sssd-tools-1.13.3-58.el6_9$>LmX f U>2?d   C .LR\bb b lb b b b!b#jb%T%tb&'6'6- 6(-8-94:GbH<bIbXY\b]lb^\b.deflCsssd-tools1.13.358.el6_9Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP passwordZTx86-01.bsys.centos.org )CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64P00H0KS@ |4q"1FQ :bo3] 10m:+}MHOt x>tH dC A큤ZSZSZSZSZSZSZSZSZSZSZSZT VpnZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZSZS2c75bb44aa666ca6edfcd1297a65a0ae086e476a013284baedc97a62724ef0ce6326b25b05cbc95a639dc51640f511715fb807c62851544f3d40966d2d0df9e50a086afed5d9c62fa9e54fa6429b0ac27d8aa8013e34aa43c7f6b93ae016163eae9c4b9f2a0e5fef07e17180a46857e5481a2079b576147144605a4255e9fbad2be2c99d01477e36ac87633a874d963177743272bab0f76ea38db0570bb0e367074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45ef66cef11c1814d4209e16d253e8caed97683ba17adc52c90c35c7361b0c9054c72ba71300b70edbd9c95715bf12bab942623ec6a5837b2bf5e23b49690ab3af52232763cd2b19b0506d6034b0c99bf98ff77d359f6726abb7c027861be309fb2e165c73861b1a12d3d0f43b9865fa08ca2daea1cd6d9f3a0ab029ef6c29efbe179f84dee543980d6ff6fecfa7cc2c69900fed2d34c50e3a0b1541c8ff499ca5e8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90313b06097b136c5c0d5f655559c2cf20fab26fe76fca5c20564392eccdf0b5f50d3000aa080ad7a5881c8a49dd3da76fe1d6c6cc9269abdf8bc222819b42b9c22c75a1268599af05ed0cc0a04dd9acfd73e16a6412a5d3c0e498d4555e31c84e23425506bdda4af8cfd3b03f3564419d749f067940c0c4d3ff4e0be57991069c4fc3bcefc263239b822919149cda5ff37e4615f1f84ca34c0a1b625e3a2c687613b1af636877fa2912a36482b24bc0823c0b4f22749f376848f870a125435bed91e77ff47a91e4fb1698ce16a6091e14b9676da515362f6451be42bf4ba169e677417db216f67b03a91fc7ae16bd95b800a180d9421cdc2f4dc0475469db40419ea89929e20a817960d501a690a6f830bccdc97fce0eca83c029d23cca69bf5b25c78fd3eb592c4f9ab2cb3a846bece68363adca060e3ce994a98ca81b5e39a1e711ebdd751d5e9ce7293d68410ede3a69e6c79c1394990ea2aea526005a814b678e88f5546250961f8fe196461a7bc8eca26b4783fe9fed974fd577ec6abea703bda376ec5b5419141a902a19e988e4f1705248d9742df853cbab42301c2457d4296d67d7241a07cef458752761ba8bb724e2b9647eea0a61dd91ee240c79a21a224a1d29ae27e951de1133babf06b7feeb94680f851c8e898bf278bfc946f22111cc48c43bef44f58039b7e13f5d96972fa7b91a9b635c8e025f4f53eb774411d95efe410e12f64ca7ea89d33f87fa41bd7b44c411967c680b7274128b11504ce4d1519200914157e3ba9df7f2144fd42597a5f26c58eb4ff9d7aa7e54f162e1093fd8e3b76bf9aa1be3c4db4de63a83c7462b0c47d51dcae3150053145910ac2791378f73b979be8e47598aed0bf6a13c32cbd890a1a8e425fac4a61038f5638459a51e976bdaae341a3939ef61aa0ef40bc1554bf9cff5ecab78453d144f11c64364cf8e335bfc86a6cd797d3f7ba1591a3c01890dbce7ff38550996451ee259d84cf9d99c86fbf343b3d1cb1be9e942b14234675d8e7a351e296f72a95d39283bfd4bfdc79081fc113073438d656bee0d1430b484d67b4f9517e9e1a335dc9d5c7d37988a048246906108b3120a7d9ff465fe452c55515cc695b6ffc826ab9155d07bff1e2ab13d1f2085be637c43d6259aa920f94f408d8f8f2b1d239de59248760a97b39d664d4990be381eb364a0501bbac3f67b04b48ee635ea6cd9c7e6c56021308ca05c0b83cb0c0ea4d4fbd7a2810f60c62a9adbfec7051e2a0f5b29d34477b38628aac5f534a559bf3c0e060ecd176563bb968619af6d72d510a95212b7a8db0393079731272e190ddd161edc2ea98aebfee9977075e960eda2d85f9f1e4ee2688fadd88501aa33e5282741dde4bab11d5151eb1362434a7cbc4ece6145931276559af488a73f26319c36bb407ca226488069e039aa075e63d39c1c9d2836560a2312c6e811a150de3844c6ebb6b008fb79d8aa0cdb9cf1a43bf9faaebcfe61c74bc4b7704923ca483a906c5af3a9abe944496758fc8e8f0ad18083beb507678f3e7258d4a11c3c11c2fd244a72dfd9c83c8df1270033ee4d8f4e40293f0fe07b24134fd9c470fd1515883146784f08d5bfe4de420a01ca628a252f40713fe062ffc2412cfe92e68fe89fd46c0b6a38c09229518711f91ddcd5073bcb21e9372040ce1f635ef41d1caf1f9916196675e13a0007e42ec3d96fb39fcbde84bc7807d6d5d034d68b760788623eedfc354054975c58b79e59a378b94741cc1e08a1162835244b0fd3ce8ce3148d374ff988a79e8b12b994a9e664ba5db2d423a54500d801be898bc7049839217d8ed9b25ada18f60f0ea5d9ee69e75130755250d88fe9bc46cdf1a23416502a148708b819d763c72aff1e0d9e74d367203e93cfedfd64644fb6790e6df37bcefd9b53995b5c12cd376af384416ba54cd7a6b486bd93f07033099981735fe5a3cca9bf7e8a5a449d04c20c0c9a917f21e92757db0e35aa2d5f50f52126ccc2a56264a88215dd8178273e8ec26feb06488b39cc94bb3ab1f7b668ac0c35faa0b5816840161293c41ebf2c81125e1a5ead6914a501130cf747f677b00c4c4e60becdd2f27ab3912c5785783337aa0aa5007987b09fe5d131b62d51e4c44c0f24859dbf7f7c6c666a30100ead481f43d0cd3352f3af15147b499cc018c662026942e6dc93fe4a89506fcaecde2e6f54eef30467bc4422ed9178e5e3029b274592bef4866fe443cdd826af758d8ab26ef59bb0e66d29bd5e638afa602b9f8eb6eecde0982840dc302d5288d1c3aae408c81e1c05da6208ff91af41284064ed1866149d75229cdf9c31477e5f9e83f61670075fe73c35439e5f72368db8c7a0582b0fb75663ba8e313afb2e936290d917740515c4a6ef5a231dd83d15b2612a78208128e075999cfa225bc707d3dc3d420840e322b7f414b854730bb5db58efb2a18a216d44a9f2c71c76bd9fd882259d9345da4bfa87ee06e7a524479a3a259ba83ec126de750c296ac6d04f07ae79dee0b2fd01d1801ff04457071a4bdb34ceabc475857c8dcae38730b872e2be0c3e0915fdbcef29372eafb619a4fe9bbe13cc478cefa5ae70fee31a81ed1bbbd78e33cfbd735606b5e7e84d56f86bd3a42152e9cd068bebb4e779ae152a68185bd519bd26683eb8161fc53a69b169224ea6887dda3f92d37cdd63ff924451154aaf87b1aa486047281a5cdc1d258ab35cfc1db9f5fd27139ff80bc40dd6b1aaeb51547832eea1c30b3530ce6ce83c669b19c04832976a26098cdcc84bc7492112a6facf629db70fabae3473d30d823c0fdcdd658145372088a2416ee2d9b1b921c638cae5a8bb41238f48f94e5ca1240d87597fc0f19a16e82adf868918564908a90c69d91603676af9a32c792fca882fd9f96a6bdd493f0afa9334bae95910e1a6abdfcf1f6c246fcc9775891e955d279f998f47e3e94beee36bdb6c92c66b4a50b08246e7d5ad5b26b544b26f74f6bfdaaaf2b1f0de96026e1f123e1172b0e4a8cf81c6def5a6b9d39ff828202afd7196eb74ba0863db20efdaed6eba97eddad611c7f81116d237cae5ec8876bc6f0ad1933db1a4b041a1fb58f901850131eea8e3b374eaab9c4f8ba7fafe9461d5bc82c401e4c49f3bb82b18cd4ff1fec2142067a9ffa6bb94e58e6db8553bb59bb559d848f62fbfc12926972320c6b1ff62fce6c8e4ecd1945e5fe47d7f89f021bb6f80b8261cf8b50dcc3ecffecc5449ed8fd1c611844095d83f328a95a141efde0595bf1363485db8cd49c8d8d2064fa7e32bb8d9488cfadd483ac904addb95f1cc1a58c61566d5cedb021b0e7a00607592da03cbea0785a3dbfce092723e5e7d5a012f89b1108e4692ce8d4184705293a76fb9f56fe82692298a2f764fc49274392383f6940d5f70d0463ad0c6acf61e267f72f3feca4309ce8778d13f579fe68c8652250563028d777c1e9e58d6b35f0a2f0b2ebe0298fbdc90350cf56f0cf4881e205543cadbf4ed7ec338e1a084f1d609cfe8d60dc085f8d43b99018ae3964327c69555ffc35a598e13fcd24f4284c0aefabd661bfc1e66e1a84740000a4f2ba79fb17b36f331499b7f5f890e22663f9d56a921ff06997567b3bbbf6c6e6114f11835d1c0391dcc093618a9591c55b60246714852e4821adf67ceeec96e2fd39b79f80f3efc499d76d3f639c9e03e1047fd7c85cd8d50e82f110fdfb73a623d4e4ec14901c6c61a4dff8e18c0fb1b9a4a015b926d7a071cf1b5050ac02c9e1aec70aee74e1014b5661cc44630534d1a6cb2cb4bbe1158965683822eb952a47d193e69cc1f54700e924ee1104b8ec24ace3rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-58.el6_9.src.rpmsssd-toolssssd-tools(x86-64)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0()(64bit)libcollection.so.4()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.6)(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.5()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.0()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.12)(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-58.el6_91.13.3-58.el6_91.13.3-58.el6_94.6.0-14.0-13.0.4-15.2-14.8.0ZX@YyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Jakub Hrozek - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1534618 - ABRT crash - /usr/libexec/sssd/sssd_nss [rhel-6.9.z]- Resolves: rhbz#1473005 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-58.el6_91.13.3-58.el6_9 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnu?7zXZ !PH6:]"k%w+p}:w{!zB7 0YjyǭHC\OzfMlUz.$'?dz$*=:f0)+ksLa%}]ƿW%sr\eLItF\\&聛aA?H35)8晚qf3(mi$I-"vg޽?/', :bcE% {4U&2 2:lwDݨzNQk,0 2 Ű R!d "蛹mYs Nhos\.GȲ]n<ԌՐl% 2"7:=,sټfc3P(yO!ܠuHKۣХ4ftCuʄzxw]{qzy2~̤3}<8ҫr$-Ng-L0P6e%ObKG.l``C-&.hSQ5E73HQf:/Rd‹~̹LJ2G:5ˡp 6v+p ^qpAgJ#oBsۣ ?e7kPsRZS8Kf4bqBQUsah}ա# 'FG)d)E C~έP+膯Ga&)2٪S@7$d:JvL*Q/d[K312)&4Oe]1z}֌b/^CrETn'N39ZbP_ E͌j.&8q˵K T5o:s*R%@PWzvBT 4Int|Iέ2ZE-}䛣mAC.ViRہIw"]~k nM.m ^L묱i,aJ$uRJV`"V6-so4(3X?cHzدR7)! KE#Ed5 Lc6!RQߋbdEi3 ( ;'1e^8gk!q!¯p)Bg$۔?dX}ǁ]t*,QQc0IJNy;1uZ_}樤CV $·3jVJ?x (\W_.p~K"$*1 (A-Ev0)*@9fǟ7%DN{;"߆fy(!SH ֊JAC1&i%9jh.P:' 4`+6BVmB.[&:ZzD~f/]AeajϊOO TtQ3m!`}ѯˈy+^ iWEnS ~+gdd\Oj'6Kh\\q+KH-a@`?tzaVFrC!n1LZIH j/Ѿ# /[{cqe'UWR,0HLbfcBUb̄Iua;QdiJvP:XeDMјёr+V~~i:T|>bߗ|-M0eOz:usy;f? ƼoL7aFEѱUV/,nĆ$8Q@meQS6u[~'it`ɛuPҹp&CnL(ob) &%BSc EP1.]HԒ#kI"AvJk%F{*1O[ttxWL C\2"v;tfa[Sxt-186 :N}&ZhV:Jyt1##K~ 4֘~f_]7t!utɪ$k"6Zp@xO4MnXX8S4aC*$0ɮXJ59GfzRUQa'D$4& M5 __Sx!'0}tUL7I]crLUcVZuKj_!(m¿,@G60GJ`ļKt`f{o @SQf/.Ͻ(&7gmi&Axi6 Qճrܜ MLnCB@l&ӏkXa@@.Xy[m𭛻"}5DI!Kh$>'Q C>LU@,{Z5dŦ]ؘ/a @NPk)lzI˲ֳNO*tHi:ub[WDCt';]`'wRݵ}r@@\H'lׂy_02r{icduʶ[+9Ո m= 1,fHȵi˛C4p;.|Ò*!7cZoseF` +0ɩ1}}UeYA[TtDžo !y# B %jD]ḪY:bw9atiH)0j~E6j'j;WdU8ܭL*HHi{~嫶USIl5{q|ϵ {I-( 2k#&ɿ V$e\-߯ʵ7Ɏkc0n6 ̂ …]"`FO|sMUpB!A}zB>?[ZNp_) ՖS+Sׯ ]Cgk2<62 x`9TQ+2.|j۳ZU(:9_ZWKHuWr{㝸XƿOjii\Hc5L6M4N+Lo55jj~igdDDTĩdeŷl瑅w@a6[--5*t[7Xb<$2=2&ѱ.G_d}ԣ^^GwPnBRG/cq uWmʳ8=}CJ2Bdd'6)<h2l<ݷa.ǿSRȕJGHWsXh,D;rBf?Q#-<vgـ(<˰4P,6sabKu GQĹMZx.ƚ6QК\B a,xpNh SU>ܭ2? 6&e,Չ a ~_ XcTFR6y?C-HEvֿ(5#.YtP g]q=.>88gv]T Yy׋7{y6c}/<-X( q_s ;|5ow ˵}YМA=.Ҭgliz#wB]IXޅBV!*VqѠ /XE{ ykG-[i؟߱^~܎>JZ{hB#c^ /X;yΰ=v48" Jg&N&F&T=&{[9{w4#"tgW+b:dAIj:"֖VyRi&hGTI?,JP%y-[r뉕fQƎVݤIm樰@R)M[:#&>?9_vl<|y$ſ‹>!u2a `L7G!:='?0('bcdXJ[B_ CkD0h#5js%-U*bΙ)1ںXOA # 8a^ 3ccn"F%kxmϿ/=uF%\^qÍ=WqyH}˽ރIٗ)YC*Ŀ[H/Q'jgPh)ܹ‘W/K9J@4Z~ =3ВM/`kҟFem/Fm'ъv_ccV>cvo5d7D힤~1ɪ u[FX{ep1d|cttųhSvq+ӧ >j׊[7CzRܐ[ccƳvVud[ĈO"t$ B]S| dC@N?z$56є PmoteI;K.LDבeN&$<& w ި7!;h`&;t?`7rdIed5j<JR.qLv$ źXLjpi?CN(M[xť3?%EN17߫]j{ BXͦh,6ѤXEǑ[Yv`#Κtqq H˄9!E|HgĩC}3lrp{+݆A4)҄.b+/W e;Ey0ytT$e\@K"-oW3'9|b&bla$2_oajiml+8 )uԸHF{tz6%01Z^#k#*@3X:3({tpu8&arβxQ,Z[1K\ɫ`3>E-5-szV]f|\=NG5:-/hHl}33*琧6{LP`g:sʾH7|,h5;B Yp\/5I+FߥtDg͢ygxAQVB~~l!zӕDL-oHMe-1Wa!;]'[MóKAnDl:E(<,0[SV#$9WHSnz^ _B2 vHp^V=OP"<R)[I.b{M|Aރ0㚽S{5xᙻR?EqAņ */T^%WҌE*IlÌ\'OE'[CMU0>?M{h88o8x-e6L)fv~_~u1i7ś$3An% 4ܽYO۟- X٪0+a!ƿzt=;Dy`+ffC?DƩfx̃ekĆحȇͮF@EKb)́R-^MdzBRKR~]̉ LgjjG $n UKnIC#J+3BהMB% eY*8*4'r;x=Y$ˑր)|t*S4.!6ѲFŻH7#A.{# i7.nA&YbX FZRj-Jt/Dn8K bV쒆z.Ssz.8:*ŋ !?;w^C6fItA:oVi˪һrZƑf)D_wK66pr21⡱VϮT?tGta49Nj_IH_KuF8RЮiNK?Bvbs*'"a_jY]SD^0asjhyGX܇ c3{t4k4.~B'.Am i `R W%0p"%q.0J" DXx?W=Պ`;8~[;jDɖ : ;HTQ҈꺙% !|jhp(Y$r|+d[G4?JޙjLGlvtzH7kYăΕv)B.RH027ڧa9L9?ᒢW̧& _ǧqLsJG*0Q5lIps;A|Ydz[f,X[xBLyV&1}_L9MHܬ@.AB[ ^gڻɏE% x4_qnO m2ef&.԰ `$5$cECʤWH+: ԤuL% ƧI "$ # vL('yT)y|>/aW\}ifP9w){VsuϚA{ﻵ 5 3N(SHPIG0 qY7km84?D%6H"KQq )hL ͪ0!UPj.4I%MB#$MB[O (Lզwپ,ND! >y"3Z `nCS:W  l@1K| RpwlݻB),לrYfd`20TKlRZqjz`>ќ/δXvC]yj {i٠k1Uyq wk%R="&2`M&s|%Sv#d!+SJfZ["=a~GS,̉fa,6*0 ̡*4χ;e?GŽ71 @[cbaٍLĘ#2C)\&IprŞo=PSसS<$*F[4h%jE߀̼B+m2}ʠ -P"B1y8)JT eִ\#^)俇C>"~u=X^ Rb JjV)*i;W&Gg.BJ|ůFIͦ :YP!34cR SR29Ѡ &kr[5ש! 7v['Y=՛zn7(SƋ 1t%Q'N<#ڲΘo>VNw}[%Dvԫ_gtUHi/1}aY S{2%YZ^8t{۾Lh@(`ߖCQLO& .d@dB[maЛ qȱ9yu۸|6S <Y_:yp R)j 1uX 貹Er -;wc Ql01F*iY,{,2KhM0G"=\A5*u,'9hq)R%V1Up\NwE1XNmiPnlwI T^PlfѩNdQJt0unEoo"; "D4نe5^=vYPᠨT%y^[݋b7(IdHen_m<'e}BG^ţĖ|`WN.̅eCHCEDAf̶44 UPL J6T4ڒ*fZO67 nԀ4L yn4D#uX+'P }H}Q,Zޟ+& [|'ө ;f{ɪ4mQ7 u4Wh}xgRٔ?EWz˝Ȍ!<T +S58,:n65VV{cSƥ7"&.9$, cEpt8 |= IcڦUWY'p>h&"I:(^C]vGYzWp/aP-I&IہEĮ0NL2CƿEj9l'gI~?c +W%#STIn_@Wl!浊④'B/Ωyx_ckG{aV2niOoJ3/ yv%.r/.$>> ] u),(ԡLDs4"u5"|$D{><.ϗO`»r-^mFz|Z-F`l^qrhDl'*0eqZަ2D3dxU/ HM%[- N6Hv,Bo;iZ_B hUDOIDVC<8v N_XBlGx*X?i(i n`h案ߋ;rmHmM"!@:0,JJm9ܻs:3g~F+Z~O%>lF@}czz͋26RP=hVWT^لIVx@2(HG)L&GKָYpӺ#}>9XfȵTT}ޏ3<uό/"]6.8Du$ |;=n:SQ?l+wyk1\j+G0akq+Y31kI~a.GL?ܒ^P0l/`.wDtg~+S*]Y= Gj;$1>˺.W qaߞ7 a. 6z=FEbFuwC*q>~Uy|k9l4^u$wƜLJ׳hseR+5m.=VZ*5ʎs(FTv $EfR8<@0# o3CC8,(=Y XhxLj uwkg ʪ 8AُZ'j}x+&­zN{[c01ΪM6o_HN?LSgͲw CV&Z2VM2#GhdϛQ(Q$KH6(&I'¹;kORb0mqWib@ۨ#{2SV<y_-!E0帞$B.ծ2~J=u:Ĭ;Oka ]ȫ؛Cm+ܞ̀v U~ڰo=Gl0` @n@DڀpMS?=6 #g!3AǭwV/a`AtRdIĂ P] 'n͔y؏ՖQ0+ _QEɠw^+N!O>f%\>JC&lOmWV`B{y3?X,KȊn.xQ\1:Dhe!/VcBU{H9޽F@t%kҪ+.ʜ7 XEr~nVh? ,#>!/W'h#"iAAߞJtI+D( zWdAKsS0+V)5pEgBH|θxܨV>t"+)52¦|X*ES+34JX1=bN+OGⁱB6x6?a1Y j}&*fS;+n2lzP!mm^{ewS9*Ԍ+Z8݁Ezyjֳ(._<ʺb_QEl=lq> EzSTqS_D_}~M}f6AH3==9Fksc$H:7 ͯ@\;?kAMw>lEEz*Q\+ Mdf-ˠKQ0'#v4Q=7Zq`L ZJ!G 1[Ht%%CeڢU?UE軲㹧]zYg"kIwf5b7üGesbjE_=IZ+sd@d&9OʪS%ue?Cc[ PrgN =qHxz04m! Haj Rj 9IS1k7FQ/Z W4-^ IqݝԵNLUQͰC](7a'8X H,׵k?%]Hlů ]3/GV .7=LB ]kJV}E|fcF(?c#q K,S.tSsRU s,Wc)&x0yGC+Ӿ2:<)ȨĪtDwY];m}}rm~gUY65ء:$-צ_iR~q @nw{JJXf`f$E 1W^SuhfVPec# | q+{P0-`ZM_KvH)ε)?mo2h <{WtT!#*h}᫦\ ?;f<ӻh-k)͖ ڎm̑A'RTQ}'iurk__a.>w=Ył&ut;rɨ:G٪t`~֠[=&*nAsl㭉Yҧr 0M9688(I8 T(;\7^5ԕr-ђ Rz5nZqUzK@tN^}H''2q>J8qqR`J~[W`Pr0`Umc4KV^0Tpdo^oAq7 u3Lp0!)0R9x<S 镮!oSv#603D׻9'J9(am"R kxh+/SZyڮ%: ONJ}ZMľ5{C6$&F+k ¯I]Tbq$/W{bg{{l bГhZUY S ;䢅~5N%t:ɫr0%<|J i/z a[.ջ-Q qkBF !xӄĨHZOY ,= l Ϟ7_QN9)oC`Wa{Y[~1' >"?R(ƤJv28NË.K(f.;IgRtY} HCf/jFiD歝pRlXwakUҒPWʟ=E҄a姑6g3 Wv]. s|8BTj̄(}h8;\^È;T)htÛb"1k(!-?I=%cDhcIW0qtwrNT9&&zŨYQi*m5ٽz憮9[ߞKtL7!j;-6Vbk @s?E?1h8^}Z9 uC)̋o&_BC"M\1*H? KM=l$~yܾu<"O;'/u 03]/J4P[@]*%M[dQuqfr-$e0JiV@qTը9w7L;9[wxvK/JɼNWӏ$hIh{5'O{=Ž^8M,T{~ףb{)j1@A8 ~طuojp$}d ¶ $n{c4`\#jXJZ%.lb=h j ݇jMA݁AjWyCFZSN*ใMoJ\\Bz)%5ټ"~J8qUvYhp'!3"bCw &%T90\q%V`G];Ě҈tr3$DĐ%G8]a^JG tҲ'chh&zUHj*eE_lJ$s:`zYg0sk%x q3tաE̍9D)<:ޗvԴ\Ad.E[ x>K)oۑݐR0}-HxgR$ !LKT ꡕ82P.aCv0"#Hw {yZn9w˄]wJmYrk&ۙdYk*Mq5pI*2y0 яvFCXyQO<^"sA-:Jrfںv*)D VE.Ehbm{In)U@\!#yZif@}w׀ni5Dya)b~mez.8 " zGo .TM_02Ǥjd(mфYF g28> x")'0r!Io+$o:[Kȸrb+tyAf|س$ITE3Y7nd}ӷ*p=eM7XB!\RvbΚÈK 4`m5J e,67 asy`i^dZ}E%SOt!U4}Ej.s .Ґxb.⯅[)%b4u>L5_9;d1C2naa!#\rk,~d@D|d|(#rGUIE)!z`+i ׺:ƺГ2\/d~ v%6wp`-ո4p~ r^49w&;d#jt4rn=+K{w:=cLPض 4 _?Dp%#5}f@,n 6ڦ 9縆1I\[Cϲt))ekE;;B6=<х)b`z UP7*W,q!}9us'woVZ&311B22x?% 4M"%p A +ڤ[&YQcWtGcU:70}[?36<:Q/v8XZS;u%֦ȴH/U)`t39(wWQ~]/! si.h{iU0n$/%/`˚j.|I@P,SH4hV禰9[_E4f֣D.|f_gra:i9@ µwFT篑!g;~.D5|&2QjOi7"tSΚC 2l1tEKmJ^ Go~cVq 3d'm6_vA>tEVGl9m[=@G}L*2ia[?c2s3u9)PFM; I$ *2~sVj{.qtB}(CrE)yHkU.uΩ,Nf[OB!eț`LዌH=-ꝃa ~(֮>P( ˘xF!]uY)3}uB_V7Y*ϼo4PTT$iūtw3+mU`-}g]!g=W]=Tޣ|@]u6xSA~ ꅸ-qpR<;([;G79WVgZ/[(d˒; D)v<RZ/$1ΜSw+Vuۣ"&J\Kchƍ! '^]Y0{e0/eYq% :s1ң΋sdc!( ?BhZXq2ig3WdNƙg'vbEYͯW,.p: $qC$lpO"g$/3@ќRV$#Scq@/! /ruS̻!7tN9YƇȟ;zϝy'})GV$d*.Ѯm{yf`m _3V>?R8Վ13_ѱ@GVxjLȳŠ#cZo8ʿ;[XWYw!nJw:*h-1 se/:8,r%S#&(9IskQۤ{ v%/?-Q);Q gZ5t t\|M˦GZT)Vp4~Pu#q؆鵺! ~A[0kT8S^(m je)R3z,+ӯXDgfEsk@hQAQ<ݍփ YZG5K IƸTMƊjޑ-i[ú˼!ZPl GVw0z5HUw̢QӠ }j냞kH<y(.^oR9JKK߮cyMWuVjMτg_D9rFP(;lȜT1hY_Kj4>~vgis2 `3AjtX]޽oC* #/5d R)w'h0?$Z 8BڽݡCl|iƘ^ݣ'DlNTXU#ļDr;A!WO| OC'ܚ& l3E6s/D I+]})+|ldއɩ{MH}EQaɃ3 _mRhBD0 W= յ&,=d[!Z3$M}\†L@Nj=E 64㱳!y!@~^Mci^ϳ[o2_p6&*]ƍL]iAt_ӂZNTHqH>#^ \kܐܚVg>@ ,0DEuG@ٷNQS.&\<ƶgm^$wnk}}QFNfQU-]cUd 6d٬x nκ}}j# M @dì ?j >3AgBfH| TeK,fjH` &[>΂N (w=JK/QK Oh;kJ*C~0H?]B5r43܈z)&i :sًolKХH%Zk8} lNe9lw-5|99g}eg}+;|v*G[88Xmߪ'ssG `|W_39+k :?A"Y5 B&f195$ rYec"jrP4HQb8ydv%l|rv&6 BS]&[P-{\b`i K(ZԘg y3[9ʋɗny6A&\T@+ x{(P!{P,id5l"'w^ :tSM qM)k; !})a|c!9¸{i'WZd;02ŒvozmLk'e0\jNES16%z y6vm`IW^)9nɆZVdS]=C-JHjetYG`)ju0(BQ~6H(uTj:hդL}d?8%[82>ɥhf hEkOٲ+[p."ɢkE'Y5x$ǣ҃z-%)tسƚg9jj/C;i + # 8<Ͱ`! f׎>$n'x@NX6EV25퉤(28Md0םMR~KZi56jN/ZΝrVal;|=imȌ|pxP$&(zI5Angid [W| #wd~o(?ᓓ8! @C&2x%$ : V `)t'>^4Y rPa{;˾9}GƲ;úfo觵Ϳ`wL,}9&{?K!=NK,䣖{nh2oB/dZrob.cPP<4$ah^C&GCuᇝPCƐ?ήQ'`A[?dPkɗ| c0P؅zU|-Z+=*FY~d CnmVÇaO!8Hպ3tf@8V_ xtlй:KB!>d8vaQP<`lKӳc$Nfv@NQ_MzI(se֧IF8+HjG<'&j5!t|6эKlȉ+GŪǙ=Hx`w&IcT >M)K.|!uT5t1w%~f]!VlLVcḮz\ %2V\Zko/,hB"@t*@)irYAM"5Y +M` vK~QN8ɑkG0;b6( z@i0,;AGtz?!ї9qD0$4㝨!bN-yN֠Wc\j0|@pC}BudK'~blO:V5;qOdj q1l!z`w+z&\/G[&@%lW Xd?FD@UG*,VjQ$P ?D@mg8b3HG 3ȈDM^43#-R3sq5%U:QCy%uDMx#i&FWE.8VN5jۗu%x蜋XX$ epblǹvjB<1!3M++3] M E9h:bR܅H/ (ybiKp6 @ 눊^A ?Lp,.TEYN÷ `_tTZ ɰcZA$OtTv&޲a[BV>b sZ5CK+^ äCƀ HY9s9|1 QF/Ygt=ߢf+lŒ.!]ܴޝ'C)ƠľWV0QU|zOmr.5[-3S=P+fV ڨ2$fjȶ0hH_k"|mb rmkU XbU6Ot1,>%OZvQ "8ف0Alc#g T ]4U!*'1¥+>@l!Cj%lj;Nnǂ5RE+ m!%]TmqOЄez4a05SSwċƕNTfn]QB85Hi>0 O{M\ExC{J*2E'q {AI*FYVp0U}moT4rru0 DUhTJ*nA u ى"rRXhtK;S>G㴩q65 eEZB oVfo=|xR8hKيkQT'I7nnOJf`hAOa8p*/zY"VSǂ#KiP6toňQ Ss,4 ;|``k@NPEw} PI!;(R&_$@!}û8Lb1`OoQe)=ԺJm9%" 톭&~"]҃ y2颒Q]/ݎ#E ZꐃBoiRtP>eq$?R>7Ќq KbBM]E#Σ=l4<w[ b =w0vKK3eF>oo gb/ m} `s%Y';TL;n\UKaճ)?#ll#dWRҒwBdeǟк Byj/(`'-Ti,!wF]i*~{l#qSsTv!i@3P+cE 'JHNoSf=_Ņ>)7Ń2H#gE )JtQU[CKpzDoV9R@ڝdu͇>dw}r$ޢWoгr5+9$ $>M/04#*,Dпg>ÍK)0]A炢Ku%I|ŏvkQϡoV6Y!TqL $B8C: ~4sǖ(-;ܣsj#jib+^v㨆g+3de4GngDu91nbQJw/_iHU~t5\GVk@zх TJiG{Z֍#90(Jz,·PDNLl[5C^t$U w%%6*o:[=C܏ ,i.e;C U޷ܟ%G^t!tP{uS{qxENH ?6WH9|lDA"A^ 7j[egט/2Ic":%RQCq>yXp䋬 ؆ ΀xrbزA\rI ?Kgx ]ńkTICyj!c6: 2W(qA_s!c1{#+4ё!wdd W({NN /k1Wkatn~lF;mV`BUvU Zz}RcQ XX4@LP^Q&/ x E)tofQ$FPw7jⱄZh!I77J~Kl;u?&rhmPX ^&l?v|#jv]+kSŷL^̵ݻXl^b #T!`4t$뱄'0D?&RiB3Tծ,jfYV>)HRb̀1NfS8% ;.BJIضkEŀ_蠒dM=yL|W>ʷ/7zZlސ_`脅qKwKx.^:8U` /IֲajK^ >Z5ɸ;7s-'Rp!/k-{<{Pk$sɨ># bRO+ e*{چVmwIJ$.,ҊLj6u7_ =d\ec /@ <c To64Bf&d APХ,}%0z3'?aob@{`>pcH)$ЏVz]z's87CFtTpه}o#k$!oŽd9+;ͫ ?م\_h p<B&kb}4YK,hJseAgfMNTf]u9*(y3q N Z( U]GIQIAFar|!CgzW鸽 F'mna6JZ LI\Vn&(g-.}g$9߀1:NB́Fk >71Qɩ)3xR8e0>>DCƇis笣cXSlEA-T&RiFڭOxtn|"BKPl;"heud`Z:]{4w+F0JQxB3q (;ʸ[z"ף,""~&_+yqf^H.Λ\K9Me 1uǿNx6q[YnCC:|xLׄ_S(,{&l!ebGHӆ1?|G#8 daNV]Kƈy{mٱ ˤ7~0죇^nAKV^WcRV6o'5MKNUTl.0,6:_@NJV`-xrVw wk*+01r@ZL?+iHܢ1 D2@3nQOKeYp[Zc: n>+K|sHL8LauMȧZ77]|NV๢. ':0rz8k"R ?\ltPL2fHPI4ps^sy|n_ R0>T6Ǫg#J7e`JLۇQA?e̞rǜX>{)x#Ui5\;,(lAһkW<4?dv6DUFLjf{r6Es9y4 }0Ƿ>*qH]W`ɗU,У}8jkcknsbO>h//' ~gF%ԡV ?G4 qIvsNgCH䱜UaEg]0B{y?0\𵻦L$#Gճy oEƷT `ORxzC;U#.XE8H{՗cN^+kzp߽I}G>#W jE'wH-M͘Wv-eKdǢGovJqmKygrXlg+lp-9rhC1[aeTA^6o ]χ_kg^Z&ͤ`_;KdjlԬ3Kjo7nYï2!8<=cgmM;%dV4)3 u'V^DdN(Vb"v[܄Yh?1*110Ħf֝;32&)~,Kln@ZYV^}P9-ȢfH>5ֹGldm>$/;E3Ӥ:Ud{Sez~ Y&qF6"kK+kIy.UEޙ\\*{be6Z/HXm̓ հzcdltA l9RΎBFwScxQ1' _WtxE3^z^|y!F*3& Bt"^qZ~_G eL]?,{Aq8e8V0`J+]*yrFFp½_ @ͭ\?bz[$%Vr6 Jp҃!aUKb"͗y/\-LD"O>e)⃓&aX{fteOP5:S A>IVex {o;1ҝtokMeb3HLzs':%͋ҚѽoT{C@S_\LC^W4 Og;Q(5|%TX획(rhiM#W F u%>LfIt k\`M#.2o{ȸH}3YNR" .sDj#册qu]IOH"cnhi,3XWuS{3_%wiH$wjqC?/uy3UjZ^+%jMo ue0>.LwTYhAvmd_N3h첊H9UoRz(l'muNqLh|;!{<={oI,n ti%Ȇv 'Kf bERA8䀣9prXa`&%ފɡy\YW^M 9 O˵dbx(iZ^./&l%b{v5( FNŨry% ;NNUczD:dX1}Q2Mtr: W,Ŷ5dz7~$N|N :ZؼjGɀ{}VhsVn Eَ-w}hf4l}RE5>>d5Z&PεYv%e * 6;iα#XDp)& Qh39 9 @՚oD7z@ @>n$Lm6}gĀ'LS+{312p1rrŹB㽄ʱw 3~3! C+}v:U,榕x$: `QM4գig#z+mNF/IrU-Nm,!Wh ʞ1Ihh|ɮ^Yr󃈳qE،$Uĥ<,>۲9p7̱1H#4k0BE>IoU,U9'@QP+göeIN7˜<-%RT!v6)Ԡۻ/0!o5x xڼ@7~νQەz1:OibcKMFroigjw <%UTo}36XtO,bfa:k=Yh*WsXpkV~1OYIɋKYw7`NÍB`E2,M9jns+'W3=] v/D%^ͳtg2)7VyqYڬKRN 2GyhU̕ 4֧[-`/-0 ~{I\& v a҈XX,?'Cf׬jx(eKΠ 0M~l4/'7Pu?^2>krzG6˷0anF<1v꾎4}&=I>${Rp5*cWjJ)19:p@۲)vPM \!W9v7 &=5[Tg4vW%O^~vBOQa{)Fo뇕=gT@%Q\6unarZ?'d^;gDz56%xL"tU׫̄j_ tRn` ۙYe^zT6r>#Jf(0${3PVúBz`}IӬKע_n[E"YAfg~e 3Сj nFhӕPAui|ũe Nd>DC=0 s g]B6Gunlqeg=ig<XZ$8x엗 b% 9TTpVu~BBs1,s]M$&ah7ߝ{քFaV o^*Gh-SJff$LVAV2ɓ808*_s+cN-p%Rrp^va/S#-G ,ܡH2MX"yx& 得${*(VDnW+Ql-;ⷽ_ljhNy1?>q1A!J ~@Tq.rJB#7 X{(7g.ѯ6gP'c?Xqp)!xUQR"pC|<'&-6pfc6 f,$4219TFOxuN4::[ផG`sV#P0q9*/kQ{|K+8 )Ȅ9Vj a KLyG$azQTnhiמis@h9pjq'O3K]o^Յ70y<뒗"/2a¿at(mUrB t7 BZr&rG 5gQ0S7 5TFÅT I=WH}jLe`ژ*(J xErށDDDތPR*h2Ի<K)RSf.2͹Q>@cǂ4s^4@ 'JZn./u<8? 2&Z/]Q ޱ ?rpOmpe#EVF;ekW-FzCnrV&VhPVv*5L_1&ܙd"dj)cm]ҌE!BXNiԗKi(XϜ[@v\)=T+A (]'y8FĠ`O(KzmX@sB-$8pـIH@,AV m~/R~<l˦ofTUNUmw*X/BٞQzc e2uN%K '>,hC=hsz낕cIB=+pLy c6vy00\L;D"h:]%1!qWu]NLqtS erɵ%Skx (4ȍ/:r(ʧ em.8kZ+:!sAYHu>)8d7`DvF?X )+ʅG?UNYvD1HFGϊBVg:)ߣ_&^)hen]ۯ9L4ٍ y-Ȓ}E+2:RABF]Mw` |-mA'L))a윾lιk?),V;& M63!LGojS5rbV1yLGX+Qv ({#}{CJG/}`a,aGl.BuPvm5ahBolʳ˥㽡ِ1Aá-9m/Xk-_9p;y+Mvq8Fnj|\FTB%dkN2e|t .}DK۱>Q!82<ݬ: Ua!yI\m&'vEwWW "2*.l44 ]/U @>mhGt$:gV'D80YeuvJLpK9,z}rʙ.&bI7J=/iK&s"&ox;!yd6* [hJ87q :`>** v-vS{9PLO f~+`~,Pj{K;;ƄHI[nt?X.55/q߂$(E!5Z |*ʽvv2-!b_OH#v`%ja3Z']n[N|w nQL(kzZ}>O͐ 7{ss8۟.Lxw6rʗ]V=ccN9A1CzW VX z4tPĮ)eҐ3 aV[cQwLcHIB9|!A#)i#BͷM\ƬCf;`cmU YY#e$zWH+Xɛ9S~}hy NqbF۷7,Z降;{ U>m_.owIVv,@s}is1P(aB q.46 5a LK9aҷغan$pr3,C:^`3r&86GALDI* ;YT$ʃ/!!/21[x% >cx56WdC_@T*$,{|Ӏnm/3a\D/9T5+^}e9A:-KQ?J֝. nn@lo4:G&lKO,JS3 [QPV\VQ|EDCͿTc/H;X`aH#j`U'ɽ]},kugR(PPq_dmi~j&M[ӏ%yP7Jr?~wTG- kEY_ld3NM7ka-VIN-l+ύ639Ps5v%M J i;sZqID(.K<æl;Ӻ^$**ADoz&dH.$Я@q =Ӄ"I,Kw  ,8;F!8TřjۙBW v`{MMd?V v"lR{C*nRvH-lo_GLNHvu[ZUՓZ[;7*Y4Eä\^) p̅iK,ISEtTTW p9/ZSpݷK_a #dhjOX#Ƌ*YZQyu!ihw,_5{YO9(y/罨S+ݲS(Ni|S"Tǜ$]?%h908ra' KS\tDa࠴F:1}3A;n<ҧ ?MKV8Tqzi[h}0Jʉ>^^#v'A1Уc$px%n)XKw,fǝnW\}\e:Qb3KHQrQ*Ty4Kix26NBXcdșT| ycAe%:ʘ:gRg`\UQnm.aI,c\ΕZХ?lf;Z l>a\R\Uo\-Tw@i,6x:Ă!CTo.DO=JŷbzUaf$#<:szO(hdojUe;u63kE#)NL)OaqDՈ9Iu׬ȄȄ<͢d3w?_Q*.3Җ{ii6\HT삃,CdA5[,ͦaʔ2DflWY6ԯ ӲliQR"RL8FX@W q+7UP HPg &tn-{r-x՗ =GY8hX}m2ukG֋b sej dX}.XA=U.< &;{KrXR^AXb9 He s?#M).S"{rOڅ6{S7 w07|Ytt2]Fd^ CŎňjk{@W,\e4Z#(HrTʳ(2FfLu&s;am sMϓXWj2)'cn>\NCF|GF0䧢=l,e٦BVԧv*eQM3>, ~_(Fʵ=*>+0ǐ)wnxC2*[Ge4'F=؀C2SX0x~XS*d'gMi?iL9܌Ƭ C? LT Y`Mg]fPޞOj(x2T 0_ w!@ q pBB5zqn) s V\P$ܥz YxW%*FMv~x>$=fۊϸQ8X ݈>؁|6ڜ@-I̖a^<5s #2h$$SCڥXlm3@6iZKNH7NND'etUk @4{,_ PDpXmŭV#%W"T b(+1vvJuE/`.d_ $* CG!ThF"hQ*Bth߅{`Ye㓝e%T#՜glL\n/ (.ue/~oTyONn7*;yYrt ?mD RO)S[ҮпzpP@v"PVE>nZ(j7+6 gHRE=96⠜Yc‰+tIgEx.Z@ƢUQykH#+)s@yM- QS kvD ۻC3/ 7=Q9v☨%u̫ Os+,1,?2P4O){Wc rv"eQg[0mI}w<.Mv  gXo$٘ҙM<ܲ5n7"S_,>MAj6 CŴ1vݳf?@d\c3r;mn¼Ê#xNJl4OaN QQ]xm`r= I-M%u ½>|*$51TfO;|¥:~ڢ ,@Cc ^q2X@\jeae2}Bj(5e.0SAo?#jVsȲh'}I8,/y=,<S&m A%}?.J 9ޔ4 *YuQ,,vLG瀮*'BLǠ9& [f߳(A˩9$t Υ0 l$hZ؇4+<`NzC)D2Dega. ̎T:c%#6~IS beF$V0xf*:!kE5~dpu|%'v C؇Bwud]A*_o)1 >3ǘfOEu0~Qv'6ThMbU6 ӤhFy?R^opMe8H0N]vU l'@歡>L?MSaB_SSJEydIoQS}0Y0YCcʤ6c19,pdt\d(c Ѷu$?֪g/^},zl謧cRL^k% '@F^dC?#,>~GQ AcPi1e3TD4 t>x2W7]7/WFCߘ7xxH>`ogU; nvB]v&8O_%K[u=x5`t{Z9W&e5 k1{LdEw # 'e (8;,N%R?MT,G(\?pkPJ+ =sVf8ff Q2*ǘ^9#8(Bg6fq =n~N\nI@#glIs@f_ =eI1vzmbֆJ)Hn\Zʛ\Y HakuH?WԂf ;MaPb)lK9#R(|$pFV-Şj|C2Oy3ڏ_%C~jw0|=Ql ^t 7nY(9tGpKqx -/RUrQqԅlٮ_9! ^Ys -|l ¸8"Cv?CLIs\~ܥf";0԰>|pMsPKiu5; AbYX׊h"~e##80Bl{%9^*g/Si3M'Sm)6ޘ,{KFe=HJ*\5hLcU5sc{Nm3~r0M94ڈњF|$N6SU0a#BDvn/lhcӟ$m4ܹKFܶb(*", NE"idTY q~]piވgc5D2ó䎤Te#t ȝ;ߊrF.:+oH 9[7 B_C-Ȏ1yjX4R@ĴO4Md -f\d0f&.pV`.O[n mQ|ӛYfג$֨?"E*O:^'}{[é+Q ZX: };ָ ˗aYF*H̜2"\r1)GvXV[+q`SFw|OԄG]fQ+'A1H [nC1MvnD6C۹"=KQ:#*>ں0 |#n"YJ.$i1 p 4HOTf=Kh?/e0Lޝ~Q|AuHH۴t}k2kv*2w5OWsML^϶DEÊc^϶mn>?R=Ry> lZLpv 䶬hpŎ8›#yoB_{ظ?T;`\oWsѳ@%m /qWo*]UJݽm_XQ = [wu`oMLDk v4OHE1NGG=vhcsR(i|C> Nx&&X@ vv~q5sA)IyBPGLha&׳h|(PB?s#d(q$ݑzר?  Fڼ U|ɕpN埓 br,{ r"QV04*cUz>9-N#H\)GQHws'r;@/\z J ۪LV >x#y%DtwO/C q%xGf)TJ2]%k&iӱxb{M~`j ަp6hS,;/PԙRwbh\fɚ(}:e$Va73*l>;jy r]dXBq-gqE]-k3!. *j $B˪#dmiondKJ LsX{LvX FRi!HF9S&) Q4k.bLeڔ,aVm5obˬ(d8'N1([(7O*hL_ Ifb 7"OuiMGU&V6I"'4X|dn Q Ex.|xU@sB?Z& ;dFcTo0*`IQ^9m|~#i+'~˿{r@毗L˸ش}aUk0b+C{=ožŊP@%P²i(s0 :c y Т,n`B~dGmds//"w)tY a㤯Yo4ᱶ 0rF˿KB*k#Bv > k+'JK+tW|#*xR2% tg5fƴ\gtV̖YH)kB_ījvN@ܰA knoGf=]Lhk1WdXƚ vB6YS:"(@w")ݛݮin,5&ulCAc*(kti>sбOR>!/Iԭ.vRb`?=]J 4Xu=zS3x1 @Պf7>ߙNfU5:B oio_#LAbm8C"ԪȊ쬒1co tĉ^ M:];L#v0Z&g`9Ia"۶8cJ,ncz޾!|.mX*oYZy8]]E|[667eb&103[s_vO!vt88bdzyʪ-¦bAI'AlYA(rNtQTQ15, T[#U8Z9LRoN1 pA7F"At]@Vp>xm]b}oq~Ẍ́2X%ōZy~qkWhm5aKRBaySJ8J(DQ&"3^"{ٝ qJ*L4 ,Kv:?4]^gH'G6Y9eb4K`uJ*h1 U4t-273vTL<6O>  2XOWz1C6i]d!P@ ٸ+>_u%;]Ey3doC*M:UnႮicc\q̲^IP-jlk-ld-EbU1703] "泀!4O@[هmbOتdpxլ6sN4xH@qҰ^%XD`Cb{f/YT3b)!R35TKʜ0 EPCQȥäQ ¤uJh4+qpWhkt<\?*Ncg~ KʱP$#\Ͱ#%2D=")e./m~Wr IjJeƼۛ2t\S 3?FVwHM0?Ylvx8<$g *hU  =pL=YU Ѳ*20gu n2ʃ a?aW(60Hl9agCF  v޻uy mXXVVMbkas~R*h<68t+lӽrY׺7Û(0O(Miw9w( 8(V\t;<m#PuZk9 PUŽucMktn2IG(m% c{: 61j\wH~QL O{歌,rdd* .Okc+xͷQJW*^OrkԜM\A+Rb_9 a@.TA"~!2]aއLJVwjMCLEd0'֍A@hE^y_=ě*._/ɩ}k]׊X!ݿg_X$Y']bHRײQ 힩6Ӻ.U4il-(51Ħ񨬏MzQ[*c Z\Ԋ '|%dTc}κIwC#Axn>GfB߫ػ-v][.24@V&Q*l`D+l!GANV:JbAj]ز 8=^ bo;`X/W_n<Ѵ5\voO5)[k7nIcÄLK т*ϕ}6@6.xTF*~ ==+vz!R7Zh'7g׹PQ bw}8"dsPLhE+1+hg|_tĀb 7hfӔ ¶3LP܍3ɁjүU YJz"Oq ZU-7ޫ^~­Q0SD {\X`ֹaqgld}Y?Kպ~W[HK-{i:U꣉߃x'(lb~3>4>:Kԙh[Y41d,gXe/p-@w!8Aíh-cWbgt3Nkzo)h.VcH+maIևX;GLXE,XzHO;J({wAJ>4YP<>9A1J{ B\KFS[&ǚ< ŗvNdc|P7i90t,-RDnKѼ܀TA{aI]?74=Jjsո,vnf+oPP|SLފ':xrήJ7ȥZ_^2qYgm$'OrQ&~dy!Q0 _:Ab HZZpg]˽8=Qqe z8nNtך _|^kH~7XƢdE{%2XJ{%0=ײϳuxHRTxze݉K'+$A.A&Nq:d5sts:{}8 {TEcLKBi&>~+ລHM#R<,z 3(⩁X Ÿ)7է&$qtr9o:nڟ%wb5E#%5c jfurgc轪Fm+SV QqHvm͍l}Mz3 ƒi:eh$Ț>PKppC'K2)޸Vޯxkb́v&;ƔZU2E㣖`-P&B从8lRo +eSlC36ho-ti&F>×#aLʛd R 7ppVl-cZ?q6aQqmcgA;,"?MU~gR×Q=BӶ :LP,Xz o*^<"8{YNAyY{ @xRyiwRN"@8ֶV)]"n|-g-?F;ec>]ic<8'}x@].+ ⥗FM"aKdLq.@1STjeke&' ?8ӏYܻ}/kk|@wkg؎*%օDBg'2LV-cuml1㧨$%Ю~R 3 Gu({n!xNˉa,E@20Ά6-tE;,k倖Vmܴ)SqU!1aH$T1r|jk"e:i8Rזf `?\@݉D糷lOaOEªO|ƽ1b7ʛ>C${Y~\)a\@A`}g_x\3o6QCt]ŋ筏Ո@BO׼)n1)^z# _Ono+p8 2n̵Խx\[b*,-1Xv,oX Q&6oKl`e)ђeR%V:&8RۈO uY(=k,<(XΫfEa6`G-#[$uE8;눞{]3Et#jTZOA"utɧPRz!ƶXp&#k >SQָgԦd GRl\evfF˽F}$x v:!s9 qN.r%e"_2^jB$u*#.>,P|,I(N*nzlb D1wv\Mx[Mq3d=N T?(QWTUVG6L%Cpv:$Ɵ^oT(I5Rau"ć=H{pXmSB~.b4rpR%GNSA;q3}|ֽɭM|@|7^ >,n<$g%tUEp0x {tI,Rl&D*jG"FE[;t0\^q.qCTXo.]q-(WVwesMH w|p!M ܻ,%ZL"% rIg| (<5Osai )hd-MwsgkiN(pZe 'x3A|6Gb1>@XS6_1R0:o}oGE'-@Z8dq \@gJ?XIׯR&B9l#xQJI&áΫ-{]hCm~IS-@2(8iQQnQ[u,0d'L|,o:Qjf^+ݗPsM1 Z\ca%s i7Exb "cסgvs1ʗv Օ:K!S:Z 0Y)~"R fWKD3ELAU o->Ϝ*<T󽔤KȆ#l*vaO-olY:i!/J3$*j3u0Boj6ս[dS3t}6Pw0&_->Bv@S+a=i4w+OF]]Gt W񱹈fsQ  *綎>T:AOх]$\ncA-Dd+)1cċG/)6ŏ >^ T!WC]]Uꔜ ɏj;Ns@ D;V8g$XiѦ}Ynqh3-ڜ߆+5&:~7yfT3T^s #$RZ?$xe 3L1B;аdcsꓒZ 2gO(uP<7zN j#C#^-K;6'`+H.j@gF~͸0L>~'YWfiV5K={#V@7H<ySiIߚ)pU\J8ݰ_IR xY~i?|xzAȬ7K++SH2bfhj {f0f`6?܇Z]6x{&H3^=1'WA nS nG cѴ\7@;ToC#9L]l.V"*s"ҴRp{G_țIW/0V_k:*Qfr+ ׂaR2i—ıAcX+*?ܪDZ0fXtS'7@[x8Zs5Kh׎4O"Pz"Y>ןXތP. |?XʺZ=Z4 }7A=3D ibR#}{8R2\"^yS1F(Q\4g('ԅJ蒴G2kP7`φ a^lDM,8TrЭn 7,PC&_5ä&pt;foivm^\ +LCz^o~(W`vzbyQ0sm$)':r6*$u-}X,ig%7E 5cDZ_c8/HD d*)T s;)v ){8U:5݂7rfm#,5ޕI[eN-e7Jq%"t6iL0#o0-4N50OhknCedF)cL@5jOYaTM*K$hܠ(5(T|!Bc 6sEb_;> ]|M< q]-<H.ңwsD87Rضott$J>̳s{m1i,0̬ eC\c_dh6! O!wC8nn9qͫ̈́@y$h@f$C]&W UmV)uɾ"{:ۋ?dh㫢LS0vs#C{_ሄ}tVxK"z/+*n\G@)2ƿo튏Y+lQ 7MP\}ɲ~XR;+S6hi5dZ>%R'q O@G{"PΔu5C̟Z~߾v0XS)/9Bd7= pT󅔗 5cǀLKSkk6IddǯIotj=AU;ے]]&%HX&̬6{q8v>ArEp3ն.FlQbURÖ$.G j0FJquՖb!epUjR҈l_}by#^NhzWrEmڸkHQUW_/ʽ)IX)Fމmo0hnR{@l1Z.k`$l0='kgRHLg[7^cБn)t?fӸ=bh cJޡ'㍼/ElFFda:3ʷ~`x(x22j2ܨbvEAӄ y8Sǡ̯t.˒TLj V aH?~V!"2JLqIV >`)BeY HB:/rGoAv1Q1@|h#"œbPLθFKhC _h(Mx5 DS׭V}Ia i_#y<f-#];>9o&-<s|$J%[4:ZV{ **}sW *obBU,.(i\U/,'"DŹtM2[&d~8 ~ bk0REuU%ħ/8k'#]K?y-mJ↡x6x|gK Gfɼ5-ck7EdGOe,c8Go`DtEK?J\zD+AWl, @dGU:,DVS9(bkڃnhZF<YWIqys`Fbܘv.s͓#;wmli}?C8lvcey+#* >QxfjOSisxv ّL maEN^Љ>/A:^~+`8M37oKثAP a1Tk?9Jي FYN# e#;Ru51[0nOss]UxjѸ Nnè/lb|qz%x)?`|x}]ԶU\2hE)Q8?BL?,T\pg5Qf6?]Rq%w;MU,$2#i )^o|53Hc}#`S-1XPE@Գ2J{NnXwD۲K,nSMv &{Mnϖ#ƒD\D/٩I?hquT,oRdĜ->_C?^a ~* ~YfX v~y h{~(@c5[4i/Ia]R(ږAB(d{;O&'EGH-pr; Y,@7{cmnyf݄TjgD F pVDx # &+ uŌ╖Ţ%(cqQ; a Jz{=#j^t$T  F|Sf>vL_Z=PrLbm>smd/c5FCC4ww!0h/w7xL`u6|iǓ⅃S4 Y㶲D?T1Qkemh Yx,,Y/uU=~GLgS>@d-$hjasxgafcЯ`)\Y'eV\ja:Νѝ՛$Mt ` `* /i#34GEV%!M>hRկol=!:d:+E$,KxZf)  g'pqZXzGFB Dh2.Ss?VFKȻC>m׽6e23gg`Z<tY7Z-ɦvb`]K{oΖ1l ,Q3c*ʹ (yD;"U2>k= hhQ.5j[t!\7v F^yJ0Ke9LU_WLy NZ]ʣC,7-ÓEBq?aBzJ-:ە裱ZkD~BHHt6bXɚL VF5mq9 z",w=/hh^JAti\RE^BMEέ1#5ZV 3̓^@edkb| \w\5 צONYl,5ng&b.4n]aUF*)ո*P)r~3je#$#ՅRI$CXF2_6q,sJϏt hRTd'wSJx ʇ# ڝR(T_9|j5^a"} ,1d^ H esΑ(TLͷd&!gps$|Z4𖺓(t 13=.))3~y]"[ϻXJV{ɘڈ7[47@i9PR~ \=1sBk%Vt;`zd@b,'1c O4YM> 16!nuYzXxҀ٭㐐IسT)ť!tO1f̔Pٰ/ i s"8~PŬ<jy$w8۾o9SAJu6d; ߐD:؀Y?%!UnI_$t+OdFk@T(y?K+`B(~Bx:i1&9le9vh)1 #qGdI7|+{G׳س.~zlɣ1Bk`^Ҧ=> sxYףI&$eO0"m?Go( /v_l3j- B!R'N-珔iI!T) \r]|yChKZ7S;g*SW;uEJeMWEDMA p}Anqɏ7ixbv6n-'r;䛭`wλH_HP &D`| ц,/s[!,ktUFI3`n3ԈcS9uSFx44F-j.DI6?Am94سVr-tIob9.JE*W 8#{12Wؑt;2KQ,\IYQeK]w8uC%Z"hQY[D [^/p4PS8zrΏ* w5!ƿV{U{6pFt`G}-i"ZxvMCW ^:quڨ*#N.x/^'6Ğ˸ }9Ip@y`ƴý ձk]ϳ{Q[@ p]ko`ŋ[ȍ7\ ɏ@WO t2^(ZO{7WCQQ"OkTfA m?D<_ U_Ɋ5)vZ\0P[e`!RBZ!6$&P|Ozuėұ> q\GZ.ɂGCΖu_!|i9{1t(\8q|z:w?Vo|H:i>q߭WŒ(offV׺`ڛ($i#ђokp$ZI[^SI$zƢHC.fw{eoXsJFu>9@!6CT77JtS ScD^;C=+RŸc-(7alU02ܠ7z˷mQv dMy/MǾHI.i0yii^t|MTXH ט$OxS6Xj3ŗC/CS6#phYA4e' Ycl-lyCoRU{4eZ#An$jg'\iInMH| J@Zn m\yuS m5\Ͷ!:Yhm|'嵋 \/nT$46xZ O]fhҕ8{L}0l#^r}ymJݷ(PEYE'Gм ;ڱ ÆHaY8;-HǕլ)=QFDzIR/RĹ;&lzܢ%fwRxͿPѩ,P ڽg#~.(,UjqM ՄJh=Pո'_˟T\/ k1R6 tՕ9T3ZlaTFa KtZ?_ ]tŶIC ΧCiw:Kxy3\ 2'~Џyٸ1is pB"oz|*:c@x^ĝN&kqX4_-5%fuع| ʙ#i ~bٻ~*<2u$.HL6L/\yESbrI6v`" ޾X@0mxҩIؓ0K}NOyIūbT.laQ: '^p0q!ݡ#! EoڴaC'39~nk{`d*kg+Bk#_re'&&B)[h%@3tz \YUQz.A #PQ5͆NLKuړ0߆?9{^@ϝ&P]͝Z.(ڻ 4[/5CZiȼeO$:mm͊& f|HwQcqsDk女֑o)nF*rM#~s-9oE(*=æ.p8ȳU{ddIl K>M:f}9(Lu8$Nm^J+rn޲Qk0нH)3m9a^q! '<9I 8 GkS`3TTIJ(.I*:qgy[UVRfp;;t,%L4_-@!ГEt=\ҏorP bE) H%,6JCJeZ!+UBwˤⰮ ۶C3GmsV/ CDs͐0Y)'O"0?PDhca^v q*XPMqҸ;iŀTluksv `A ԡfSZi˻w?M,:_;N'M6zwU8P QL}5yo@Rf1B(=6p#ĨoNݫ2r_E׸%>_\$zE:FfLoa3I#f-)]T,bPr9!Զ%)e|K0X*N[XV ^ beɿ"hˈ؈ aLrB_3*_5pk3Ӭ5)-P= !YXۤA XmӮy ^x@L N ) ߡDŽgi<Wy,GhfUsFrYY5<iMO]Җtki;1 &1৊_`]S ?|18ƶW_8t$Ypjw]h^aZut y"&_zբtY5zp X+ ]VLv.WD{3}TeO0 -zmH|FLMt *DN~ b8fBL#@gx))'zq're`JՃlR6v5(`ތ*,RCnd +zqЍCz;@h.sMOl@SFbub C̵ZW.P9L eg^f{Ct}-6^/"eguDM ە}`ƩW6M N`Tӓ4AȊPao/:_!uXGNKu֞p9>+EX_&gFvSKxNM< lLi|W(XF1yaOՁo41*ORUg%.tqe:=.rj.' \9p8.+WS$&YY?쳟ob O zKq)j[@)ێ:F|5"}cB `-+5VD`[ښJ4”`5WY0%Ɩ_&NN* /|<Kd}^5(g!m%=+$ 1z",V&!9g_AF{׷Ɩ)c7S k I%_NY5 ,4[).EpA_BBÍޡNO4])vOˌ.N6y! ÄbF^,~GE_l|+;W)Ad6Ϫ/-?[jcCMؒ݅oWCȼ=Y`Ø=P~uuu#4;~+eWa&l0\%YFWRFCHt p8nл7u[Q֌ٙeC%  gY)3=`Y6-&TnnITDU7+YPYUIn2ER,0ulpX7>U?JP*WwX3s >Y|%%Տ0[FHTFAkY9ALWM_/)62%Ki#Z⬘r$fщ=e veW)S:rKY+兡re7NсLn1 S^{!W Sc6WTURt2#մq7 n]En$ʊ'e 2z|rֈ3^qVRX۟<HIl,|m7wV|sOVehz:\4\g`@7m>2mx%[66?FڀP?#^ۛG8щ\&1.0y ) 5,:UgoMыCb{/T߾QI.j7:zs֊{d4O`!QWg Y]5 vQWRi'Dۇ%>YfxB'&W[w| TT"|uOYW툽щ[0g 9`O`?.<#'ɻdsJh| 13X΄mTZ2+%,(z>B)WMBT1I|Him\_ C[DW"ǘÌlY=X%ELTaVz>zo}n=WNFY_]6>.U+ÚiI \RNsR\݁e ۿyk#p8|jQbO,N_Q \ \b7œUi/G7Ӄ@ARw)"9=&i GX+oU,Fw64E~ji\itr^sAѬV=F<2:aǃBFkϦ/ŅE">9E[(9܇\^Q~] %c['u҉x 8{UHaR`'(V{1,EN$zXpzK];;Lf5Bq>9~⦪8xtVD纮CF=TѲBiYBqP\ȟdpc¿! ?Uq,dk}+WE˪;ݱNV\pZ&m%~YsٝZPk:=aOPMNy t)E<䎿]( p &mY;,j#h׉jdO5*)0.9+"~]V##G,WCOi!P.7 A(9[!pС/+UgM.uW ' 3%g5ġ%~yQkoRꪛ8\82i_*xب6׳w@*l[ˍZrbd}8 h O$c/!gdbx^F4$JxQHܮЛ0K#Wg0d EYAmHC9%@r+hcx€f00Ӊ-"ƉFm@nM76{UҦ18] CL<&XPf aV=ɂD;޿B :'Aʵ;y=O&{GQ{bJDȿskC^%P ]'_ Y@`8}`nvm#W/A^ɛ7`ټǏCWw*?JY5ѝ%<&6)Ubfx/4|!;T^oa j>jӇ}I(R,ԑr1ֵb <,q {8z4h\d^93V{hc<6ȓPyuI;͙᧬*#mlLhrSx:)!G 2[&'5 7{5xRftL݈N-ifG P{L[ωjA. 1k^ !Ix `%-_c[ձpOvNƹlF t DAhf0îF[u OdDS@ƜNW&H+B<%= ȣ#X L"ِGFqZB-MExYhqZ G4Ƴ$ra [Xe|=3QWTsq[nMfM땮 {p-Lp)4'pbfjkqi#H;v(XzQu\!IһB.a!WMռ;Ɍ4hB%paUN&k[fA b3UQiKGcG6))ؤ$dZ+$5E_꺢'+x|P N?T]8}i:ɮ n o D|8`E*YxB8. n|jJ kZX$ ]MuΛ[#Q7`75ΪSҧzD]gրRߋN␫Y&S9<~M}y:^crʚL'mVE|!-R:`5Lva %%f>06A0顽eoIbݓ#ໆGVaP,TгG N=~!$y!OsK\&MY^τ T!^Z%ʦ}4"F_o4`nF6ndIZ1tHoڠm?3?ni#u^5K7ze4uDw]M 9R-H,6ftvkӣ-DHuRf[~R'ꢿ6i|vwԀϳ={6}>4iyT @c5Gj? J%42xŕP-'TNRAJ M+, b1ƈrqܖ[@ v*ޱ$0T#Q<[@^పZGEqˮ8u]jv5!]HPkeH|-֣ܥ b!J˥Lk#>ܑۯ)(Aʷ)cH5yLQך.jh埐g^qb;ne'P8hJ}0 |>u9I-PR١c?/Qpfn}/ #+Y6Ҩ@"2AS<;Q~ 8T.(BFdl  |-H'#۰z1ڑgw5[܇؃48eXʕ[ ܔ"_ͅ5cǻJ=By0з; R"8qRvhtU6hGC`oK,D vߪBsd˼@|R嘗OG ڐU譴W<L*$S GAA[|ǫɔqOl=+{SyӃ*mqDV{. zXj%\`0u jx>/A %BtU!mG y%f%ʹK=kOG/ⱡ[ފ=L4,߀><\k  QݪtRt6j) < <2SUSʢ Ajc/#c'Zp]SSn~HO:ݞYa-(JNŁ׹\߽E̔}t [bǦܺK [^DÚHL[ ʺm\hA.Os&[Mxbrp]aM X<-x8(E*ozCvق$rՄrBةxN&]< vtݥmKa8ndr.ND.0%֖Uź@oW.IM+%xʼ}+j1=n+<|<^5x3ʾ&l|2PWxQiR=e(֥d5cԨbik287{ n#\zsDGƐ1toPuRMưe 5$'|@$6jr>Qa3. Ł 0LFIhRANȤ\CľPm|(ί ؂H^1QqSFGp_3~ [qPA(]`Ԧ)vWL*Yc ч\9GM>18,otvn( ;Z¾u[~"y&8T4XP}}.J~2~FDsLƣ»J x@4,Ϲ#aG_ګ%LpRsDQ0DrB^h]iKSd* D*LJPEi5Aӹ;[R%:̼\x!* eBe6YR1oF W'jC{|Ce$xAxѐTe0>!rƴeRjֲr;Yg`XAHUcG[v"HOG\5e׌\vE#3HL&%/ɞm6>=:,?GHf]X<0Gtm实W{2׎m*U+7Aݖ6Fmܮ3l"ڧ ޛ}Xڈ)Ȍ#;E?5Ǹ PPU#|Dqayh1vptݨ͜ɡFC+"Ht^me2 0M;:T(|IWT;>;ڙ}& =tij&͝C4ƕ_!S.3G >HC5az)1|fC^eei0^s1b`pI|k #32`DҕUG@-k*"[M3ż W;${ŻsD>kp+/' _Ӊ~HkqY'Ҕ2w4~\K腯2 ɍfV_QR2gKbED.χ "IB]Ål ƶZ I'NXcU)tMlm1guׁǛy1R O^l2C~uJa trdEΩU_ݐD]T1%lz*ze(vRV0WZ2haFp@#3>mНR$uizooG>JMx>m2 ڑx@D9#!~ӑ BPxT"A />iYԃ|߃sf::KNg^.A&\kYj>_!KY(`,6?03H1{\3HNu,o=.pMXҸq'[M^ؕ՚(1q)UKUbb axcyUHL"8q`X~zz#VS!sݫCMO)t56VJ'Wpt.нF}?x>^fbK5kAӔ'Э.h_%p {IɈ&=q`% >GsUMtkewh8*'!N>)gX1?T5m /wY. }b~Z%;igCKfXOa,g]㺞@;b S1fؼ ֿ ^XkR9bœlK)_IN%hJdG.'yCˮ"nkz;b<g$-2jrpJhat͐rS3!_]XYv hj(}%=ʄCfi-MhA# $)'ްH#yo]Ȑ[NAz~84v AI or.T: Nu ~L;8A6;dX$=DDkNg2!W O2A0cZ)z>Vlka3&1ZDKˢYy);!&Wcv դ2f58̕@)J"pSvc~^ =y Kbho WPZK$.l~7YٸFԟFf}{ MAߘC%;#P)0a-I>UgrT. uYz2piE Ӗkmǭ(>oxc+Y_Q{N}&_"cEەC|S>?s3UuxvK A<2%17=)um,|.qu!>YʠWL5 ?4MWz4owU U 0N'\H'Fҫw'mz 4 K%v cy K,`-|S~ Ď 2ku[ w u$uH |`gNDE@Ik Ţ[ N倝~$4媠E6qǃT"g3&ZJUpH&6B.޽?f WKOO9rp~cYl$gj,Xj {qʕ1,$ n1=H"J߄f„0k-Voul^Y$<厅`L!öoV.qw?_ O[2+AelyIoR_jU˱D?e?) ܫ,jJWM Q!0d{M"Ӟs^kg"ݕ׃" 9-.ߌ::&3n H̦ wv}~D}5qI'c<^ܡ`8z}YT-zR}=䬽W5\&W*vh2݁@,YkN!!֚fq-2 dJN- Fju.%% o@@ exVL ḥE`xDuXs/Ay 1S!Y&c"zVfRヅƯ ~_Yt@`!=-)Uv{yb*%:ϴ<2B_jOTA lk?% ؊ccɆaҰW *L·]'-oȵjM75oWT+Rm3[2Zui,犉[-2FʭΙѦX>vZBQ-W[&A!#{qlδ &pRF—Qn|@R+!~H ?vRq239*QKJ[:| %-{p(|2~&` _oE$7yF3vpؓ+ԒCMNe |(R2V7 )1[Yq+V1̎c:?oO IqQ[ ոvDL?*چƳ&yݥICn]o>(jd"歧XKfJE~ݡ!~,}V c綰,[MprSTE"16o"gMT3QYvUc(pk, iX5 oWKd5cm ȶ`vϋ,_7CYKYz6U,iʵCun43K6&UO嗞n Aջ人2o(l%ԆefLac 7 5HGۙЋ/'U(W‰)m;8\M# bf%_o h^(H^!$]n^'C%C7Q 1\% qIr1ni봴.NuKjcKlu k 5cSȒe;ZH:y!'V8ʼpV=WKǫ .ئp\0Kw+۝Ȣs@KaPNo!OøBBw2;x1hj6)LF]hKj"}tXཾ4bTCy:>aQ!hQHB^uRv)3 f ֧v¦=E}:=/e@"km\,f~ih5w`VeiW-򠚎 W!ZYH#b@ږ+N01U\]Yke#F?NFηǣAxܰ^Y|HWPu b3dP޴UR;)y&>vՙU :"7WԛU=秸(sT)\{Z:Ԫ4K$ahՕL(J7?wVA=C>_˼Xk%Lx/3 )#edK֬#,7vD_PcKlRɄXij*O``s| Fh⌅IrO6"l|W$NL`OSvxA]R ]^50u^HN1}oZ=A=3Y!me|Wp0-jBDf}ieJ&C@Yl$%4AA azf08&.u f 9r`$Ic^8vw-; U[syX#&P/ʤ(O.&ƋU7# t*HORFwGM|nd⛷~~ 2|@O/c,I c|!.מlO>Ș+6HZoYRȝ>T4j ]3z}ݮ[4Vsu9Ɂe7 2b/Zf*' iz2s {3^kN;z"2p=K#w|qվqbbȴd8W[[T3{Lu!|!#WD'yVO<'j@B^5 ٰƅi -nX.ʹ K,PF*H5; ZCzn k{K[{Z/g`E7I&5ǺW>o8\k{][+pU+<cp%'t*#ϲyŀ{:./'$3)D E>9cy?Ը.4a2Sq` G4 4Js"Z>pyht"ѧ]*QBb*XP~L%:d|r2y1a(c1kqѰ=1 (p8,/Wuuc;o`%b7OR[cr[W!ݮFmxW.3k9\p-J> 0݅Kxi{]xBC.ΠL;W蔎LGޘp~N<JM0kNT"Ctxjnp`ϊ++%Y|p9;F aNGv+X:#_arV7MG>"1[jxM;>(`A3-ɱy"R^z Rb-?;B8TdlM6H shn#_kj5rQCn'Cp-+3muo]O3ֆ!m*1g\o ר,9Zt/s`o_@I#a]V(Of;fJ[> VX* ?\cT| 1+`"+k{Y$S-s5FVaC2r P|-~KV/)U פE1-xpt=S}R_U] x,c~^ԮLqH/N J-v-XY\ìG[f<,oUFAPH9ѷmx mָk!GDn5&\דADk"x2U=9_CO}X @c2~WkZܛ#ۼ_L9nj &G2.@3yjA?G:}mĭm/>,D~PF/Tn.i`+Y  pҷ9Wӽ|&>#paӽegwn#L%9o}NoO}]Gh27ܜq*RDnChM9_]Z=mH"^Cx، Q4qPx cצU_<,8Kfkr[YlQҼGZ9Gq(q 7W=Y!&PmrlVf]?|Z|>m:H6<7m8 NK"fbUe8f)';:,2v*> Dx8S6MES@BŐ˗`) }-樌Q |%E͖OEj Tv=хn?mG"c`w}Y5<16&-Ny .CEVT5; 4MsfOK^ |Z'"(vs ߮7-V&&{ Ave'f0)flokCڳxv43G,AX3Guޜ.Q/ǡu^֛juSsyyC ALKƔaIJBi/Vc.)7eQ[w IK4I'^qdb$_p _X%ĿNWՙ=Z 91"k.׊Aղ-[qpv$ ʒ| @iwC9厛Gp?(`}:0K]`Gܘ?^/BHjGx4_(u-\{)`i۱5z T "Q˪U(XHOv k m+PBH  fq2Xy;p)yf$~bedbX;LB[BF ah@k&;yEmj+Jk<L9.^':rUő j) Ph^n͑IFn|uU4gD}^fP]XT &!#jsD\U YvKn-C*[-W)p#>beޢ.{qKuԈ|_ O>0C$aWi E|W{[IXVvkA]C&s#!1'[IᘯS(ɜMK Qa+!2@mnXeAn=K օFs`l*Bg.#mϠJ0- jX'繏m>SPK:kyDs_H=:0Zh)$ !j>ɜ`'J[D0G↳DV]JA]'Nj DҀ= j&{IBٻiF TV7|'/V%UPb :`xTZ\މ(cq6m3 z_m|z2Լ>fy8MT>znp;uK2[vBƖw) a ctu(؆/^y=I f6A3M&ǁ8wѪHo-I`_4B6DieK {;a\|ss҉Vq8*q7,c?I(ɇ6*y +k8F&ꛦLB>p/)m0#/Eҷt$>YEol6tpLfK'w&r+URiX7@FGMzُ%mtUਔ*q EjT?|kNl[jeB7F""du75Ay$:©¥g[M&lBH@؜~Ĕv1ぃAdFB>a!aWI3pO@z,.6\g\[O~W:~wsEJD#A@<%vml@=C>m@/ـV>i9̥-`|=R}?4,h'̴:!Rk&TRџexPr[0`#yԱ_7XqfQ,Q꾓)ABq w:w߷;@dD΅e&(wXN^+KH؊,S|OBO pC{4D`G$q`Yk'9*Hb,uP$rl!9][#j,&L~b ,J|auoƒRޗrі#>ۺp;`$ g^&jWH"c9XLkk8I],}q; 8ޮ^ tҪ./$dBRe3_nh"[ hL۠/i9ϩjF phj͝q~&9kDHǤd5c>똑Ml@սz*0]A.Ȇ'&CɜBÕbg aaSAnBW蓮jq)À/X1la@H҇$W;_v^H"t7&Jۭ)|t4cp6 v whtܳZ, ~ZPM ]wy.Ь֬~x\iZo/T>`ia58˕{}3I챶+ WiKsxZ:&eHsB$gRrqƣuRYG?8X$C,w 6AךDIwOdUe8n,<ӐR e5f*14'[jf3Te:;E iWi|){$pׂIEI2L[lk=y4T/2;|!^,^t\*R [<"r (zS6p,727]/0'kT C|kڧǸעwPXf9k$LΛf>Ýt'qy;iHdB>xp ph?^}ZV$iE n'>XyY)f^WB Oӽ(dKI6DHߔi3y MO@g8pVzB ١HBT966= k2s ߽tDGgW8Х_>峉. %fGz޴k&u)q׉DHuH0L'9De\#- H"fC\,a3'^B¯BX/fD3hq7Ԉx %f;3"v5 Yʔ7ChKip4qȲϢ RbyW|Ÿ,&?e󇙔8A:#F_kAw_ИS0RYbZ&!>t?Ro- rs8KG.Ҩʌh҉qa!?zYSAU7xkkex,y؁=\;O":?On/ߒIHd WzbY0 497S[&NU.fz H5]vPGbu*C.SMj*L.#C8`G6.P-ݔx@VjYNw#eeHF&+:f`@c׹2U>i ?(7Wh{L ԡokRó3`@f!KZR n- 1ۀrsނzWqu 'WҊ> K@JV˴Z+GPl H|kH$')H t`/T=A`dM|'l 3 w.BbnejYwB 8R^ghOuTC#XU dRGA og5 pG b:_>g3sS| J 24ߨX7zRYm> ń%1hX%tr ^s>ۢ Sn% 7٫mJ79STj/1 r;ySc )S_YlkHuuȺ7`V_%aРb2 SӗJ%`|vY oe;Aw!4mm+h\څبYeEm3<ȟcv1 +k&j'dut‚ Ȓ$ :;u8cNmsB\αHқk'AYՊƽYs=E}n d{45:U"}ꭏ*Tj*(Gیܧ(X: ́^SYӲ#BYшT1;o2?"M ھvx\$+Dlrs.p0fLq.'ŧ#=Ea1#.X\,dtbۃ:"-m>vk@9y 85Y`CK_Hs`~:o@b1$8o"CV7#³ !Q[/ܱL-r*OXu"kapAb R9+w7|>+ȓ0fLRBH}0(=2K"0J  D7yV@rMs0@{ݮ5-t?E՞C8愞U1jș&@PDžx_V@"éNr}TQh}]$mw2_V&C*gN[ky9e%#e1ט&!f{Ac Dl'^߅Qg:bf;8c3ε1jy3S߃# p|vfVf{wQ!Fuۀtt\ Qe4B+V>pA;g[f9Z6Աu3NBEOKl[c@o<%ۭdj*q(H5aSj&Wڑ;wHR-0" JQm m)P3?HlL0JRkjغ-e`U:oq4bWJ l[o(-Kɂ:DdO֟n4J'k(X?#hj⒌]CbZ0VK`;j 5x& ˽ŷS^ w RٜB6EjUY], z/n"T6w]Ȋ^6:xQ1Ό a!6AO@)(N~>o/P2;ԝt_d/:$T0x ({/ewݛo;\ҥH˲5,M|/O\buKhZ#afqPCD![*k :=JGawf+>) o弴n( B{+k Tɏ=8W 0ۤ P-Rv^~͓ܾ7=hJ& D|vv6em5 T%ϿH9v4_STȀg^E&V(YYQ [#g#rnӶY?JZ ON!*E3 -XpN+T@cCFJ_Xaf ,WcS6lA6(ߙh `@,SyU 95﫯Ixv q>js? hZ`8*륵Lwםt_"_YƊDp`=(eh:nIN<7"3Gw2LJ<7a.Kֳ"#ݻ-Xd/C4!kýz|/?GcI\P$&,nH.3q+qvϜRjMgפJP8bhb]gt:vęl |ht 'j[ y7 8&͗$ \N>I@N>WXTEV͗[[Opf%y,dv8mS E\yZc_lI(8}QsTkRJ2Ȅ,2"nLkוh~qA`k9mɇP4,qT%Rjxz6_$nOuЛ[A lZLYl8%PnYq_oyݝ_ULx\\84  jXv{)iqy*C(BW&@/ :EϜ$RQmlnMa/~`2pI_f \D>IΪ4y=p&u]Lw)(ꄒF:]>'~,w㈤];K"b23~,g;Qhe62Y"&c)Da &@d:%!1 '7N92D `wW)]TMj Qcǣna@;  vP)*҇jlraM3]`-׶=.z% Y/V3k(=42٧ذ4>#{kp)kuڶT} l"aumcvO$9bw(ї#6gYd>pA _|Ptc( Z^Ոc'ОOk`vl14ns(E1^pR;`ڊuRq.r%QSy-*ioa=Myb ޵j{a^`t_^<, J/i":@UUghbYOaTXdherlqp;I7BܗcI!uvg<.g`*%Ypq1UًP#=%?i`9&e=8JEDpX1'iPVύϏM4jdv|i?xk | KT6O yԠi<5*e=J9Њ̶Ϩ@ OB?%%? !KHAEۆ}4jx?Ӏ:DbtLw;u0 ?~ohoan؜cPr'7_Rb$]VYѬk*Sh@tpRC]6~(<V+g@؁jgs <<4_|>kr}o ;Ֆ ArBup%2VpmؿkYBHF Xһz)H3Qٳ. Nvhmܨ N ?VdZ3Ly-WJ? +:VrqRHI+EauGALx3}6 `gdO0dz Dt9r™#]F`K{ZFrOUt>Qv+mFo+W|$Ug:!NLЕdQdt?cR R] q"@ ݬ`1И'E"Ti%<}BQ,J3"|#&fmdlj!uŠ/p͡ȺA"߱pRx2M"h$$n:`aާ aEGš]ym?؎Dl 8~Yewd%ϰ+!d/&\-Ǟ.9UƷf"ٿFde[玚J ;lX;HnaS ˮD@ W04rkչXGCEM IKрzcny{ 6~ Z狑KӬWK_uTj#(OG,,, Wa l'y;3-x`\+ (>{6Ec- z$ʶ5䔸&8("[ZW8wHr'ec`wQku5:Hs8I/B+S И})\$jGm{mku,uxV|cng3UOɭ>_s,;~0u urVzX60jA`F̆~ KOgq*p(˕T6̣pKd5w{P>܌ I|&L W+E(-3Ѧ9Y#E1 @ ɫr*sϏ(HXq!ma6+}gUQo}dpKF(^&[mi0aEhgoH-@{LBJr8SBgS5s֝NT Cj% ^J˺2,YWW=|Ns;J+RhMLvLp-{L&*Y=z͞J]kնL|zG^\=\]ެ>V@2g ]/$]WC +)5GM%d'g삛yCb^G 8&,!4=ԬPy =DnعJ}'Xh7>^~ąF̛]|~6sйxH.$nSܨB+ !Ekp!ܟ Ybtz"s I,2ҟ %{G j#6 'Й+#)9Ĕl! Bè˩pf](Z蓈!?7y`4yTtu0E@*ԫF)˰fr󬚳D3+DzіV4?,Zg~u? Eiv"J ba4 tc-suTХWƖk1rޔ coZL'=YWrC;r/>خ4tۜo+RT"&vlpoY Jjk]۩(f9 7 Q6)j+qR=^'i0GBkLJȑ`t4Z{G8x+qԒ<aB[?.]v{DCj- х{!|Dm`^|{IP}]cip,T=?R>6Bث`F̚}C@s/ J %y=4 $آF zQe$Bˮ`HsHғXφgǙ $~+7hBj*~Kڟ~b(>F]•j}XjD VIV]w-}6hV_S@)Z!]کY9NY}+6hŗw j0fLGiBL;YX;Y^}\yLmhA$Qa4Bbm4Ŗ ?ӝ;7% /tU0Y5qX FыP,Jbpā'uݟ~(Dhatm + ru65WNcU1Ukfvss:*NK5K>7C!D@~^-i ʖ\2@421 =eE* Gb3ec`5$oHو.eY0s2}0x;ffn@n'6|m=%ss1U21uhMSe=٦m-(@.yFɃZۢKzhKŠx Cl$$3M i켕e :=D&w hk:-0{.=Sv>[jh2]c11^Fz|]tCB>X3rJ:V[_biˈj2fmn])jnrv.$@۸ y"/ KFc^έSlSN>x|TN X.8*fm[ZPF0N Y6?,dڍ~ *kռC}oS / a.rsW45|uW!ZfO;a+c~r/i9θ8$x|P,tEFkGԕGoNDL8yIc.މx]b@E:90ɑC$`&(=>EX{vv;|( FQ.a {qW .-@1kO%.OiK\6/ )9Iߨ5ȸ5iD+Ǽ.P` >l:+u u/Y]-^H8@,r5G1j%k4Jפ_Rr-*!ڦ:rT|#\OA4U2=O(H!(G+kC.vJ=#A|>$*?? ֺ/ `ט,0x /3\Kxe1^M4OfRS&@$FW9C]kOn:;fKFbIEпԃ~-LQS]eEAYEt3ZlIx k4HO_';U2B~Etk7ld= ƗǮTN3>[1KXm,bv[ ?) )߅}Jˀ]S15Vqyc)".lwcwhu)!K9+(wW]iۣG4ґcnVʭ>+ި2i:l͹x8ӉwZ)\rUeBuJ7s!1޹KC AZ=C`]Vqr/kTWwPwv{qr2WwHft(^yCXI TnQ/Z.KNvdy+,q )( tcT s}z/6 e }]N8/nh"砺]#N3#G ĖAmqDq1]7Hi.F!p@4:J ج/duV\z*kO2]+}"g:kJ`'}~oWb| $ gɳfNh :feg%yc.=AQ,&7-fY2ٕyb Z#}3dCFe~w >xB=wޛ,[jc6WX_Rj鑑P&sKػ#R0==B`IUwwEZZDHT`B8SLTgq6=OLn~K?lbM 5DU\YL'B,u/4_1)}>8|,M2j*Ci\ ɦK#П*][9"@! Yw{8Av%zj i֐+U W",'%⬙T)Q{/AfX˾;H? w\UI[EO6iU}zj=|dZa.Ҥш:. l1hbtߏ6Dg ^ f6OvTe?IT!xO™%OF GoI~-tYpw@е‘HWzz7nP)D-9߶9p|?CH5[`l=Bra$.EaAA5oHncR2-]j$uba=|F丆dYݳ4.nCMrxK+ GL[b>~_Vq~9?q(rH\S`&emp[d7=}MG:*wY}WP bİF#|e)b>tm{DBosNhnQn yOȸ)&c3YpQ~Ypm #[8J{փilW =MAw2Ӛ%-4?Y|S{1nA^!\kŜ]bha^˙eK ZFt&ܛ=%S5 "R){M&̎UD^Sr h墻7wm95׭6١r Lq/=Aw'C690Ym6F(綄s*+e_vo G˅G?vUS3-n֥HfH# ls UͪY'jIO.v%;x' ܐi-KO,#ܛ5AtV cu"BMZ\C W7 Xy18orPyUXLFV dHX@Pl>㕗tBpO^̊$ihatOLKTx:ۖ7  H׈gEHa[eJC=f01z_GJZOGaJ;Q? _Y)m\Klȿ'n9+f ֋TreW[mMa[R~X'֧Y"gaщ_[FypLH/9Hk:`/*Ub0ĀCO( s@]IEfN b_< ]O}aSxn7/ny^HMl 4u͕kz; B$.~]P=о}I׆ n5ʬ-6@ )ȴ@k&`yTaeKx,"$/ؿSn9|Q%z@ٖh8V2-Ԫa{xtVq.v8΅G=u[6-7ܬ<ݵ=Z{.w#M3>}G'rY[ hU׮i.t(vԳkpnw rIp$QLbb; R"IV񎓘/yTsav3 C Ry6sˣ/B* WQؔ=5K;;b*Ա iAv(.l">xۿ7S'M꛹dFm{X0|ZFrHf;Vl]QA5JBzUzs6s vf)80gηyR g:%Y!*`uZ7db"ۄoӐm4/j,}{ʟ r:f~, 8ˠYH%cI2АOwypT= lڳ`RK)ќϽXoUOp YE+pA|k:aT}j湉B0A@%#J[_Ϋ?8ziΦSđ}f <[yz= ~MJ Ա.cN7-tK'>n~1-9TvD*dN^.TtKȅcwSIhߩE##pY/ ⟃狋wkOQ(nōUC Qxi#+'̜8W(]~r$<5_9jL/ ՙѥH-tqi}$soq%M! &2b.ujIٍs*%BZVAe*L] 9|V笷z(4iR&+:CH I^%ωfk'Fv>\]J_ZJpK>-,Jv&2 kJ$>[6-婨!E r50݃yqb =D~J՛;p*a ?uL-{Ǿ ™x LI>7ST 3;9FJ=t'@Zu,Jb[Ņ2Z>lnI3q*_t/.;g 1:İjΥI]R{,KHF|Q]ukV92(ʤ g$EUq \Ƽ`](R%pprxNqKZFҺPߤ7=vpij2a Pa Z⹫=/!cz7#z+{!K6H޿{0[7p_DD§sgg/D •)p^_no,LŁw1| jK'Y:I̍ץ⌱)lrF`X\NG!#hEe{;+D竀?^*t^$:3jeγbPDh.-k˧{XEC̤׌[{lT05s³5XpK#(S)<i{XH%#mkF9'w23bOo.R.0!\?fad-)p)FWd_%':t` vziphG= >poL?j[{VtV4 Sk;ދOI:漼bŹH(D*P7LdXfNzal1fBh(B}=ݒ]r7e7-)[(OeOv\I8%*T.UֱUؔr(%w ZM,D8-ڼ7—&4tY>,LȄ!쬢7s8 Lzw]mR O~{{X؈7s ٹΛFKpՐ`ϪCz-t2W 匒ɠI|T_4!rxQ&J#6|"{ ƃ[Z5GM?"ɓd;qCoҧE4 ;/H}DQ'Ro]SuTfx459FZDk9;ƳV.XY0/.#Q=[pJK k0G,H*\\,>yvb5I*79s4[ahG7!1`_՝KvO:rVc̦i6N$ӼV׌fSRD\,)`\i BѬXl~ hLujzR|@ fPd/cԄ[fdCvȠQkT~Ct!f\MES*N.t?ԧoi__t$·0Y 31)Y;S gnOǷ)O7}xkoeo;X!#L굁9XYW D̒cJC_SzWPrW"C՟sKSjo3%t G1[}({7"Tܫ !pw [2蘴J4PTUZ\D$qTZcSu6ؐ%p 1|rM9$$ f=,%(S(q WeAF&={@n.N]Cz0u]U|`]l| g,Kkɧ%UgzGN$XgAS$+yT)P;IHq[CplC5 .9f_ɫ /ՄBy,1*e0qlY4ew1rQ?erkߐRniH!ÈIڗ j861rttUF'Fu] !:Z²OdURue?Ž7=R\p;z hPxD4G ktA4,ͿGUّoR[*xQQom4麁R6=t&6P!5d!˶j^#}CΨj![y-Գ+}d'cJ< N&Ӥ--mjH)mvwK:0E0!(]hh+pl,c$xv;.}_ :ˬ!ʴC01#W4ճ MO_;NRF92mqh.Ij\H3D P]́CFtܵ1`fL0}N)W^X}6FBd{\>f5Ƚz1 ^e$Ʌ0rI" Ʀ81:l8}t;jk!;Ԛf'gZ)[潢ubdN& jH^@񓋑=C,J4X[Z "#SNࠤyHgf~X`h!&-8Y۩1@4NAlN,so=g9p26$Znβ+ރYv^*c3KkWc’"y٢xcn!O=XY3G4o20"N֥SiAl_V2A+VS60f%AsÈԴ WM<%OO)q2nVQ]Zog>AX/MyyFL њ,h +%| x],*6Y[><-8:e팯TӷEnhxvF~uy0Åt'EP]CRxO굌BXByx\]Ƅ=Y)[}؝&5J37+:yL?8ݥŎYP ]*+JǥOqy ׼g#;\oy\ 5J6ʺq]uj:_ǡ v A^O[nQ¨'5} !o~Hty2G5 KrL(6@Lm0Iלu`;$!4QCFmzGe8Rڑ _bMrY3<]J=H$o}dD˷L٧ݮS"OHv&cNdL}E!wHz ܐ$wjodv, 6.0#@a牉k:գ}0` mkYEɔq"ap:VbF伯X FJh/UڔaHm W"CP=,޸2sQ+Iqs[.E69ފ , g]Ky[?˓A):~αddQ rKwyAħqT0U8hl R)8+V숟$+Ypn$@[ziPA!)7f@CĶ{ZkOoUKZ3,ݕ0w<r7~$ 5) ьf=Q}Y͉b<,&n^6{KaZ YYfewr3g</U 3ymw8w9ʪZXIY2V>͚v{*ߝ(b՗X̐+,r8}"?RU.M; EIMj'dAĀfkhJ12"}?u'_E l.ģ(ܙ_*XSe$4 P{m۫4̉Xڽ%M 4~υQ-إQYҝ@PF3yc|rvX &ߚdmK>p뱲vl}FLcBd,4Dc2#IUtVk8V ͢D~YȾ} 閭fv sTBٓ@=Æ*h̢8UMhcMkMՎXi_pٸn ˑ:eA7*V*N,ȑ 8 h"=/zT*|"%puhD=z1ևnNS GSWXc յj6`AK/E}Fu}0%ŷy?hZUzaoq,n}4+]i^.h=U OW0GE0XmB̔;^$Yn +e]6tV(8b5.&m;;j)[Ks a}C4/)R+~ e@m xU_:d7GlL!EByהr]2v1<2<җ=Ƨڹ'4O =` az!̘+Mmu[\}t"ۑb43e 7t~-Ge?h:--qH}~y5A3HFہF;/WI Z(z4-쨥k0 -yRə{(u sOp `w}i Y6Kx #tCh[E/Mp̬b뻻v(̅C}12ß{R9ӏƑ 0N-yA> E-t;!6#^1_ʋy5*`:RLMqKz^[Ih>N".fHOo)CC %beh+=G@T*+`d#AOdbsҤ^LXE8v\[_9M]?y~A6k];d@ sjd:Rjw˟fD}J&=T dT@320Ln 9Ӝ)&B$nj Ukx]BÅX}gPK3J+`vWhL]1a&ne~@cQ*\:?69k2:ASa;vNk~~Kρs<;45} YLԜ;DC1Sn`NoR'B17.eq+rhE\٪+p2$Ylh/Rl]}*_ F ʻFVʤ Tp{F ,G2_3m?w\YA>#vôoZ]7}(qZ]glĄ Pq$P̌ﻥ,w}f(_UWvuͳ P֝l66@hu(L  ak^ah"}E$/0β98͛\Wۑ}IWqXS9,by+Mg wp1YiNT*֘bܛVUshf賜q.Ӭ^%] y /,OI0^OG&dC`)kY&*[;h/YYXPzvMcICqHqQ 0Z"Lt\ ʄO8Lu[Ckc#7zO|a4bdZȌx3q? Ds"#gD`A$a*KБB9 ¥qt|GVI9$qpGғB"s. ?pnTqAKzo$loyzNdܡp'zmΦO_Pg1K4(^bQwN!פfw M*=eKW*Mg0`#<̂azpT/Q"fc z|DX[ai|nRֹb8`C?Jt-SaK^$ {/mA87ap׃j"-z=_YDEz/ӊ%z cc%Z;hŦjZ [  G+k^۸$hVUՇYlЕ 7EL (;=zdѱ`}}L6rEO5]lI&K/֓~Jpao#'Z82H8t m#z*ul'XK8&*8 TQy*]I'x,D9Q FXSu hD?Si.x45|Ϯ'3Qv噾Pd 6`b~SwGC7*v1V$ eOŇ8rkB"&FaE|v0'XUfm^Ҽϑ){u^1[D3{ 2ѮKsi-d`Dv]Z5~mKC wJE+FPbC&nc[͠j7j73Xw]]Sҍ$:MH2`>t 0^֠U88J%DH.4zwa O!лqzIċVV/CN5.i'S2{2}b;πI 28@XA_%;M;uI%89\ȏ4!9mSfVF7?tR5w>H [hSVC0}D.㹿8k_93Nw$_OľU3 1:)ʹ'ÕЍdQMCru$E7謓W54W#WNr"VP>lzF?iС4K^t QQEקnSL3sdo J3_JVy'<=P<%c;Su̅]rlx 𪠻 ZM+}}ؖWU,΂6fM|e~d̋#\K] 8\-|Bm퍞i2Ehن.~y~mQŕfyA#)4J|QO*E#8B;)$Ik1Gfq\.B +{dj.7jjW#0?~bk?6I]W}oA)wOy4ؖdO-g''ܱ-!Edut)€']s_VJ(أ4ېjeק6#tvƪP2c4Z]3~\/r9k;I\ \xQ- ]J*H #3>)ʵTF*Zۖf#^ZWqOՠ4mHhC?Ґ MUĸ( 182E! >f/ 2a-F2>x_O/.Cr'6yfͪ{{!b Z#&1;C&o akN4PӢdF$poΧXwx6M.V1nzyVKfL;Z){Zh'U|oF_̦)<X=خ2RYBG?lGwtP7!|Ns,$"ʓ\'6] s|Ɲ<^Xސv KhWKSIaxdGj~R6΃NujA%6W WkWnK[:@I[Kn\O5''0y]ApIYɊ[Hv\stiSnЌ!q~-b,Ʊ{Ks3@QW>(t!KjyߴH _fnG:e'/ߕV¶swwv|(H]y?Bޘc "I'*<`VOpGQGz~6w|+h"42r!hhϘՐGC OُͮY%͚]W򸿦cʂ4lF#UpNH`G~&0brOC˨,(_v+~#UpV pT+Y1Gb8ɬ&AmD 'Yw=5 i;on}(GlKsު 10 q><IFl5jcU~*4>ѱ3/ [|_7y$']I.ZP77p [[tM߯64"]*Vxy:ayGO#2nW)~=g]Kv S{'ȸ9Yw$UEAg(pf`PoKnӃZgXdx?Qm @'hTcvgO5& R߃Fj/%RU}}a|6ѯwzmrE+P3bs;#>yjH,v! _ yt~gwq^ IfA?[ +X 5UbcH$J_hfke+QH⹺{Bjtoc[]ni~DuGj`~]l=C5ޢ2%bFv&&_H wԘ[ 5 6n9 cp1EUr2zgjJEP-C{ZhB^)X$,T nSS HI.m !F1|BqN%)׾`a!^Xh=$zM Ҋ>x |*;[ߗ {'dx/M*7k|s4TХp w^7fV|7K"mpBq 3m+ ,P, b0p 3pwɂ|&6iԀP3d85Ƅu+a~G9^}Ԃ)Wto`>39R~сo6;3Y-ê$hc`Me}o7z:IGz+X[\ڦ| LŨ.  HnH#kZ;aJ X{Ѯu+ (^/$Jb^<[8*@Zs*Eߚ ϬH}}B&Q'rr@@υPs1$ o jHR蒸Ӂ<c|`RVL5)>'֭J˽oqs2;kJ glϐ :l/L+g!n]iwC)F1%d5|qBx%0X³?rOPRHmb #VqsRa/KG6zf^}]K6n:tʮ=8B j];*AA_Fa2jjtDoMc%0f5ŃHIk?ip!xi$ 4%h F@j&hY|'2@;Mͽ0(EeH8x>Ʒ<.tE"C@ V =+I$EOHt_d_*F<90$RIX(%Y/:8ӲFQqjzP~%@ M3a+ ՏBzInG]$ݱcN1{,&c$p; #96}9 -qQ`ץ/%C, l*gWŒ/z2On%\R3܎emNddIJKo{8\gZ FSʏ3fg͸4[o')}mHϭ< WxY"Vש(i7S_Bpk65)W=1pcN<)4$ |zR\D@}z&^(Œf 6ST䆸?y ˘[Јk`e;F$J6{C~?%(k]- Ϝ?ӱ \B/GaO5UWRtv jTz Yz MWOB@{ {BB-K~y|ZTasw ^蒸-4 . r;&trx b ˦mR8bsKgsIb't-g|I;"&wEUP1 RXNTM80'ѓo-3FAEfI` '*F>[mw@:7hk3 hLhdM*0.r/MxϢ)g)7ޝE>'*O}3 5:9M 8G6=}mVV8c@omɏF+4guH|v]søݨDZ[DG|u<(a-. #f̞Q[ԈG(&FA ZT"x{a{ͥV?DUN]{tU0jSŔ[K>Ahx~2R?JN)f6EGEMVF?7ؙM>N!} þP~؎=r%OCUB9m"?B0.9ŁĭhƏř پP ìlW ބJc+#fy Ѐm*R!WWq<_D*n< &VM=2GvP6вt9j5,[=t_݃CN߁z?A~B̕b"҇mDRH?KG}o¼$w9fEY0 $f|.n"/0*pD["}'l`$YwwScotfjtk!|*Fth}Ml7=iO.jwg9gս홒7dVv k|{jU^Q"ӯBP1g djZlo B,CR!U[\aܵJ.s{Q&tO_o}ZF74;qi c$vT 8xybT%2~]vuu}ApW2@aέ@Dɑ6 %2Cp.MM_|{oQ#}L[9 #_0q]]G*4)y/)cy,ӃQ}9ÅF9s I#"gDbgjV鸳0/ #H#J[zݮ;b~,ͦ@BJQYqaуfҠZHKBQ,1d=j~pB/ =oxN223%b@R+C~CrҞdG3!!L=EDڊ=踸ʷ봥W7VF 5_lVmݼt>y-L"ې(B!W7Ca.Q[+*ov}/mSn?a8ޤ \*dbW;{q\jݑW),I#'{15s!Cl[gZ"=5+t$wvpҤ gU/hâ: &БD/J`#)>kH&қ-ҙ ": DuaQ1Z3雠A,;%n5Hh|FU3G3wم}Xe6 sJ"Gn+hN3 O·${l|B-u4C/e מ$1}ŒO_h'Vz/p4Hy"2V%0k"_Q`TG҈QX?m_N P4\5h#&BfCB@LkTRN1B߲b䛛qUr%E Q!R*6nD 󌶤2vsG k 1#]OOߢXa7i hQ{0p`IaLV%Zgc g@8$ iJs0)q;v':uxպnOggURkf{\J% V@ntyl`k.p!S>,cJ|W|?4\HIT kU᭧Yxx~cB CɈʅ87dXM)d+EjJwa9-$uϹdUf#pYkp$͘f/E1Azt}Ʒ{#z$OWq1D&:Y&7upe '1+B#+Ьy Ph8N?]InbjtsjQψJ fy~ q$$ +bqKUV'Eek CMƇ:o.§lMqQ|D[ioh:9}Vئ2 ܦ.;yə] V(5}^G0P: 7سN%/Y Ol ZlG>dc6O5p#|{26L+[#$_~ &(<[ZOKхS4"Y`:땟QI,2Ƚ(0c?A )*JoAoz_:68fUȎ񥰧iZ͝R f [ܳ{wro!2<3}%`8MPWIV=E/\PIǨl94́' 5f+u(fI*dj+Ai|uW9CN3>whM!'cJ]/^i}yEzsa ]A'l\3K9:mNq".jmmn9zH-1AGpe.n"c \NxT?dq:uC]t/8,o' F]nfV͸Ä0R3=')԰S\3`[l>=$új*Ώfy1u]{tp[{ ^rAuM/&G7ab[Z vS Lhi%|rK}q4IJfm`%I#k|;h;rs?N )'Ϙj.Btq!LbNmx:IF: 86\-vJ|(KT]'I5(dgԅ]>%/aDolH8_GS/zٱVžr̂jdMCKfbkA5L CRXOҠ)mq7y'rEYVIDDݡGA[,g->SfZhہ.}%0 C^QQ23[V 9#¤sNI#O1!Ɏ: [* ,0k( g'=G=pT 0\dY.'^!VVx67Y>K7ş&=<\-]ܧ4hs3dzsf1{4lڇg9o[3t6 /x9̈zi RY:^b/Rܞ+^/W?%|ۯk219m-?DLgmV=H"prp^J'IY 9 gn *7yhs^JgOԧ8:tGim*0)\[X7!'3#sE,x$bg>:lb$kj0AFxwo&+6͘DT&Ca0Z@`Fܓ!@MOYG_}y1k zCi\ԶK8E5kЃ 5^q*H]r-h / qh聳Đ^@~j# 8.EѨq6N=?Ƹf>6@:W?ݰy~~\_[Z:Br)Kg7빔$߶)qzADI&wO1(<@B[J &$$Io|1 ?3i'Mmm=G5͞ڛ ^bHbd`Ƭ-sk~+A )E98 ?꥽0,X ^EߴnR-L_SꗠD\܃Qf}6t"q8 25MriP=1P~` ܎8F)MC.ў`?߅}j)vtehVrZӌQ$.l/AcYspqClBRY &%qN"E}[^ Ϸ)~uͩuVȝ}̪#KlR^Ul`|X 5 XNRhQj2,Bhܽ$?c\ 38*eP ɇ)}KƝS<* Gq3*…<! uxM ~iї~-tIKdWp "on@D|t^߂=? M1@U5ڴ V  qDo"b;Zfv 끀E!AHo!~7w9tbqmoR3ቅΪg{oˆۤ#3joTl:*mt,BU8) {zN~߮H>Ϭ7/Is耇ϳ6ۨFM~YPq܅a? Ibεv8&fyWmyMzʹiẎ1.;2iP{46%:c]xh@L*-D$C~vSQ^.ˤzB%$p&#wuK[1*2";X44Ό#)ê >; -_N/2%’;<6d `/@rj̷@4 &ec-"@xU'gQ 04$pRpKKS%sq@3&MCluAتzwV$otI~J>/l:U@.TƬA_y#`.~B5K5]2KI| u c e#`O3WEʝD[: U~5?vه rw9}o1UqȮMAͺl<}mW~ ;\jwnyn *pg=Cg;EͫHYNȸE2__2%N, \q@eQ-Vdos4-TEKҍгPM)V9ۦl7>Rzy?J:wA Hd.iaJɝfG*p'⅃_X da17{oNPeԾ3N ZIoA\u ܣhKF'XqP -zaXßȇ::3Z6PŲE&<]ghg Ȱ(@k'C=̧# <.B~sKK+D95Tì\y9bY~=n'J^[`lZUo: ]&i-ّ48g-2$\:M?ńC9Ft&X/Pz?֧:Y !6kqny]^s#\}Ӟl *:>$cJto|?Zp&)=ޱ[Mu̧qQ<Pa-ѵLHS֨0Cn<1RmlZ ) G6xBP3IH<6B#:_eڋܪH ;7&y/6lw.oQ}QV%fq yZ=M hMpDݰ(QETu]1ރMIVWU*zWa8 G yql| H7wM͗O/ΌFCS!l$\/;XuE1Ȧ" }؈r._x5 2CQ70}vI8fM\ pȌT8&e2J)+8^khj_U17/ >$S2V8ˌDrO[{ɜvuRnlH GBiЎa>獑~w.&JN/^"KexyAT8FEa{oȌ6`sdfrE :\r=vhL!ЁPZ6shZK+Y*>V[4bo[@R"C-h&Sbh růTYD@Qy^+ [t(t EMR$Q:?dt֖Y^nJ]Ei  llHlpBwJjgkbF{҆dsAM"N;~'>wK 3K-;} Eih@] 힊07fTVw"T㱷Ѹy[>0h$?m+&_7[rK~I>?%0e%kE;Qhچl߶D%]c~W-U0Mηٖۺh)KCRFfتËdC8N?E:XN;n&Ya͗7.{b,":AlQA&D9F6zNiH!'p'C$٫T Yض R*~wz%ݍr Ƀ$0 %*7喟&?/y";9/ɚ l 3%x.ϕ O}PHX{2CʪGEkPW O`v6UF8nzZ4_\[T/}Ǹ K/"99ʳ V N.y闬™-#9TiQ]حc֕b[t] {N'(Uć3DLPr:dd ݗ)2 I8 9ΏJwBJM{1{=g_dw&VH%2~oGH;VG*1>[ Ӻc#86!)0AN Wh0hI?NqI}0eXh:t܂s{u53>lj<31~J_a0Rx>AӖ$ٖ)yll1QuS%r ".%u)oH¸4:+㢮*`AIS6O\VbT9Ko|9 :-2>+̚Z:Nz2dG32E&8$&v w, nԳZ,(W?Sܠ=٬-<~}- [ >OF&9SC< 3ˍr.@>"1eZE's[=5FX/caYmʬ;d ¨c0CPn\1*j:+YwDKY.@괅u`{j{ WeNNQߖwz92-iJc!$&M/A vC#JpzҠ6x+wNvTL vx'QXCǒa}r=cO'}Tb;хTr3 1Q L"YV3Iye?TUenMVLHHf×O G"w#$$mB>G6WYsRG;@=D 8zӟg?.58i)<]qYf)!n>##MЫٴrZ0N|V0!Sz#+\nG А`5{y*쐼._X Y,S"glt0P 6N]G~R( dkbYno's'xɊϔW1/ >CZ69{8W*mEXpcvz&UVr;0jjێW\cлV?=DV,jlW9.= _*z*eسBٝǢ*uDlO |>p"K-d j[d zp/ rpXZ/C} ˀr9ށbq~>k߂H"3H"Tx>;~S49Wa_oIӡ q6 =ku4$w,v+chw)sJa[y^`5.>~+zeAɁivVƸGttcO8jofpj_uq,\hCL?(!(zz(G\! I\~%,l_T2WʭFч UP<7U+B: yyDЬxO!M0feCHy,*- ;r]v,ZNrWS4Fᷳ D'ʥ-K:hz61{ &͘ܒ}T!f 3뜢KX _nS5/w $7~x *%iz4YyY`rPE[# -2d|Ih`B휨$?"1dgʭ(P̐X>6FVIk l\+0pE_j@&K˹΃&ï 7 :iA7F9d_ [S9kkY?fx nZmׯ IwPI>ҵ^Hڒfᒯx$JTr=\(-qMH05Y;Jkp+ASS3TaPJw8ZaOsR&ԥJE.-|St,@{"=>@=*&b U D2C 8Z9pn74Ov^1LJ xYbG_(Nb-L%A1%Ff @Vzw>JwQJÕ =Zl 8+>u AZҭDq~1lJə`ుnxsdDSYGq*K`ċL&M{E:(.g6Hǫ>]u#ƽNqYU &6VfbVnJ/XdW$)CzeX?/*h/zAqP)=4ԐM¡\%[D T[j^ rBD0 /3S<6?"a8rG;RL"YD1h(o )˹S?wae.S?]čͥWĻ65i90%]wZW2gg&raQHةpYa!N"*O>oZ% ^ޫXBVE'bnjNDF,kނh Jyc 0 ˊڀfS%4zr/'_4a]ZmUciܵލB&M$#c- 7ڕG̡Qd_up|hEl#5*sbhi!~6jh6gVA"`,hw,:#9G Eڱl?zu=xi/ (Zaj.Zqu$eH`O{^*Pix#@橘ccZV~Ckogͯ4 HT=^H>G >bpr1=ZT_wy -7Q,F7(sTfu=-Lܨk%߉AZ˱Nn}Usg)y&>? ɠa+B[lPv,yѽ\=u}f,!~վc$星-C01 qqDr".~QIѣ߉}Rw.D`t9\P0KH70U tu~3mCzH "g੾T ky/c4BgN۸I+5q#P"#IkѯNq(WE?3C/Ǒf(ݦp.LSk`ZǢؙB4$=8s+||G4 ѰާfYadJVLB>Dq&5V۶ćNF RG} e-=.!WsnݳC>Ds:=.$k6A芃MX:b=ƶ.Lv)jR\Σ]/C. \΍ZݝbtwM N\<$jm>ґMwTU+SVa@:ks@Bi!3$ggCOz[^Ĝv0k,6[Vd:2DMyjXB,jc\ZN#6 *im{"G~׎( A3_;ÎW'@L:)N(Ι%I&1ór0ܐ 5V8皱cOxż6η_XR9k_ $xo)\_/ V()R#T Ukt4ġ4v]{:u -ppbxM; ƭh-`P4p/O!xMꐋ_[M $o NL#96飧vE1MT;`2=ފqЕM^qE,)h&Ts~" 9𽷶{}|+^Z&-`ZS3'. mQdK4ThaW؇ ׀9e/lo%*GՅVli=bry9&I)<]OzJpap0J:)s*€:g+"7 GHec5ֹ΂ iU G>w[g?jASHY5&x9l*LT"8ݳM-Ħ8'=fk>r#2R٧4OLX7RCRỤ|EuH32j<@Qs3'>HXSc  +NK9@b!P0|4Ot2tb/}k`xȟ{yC<4~}Ʉ1+3)?/14x ;ۛ[%;?N"稰\%p8} PɅI=,k6,º鄭^XB5<_^m5$9Nj a]폪m>h\`^\ҞT<$=E^XCY ke;7_!繺]v]3kN`xunQ5kG+.)m4٩=sVܲrJS שy~΃:xC Acoj@*38ь[ȧN@C:]|_C +&3; CME VELicF-;Fq~uӯAYRp![ NIc)QE|,Hηv{~USdtXo㍴C߬R:4?u+ң#rRUs3.9z 2)-n#4Nb太knE4MƘ-7jgYs^ڵ UC/ sbTdG(яOdU?3nv#ݪRLN ড়dLY}etlF U@MA^^@d=RPq,dXI acp+b3'݇P2 U  1^sG{]-],Dt:u|ڼQK#u}x{|QD C }mLY f d3LAm`ί,b3qGTd_Skp#g]4S!=+-/ JtT3eК/][M6gIyhBp[R$N~EAm\*#Wzd" [X0q7ϥw,sգ>81oy^ Kk~e*), 2 Q,\67H[̴d5ciYe;&d阳Xi?}c_*xbb_q:/q zȅ;XiSc[͠sO!쌘BevEDeR{xG3&,vi: -lcqհvUUL-Hb>U@RLRoݎFi9$NޅZG8O&eoؖ:+ )<kk%C[zV* moU uz[Y|YJ]mn)obsY[R Wڕ+je9%ѳ&gq(r"c=j4_3FE&H=ҥ0yn|/Y6uZUf kĊww)\[ITp40Jťsչ_x-P=[^ADtyz "Na;8o 2Gb[G2-)e5l7Js0lqbj%aS|6&z {ŗ=)j$3l%cߔi1ُ3}y_|| zBȠm& `CZ!7G՘A($_t:onuY(/$D5I֚jA.n}u*%m,9ώb%br#fvd!8C/Wߑa5CKaDuY$K8=xVsgrnSۋ^y I`*0he` EVǝor0@#z31߰w:4&wPV'Fa"9tu.'ߞqv3B4oZ G OKnOidד̸߀ސ-)9P0Rf,0%*|enF!cbB}Po˱ f+CDSw61]{;휋-@8otb _Ȏ۬qGNj.1gș3yB/7[YU7ƪ+9H|]ލ0AHyo (4.d:큽)|cx+$h,+}w@q'O?`};^gg#yd6MVA5-sp:k#Uwbsf6zCl{;jaldT  nk7-r*1YP+bB>'x&whpn~iOs}+tˀ_ͮf`ߢ-Bz 3Ř2WM3S)OU+w.3KHɝO=_&4%~rb[7<9]EVX $+8'^!0 gMh%SC7 kw)g f]:TW^쑾".<7hFFKl@Jz׳*XR@3)7!k{NfT Sw ent,Pp6(E>6鼖\+^P$HbuDb,k hBoa $a$l)&-C|b4Xx| w]Sf%Lb @(פ-G0#HgH>;$a$RrE bZQ䐃g6m[ }N,ϞQҶ0^#~>b\S`C {VCzJa]7E3kor"-r@{A9 [4W&(qI?[Gפ۔!(&2Ua]@s@QCػtWK &OR I7!VyFf(!;=1>Zi/3/1,*].`KID#ytן"/Drϳ{;\T\NcL '|UKl+"i₮# {G2aMΒ*qnd:#o~B>j8&*H{'CXτŐDJk̀ޠMf I 21F4 B:jہi>C +"M$4`Y*yߘ⁗S_/ r&ziТ&+6B% 'tEKYltj }5(mgS^U?DYn68_,KA&mk Q|\~ C&? eJkce~&l qku=DŽ6BHw~dq}7TEtXKLҺԫ=\rF?1&FQ%?Pg"DJ#* l1EgJs"m^gQ6/t5QpnA@~\AvGXtE3˙/zb[0e#[\n;- @QH㤟T{O44/˳b' ղRRM &6tSR!nDwO}AiђAPG⦜#]z(G 甿On|s(h\v,#D C?3ߓ2D,kPPâ9 N Ƌ ǭC۔WkBf1'["JT٩nMjԇ_ )Iؖ EOI|yJJ(6sk'" 7 R=7+&T? 2iwUԌKA6=E賫\k$O:Iq} 7*u w/Gt!d:B<&x)} 01lbmt\ 6aVm56Z .5զlsOhy; b UCRȉY&)oYKr8-`#S>^iWY+ M5US|\{0'tF1n*탵ҮI:Rwax/f%pmyy)WEq1sa $(^"x~y%qc`O>o0~Is~q}yv< c:Ǹhh3@e}^R^hs2`CYfб ^]J(,GӪćq'ȓ}Ϭu 2Uj͟j 7IQ'Z;մ- 1Y q*%0i,.@& sW%/IXP$>"R(a\v Pʈ zrł57|؞OoNرo5 t KcC\|f8;^I7Z4.(M !@EP cEpё<+GLa=nHAi E2gُ<@ǻhB̲xdU< v D g3TxM,HCq>&P|^ b['1Mx>0^;w<+IQ;*.SOSD(\,]6j;xk!И1ådwO#VN8 6W:tg 63zZ^_[,\3r$兯'$!bw88P}hKM(g6!sjf2u RYmr!<grVL!ฦ^^呫*sC6$T&KyB sidyj/ [~F恙zI v|C+@G,8S+XebE#{}9i=M%h\_AΕ-qsu$:BRyo*z1Rz6{r`ݒ[؝RmC(/"kI8{Zgk|Y(!=iI6 4-x&yxr=2?~7KTDWեrjƙY,1+N;L?SlD|L}CJ'J QkSAnę Whg׈^t-\}WJW@_5zFջ0^X:H7JG̮ھ̭&.S7PomOx2H wũޕj`0Z4OrP |W|"IUdAU,38ߔ<6>Ȥ_8Mj0t;-!*lܛı J1f:Bj[pn.LD+u!U>rRZwXd6b)\nUsY<̀2ӏHK tkzq3zj H_QLigcʭ_+hRۺKU|k.5Kj[O/ƣXgj*ܢC;}Er_QVN8 ۖBGJ_O~&Eҹo:枝#-PB)-QehH!Fۧz6Y])]R S#6Pzy,ٱ8#ib"il\C(5/qǎaИf򀣧UyJbɎ`7Cz6 C:ƭ݄}t6x6$N. r2RS:[pT{dWNsy0۹bѐ/˄uHǛQ6(P}C;-[F[@^4HTmG `IiR,"%݈ӗdJ_.'p}?jٮ֌Wvו[W\Ip JoaaZ13ha؊' @KmNwy(# y 6$q} J؛F}\lZy̵ڶ@:ʫ%8X]4r[0.fcG#m-JI,Q8Qe?_>xGҺV@G:j랢ƎNa3yB~KARmpHnu' :\ HS2 = oyn9cQEkVx3YfylJ'#\Z|k/Ez 0IuX$X0Xʔ$T=0`wҾˏw6yϨpСwۗW]&YKꃏ3P3j@l$|yR) #*EMRKhl4p՚vFR 4Jv1%BbF 0aK+jJxJk\A&|,[ AR%@AVN|,L؎ȿ.I_N7>2K]* 4Wo'C oO,cԒk.`8o34I UCuY^k15C&*-d݃*fP.LjOU8PO]@\/nY'Z[KF]Pê]R#R]UMb@U wZA{ǯz5x*L#`d:Pt3L5'R:FA^ oll0i{BczqqMs IOG),s D(}t%FֳwV_];x܅ 7*TqQ&V#tC{hE6Ѕwdv-D6Y3z*ˮÂ<7kn9_V FKkQuBTUԂCP'1F\ KcgatF%ej'i0 VI YZ