}޿`=n;?ͥw.Dn6~v( 46T5~ rt2Q?kT?ٵz)5{ةY/'Fב  qXrV\&Ŋ:dL,PRw&>eX8[ceHdiR8?%C?ې/kt Mj \Oꑊ-2c)ux!)>daԬuY~KcB`.7鐂nPVsnMumNnصz40r]V(ClLuS=..Okz k*Um &em\6wMqeaYt2 nz5UOr ¾L۹l؅?\][1dk#uazsf+)3&̆tuiJ<8&lxM XU ?NA.7bܸ͌׻vb `ȟ^5j]M#nަk%-qDj;|X*j5(AWl?Rm&LcB1s*]Q{=Jak9> h\l?矮A|p~ M]*%N6d(d^\WP8owVV%!Z@DzK>֕^/#E85<5+u7ͳhM [K7)XgR[tz 2e* `.w'?Ճ!yc*U&w} -QFUEAr+{=_0%[Hldi>̴I %(̭1<-VD;wu 9>l}|7wFeƻJ0z4^g]xSYakTO2a_Ԍfƒ[VM#*GV :ceN λ1ŭ ۵|D>;W!RB's4J[)hC[RCQƉpG@93:/ `TKX #jo+0PLw$³\zL%"vc@wU"P:Y2_Ey&{0?#EÅ8~w9^nLn19V9@am9H|_B+\̒s,o""0Wk lc-VQn|r^ؕl,G4At11 ?hm7]ݨ{li% {K ka쑢˦bM VZIupDF Xi"Eq#x+EĿ.vԜk;.÷ `ě!|p–ނ8g(謅Y14a#}M#i? WZ_>co2L`+km)! èMr&|8;UJWˠZ%5"KxP.\ù/p׃aDIYQ(!$N_QKR} ;TW.L0'X*(lҒ ߥĪJhӇ8P-e T{買p8u&U0@`qzemlZΖ&ąg-em%C,;3BĈA#i!;پ¥xNn%osj}|;) ?=~ C.! 2֬2]x0< Հy!TcT.ݗ}[2}}j_\N^>jR;j*>c{ ]ZaEݺ7WIzS_X٥J{>R+ YcM !@nn]dzgFī&HKɎZ }躪9=x~TU2M+kU8"z5)*#?#sAA<=4wtP(g: Lwn& ed9n@!ENJd_Wy?wuT+3UIQ@m`([~BJ/r [aiAJut7(!ƾ?7 4W.;}@]zO4؟v3H5SP@!'2:vxOOX`)\Wx1fC{[fiƟ۝yo4QRVH|l%']XvPDg6(B\ɥi18aJ@ZEB'6%BKv.u )ThjtGb~r O}_cׁ˔:3hbςF5ռYlu977z:QBRB4FKSQ{wCGd{Y0`uU Xu\v:+#=iZqЙӄ_V+k FSA\F借ɹc|lmѺӕ0qGr;%&>)d)=*u)eUFc<"\Tj tfr h)Q1qxc=gJ(_L剏2J `q m6O3J5\ zkD{rM nM& chGwrz|#{' ӑJr9s2(݌Ԉ8 ` “\nTˬE#)3 {[%iw\}LԮ=r S7g`Wlt8m jKq)lc(nyלeaƴH [OvN*Gdk,ןRCE\jkQtU(_qqCjLE2LIk7K=ق,Qj-82%Vne[i+n# l+^D'(B`ū^7Sv\Bk}=;By8?^S9EY?{#hI QK\)j>wR_uXG.>1i2jGa;c#\_R[EDE9]12;,h [Upwnb;Mf)XU{Ju.~^:GIE1ڻa2n4 \-;"SseP[l2%Ioֶg1RSo vG\J-v^Rq6'ϫ^K ̂TC\:MSdvfBwTƶCi66GM !Ikl񨩘=[=#Ǘm›E0ԳE Ow"7?ɈY3 tO9!&+J1_SL߽esN b!ӘB>GqkQ*  (+YGEe{\94$ >%rhxq7(z׸ mΏ04וdR7ߏ<_x 냸o7w_f , /Ÿ"jȁRNK-y}dw+šAoӞiVv1yX ~?&b筝91\[8qNvaJK@ehNfY^m>X4#wB:9턚o.t㟜l;O4;O28ty2ku =2Ԝ\Eb#2[1:rd` Eux4R] R5nw`30:̥mfT^?>sӊ[0/eF`s|} 7NnLFu'T$YĬo[ʮ؁GS A )?V:@1"Judߴ#Lm,0M cXSS5$ L Myb r0m/IU7B Y!ƞv;TLUA: Or'\ȷw߳6>0%v%NA0ΜNfSÐ<0">1rr/opn|vcs'54=F /x"/]&< >>]fLs~>l_.p94P@R-FFbCͺtz.뼁| hH?N_e!0~!p W }xc/mmq!hEכ_?,=RE952r@zc{W\럏1 5)]s|HwXW4ʳ]ڮ4WT@ƫe26rםv.s&fh#Ql6(l==PH + t n( hjj#PdE.C4S Rl$,LO*ԶIYPq nqbێD]`1c71dQ=ܴvzgZ+UŸ9̭4~fޛŁr%ܾ۳_Y?}@_qZsNt|f(.Ru1FQ#(طtOw }pőh0H={IpKc+Ğp6LA,F*\}[ ꨬ%g.cL vc-Di$G qIy5M;[-aºIeAQTVN$6yͽfHywjWR{3b :?Ҝpg3xh\_"Tav(^ʍV[*" )H6|Kpʻgxj)K[FXMU}5я0G$REXvfR+͘%hV{kSco~HHVnaNJ."EM]meE Oj)bʣ`%tsA8P]pkv`Η˟|3S-a͎r4Q/n"U*U,$q`Hr%5(3C"L^q"kXtL=TMiJYX2.Z¬Q'4W₧9z"NW-rYyCo3>BaSV qB@ע؅ ;hEb|G2['s=5VL\KaiS(x|/:?LQT_DWO+CHq0-U ">痓\jw eHcR j-j$8O' D> oMi\ZՐEzɯ+"h~S>F5se){Jj{3o-pec]i N峕6}FލMPH̼?e"֭qD%A+xu :*@2YIL:?@/ԣUgKy E$i幔kE&UA)b C0.TӲPus7 _KBEq&Pu:b636"<:ڟB[~Wr eC44ĜAo`V;u>M]Pճ|!6AtL3JZs{- ԙn,[ڌ&O*sY<"VnlS. (:*Jƴ)Ov`Mi%A]v}PuY>HcF1,Y-;lɽimF0覸BΊ8GT\Y ͡N991}hdFJd;wzfNHam-{lXz)W>9^ rR+TALR&s) r,PGYٞgB=+TVp2@-ۋJbN0$;VL&;ELľ3*aP$]ḷRILQ𭮄䡏2zu$k[t:[⧝z"b{?>#kR/-mW_%:DV+'(>e#Z]SƋV+m]~M| Z;3aؤ,=hy;1&{Q;u ?.yWkD- 0 K=܋uOx y1OBY1IMP29oyܹ? '&< cEC7 >x+5Ԝ#{RO}N k1wa.-8kQe(1)K^Zys;Vb[jULu%kKHyu;1pB wpyJk'l-]lڵnEX9ra_b֖?e]ױDmQ3BsP?!k+5X.TKy/lN% ^FFp$0]8*p̊#R c|)V/ hܖyk ^&w8eZDrqF \(8Ss#P[ B2?R\XhbR _0LKGU%>+7q?";w02]KQi_^RTKW͜m{ 5,w@zwL?w?}?q/(<#'.xeME4G@ةha* Sςsݼ G6=P3H|+&'R6#"]:'(s9Zh/1rkmw2.R{pE `ao>dҴRb?ݿ gl @W:eٻ(|K#AC}GKD~L:#F` $CC 0@ORv\.y9V@4iO74}fX xk"#潯VX@7 +Iq|hih4DtB4l&b\uv@UjB?ǽ%#-+S=>wUxh3vJQy'ERS-U-^І c}%fB7ҳ&'pC+sog2{ Srzf%&opGD1fALjtO(k^/t w=KeeM^(/ :t؀׌OXW̰~A1`?>S[նL@~mX*0(ʘFksDɷ WNE@٣$ƌ 6E6-7ZJpiJT>xfAx܃,G/2I(9b:ץu4r >@]F*,!fK; xְgRuM `'6E+X1gSN% j/QAos)^lOʋWx/`Q\jG-"KBrD4CHvXvV$=XJ͕7* I2X>R,1>Boxh7vYG1%Ӷ>v֩+$rg(:K0)ߪA̺J_BDҚ'Z4h&ޠSKE͌Uge- !{0.[jȠBd!#Z>M?Բ[9 &οљ^dT"rةjK|vY0"Z0 QdZq*Ef*EקENU8[K領,k`)͜%ޯ_jv 㿷K?5F$j[|?H  iG 'sQ%ܠZ;V@Ax0/V]c 7md.$^8Ͻȳ}̙*19v'x~2],fF/0&Ԩa00w1:lx6 ]G BM[sX_]&qŊ&̓w:c o>WMw|9ڟ̹i{1VtLrp7GftB'/ _- 6(^JY%A=q|k^tpf/eӎf=ょCϚv 9sZ75P=IA4;&!峰L h5YYd8Ώ0$7&'=9EJwD2U?[:{A^1Y6{RYh325ƞ-Mw;+6>ΩՅ r. tp)$. ͿG G l5ٝ|J\ܤ I=Q0a6Iglk,- ~&꾓Ga,W2kAl]3ħw, Fݪ8&&~re8e֔Mܿ K4Y= #f1TMBvѴ bU {((`#q `¡T?jF[b~ 90=MO=Rt?NLe x &Dߑ?Eh8(^MX%32R~ .M Ʀjc`WD}Bp`4iRkX*tD π]<a ˗k( Q%L -#RE~)"ai֒"ê .i RZ#J&q(ߜW?bR &߫+3y'CܤF{]ԟL#BS>JEM{tWcAqF74Y5eILq`9C~90jv]~Dd(vT8 {=;0 }闳q-2Q)ȏ~gJvxo?_^|_ˍe^r6e7#EoO<ڵGG7ʖ!٬:ћ; Vo6i~1pAα|CxR푴NG/ ; 2EaHA7tJ"~ՃǫmCIb?4mXaF3Wɗ&Gr.g$DOЬ̙йABdA':*cF>r񘌳x8})zKdB0sٲk-_'i u:0Ƃ{'~'k}"1f[2 Jt;>aor :sxFHItP[J!4y{^*V8.ЕToA!­ QĔj80Ns%4Ų3f:Y XRX+0 'g: < +3H $zX$!'B,t[]پF1dV X&#8ZF1AWJ 9[yA%([ڎN΅ F( O9oצ{[<3:ԉ{z̲ٜbNznĴ`y5?/Rц~$eJ*NIphe⛴?Qtp[ڋi4|*h6٢s0O{hP#:X[j˽wjOH `Gcڸ!7M7*1wE||T=kQBVdfM gR@~y{v'*jPǪ~O=QIUyZnOkX3.NQ(nj(S$ !S抂ϵի7tC֪C1y=~oo p2k(@CSm%. N{ pP+R 7/3N0A~XBP?(!-:0p,Oж,&,c`:mcr"OUirbć"t8{E!fJʁ \;Lf3Nnf-$\ v8yW[|(qa[]A>ehiCQUaF $O:jDF6Gj&pOE߉b!aC5:NRN gGzV%.=Mu/ݤOOVmZm]+LAt-|A!e*tp5atm}@7[܍o*d-o[n]j״ RA&Z<rn &_;Jsnԣb*NSoOvIS" %9W3KLtiT +]< S&Q;`6?n~Nz%>*uc11=~\mO!Xε~76*(A#kЃIp}OFѹՂ]m)=.?Q&4{)zm25L[ΔO HgEcK%灝!Xy8 9vЄ'T\H%;}Oc@U I/m|u.)8w2hueRS{zT] hJr3R[v(f?v vAPs?3S3#H7-^-/|'Av:[z '_^= i4¶ &(uFy g?p]Z\hv:x$]0 #̒#)P$_ir M7̿ 򀏺 #M6GY ֹ;f2T!ywV0.@R=*$H [Q٤7(ͫ-F4I'ޝ8dWy~ "mլ ]gKyYDxC>̱ M(:Ul*~9Iu34!bV)) GU'ڭ-9&c[?gԁ㛬~nL~g#hKS,`[a#<9訃#@=?\S彡ƹKo'Z2屦sȊ`%6xW!|n0ce'Fر%ɔE-" T)pBSl_iU2$q}jЯ .I5z!(`c}'D*K|թ[j$ÈG6H]TAEau>BX/m͐R KbMꄶ >GQukTxƙ3覍tҵ'k"];K3rm*|4F~ p%.ke.+<2sqa5f}PcpDI~>Y x]CC+ܣ Ύ~D{r:ЀUba,4:纆t|߯>{4?|B '<}afE`h]SNL"#x^ji(4_2DwPQfdk8LI?i IK]%l&lnQv̒2<6w֗ZYc~y8,u i;dX|B1ŭ+&b5'{RRm+} fn9W< fCp(IpuM%|T{m`ܴt7%Hal@ĥ P诔 ^]gfu~L49&zeB8M*|[4CȘ mW3&c9?"iCA N]]IæXG2ob9+LHV615E y|٠9odP+2 QӠDh„tF#vA##w 4%`*Q*ziӬl"UTL缣;;^QZο@,!pO#,D'm"^-Hzx]ƪh8y!8m; o%R2ZMGY $ʈǥܱ8Ihb.X~M!G9 |:b7߾vު&нp(s6tKAgWFIDoa γRh ,a?s}wxߍњ ͬCAn8+F0Q`}mNfBT(+ h y FR"yf&CK :()*۟uў 4Gn[vg !('m?V/9 lC>+CQ\2.ȄI>^.-=^El@sIr;d'!Z‡58gܵ;Xҳq;Gܐ,PHb6ɏ=BB}%y)X/q@;?{'jmo_:O[EZ\80 0rܰ:.s.[Eh7-ǗUlmlaE$\mSwDs .MA$91,H6r/JXjOvۭeU⎹yR:nbdQO< KP@˃ЇͶ.0݆ ^ Lpr!fqG|wLClyv Pr-N"XH%o{ ḒY9ڜ8}3Z/iwg,]G1*U 5,`%PE!៕RKm@78[Ri _16G'✹%qCr^D}Q' !3I3+jFǤ)EaZ5n$XD{D|(D~ŋ?>(3[Fo*0K~_WXotEFy]3H:LZ=wn4˅t̤4*cț畴4`Dmk,g̤8>h$dl ot.bt_pFK5|ٗ2JaݘnE}EQK_P{LAV&oMr*xWj$Mz0? xs1 J3ATDA-x˾<%^zK6T߱/:"|&75Od!& m<v>} DӊBLJ $|ofj11D 2Gh[]@*w\jb=ٻ~G.d>֞U>5A]a[B[׹4yInH] =#j> @mJX j4bL9y @;s8 ȱ@V'&rHz^a' c[@3XI1μd۸B4.KkGX"+7ԘmQʉH)SeiDSw,+43CZx"Bڞkc 4TPZxҮe(egsWB &@^DM /¬SOYkN"%+SF[-܌D@/bI/pgYr'WP=Yv LC7`4[X `v!Wg{)S:2UeU̮B̨=%&(OcK9ʩ vS:0zv&Es$;Wݕ.G,-8-+.)kS$4LeY7sdvNExy}w#p=tTfQAHCX-+$33&h9$i,g:BW[TE+*vT`iS.m(9vfqɲa7dԞSHۇk. %#EPsx |e-G y!)uO,].J-@iE(y 4ߗB b_;y'].@TA6AS3gzqu6,)L %(䗽h" C]pE%՞&6\Ȏ}Zl#G2)A5xMan(k+۬N:TcNQ[沟LAvoӚN*r '>ZG֝Hq5 ^I0MMlA@y;?)I=BMtJ^c~qI*62D9'qp#go[MN~S+M x338u|XgT'<`f>B Ξr9+ʮh!y_p^{[-3Ww50~G5 G>"(r{eUaȽTӏy|EܮbG`LrQ[ٍ+&vLC-FQR\(Q""I|Ϲ~ݟ-*}t_D2$BZ,%n=ۀfXY3bu-EQ蛧FYӹ=Uc,3@go)DJ(:(O6Dnc^oMRLH^"~aۘHNЊ^6V丹5BκyhjaQO=7j5`٤73a Zګn^U'TW7X__ ={ [n^n$]7ŧN1zuu9ymג24*v{t_LeբC%sZ7Q79>j$nzJ:??" D=-C3rEU22Whݴr`p"Avf:R<9= >HLESv#Iꎬ& t$ L+/ʤI٥~%d|H&gw;+71d&"ᾠW,apJ%>+J=@Ddqt/:<||> uRߴc׈:;r/-[% oudh 4d(dci'ZIFh(|P]S"ķ8z[L|3+Ump,2' bS]bdtUʁ,1Zي$#.Vy&a;SdYMVqL;>#2/ VhL{(3ST m`E_<`[ҞeI ѹTF*_x[N&v,3 7@tZ \m֎B$g<@!\YdQcwfKYg/_Ѡ"wxI.tWqOwSZB;_[.L>NjP݌Cf c69>+pq^)R|e4'V+j~X8ZO7ZsiG4$9WE(T$BP/\%S3Zwd¸n"a9QCT{7'=&_D'lXKboF6υU9zUyA:&Rxx\NFHpoU OUEA x3FY<(þqUre HXR|x0=6?M3#'4+=F>Wa'n7: CX=k%?dt}MƁ7Xy{S,a.,FSq/"f J{O_&]؉7k0*y_qsN-HSvq pwz>(<ҍP$Z+ڠ% B||m. ep<[sݷl-栠TY9|#BݡvS]a|qGWa93 ^[G0;[r1Upg:\I^>m*QkN Ʌ)_sUEnjzy@ |Hn]¡(*vj--9M/|!=8 KOQsOX5Ii!E+˾-#~ '9q88+2d8]VRfGpmӷJ*icm^Gqci6mQ쇒 ez˗!ekC8=?5LP0`A@[3Wҍ c&\{g(t0/je!;t ~,yB^G郤!t]%{Ցi6*81EJ[kݶCJ gk}VN3Udu"xC[ 4K5<^,(e=eO^cі(E5Tay`PUDX{}W?фP=ѬqI/69u,$Hs@)ڈk^6B>iL]~!xT'Jo("߸vn»Dث1Lhh~b) Rb.G] D~(ܼ֞痥qY> Vt>3\bU:hYU'vʶM-C@/p=m3 rE{N\x򲾵ei؍fe0k@7:zcEE}DBr@nwb!y5^*,T)\b,WT)Po P$AuXRqO3P/82p6^^9NH:$$(\rd6&# @W_'D,,ki$>>}.BmDJկꏂ^T}h8[[c&(Uy>)dJg 6IGxJ:JboӃ5Alڕz^LhdziQ˗Iz8i mXʤsqkPn(8X>Q;TarFNM'.+3W|ѯEfpJѶ-]IHӵWJYH+B:!vV<[|ϷH6L!]_e{1}l?mGtL M%&@3?uMq^ =I\*ô I^Y5ȀqNx*&QYF3lĝpۮjISW':qt0F 4U{]G^H܉g=(,Xa9פ|ʤ'+ao~5Dϙ$cY<rlR\^`L-%]-/-QKE̍'f)PI,;EX+x=[nuuC&^[p+:yݮEÃ@EZ eC x)T>=lkLBtFSa+jP6 PtDybu,aj~A0YW4ǥӾ>TxQ&4LYlq;%^W_{۸[ e ̟@GJkʆ~>Ӣ;ptkC!Ӧ}.+\8E[ioWg=(Ȧގ<^W H-Ծ->ꗻcA-CM\N'ué$F!Pb/ѪPNjjCZSM+Z ?KC(5wĊh)e) ˔JqTr“7P*] 7JP 0"ݣx$p}IGap:a.;1ے=5kKQ%jB6=ݍm//%?gW95mnbwQc#qӽeU}dϪJoT oOT9 YCf^4 m~NWo_t'f@tJF!qL*_M@}:$̓/06"|#@akcUȲD(B-ҍr%j),%f\)[ڝ짡IQ?}IZz*CV|)Qz!SiDl],+r݄lfqʶúc_GTZnA;|h 1<bTk$Kw>M8u?NlAAz/pqa>uS>!dyD'GT:f\}҈r!Ԑ RvxvQFf.P`e' H!fZղ0Tvlww4@/l%ujf 6}YMrTwq1T# xM+!? uJ!Vq+BrF?m auAtv~5Yi FGYݦUwiN>RR)"{# [-|'V%DJy፽qr U$0B)닕vV 4x*gb4$AHK׺ u5g걒|#k(`@Dٷ*\+۾u.ьLP-GTSYHƣo\HFdv4NђF_6$2%Нƾ)NW5o MxuBN"*eʹ,uw^| -KNdu)GxK546t%5-ꀴX6~ $NP5d+4ɨ̈֫)m#5 ۅe߈ΑnӖsIx cMjg1ei{jqVs^ 0֡nj6̨hyFo>SEym:K=ׅBx|,af"yO'_`lΛZ Cſ~TeŠbLF,Ŭ)v^P#0^"8f`S`%8:'=?3t0`S!Xjz_~1x>^~+eb#^*RCv|P#$5~F #Gqӹ8k?ZA!bMe۽h,݋(c('cOgf 6801?d/^{n䌪^:enY(QgS^)_%Q^ݾ1jR0}ڕ8Ӿha99k]H1=;+ adBØyOQ}1!|8e|^ Ť|z +d@(!=-,l3WŦRK'l+"Qan]w )Pv%. CRS (}P]ץm\QDE5 @fw58r`jK5<Rݨ?p= 8 ~tQ3 ͮ3n{p6B| a@sͿ?Y" 0vW,q!ڃ"Vg!\,aL1b!}0s /6`省y:0+E!#N9= K0 PBQq9f|x4$zh00Ufqy[\0taK",~oW BZ;͟ai%П90^0S#Ȃ|i2h|MA]ڨq唕l /:ջ$@{nGfRuh40"ظn8%j7hvNq 8il-bZ{mV;]{rDy>nݼdÔsыzfx=6N u#˸qdC ش KB'ЙWycp^7Dwoj1׾7|h=Ae> ]tp[KJ8KA!VP »ZWK56 1>*a n+D!OɍOƛu[ሂ{7"+j#/LTͩ)MUie&hoJ }yq^ 7υ̛PvI"S4ltjVe!ϟٿuN΃\Ba  hWIx9 lu̇cg qpHdq'Ia@r[FܭBZ2N0(úՃ;GNeqjP<3q/?-1Zi("y :ϵdZ Nk`f1oZ#"=n!Ï}0Vxԣ;'0\2\CWt,6#s42#ɮÈq,`/5) N+Ӂ_* ,%V9fzNzYHoƿN:M uVUs67W(;n7' 7\E)%aK'E/ve]+Rk6G"+At09d:%{S|5ZKnUXeMW1HfVOC`NHK<Ӫ>,:e*xSEJbzEqq,&xZRAN rK D!ѹ^R¡g?Mi׌>osbQ}59+/)vyyG易,(zfqr D9*s{G9q. S(qJFQ;ȥ<%ˆ ƚ}k2a0 >=vŝ{Wtŝ (kk(q4g<[oi;3P: 3gxo& JǕ':{6h23ٰrThtg [$䃊C&[eNMfsmxD5Hh[c mq@_y ӕn G);\`h=b~4R1 1nzUQyѕz?G.y.D'K,z,V)젔/ Ybݻ~W59) Ҙ9sv¿_hXfh˲}9d%²yJNpJDͻ 1Yʘ@xܽ#TSjl][d[4%*M:MC:~oTT`6oFJt !{x(5Cr*X'Hl-EG~ %B1NlL\[4^rJFzdrd>"jf[檦ҥ0 d7jl"'t; J,΂pC2vf=ןz~H]ptxb>ߪ3"=ho=8fKIvDљf^9$@.|0޺27&@rV2z㥂C5iIE%fZ'ԙ3,MbYo<}+Zf5rJrd`HRHb}<;e2"J{1G@/3הV'B`ġPc}V:="څڼw{g0yIn]zu˔1)SN_l*lW^|k/z܆" awʐLJӭܻ%Gb6OJWX%&, 8j/9bUpo.~. G6& +7aI8q/3: IÓ/Fq[OtNo顖ƞICOXf{S1"̌IW׫/Ko`@3)ãT37[2sİ$}>OiK3$qf6"g 5ͳ3f >YB`~eDz{/+hx/ ]nY~{WJ8%d=_:PP^F&#*7oxwneO:nF m5[3//m噤ItlԜxtCW}X넟c5䆢DJEɽ( 3uƬ'<\u*'ORP#ѯ#(Q=}?DIn((5QAqpʹ zKKʯo=#W]Qfiצd8l%BƈK;Z :X@ o'2*m"ZE6״6}^sJ4;}_ERԨ@ƻ?*@8 u(Ds7*Os񒉭lEm1b,3|$/'esvkJL{DhQ||nO@vȤ,Ό R 7QdXAٶ ԱKW[S [㣸ە^B| m^cg n=s=DQ\N3w>D" &,hNDXKZ39fD}?s,4ۛ(iV}0G{,\ ^%Z}{XRf6)?/ HƖڟR6Xn%YgJҝTyfT r@x6[@nѣCOo̡Lpʹ ͉XTz,cu?uϖQįJ.vȅepHEf$,ݵ4*lv =h:gM׾~(XPXX{1{"k4O5wֈh hNeI/+*1~K-J^+EczA< auZɈ1Fn.dW#t}p_nq8Ln/EOHQ3^ sZӐ.[\q u82{K9P*G̯[gTU2@̑bj% wUroTlƟ錣ԟVLUZbj}zBh>CW+4kˢ%ۭd@IRiBHLڔڄ5ԱZ* p.YBRFY bKgr9{! ħF; xֿL7#ßmO/mFu| r .zثZ/BeT I b|À EqwL*@v̴]:S\ue~ɫm.=3ށFUA,riR.QŅ8AM`M7.-S; 4ā9l;Ɯ2θ4ggH1J]%'G/Fеl sG‹ iF AJjΜztEcAQd32ڷm7!/CA<,tN." $wr;.m}mLcIQhQ]GcUDŽn~!Щ1?t^kdJ'E __2|gvLv7d釼MN'%7-F-'4\EC#H-k7yo%,=Ak^YXw `%v}Գ aebh:4l`u@//35??Hvg?[飕tfqJf.+(]Hb |,'3Epڋ]*@ *>LQT_o T" jֵFIRVsQ/Ux,SFqܐ$h'!:5u3"|Sg16+ciy fY{9 0d~3KlX8QE,pf58MMdPAr-<@7嗆mw9rbtĦo׼ߺ+{?/*sF6+kLle+8|ՒD4Kw笰i^ygD`sPŋŎk]z\ɍ? m)*:Hr+n]5`>ߛܕ,rgeJ,1p.ˢd]9iDRƦ0+g^KžPі}ڕE5Ҍϡp.4+;W+x$+ *jCkE.TLX&0FsF费(*}NQT.dh:ў$q(D˰T׬]KY|DJ\u'!űz8`cFpnz2 N_S8]z"7iM $ٿ[U'Bsg ɶV> o3Tjڀ:W+B?y]hH|O DCgK $N E}9q5 tJ lB-;OK8,`I߿tRJx<'I=p{/1XauXg/ ?N3@=,Ī畾j`/~USA*(;:{]M&(Յ0a d2Y{\tuQ|R!^dIgtdK6(&UɊ(m4vTdߜU"Jԏ(碽^=H S_'gCX߄IH|(Mw!};,PD,v޻g vGJ>]Cyh+grni\*u.y̍y2K<1~ү B!L\PUCTHOPc6NbB).g0wJ)$e "iB~t3[ bܣՈۣe09y6w2a\w\B4GL%tolx-D :hLmt a'Md;:֘mRKcf@Ot[^9*:?;)|HjMe yc L2Ү_1dgnV76zg;y@hT!սisjΙ Z-]܍?%5iyQR\#Jȏo~mƦ;vulj2j ?!s(Zì+#ێaJCpa6Frq?74L8,Ɇ-v7\iTKu3:>"^+ط"Y|)ڝ<:4 %> $W (KEؗg|z", $dlKߓ <{;~nt^ 1t (HnXJNkr^,k@u7iJsk- }|/xT*(yB7i-z.Bi/ Dc2 JR?h"yg+9xVWAu1 K1* ۦY J*?Ltl!:LLB+Y^kx^SVz)㉁3L,dáX>b SSR}bcPߍ=B{9#\t>5Zع_VMWAbd5PWBP)Eїԗ @-f8YM!IjkC=]te\.L+;&2'.N^cͽࣚlx")X2YCI9~GB?BÓws~ƊFxTG<7Qߍ߁evDQ`j'8ng6u"$r\,UWY܍ʁ0J̲Nj|` YYI4,1tfB2tFQjV|ScN? I%9&^EtJkS ZK?LET[[_uS/ΐ^6f Y!o KW>~8a }cʝO A_'Hp]EcLQCk/\1&86,@_b)!> .vG#(\>NWp$L%8Sؽ#mFp&ˡzMk;>bY%}mb*f؄E*7zeOgCrW'/߿sX&a27kr7<ī4 VTRs@M f_ё JcjS;&ntRtTt`d*(H%W*ZލqpGFRu'yWi`bvTtvF L(k^mtPئɖ]Q*WjUHjQ-m')8]-rt9.>9Z:sZOަ߻E QG@ SbfA~ic&QydMy6ڵ'Nvo+2M b=>{3)~UymȋRnğlmMԔ3 3Ln}_%c8L]*iFΦV>Iex~ X A۹ 0X~Zji{4 ot'Ru_~?E ^]h/F#hwX 822$`vٜt* 6On?f;C·"wTh#:QξT-{A^/|'j֗'4A&n'AiTc]QYۃpcJFB;B$#V!pt"PFu~۷y+Gu-GDyN{㪤s8O.v5"28h"U=^fcyS%fkovL1ZV*Rg{D̪`݂ew ,^UDV(^t[ s\e7?Ǯ+6qy=om#mnv>*ScҵT \vxNJ mMs&DP-fLrʼnwr}63,j.Fbj,朶˿:&h9oAN4q_+}0>LrFg͊UMd7^&-Nt?A!פ.Ed7x]Dm&%TIV{ޥl/ Xq)0ϥ}BSD}EKKIL`38H,=lho3r B~NinH37cĸ$2{ini/땦P{x93H ̝4乀z],XLV-τ僋l'#-:KTr%9'd-jgSŒ”n^u|DBE\B@f%[$IuI U. AWU.EZ'ʮ*Y*jK ufC%0vBxmĝ GGޢI^JۉCPY\ }?͗DZ Q CrT:uy60!x]K؜#Xy>v15pqDķN94cJAYo`!w=brs!.ӛp J->Bd*Բd*^L֨Ր([xu6iVs zkxa֜GV>N#ueUI;+⦌4trJO؝1 ٬%=bPHnݰRE:ddI\5MrDڍTZ_01/}sB/&` ݱ[͛Q@I'R̅S[;D />jr)"Gb4e"f!J #MY]Kyeդ VZd ؃^tȷSGYmkY\waYix!3V 1\O݈MclcX5R >GS룫6T!]V[8tI` |j[Ea5{(a ΂&N_2Kȥc˱Zam5ĀLYrCΒZR=jCMk爾Dj~IZ)aJm2UrlLv``,EF)E-{ i[n8"YΛ٩"ͷ4ya; >uWDf73~kAw85 /[h[ɹh ær G<ˉx!y$FH&֬28T`R7q))@*e"jOAKVPrH%5n ;7m%/nrd>2fS;˯=+?ÁCэV'h*Pp QZ s{J<)j~:M&`-ؽ*-Z0f 49jL2%BGaV3 &.U ȥA1w^J(nƿ,_Z2c^ZT.!i7M[ [(28,Eja<%u[OWz>*~:TRAC0ApJeKP~ABx::́x( Z־"GYypZԟZ1K<ֲy (5njorB_,qcn]́Zq}NOe %&—?r)Ix1kŮ餜{'B,r6:,4nw>(Zki8 M\!K&I_OTwEEK3LQ-v`{ڢ@|֗0hyߖvb3x! LiQ˺7,jCk\s]CJTֺ# c/ʳ R."A.:W[{Uԇ^?QD@ĖqaeO7qQSJv9]7[A<A}myğ~hcX D"JTgGsiÙ >9(-EК]7SR͖ ' f}^ʷQ3Aj ̬ܻ\~դVú|U,:Oi2h{ӎԣCaPT[DXd"ѕĊl8?9r}ח hY yʶ۸a(e'cưԺE=STbgçem()Į1"cKWo 6'@`ijnI[d" k] '׊`y3!%g<==zůt D OxQ oP?_mp˹ yY hm,B9zH=g59))gWC3F֙%Ew}* qI95B~s鶐yQG/`ؐ~i jȻĴeKYl^etj8d!zkv]wK,=uTY4 >%b~KB'f"u"ڶqPM}rةѨr|ѰɇvO`9{B#$ ΄-WC/?\w*`kτuo?=Zl4K6Y4˥JS(x1|A g;B)z'%W75sX S-˂ . M/b&+O>/];EОTd\Ё=0sOW2- {ŒP "E($K/q5,+e_p'zbnNplSV8e?4F6HlJm˧X-*3)pjY?b]>Ň`oaeK>A7A0$^X woGAy-RpLnsfrSK٢aN;UbS7<@Ms5iɪJ0-gQ1[ 2SEnC;y􌱶1Hd`#:#:M+Eel=oّ М9\(@!!$o? V |$ShJf!`5cO%yO0SX$ UDY8~r{}">B"Uau81Wc7bVp m TP뭖:=,Au^S~ =kXmv>+^<;üT,('WڀmEY:AjIo n8Lu 40#ƗnZ6;Ӗ<XVn%U(b2.6{lN>Ao+N t;.511rׂwsr6 4lUr EFQt7} +M1 鶜(-0%9tx-49e Dᶾ FJtpf7p(qXJהHacP( W$6wy-z7` 闼uNyczU8E׫`>W1( ω%Kd=@`C$+i??P|NOl Lwx DoU3g}sA?J6U7lٝ\o/i{_N mH9<p"Ll;V)Mu;_ +IՂ'*lΆb?$ 5o(3^f\ߏK:5HErO/biPsj?(An&8jU|꟥ZI[9x@sY⿦U(q) s`?$,\܉ewm9tڗWqJů2mVşĵhEbT>S)J6¹JB6ڣZI!ܚ[$S:cy5č#>4_izWz\ڑ51;<H277G~2s1$}3%ރf i=Yݙ~/s ҵF҇yJYܧ d;F)qv ͬ˟I/Y.od7gѸA*\<ĵQQ/yy"8V/(. O$('\]v%VZzAbbkYF8)qWTQN,Is_5StR3.@qV2ISRh ps|`1MɛTw!mZi"{KًBBߌ&j|LNvbz0,xy@"W 5[J\IL浒`np# zwx^NCo̷5,Nڹ:j%'| rB'$)ʃn޽!"'d1үH}gM̯bL*6#싗 "vNpw䀦#R'/?TDxfSB;)Tk~* iZ<)~ o+AnlǶ#FaxC^\-k]cyzTϩ23}Lе|$bZH*ĺyrTB4=QtC7PS|?GW vIon^KGq4n,ԅr4l:5t/ݔ,qv-nY͖4SFd`ޞb/PNc7gVGF F~*KϬk۾Vo܋Wի¿4ΈC~*3}1R$ ruuō|}F@=Q6(K':NPlaS;d@SΓ͙ Qܟ(j=XymDn~#ϼ4;3M%qtf_Z%eb>l:7?dA'4Kv]0R-jlԸte$OE 0 4dYϓ!E,1aW/QH/5&qHMdnz~.o-o>E?z=@nU4/l,zj G#5 ¾bYo?2w:_1|>PHea4h?+O؁"Mu\\hou &] dw϶$ S?&sU2yU45b4ڵSX D-z^>h#)N?\ގ z- 슧E_'Y"ng܂ԼbBSp|b < q{#UCy-jBӮIMg u<2>[Z <gsa%k VݫK?M'nic_n_}}3փeG)tvv=&3@2}%fϯu!a1D:iNXIIuɎ-5"{A_"xkI{m?,_tbT">̨5{|BQ6zsG(j`6O28.kMFuKW0@cO+EDFf>A#PҾ^!pðnBp%Rb`z:,ƄxN QUt|cdskmTYY4o8kx϶Sq0:O{+m$KyXeɞO]a ƄOѢJF#m3jcbI "N..&KGT,|ksKE&UBN< Pڨ.-%h^`g T}qfYAhtuI\uzk‘.(1hԗ^^$W8Fg=!4f95gᬥQ8+[뾙$(q\@Vww iBbcaq܊SR̠/Y,nj5W"EI lrW> ds ǚ8rHgZ:j4 ٪YJ*i4BTnX_%?^(HN.#k̒A*'F䙪]+^P ھ\ȁ#,،ÔiÅ rC9-]5V*)'}^jHJE?49{qvRlMܪ ,sz?1vcϔyd!L/ՆKۚ7ݍ^vS$.HdW%=`HcmN\҄<d@5EuQGMxO%ͥ{nxy5g1#ۤ r{碑æ$6{EEo8HPaY.Huh(13ZB늯UTOk^\Iiq v'ڧW,\ M~>A(%R.Kz?j~h9ѐK`u)q6=R;T [.Efo€&@aHue<^{,%>L{q o!_ /G=A%6;Rl\B!0&1!VNSQ!;v3HC`?ƀ]2ȹx Iv21>؎ָvGٜ7jjXtg+ /uS[ wj,CdstBl3$+{VĚbXa/r:北1=uj"Ο}b{,DY5Id;)TЗlZp ,xYOCrNOh\B&(yhV !(qqT+TtzYnRv?\yh3mtl li *{65I^@~ҡӞ Z&L718rٮVqKL@o^2}&X#( *u6IpWAsw؀~"e̤ȠNDkB[M/iPgƯ"ʳ;@R=xAG5chCƎ/neMuΙ". =g6 ߥ0.؎,ܥT7X~7<,-gQI7GMG*x0% UnazrDZpnl1q}D*_V×qö`56a:.߭\.wN S6sWzi[ "T0sOwu^FmyN}HG+"R!NJ[eR$;NMui0tӛW{YZ?W$dkngUZq$ɣ6S_iFF(ꓸg+4~W=ח)p4 *1d$7'B`~dRPIl wV7=c)~zwᅏu>WXFKKveiPrs0Vc iwQ^kW,+T&:V+_n#H"/;rV -VfewE<Pd8bBI4Ʀl4#\găk>sw 7TtfX[æ 4ʔv|`-4s;`] m2C5rJ+n?z֧]M l]ƍ>%V]6LΛM[O}Jwlk=w9Hn&;j2Zz-$n^=9ه^PE] O%Ou+}: 1(2[D8}.ntV4 o$MOᓒU:mh9 !̿Aoޤ-f[C!u5Va2YghX,I5 )\U~D`Pbh 0QKM(jB~uA7 fmb?hW9-S>άV'ܦoGkh]b4u;]bJB^ߑG 9ȇY?j}Xz 4Ԑ#IhgZ4녣#$QhhW*,v>