sssd-tools-1.13.3-60.el6_10.2$>lcT.h>2?d   F .LRXbb b hb b b b!|b#fb%P%pb&'9'9+9(,q8,x93:GbHbIbXY\b]Lb^<bdĬeıfĴlĶCsssd-tools1.13.360.el6_10.2Userspace tools for use with the SSSDProvides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP password\>x86-01.bsys.centos.org CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686+ɤKS@ |5q#0EQ;ao3] 10m:*|MHOr ?sH dC A큤\>S\>S\>S\>S\>S\>J\>S\>S\>S\>S\>S\>Vpn\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F\>F6e0820314ea3ec7bc18b1a02ec3301dcb834a52ca671d60e8bbd6e8dda29149e10acab9502ce2e73014692130c887714ab86d0c8455e3ca3c60654dd1eb87dfbcbe626e51dc7fdf478397557ae7adf0452f253bc11ddad6cb89d4d5fa8fa20087f9c819356c2781dd47f9abe0138a5b58c00d63fba576d13b27ca1040181516e865c4f8b05fae82b77e7c3d36a6b73bd717a761d707845344c65ad8b31ac2846074ea22f08e186a8f16066958ff1cb7da80f4a744e9737ad3b619beac9b0a45e4b5ce8776a762c744f1a6baae5545d31d9d4bdcfd2db99a12ee83cd804192a1a38a9daf34044a114e85b3ee4965a4712cadb8857e38b24ca88328bcdd9c8941958dbe4f10a9270f7343dd9d7f90bb6ad02b51363ea969a23b8c4282e241ea075d09230a51dde5dac102de3ec991294200bd38d2e9a330a9bf9d551d987b0697948f560a1d2c5b425b6bc3cdfb439f6ba3335a7210d772475b29fff80ad4dc2848ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90310e7998fa63a7c5fa94fe61532f72c8f103f6563c4f6881aff04fc12c72a2005ffe255bd2d32476ca4c1799d2f0880dff0d56c9346263c9b9166d402797a9597ac16cc6ef9e7cbce3b59721c89187acaf2bf74ee83b4ee16a72939baf79d1c994987c56756375b9c6ccfc6fdd8f141087f1de1a53e2cc7f9c1b8a64812a99c30c3a967ee8747393b7634a732da977cae90cc423f89519e1308b2ffd9d6500d3bce19c9a1c8d59d4467007dfa33a13148574c3b3a56d1f7bd0a5ea4d22a294cba70ab8ee6be09e55ef55d4df5462bb87d9171bb88c9255cdbff05ad1b665ae31cad39da900dd517559c2dfb31180acbf6dbf8c44cca601699638ee846f730575edb3bc87a2ed41ad0b33f8a7ddb198baf564ee3d5f73eed3645c35397882ce809f2b218af5f82c9eebbf77d4cf98c4ddf70d6c5def9fda0c42f60632f639f43d86e3546ea13860efbf7a889f672d22308aeab4854e590a851bb4fa24fc97700e90d2fac6d79054ae2e369e04a4c073e92d8225e8ab05a30acaf0b3abe8dda766545890f5aac5c6199f40080a7eeb9854fc19219f3c01f77ed18a2634b0612ab24e86b6654a933b196c491ffe8e198007de7b7fda4ccb537c9b80b72fefb55ad1535f17778e6082028bdc12926753802980c0dcf57be393e62848a083dc42727874608858fe68353c01c6d95a9faed0a088f539d649702f6a8767cae6050cf898dcaf95c6019e6d32722fd00035cea740bc4ce41bb19bb6ca38c4cfe2e0f4a0d3f33dad94c2a3f116dee94fb53ba321249f03d4cec1bcf19b73f7c078f7d1c466adcfe632e17455f2204564fc7999edcba0264521556b2977eaf32a175e8cbd234295369b56555fa293ee5e0b19d498798c7501cb0d7d6319e225eb1716ec9fc0edfaa451fcae313edcf7e91eaef9fdccdd4bf678e2d0f6641b96cc6efab26c1eea4aef71794a708908f80b961c82161717ec4d38e1071057c37899b4b3abb27f3398af40eafe3262aa2ab33feecf21cd2a580e50c3b041985d2bc82205d9274edf5abf7a81ed70904be6633dc26d7b97f4a822b314b80fc96da3397ef3dc20c0008a9232f1f1efa992089761253a0a8f95c22b77c5c08e61bb610c280853be10623c3aeb7d99a9387a928f8ab52135d04d087a014eabdb31485a16ed13014b2be0178b0c3dbda640d4d716bef05563415f80fe1b1c7e72c16cf8229195371c25b3071b8c84ded1e4e764264645e01c79ca04e28d35ec8d8a4cfe8fae48e131b2ab89b6d644af0d752da4bc9d07c7d932dcf2935dfdd1e96060a0e918db3fe6f7d997fd8dfaa45b2461800d9ad9150efca9c49abdfe42d405cff4649794bd79172b159e6d3e5c8994924c73393b0e032e3f7483f6e2e7a73dfa0d3313996e76fef64c49f786b3c1a5c4815f6067409536b15741536bc49072fc5e4e1c4619e9d46909077a1bc9e7c4fe450efdf4ed0a2dad8b909ef1d21df0d5e88eac935c9e722983bb0ff8cbf948c85031d641cad04ab8c7a4c6bbeee8fc8b54bb9da6b4c3c5046ab861e93605476aa9eaf25d4fb1ea3afdee0006ae36b8b18a3fcb1a6c5c4394e772ebf011b7c016464839f3eab352303c22eb45cceca781af6fa1b1be86f038ee0a1551c458c692a176cfb1ac6fd31854b06abb30f989f3c0c08e4efa80499446766a5877bbd79eb8364840c8d757b54fbbd6c786e22f3a892c1634f79e6161c20bd8eb2ea1815f37dc4a1a4e25d5b1895e8d1e0deb757aac8c898c2d91ae320fd5f44fe907ca0699f8b5273f5db15caabdd336024c509aaad69c18fb7b0a625e6440a939d5b597e5651b5e352d02bdae191c9386e3b979ebb52ab2c19c8ddbb9e1c70b639bee076b4cae6e33a9364ce730a767bd5ea602bf16ea511158759fe440ccd63126c792da795853c00cff6df61b615f3637088e9b73967873aee8136a57029a66ba7707710a6159290b724004daac15e5d12eb34b4354093ebe1b473de61f66330ffa712bee030d86e74250e1d8bb7209d11714bd90c6ba4bb6bafbee663c92ace0d73520617661242ceb9a20f3fb749d86862d8cc834a75d84eec2dcec4e21c1f5df89d94cc5cfca9a5ee641b444b39f437ec81a61e404175cc65bc2d095244b677dd868c382729beb40c65b39675056c207bbcc628a6f174bad6a2d8fab7af4bb505cfee2e0c474c8c8a8b5b50beed5d5a3f60b1361444e0c57ba3ff50fcc864cfec5ae128ed14f4b704de0339d2d7494974747dd3f2f9e825da1113ebe1a94b1083a8cc4ef3605a8025bc7cdc82d85f1489c4aa19354380904482d94c0d736616f5d9f6cff3c187ee1267b28144103ed9697270d1342d52267e10a705c1af7ddf4227a6142374ffd9e27f4a7efd70d905fa35863b0c85b4bc1eb96bdd0fe0b7d5e56f0a45169d89a4503003da23e1189a9cfbfe2ff00f1f9425b5a8b7fc192fbc67c4c9490b7abbf1d45b13881202e6ebff2c4f9aa93abbe60858fb3d23d6ebe40c44b74b30601af44b748967e984e57abd73c5afa1bc2913d9797201403296152bc129b3cc136d547e63c56719f9e25d26656348f8e109aff3b0383ca9907ccd3feebfd2bfafac566da7c49904719a5c1d874f70dddfd278f1667c796fb3c2c00f12d9b519213db2dda1acac178392510542194166731042f5f84c967b50add087cd806f24f2ca1208c5c685d5c88cc2f85cd9b04a5b449fdd89f2fd7648d0b68c2e74d0c7429dd38191248983152bc2d0fe5fe47e9832d526afcbc27a04c903b0f7042dbb1788ac6c5bcf6160d2ebec752292fd9d01d3de34a48da39b22919284fba837857ef85854776014c87199f35518887a91de2811e390aa23569ed3cde3e6de935c6ddaf3908d5b440f791a7e4dee8f11355be78185b97c6162290cbd2b8ecbbc6b231ae4acf6a96178dd7058caefe06d7bf9e6aa87924712ec948046d1489e810ea7bd822bb3e4a8485086ffe1fe36067571b3d8557d391565fdec1a0caa066c1ac0a2b260a150fa879cf48a50f515414444b1d2bd3c6df4968007ebf4eeb61aaf955138377a5d405bff06ea88e9526cdbb100639ff5c2c85ff8ab042cc56b4ab6a25b33cda4c8d0004e180a6a129ea909f6ea9f113b24b4e7dae0cc032a140a66d4aa6226439e643cd091e108d28bc5bdd814ec4c822299ae948b0feeb977f53bd4b10410adc4b4fffb947a32c27cf6729f50e97f8c63952065889c2d74587c5baedcbeec1a368d0ddda626a449e6dbd77e8d6805535c543cd55c29e93c688709038a4571794dec220ecd95a66d394b0c1bfd354f25906f46b7593b2db24b10259acd2957bf0cd8d4c7a46fb8078d57b9c313d582d0710c33949020cd27ecbfa2e51ba767fd99e1aa8ee5d4be965a802fa7ea701d552b9e21a4f512bec4b026ca161eca3889c6c8a0e4e2f1110030b7f2e6501fee112fa99b9e14a3224f92d7666db59e9ab4d7164d1dcb3340812c411432c813c9261d14d810f44392b38b57d7478b094573aa4e97127a9247ca47b430f4255cfd4470d52f9a331cbaa98d3477f7ff3b0d4f7a87c4672f16af2533d31633840505e97a9ce9adbda59ecea7e7aae994039eebba5f6aaf933a61184141bd06a744395ba5b4fe489171633b2ac7e9b056066b82625f0818034a016da47e94706366b72ce374f23ab9433ca46a9c0b9197b9560c30d9ffe6fa0d9a12ae5f26c93cf5da6b44f2b703465fd73ac1d6d4335440c465e5f40f9b58498ae2f16dab232c61fc9b850ec99e9aa2f6d79ce0517c0665660dfcfa9c129fe3e26e8ec465ce1270bcb6a8d2f943d32ae1b38e964ac2841143d7c4c8d1fdceb412fe00b5494c0397e4rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-60.el6_10.2.src.rpmsssd-toolssssd-tools(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonpython-ssspython-sssdconfigrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.6)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)libref_array.so.1librt.so.1libselinux.so.1libsemanage.so.1libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_semanage.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtevent.so.0rtld(GNU_HASH)/usr/bin/pythonrpmlib(PayloadIsXz)1.13.3-60.el6_10.21.13.3-60.el6_10.21.13.3-60.el6_10.24.6.0-14.0-13.0.4-15.2-14.8.0[[ZH@ZH@Z2gYyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Michal Židek - 1.13.3-60.2Michal Židek - 1.13.3-60.1Fabiano Fidêncio - 1.13.3-60Fabiano Fidêncio - 1.13.3-59Fabiano Fidêncio - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1636172 - crash in ldb_msg_find_ldb_val- Resolves: rhbz#1576852 - ABRT crash - /usr/libexec/sssd/sssd_nss- Related: rhbz#1442703 - Smart Cards: Certificate in the ID View - Related: rhbz# 1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6- Resolves: rhbz#1326007 - Memory cache corruption when rsync and/or tar to copy owner and group info from LDAP - Resolves: rhbz#1442703 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-6.10] - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1421057 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results ini failed user logins - Resolves: rhbz#1487944 - ABRT crash - /usr/libexec/sssd/sssd_nss - Resolves: rhbz#1489485 - sssd is not pulling groups in a trusted domain, with the Global scope- Resolves: rhbz#1438360 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcacacacacacacacacacacacsdedededededededededededeesesesesesesesesesesesfrfrfrfrfrfrfrfrfrfrfrfrjajajajajajajajajajajanlptptukukukukukukukukukukukukuk1.13.3-60.el6_10.21.13.3-60.el6_10.2 sss_debuglevelsss_groupaddsss_groupdelsss_groupmodsss_groupshowsss_obfuscatesss_overridesss_seedsss_useraddsss_userdelsss_usermodsssd-tools-1.13.3COPYINGsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupdel.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gzsss_groupmod.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsss_debuglevel.8.gzsss_groupadd.8.gzsss_groupdel.8.gzsss_groupmod.8.gzsss_groupshow.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_useradd.8.gzsss_userdel.8.gzsss_usermod.8.gz/usr/sbin//usr/share/doc//usr/share/doc/sssd-tools-1.13.3//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/cs/man8//usr/share/man/de/man1//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/nl/man8//usr/share/man/pt/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu?7zXZ !PH6 ]"k%w+p}:w{!zB7 0YEyЏ;k"nAOPc1B)&['Mΐg `˃DL٥*u*δVh~bMV3C6$|@-N eh>i{ w'U#T1s"Ve5#k^E&Mǣ,w4&_J,d_ s` q O| "ʣ2t{AE8S&<^P8B w[6gne'.LE8h|lgquO s1"X;ׇy.啶M͎|7 2C m FMij y #Ԇ| DR+lT=n vAl #ftG+!;kA.d @%9 HF o9]=G'1p^[z'ѩRsdfzeF.C v2{}<i3ױ[}ɣOjZDh:p1y7D #'Oi_8qpIxz,]kI.J4[*IvWA-nȬk ld6. < XoAqe.sµ.0~ɷ/ԁP'Z|V7dСGQKO)#v U_֔EN}4|s*X"3Kبiab| =~JDC 6qzUuT! ʕ~h 1J,p[a[suѧ%!޳$qs:W^)r!FUnfpRsS4'3uW/q#qϹXO_9F 9e4O̞9)*fs=ŋ1VAi~EtR'zZ @A9?%tAcO`%}–NR-9KE#6woҡkpid #>F$q <) K eZp3pDOVT =JD=". ĺ$ osQQ,Ѡ![쀝M2!p~!Ӡ3k4wLGEJ n_8V0A< byƇ}R:qf6@u --A๋6ݭ(y*db,|(9R[VRYkO;>DPYڶbA~FPJj1+.CArT( "=WJuv6cĭYp 0:z2UcCGවVC\҇IJ0{.oG]%$cgX:6WNgtu"p0Z 3;# 7Eig2JM]6įk0}{xUYQ]&r8AHЉ q4l.[!L%*R.T%`b1) Z؟LMRV6+^mT'RVd'rS/l9$AK R><h@$Xt+hO=rΆe}H` `!w@{o>$ChtR%:.!*))z,(plng[6“?XS!7m`1o9cTE!VX%Cvt8tmeI ty$eC)[Q51H q[ oI릶kHx2i9Z>th{Z =]Ni^H+ 42tH6C/^^C*zW(?6J/Q"!Z^WݫABf6$1yuQ\GlBvِ\ ?Zy7՗d!5}u3cǕnHhQ96]V1gcDZ0>fjP4L-kz/Ü3qH?xP] qc c0]$[O^#0?Z xD[NơS>,Mer6nCi~S΃4S?sttN}`>!}Rv<{i91%Upf0v2^Z~rfY-.+5mkɟYksMtOc]wOkXyV6K];h#ntBE̫Z&+A/ œl?YPtPĺ:NeiD3`b9 :RufcTEbg܁\jq| 9SءI"+ 9 @ h2'ΝL+v!8D W[R+σ n]=ea'9{%9Ã2ſ_>(GI_Aۖ_:/q{)pzZlvD=+i6zr[);7~uw#(Urey 4KjR$k~:> J(,D BwPy.wC:yDQ\tۓ;v0\eXS6~q¿4wц3ӵdyf[ bfefA_C <Òcvt.M!tO>D3G=+#jc<$ysYPuJ!ݫzW?|/9nEY3߭ڱ~^ )}Qgf E1|ypӝS` ֻl3H xBUuuǏPkCF' )ya:7"P3'Y. 6'Su~n =5SXu~FOֽCֈnM{aKK` RYxq6@Hhx$SDˏX3R<<1=@C"a"e8L5Waܑ.-DBĸ+oS`< 㖴(j@e %nRH0JRCx ^f^ϲ>վCaI%'l|P8YqWAcC_NFkي6Hɻ\;t9v750ޒ46<އ4K҃|P v8H `Qht2n(wԣɏau.=u➢QBD<jp547ycӚNՕ"~=3$KpcuBSRHIxr4hj NtplݘkȞfƽ U3PM+DlߟE/[-L]Jb>SB2Fxl7(9d=b@D,sB=)INضl.*L%\wdv'6B/o$Hoߋ0id,VLs('%f {`l`)Gxө>I7?z(х(YF$8HOǨ>!׮+tK,\d7U~Z;AZ9T߉k^,B"%5Pr <|O=u'"Wm^`,ۭ‘\kpr -a;0JQpޑ %,z kޠ >sExٙ2oaנKYzfB L:{U>L-I&]k 4P}L5m;JA; uhm LؙEҐJ 0-ՍjI^! !Kkf_6A"Vdí748m~`=a+v9Zܖ.x9=Gw*Wu2SpqI- 9¸+5'Qo2JZvr52dԯ/Fr>987)1Vvćd G ۯOƺp%*XSQšRfʃ3e#SxAC|CQwC~ N2f*mE|^ ns9mtmEBp5&ၔ+?:?bk?=Ƹ?4WeJCz]`s`gcpy\V6}XG "?:k*-IZj8TdM.̅Nǘisr2ZiXI){MbX`LhO|tZc/e! y,G,cҏXwe>\K}xْ VTp5ҩOl%0Z_Gmʒ"^fwߍrz ?34<FR0KiCcfҌOqۅz0GAx]>ߏʼnvyE[{]>]EuOJVEylqYg ~_y'ju6$l$SN6?ڜQP}#GD_!8Y/f}1%^u=edPdUQ`.Ng%eWU%LJW MhR:ɼkk,S%v2#[Xyձ7zfozjhS7k2lꓞ{S(nqt %>IAٹC gxO6u <{{ tgX, "1 dy0⡆ILRxSާ|3yN2`rl?<h;)7P}3â}y蟙ia; d">3(R @synwxj,ݱ#ΤP^/A?ĶVǦ K]C$;N9՗]gCNcᩄFG!*3² TEQG sĒi=7IWgxJQǽ^܇v;]ɞ x{'vxݖpYx6# PN܋u'=z/f*$J10@ ? ιXki\)E\P*qц/ɤQ5xLUi0HX`+Kl# !',`EEݲumyaң4_^(gUm1(X 8 A c*RX^.&v5HzSBM*TOBܔD`&L&eFmT1hx;*[y V:w@-9>ګe~QQI]˯k+? ꜰpdGxpi;Jc0ΜAqcZb !yUFv։C`T%Ϟ;z֜h*i7 |U(XgrlC64L̀Ϲ k$sߏx63>ΊV42{x&s TWx7\Pghv"^$/Ykt.6= 2$XB,s)+J %]bm6 "j/Y'y긋>FL`!nX es 9'QSN 2a#t{gh6EVf(.* ۗ4g]-LGOy 0\O#1SzP 5PЄ=89B+KHËˠĹ(;1 #qWZC)ڡv abAЍHyB%/ ?Er))^ztd/jR [~L`=nPbuX,c¾Ux'R2<.<ejUFQQAx Ug2V#pP] Q1]lmH$IzCe#hc y {x_S>MVe<`*b RƟ}##v\%AAӅh XT`-LD6̎?*쑡r(R˖UHٸog =xP> AlpqQ,ysڌr َaU#m m\d8/[Wc.$|JlxsK:EG#mK 'GdD ~ 07BfrzkkxӫbLө -P\q'QkeN&G=6AO;wJGY:k5jO%=K)/F#7f36V>zV0tqG[5XYnwO (I ƣ:+nlum AW ǯFz &X6nps"Hѫ&|g$X\]Wc8ƭX7iNuH#Iq0?BY(q쉦P9yNlbR$} ЦL;zCE|egIg<<˾t`|"I8q 蒾s!nK8+A}艉w"\~j|+ wh|Q!Woxb?~u'0Vam,J !9vXĠ\ffmDa\F'vY}WZl]]smORL,oo,:\𨁣,8˭:3ɮT>iN_2S;h_Gn|V6UÿP@H@XbLM Ajvv`EȆDpxY*(P 2:At2 ,HS?UTU]Hj8jTx2H{ 3Em~?;Q4c 2`Y11-h) ɷvһL"n\78B#Τ[ś27 &Rnt%-&JMR̖jO+G0'(TMe~Z>q^9w瓥&Z fs-=˄Z7;4tsȯ.w7 bJ*n#-dXmB˖mpH&; }Jk ^hUG@H% 蠮75s5M< T>{Grɣ^SF-C2?n۷.T'vмnLsW|mE;FbxwsGf)9>J!CCRm$ubA֯ ղ +&ݨrCz%ʇ&GyWSbŁDn1+ &DW|%ŏ)O eF` z[.+B%wx>kń~h~y'O]cԄ(s2uhs};BTj)=w=(vѪ|eԾTqA{#ӥCEI(NYSjAPO=KogCV}-$CuLc͚+ p륊$7ZR8n*T|ʼ؀5cwb]C -Mb3rݦK&M:,V\/]f+ *Sv!ګń0c6ci3ORrjlXlS !?~ pjY~)Z" LQ-鸑,7o÷<=F d&gu"LTUie"Z]Ǥ`9[t10uo_8[jll۫5 +apM&dTH18ب=Qs6?(;_ ک3P7sB$5\s4)7t"?Yqfw3,ҷʃ_Gx8s2A_$7GSܔ)oVcWUxB`C0 g!>C=YC@;ھxHX9 :Ukכ$\bf.?M9͟}lm fHL0}Gp &qȁ藾" mJ{d~.#KJNtdCf'Zey.KB@I 2Vz/) ->~Z) ۳0<m9Bt>,Oݫrm߸p%$Fu uk25y Nht$~oL!زoqHSUe*HIL0KJ$;[AQ<|*UT2QR+[~q̀3nL"3v:\Guo; '[^J⢨~FFt(`[!՚Hk[ޙ2wX"\Z !%e^eh65=Oޑ߈*ko{^C0oX_ Zs_0JodDg8>t-&+…\x.9ɦGwN4\1@qfŽ\|w~JogU2B uG"kydCO7>E+Cq!0jƩ,7)og쩞i$U >O,w#`7G,g{5]UE}YHĠNtk^&P5^1tX+rɾR)ll3-3+ $Oqu4ͧo1eM,;c}gNC8e&0hc[j4nI#qF˪>ɋ{3mIਟeƻp*.2jM4Otrz-%5Sqwyބ\Zѣr/F’1ab?8bږ&yv?8-b(Dp:XyZ!djbp,P'@5MܔtAlSSrmBpFςQ/-N[2Cz@'k1~Щ北޸4*i|a{:8{be˟99xubXcC,svՋ:@T>ne Ytz_p=n3yBUPt3b)M'h., !$ԏ2 kA4>czNOmE&.at>AE}ʜYug>#6K^X\&M9k 6~6lɬyG-V_g6$nH@k(X{NnJN3K>:g]7RR mȾes[&oZ5n9*ͺ)Ou%Dk l#ɏ`/.p<ϻ4NP&U'Uhx\=}7*.[ b<ɉ?_<)q)TH3M=B"Hl/.,(9֌"dTivNx ݕ`ch)Ŧm.,'ֱ_$ XZ8)1%kʼn*TO,S}}a\֥,d h'BGɀ.~vZ$^?*f/$vhB=MQ@Z+xMxGSoBP<=P[SbY3}@䑓 7bX& Dx1:fB7*|虵~){U3D0덪fd#$@D[k!1H`!pKoң_2V #PJL~r_j"H9}NJwO6֊SziX`?@|rA24d aSB!,EQ"|zՄqi\d\:B2sCm*L1p{*߷[5uk<Hfܧ|PKt(B3vD^)&DY`JN,1̾5Er7sl V)n&WY.hl-{nDSDĀsbp`3& x܀YK QHvƨ<Bca_+JR|iD.Z5 Oy$UrښP/њa9s4ei>hRįfue?c{S67Mta! P*Ƿ7 LuߕUv%C. A*e 5,@b\N"_cym~liw#DYdݙ|yN)!) qmJ9Ù]@T;Y;UukC.0jLa?k0yaު82DI03Q pմ`-vUxh֡4QPf3&$!z(e!|0I|s.$ެI5ChX4tSwf}fhʑs<\GhwzY\o@?ԛB ^[hˋˑõ.j_]bKc3Sի<LSϩlPG -C:U1&֞_qJ QR,~uJ=-}#k~#e*mͳT:F*ji<=Qu]VYqØϸX!DoQvOׅO9 ,vncn-L_ٟͼ?f:m3"wfH%'^k ABuYY7Vz<3-HB2b)g#}Lg+BzW܋Q =o==k t#A֘FD8o+~O|j;t_E+mgQ wQTbt&_ZgfthQŭ~gͳoX?O@yPl:ثV݉Mih= {k%+:7˰M@e0Ƀ[ ^ qT5Nȥ;o)%ShՀM&OզhdѐLLn1)̄dmWjGgZQN\'W{VDH6X?]9̢%sbԱh(҂WGN?4/d.0OY`vWG8f2I9fn=iLͦRK-` D5E&0YM+BItnpCe}gfxh 8.VOι𾵙 v6TE{l:̣ :W)1o%JVUļ @,[/[Rp M"CjkOt 9=N,{j)! dÁ^:ƯwsnX2r4 V0ÁX q,W+p<0>7d'c{tg?-`v2XR4yoG󽄷m./o/̅Iׅv8gcqסo^*,mxb}d~cC“P*(m5vA J9ge A`2 H0{K" pYE&um##(;w0Y,31a/<2ԆWO<UrUə&[%0 O2@ ^>]@dwOӾI:$xHW!c>_(v*fc9U4y5%/eDecdV =DzON}ge@A?FcP\ lZ#o:t 5aŅ%г'\[+\ƒWYl C(֫;KLFRO6r 1o1 à!&K-AwQ捓V$ AFw~5KZ2>)iZ)p٨nʟ ُt1A(G t&÷jm4Xt"g/.Q<kI' @=Lol_Њ(Nσ,|e0hmˁͩk[X*(6^!>;7mZG4AY6m.϶<1ɟ.Q[sz &u^{Vٻy; *|6 @Y˗j#>rd)lhBʤWacrg])fD9^#JURcU{bAk5~FTXI}%ɭ&ԩeJRr7Ϥ=uNh@P/۫ ht㗽^6e58[`Sƪcn@ L%fJ@H5^v'0iި[8@GثxXwžNBD{"4~rblys~xRUk#Ym8 0:Z0БAœRdV5.=·59rP'%CQ,lhxM%3G& (43"PԟpABN T-cCϱVh4BΓňz1tI_^]a5x9a1-E& d%`ڵ$ ,gaxgB$@s.r4MsZz"K6*bvG]aKkw/F!D/#P{re ~Ct[.:ԁ;.F44'`CekfE|+ w[0KH iMKƫEjl/ ʫ* d;ÐQg-&2_;=/)bLUMkv_zw=s)B=͑a\J'|lߜieXRgN&xiu:ubE!O_uB]tt" :h'C,X/!w=`3hEbyA-M=`X l`M</ѿ4SEDr5~F0LؾΘ\κ ax~qR*R`6 ^rɻO>d_AD{G;ˀq,ŞƆyOÐh=|croΘ\C:e'W2O{|4>ᥙ7 -'.Q_"GD o~F`hgYwR<Dȅб^Fd>:M%9x:k+Q|=OMOtL$L~iքf ݑF]*Nd$B\ZU"5c78f7efʔ^r0"'+|v+xS?V u!kV ,ne9WܟrvvRR;iʚ>u0,tC"V+U5ïW/6,D!U8}О 'b  $OqFVkK.awn&Lm7o)PxA!z˔o sWzwXv!)1>GD p\uQ*o[[5kp>Z5!R;$lm+=!'?7kl(X+xnq*>vC\Nn,@ԍ `}ҏ\#qTNf_1T&𚌀Ue#ߔDdgbSϓ]&Ѕ*q9MsO442z9SW-VUU6mpWz"}S>( Z \$`ftYh+?=~c48.~`;ӓ^G >|#J> u{T]"kry]0?rR8:HVo$ʺab~ZF} -;rVb~X/ ]`vF#K1n8ǒ-*?wA9 o)n;uh h?g#d|Si>c'BAUW&6c ApלQp ldcktPPf¾ Mg [ۀyБNYWL[*p`2Y>Zi dŶ$-+mR4p3l kUJ0ͣ7#!5u/7r8QXbd \љBܾ YdڼI#ұ32X 4[ ԩ县d#'gQwL*$&ks |8Ԕ?ȑ goq\vUhBj,{| 0)~{ æeoA rTB[uFe:tsFj3V&pܕzj-;fThr\y.@# )~U54,H3a*!4U/>a~!V:z>aԅ ~4~47re,Ӎt5jI<未mc 2gJѬ̬!ߌ6 q+͜ pI (~8迮[C߲%Vrr/@m4j?sW1.͌lt`D^C>2DbU9PuDS@6T2.;Q>|964H6Xm/7|v']/qaW*u&4u8DU dV;4 YiԿÆ402LC5yׇ70%7SQNzC`$LY~9JcUveK24E̦ I`)o2KϻmSTTNP[ @R/< {l xl kz iM]ӑǻYD2F I5&>U".Q2ȣiJ P[D\ 18[T[QV~9c09c;zQ&:9]ل敓3Lőg/7{Y9X͢N\xִFS@+AQ?b<ԟwK7dayDu c4Z|~7@|spKF T63DDL,J F zV > n@Jvh7y\`^<+-g&߉FPbަP',py;VNi/b`WY‰wqjz֟\"cW\wHO;3rMm?6iZ㡆g u$н]Ѩ(˾N i}SĪ (4$;h~эeX3e!K°3 }3IM.Qh7$w5gH[;GA'w Ds⺯)\9<'[ ХT%/D{CސGR 1j bL$FG?*Qc8LA W,A&cȤo{yh8g:a6da Y̼*YLM-q;koP)1kZHZeZzfxCŃoʯt&Hq6EJgIe }((MR6 2/8 TO`j9yjvү1BYOn՞W.׋&BXz[i՜B9jOt;51|=ۣ f{9RGTK>N8Z 0+?kr&dm.D'.ҌÁ)C#>S^055rP2Qe}Y߇:0=Dg&V>:.3#5Է~؆:8h԰hE\m9n#{S`PgeXߍMjY<9flncfTa̹|>jѺɆS-6Sx@=jL)ux'H݃C* F.^3*0.283.h^(^iv* B׸QrY}(؈&̲WR_PE ihuoeD/ Ta  ֒v"Vų-Qϝs:LAV!tJ| ڿzgyǓTِ( cu?#M6ޏޥEjo|Yp:+ZtavX%[9 ڿdF;:mDJ\r6Wne7m'`lm,km"(CunzVqu$Z+/J%~xfPYq79NoG(q  `:To^ٷ{%{@\Vô 4f׍|zSo1LY/{ǖ4%-LbHkQI%^?f\AW jC\WF~mz[D(I@JUKn ̋T!zv IQ6)iށQotYZ)BZ]6=dE7hgm{@dYy1r>r7Vе)m]Y&übP(33ckw΍:'oa7̶<%նu&gZE e>Tد5ějP?+  #V)KVÎ ´1ދ겏Δ&ssCGє@e$i8]/P\;]( 'LT0J#rRZ̥*βU /7q))c.\:žYٱ(oS '[Z =f>Q̧J(q+1^F*6ݝn_Y*r0v Tcr@)J8 ]w)שB0.iTMkpa!_mD;=\+e(3ΏZsS+37Bl\>֪S?_|)fLJ&/–Kڠ{e(?v 1li?J_|wuc{TYjW!:̓(cyT1}0ˬ>nv3m:":6ubtg?@D= %DtVM;K)KG41uedXX]xԜRRRۡZh &'T8q1(RUX޵f0E4eta!GܜIOGz"':˿wy8 eSО(ȉ `k}1hnb򂤳qt%;](W4qr0/׋Fa<7x3AUfM ޓFfh М!J_Jy wE5` } NΕ3:|]9J1Uy@6׺xy3ZMLyKz=a3wQXBRlF%Axy ȊnA-31*9kTq9~Wj`&2Y &Ӂ[y4r`t5edx0)DE֭ew' !H ~:$UɆ.+n ݑۺsP`(b0=*D44xTJ306jNw>88@~KuOhdz{L|:rghs87He77j%YT19Y䭮'*cHך1a0/ dvւN(aP*5rǪឞۼY4%}6މ\idሿ~q&YbuIXW+H!En[ cfX183t5{z3_VuM l;s,:u{OF_y4Jy^{xgגZjj^`t6e԰жĉrG>192Ȉq[Gݵ݂=RC^gQ8&G]N i ksT4 :waIcMQ- +м1B|&#{#$ED6@uWL/Z P)1TX+1Ai4զDݡ*Jfvz%U+ @´".\> &o7(wùOg0-dtwIPLk$G#jc;(2-~k{ۦ&d.+.xSͬl&g o~nʟlet dr1Dd5iNZ |7=W8)2vTCZ*I~ro0^@Pc`<O_l:W2ߥogtf+H8$}tTx,/y 3v\|@4$%< 5I}ŤA3I}D`/ G^O.h O41ӛw̦Tr^QzH1O*/Ҋ(56f]ɡ0h]rNFG{A'մrKw ^v2tN<\>cfW!V8f1/ϫPi;BS'۳jIھE& Qjn_凌Y"k|jx;Z&Psdܮɸ] uY{,KINydۗG1vPcmUs(oTNvzem_ܛcEtJNXlr{8j<;e9Ä#H tPU7qxt"r_P!7?dQF .CobiE(f~3#}6#Gye@0v G>4M!s_r4圫`!t\; /E mx$d&Ĉ< -k2Gz/8x a\H5 C WOl!.JDn1}O]SZrϣ70m{ŲA7]m) CG ML$qE"*KTNsi;Pb_[Q霉(4(vG7AS7m}J^>``!r3\ OA$sJiC!jsFiG/n;ZNPo7A_~*#iTMf1Bt۠gˆY;CPR%>?*|k_Zd%=~,OHZ&Ϥ3;?A1m֝WWn7+ kq@6fpZ/`Қz PJMQ#ԓv>2MLB~!O ,{ D>49i@@[F{ _쪿fc;!Af )u)#,q4o2p n.QRԎzzwtH  rxa3 #SY3cvcF(>j }!` 07Iju4h4*[͉X! bDBƾLb;ߖRjuP=qf>A+5WuYA]JFTP`1tMˮfو&35:fR,W)ߊ~r̍`˱4њe {LdH&E| XUKlKHٓsb! }],nMj>X8K 'pہc1Qy)S&Ǯy䒡zavDTNHZ$$`Mfu&<he;:~zjgS)D[(ZGԃ\G>W3g Az{x}JKR1# RxV8V{ hۢnЉ񳳚5j ˒=FHhs'HcCK\oj9H(w (")1Ԡ {;j4^9v@4=sǟ.BbcmJ.L{c]@zxqĝ{#gp5h=c;2&25beL$#7+t8[nl$ Fj=DH=Q*T͚Ψ)Y(eYIOMv7tiS}JSF4c-*#KIYR*Gi6Qrn֎u.S(.qxf-uMF#-Hu%Ȅ4aY 7_p]NMV j@?U_dC$CXZ}ҬvP|HHaɎlcs5f6"ٌ8vp($H\0ozA7*TF_^CCdC&(g&oʭ9>3{h9Becl)Da e.4| JpPՀ@989D?+R}R?RɾfM-tFfP̔YѵOލx6 N.3͏]Gs[,E:]&B`KdxF.o[h1A*dcj&=զ*o~ jag$5=Ak \()#^}XsMq͕ D[0-W lG*S;fYd˜'>qp,9/Ƈ Ԑ;r2I"~G\=@?cm[e(2I^eXn']!+ˢ3?{9^4.-Me:̦Us2&<0ɴ^Ϛ8tC&_qGωDDMC˪A' g |2R;D(?%%kɲE^Uݪi~=cLMefMZ>&D) s&5 iN 2]0?=<`Gp;W{X3ϩ̝ !n3w ſQ;ڑAsy&Aۢ5^@'e36]`7sn6:bVj;b kA*ٵi1weXvn礖kř;o3kIxjH)Ԅ, Xs&EuYgQs~blP}Z`E_ QaUOL&Rg>h`}c'r-kxkƱ}0FUE ޽" ? pҔzAFȗe8ʼnvɀ -vJvȦOE]-j^# 5kCh5"Z, 9s$ SoTl >(: +&vJ {Qk:w>2i|>r(?E(rNo6ygyC8RAo8QySXfCI@do*VۿJyaMZtPWnϮ)$A_u}>{#[;b(\ϵ81 ݠFkCid{4~;3QPS4y'X\E<<ލo1Cщg p췦Yo&axf+UlHb195R+A]d3Y0AZ(S[0FpgQ{qmx7z:]QQE{bZ5N睽ϒ'|p+1!ixtNq'JL@:y~)@lx4;S̺h8ؓa+"3 j1XٝuԠds[gR(ИeUj8oh_T*NVܽ1*īs;wqL!~fw~5|56f2e01^U]Fȸu0ZDsTm''fݞщ!k吡`[GB%T>*xe`Cie{'wPˋD.DZ%kZkkUt~>سn6ǞGbƋ?%e4"ȔE)b&&w~;W5!5,~Yz2Cr,TN m{/ R]B]kp$RzZ K,uy3G[w0 .) ײE1ڝ2ֺ=,2$jOi Äz}9 jlaH*ROQxJp$[)mH#s/^^Ő#=hMUz]A7B_{{rj⧰/`qn;n-(&*kG+ΞTɌHrNs\ֲ"L6Oy% y<.٥s>7o\@H; +I4vxW+?Fy#,\;9`P=D>Itݩ||!"MchjYٱL%rJqFI Ty.7us3Я2ǬECDDK'3 "R9 +uwWbٛ9/iSjsegƫ5d]#8m|ԨWGa \- (Λ(U0Z- rExt ځUǏNDܧsF{L:C,y)${- UWzvlx[`\˨[oxe7\a$*ĭwo\Y3qD g7%m@zk1Ϡ]xj!úl8X[L8aLI}׶s"fܬh͛Yi^ݸyy'/hJ-P\VO\zx[oϡ^w2d_1bKn>_ 77kU!ENJp# s\i`p#yB9ɞfs0t}ʾ𚫘1t\43 dk>ٸLE0Lu0!#'e`9|0i+SJE*݉|к-uMveQ/ں_=Iet bW|}s 1 5cYt{Q_[e6$Z̾ S~*H&I*cJS]WYyZyKy[ag'q)}]4FQ@mkeMtSQ-v Ai>e =m:BA|bL}/gDFw2}"i| ŭ'ޡ4&8`03N0S?q7VIG Dp]*du &Sr73(FGv]j7f?V!`%4j;O!Bdo`xGyM#g6-dMCesx?H=ضf{k)OOB]Y8 P۫OC٣Ђح4##*@I|5N-Ҍi} {E9{=LZNl5Lt|`wG 8"()nܡƲiIfΡUGAreV!nj,%ql~ әg4T~@G2/doC!D {wY2]I)϶ݜԴh"/h*}`Q0#ZgTk&& w˔?5+SKi9U!>GtB]YK"z&!ς7hܫg씫_l1 bg|Hx-}Lk9'uKھ}~++%wn&>;ɋb"UJB_ >6loJ^k?rUUVB T7(5)1YSV ϫNޒ>{"1X gAWC6voi8z\[D;?6{8қ|\'ŚDa?sCíS@ܢ=vܮW @b=ET E#|di32R[At"_Ejd|8p6ކ;ϬWlT`| Q?D/lc1 U@CXz񛴄ϣ+f$~@ ] svaE6CAyWc7AqVxV=MRFrn;TYB-2G^ļUMߺ*(F9FVY sEbnƭgϓY0w_EU7V] Dg7:,޴o\שׂ{M d#KI_j𭑞/9'ћ3n pTV nM#E#'J ϙ]Ŗ_"Lުzc$/^ /\N3)Z8ds]EZ? AdQ|T%~,ZsKL vy2.T{X[[3w;^-Γm u2WU[,閊=G#ʛe>WjL{|sԲ TZ]~  T(9A^ʀ>OFǜ<9rR 1DfOIO*VxOkD֬HEXXOfTwL3{WƍT iv ކp%VcJN7Zwj t,XIź<Қu4BK2Y:q6Ϻ-|30uCP/GF y{'pOp6 &xA3W%{̲1D8qY(K4snTVLƵ?~vMvi?# r\OajMIz⦭d1 S+<Ay,Rg*nhBo"%.n|I"G+S A$ cLAY.ouS4N鱖v9j +yڇIhlUGe;uԩ\a4X61BxtǬѫYqC AIWnazU5EnU"SFu;62GZ6 G5SV-(Ÿ4ucw J%YÃ#G 3Õ'yZ^]77vQ^gܯ)npN+EWIRt"%%}dS"n{. P-*I]?8N *Lo6[)Af1T6G܉TA=&] ![n^j7djE?Bo 3['W1+Ut $,F@)P56\}B/wA7FLdkNTt;g}(}bh7wSD|`AGzV%y_Ф|!*K#$JqV6,$}|ZEسlGD ."VW~ rЯlL5AYITnq7Z똻`wxb H ULI9G;{8]oh{x&UA[/^E u' r s6}dgqa| )n4XY^3= 9W(K٫X?ЇNܬ7$BAp *0w9,j+h ;SCթNk>g+G-Ұ\YxsP·f4 R u!A3ĵmQ(v@[D7wZm`9v|$ =nwp  \Lֺ29!>U3I s @U)>k 2ڑ(R~rtX!ctkVT՞8I !b,LovZk0kd+Qe4Zlgn%>&_ѭumkjy5E<2F[m_x].y Dâ/[X e2,#`ջ+%'9&(/EW{fdKk5,5:Qe\ޖ{H[AySWoyAt1,%X29vI%uGh@暝6[B]Xk*O%|?X/@J,gʺ|*?΅@cuo67i96Ќ fW)seIψU7-uz#QC.Ǒ{uu[ xmR[(8ؙE [}J:P!JaJD` V"k3%H T$vY@LLa]МKğmWXI6%.@C"NSj(;mlc/l=,+kԿAEd&)˔)P  °Iٖ{w֨0b̡?&ƯeڕsJvj$&ѝ08o_iŃ%{*OaWv ogV ytNgYO%$CJ< :F[yߦѳ`ZaF &+UƻO_ ?lBMj"7arJvkmlzujp"t~nP:_Qm @VGHRH6I!!^6`1m c:s8Z-CZ?Le pCVd$1V8 T7{ؤ*D#S\`Y/h9<[5˙e۬dfDµDx@֡*<B l {2ʅa+ex MV];q3Vq{Vq?)V/ji9-*i7s&t!m9/ e~VS`,> xj*Cm/ Eo"A?BN@"@crs+ڰy!LG:|f5nI7h,Rʝ~ uTZ{rɷNG\) D:OxmwR?~pkX|;C1U EY4`iqpW֪`'Ȭv|741Wm+dpcx20R=Vs^Ang>tJzB/D&% g"{NDCcdTUrDO{xm fA_0m-֧pv At}cT iˆM8ħ[;;5v?R4zH,z d/70KEhEN()qG(xeIWt!bGn.O@r}k6w;f8|^<-v"ic%CI@,E(*vՎ;BSTpU濝zᬌL=Nbfska3fu0Aݤ9CL IhkeQuL#K#e}&$9q);lvybŊ ʝX.7(kx齞fΒT-\kYSl_R=rEKe&f2e9PͮCbkcڹYv@Y ηNl gF(8 (56 nSiw\ _bW,>Kz\ZޑI9bz F]5Jܲ+^䟫4@~Q)E-נArGZL"h%BfLtRIVsf.}L`~xI^*H";3|_8)%6Fl 0:%CakT9 !RԄ]v*ĄA2b&%:ց,t_6ORY=~Gtc{:bq>YHN8%p| %,MI r.eP90u#2XBxde2rOEdAs^7I?QZQ!G$Ϲ/vT>-eužuN{癯!ۮFif vPfI =SvYeuH: y=v4U{q4* #][#1s2Sũuv>&:pABզRNI[4љҊڌ|@\IuuXrE)!A!}g@\"%*p..nGg޸B^2[%Mii1UKOs7˝lҲ͝i*='rSujEACeY4onQ9ag翸}nCY/ds;Ymj5lp]9DW?Tź{1v.n ]>Oqo7'ZJYc4zܭ700gMv擖X PMMU>TD6LWL7>m\alO^P~xߗ5*q_TOفs߄"zۆnί!;›7KI!n<9!g; Q.̒/_ h<>&$@SP 0OY4ϲ=xvl\=f$q|k?{1PFn3J(.*{IL/9j5 z:HrPFV7cQǕ[8dSyÿqz?8+Gƨx.o (|B9K{gtfFsy]6I )S>Zt68qviBD,g@*f!' 󼖋^%+dͿPAnMf_@AՉ Ȱ){4LҟE#uWomҔ_Js*[+TSh0 NpM|he&\-6cȘ C1JXa&:hF4Đw|Nk#mз} UQu I9:Q-ϒ(灐׏-D\(1!ɎZȊǣN hbo{߆ag{\*UꌌNcwZXgHDL+ϵX1{_jrؽ =w$ҷH\LrۨU|kMg8Us#[sќ4xzZ} ϮPo_ž_u[(S!\^ڼ@8$KTl/X#iP6n\VYv A-Lu?W0M7)t<O"+*'#53I^=Msd5Cx}=JGCY%-w)ssuCCy-qc\ӫjޚKQlg56LSL &?'o+9-LsT0c%inivfr^ta[}3hP)ڞEۺO%N TN̎8lõSz;+ m$!MCK醀U%8-?q[ZIcvM8ƞmNH+cl@0Щelw{RM'hIsO9+sbЄ;φ{AA=KkSKh Sn8^`QoG4DE]NN>崙*+h^DAFղ{)x7}3han3ba4P#$xO`쯆-DWXsG;_vsY0{T;*,aѝ`M;~֯Ҟg5Mg⚘(F-^ P^3״y8ǿ %>> AբT*{m@K훈=$J'_S9ysU 0Lϗ7פ@L+㸁1$\qϮK#9nVmhT5zc>z7.x8TɯIlA"jxIZZ2?gZ?oX[FSkͻSW쳜kH)8YE%IA`MrJCq]2[JwᲩlDkRX_{Mvpq{אGpQu"mVr6P5~JfoVǹl|M}z&GvZSBs(?-*IHMcC1JG:Xeڜ{]5:ܯ$U?SQ?vcY#n[^S!_T(K絍3(oqӞ} 2-UIHd\aPCk(|xS{)ץU38tch'8 ݱigpEe{zȗYk"$Pnյnl+cDC@XMg %N;^֎3Cd݅T}f'jvb=HcӥDĎ Hcn` 3O:}Mz'SՋ*SYd\>YE):bB9uu.+ЦV4He6N;(C0K둣8jčQ( EYG5E$!Tk,Y(5yIx{z;('7<3nl ;L*! H! jB#(~6xfUZ{Vv@d,DuMgN ~vv]] L] M_S|vÀa}Lb>ڛ5QPשּǬ kG^ۼqlFPZt߁Ԉ< * l O e2Qղ獰H%6ԨkՄ °q)mbsiYwU _1Ӿ`ڇ;L1[Vb'T1 1H{Ir& KWf g7}4͖5KcR؈aH o?i"O3׵ˇ v@[m&b4EYCLƴа!|3I}'~!сљ_Oʾ`Cm?@zIqSRV+zŜ:T:>R2zq\\{<qW>P/1;b(v8iٝ3cd tB(,@-tO$!OpwsSh£HciPqߕaTQ<\YfڗAesF/1 ,}ɆV*O6i(с`8ț4?uo+`O\9)1`H`6L uQ;@ "Ӕv|C7cGG?2]<J+? \9='gog.q̨a\F F9N|2r"Ch.862Q ᾿Mߡ|hWbGԂ\a/ʭLoǸ1:J+_{4//_cV9x{~y=;w]jFfVF[Zz(AM $\,/<]N&Ob],7<ʬ6*HԓM٥d` #B5\X)B,Sz؆XW ?Nj;hIpCusZ_szyE\PtD4OƵaY#@KH1K:*Dt`o YiyWS8 v$Ir2CѦ9x|j8ZЅ7P5'u,/7nNDHjGS2LW1dG%(,P ~ي⤽h+m2 dn``x5|\ѲDrR?ˡ HfЭC{2dɤWҕʏǸw?c8 "M:LwT+x]&V G^>'-PnYjڰ(V CJ[vBVn`p0491ǵ]:DKIN:P 7iOX19YJo#2ǀ E Ujŗݘ6P("S l+ ?W _;>u +)eM "ƨ*V\F Ne-x2Wܺe wTIaZ>-BdӨ \\|RІuy]xE|QR~rHD,~:_W5ڡ- wFz]h\XikFFP|rS]JCZ *͑ 1ֵAYYnͥXN,p驣Be9\2:Twqh^mX |` eA|#1U!`Si"NE_;8ﳚuIB{KrclNk)];B͟/]G-?ʉQ!U HԬ? [ iYPmX) bqEȚ5~q"j3(1aLfK`N>odFܯMW" j1rщ}T/5+H* RCί.|g"T0ёdrdHsuǢeAWXH<i<+zSOc{MwE8t8A'<_=cBz5U99t.}ߺyȈPoA_5?6r/Ҹ'A>Y|MdsJf{PnjnE6}b{JbpI?*ΧDq *~&%r)-`<>NfAWtķï6*+[q؝(}JԙDْE9)A>㶨~ދ= OAe'm"pvƑHZzg|;-F\Lxxگ'>2HEZ/ Le;b{}b 0̀D 1jxl'$z"8"n<"anOv sQMtB_ ^;غ~iu@?ȕΝTݍWW#-)YwƓ<002zFŔ;%m oI%JDVxSfGd vҐ碠~!Hqt&}ư;ӳі~GoEaKKc4. %;L&5Y|)HkZx iO{ֿ'wG!}]:iȆlPnΣQz.+(W)'o;g#.G@b Y/>n8?9+%vz]MY ?qo;(*%e49IO9m :W86d7oӥ o+=΂')5S?YxX]n [aQ&>$_P<{wlޮ^uUrNp!6KxTp1 71%`ªʎUR޽,Iź6\|_NL14, }#ZׂiōPƄfYY@9w? 6a}yՀk&貫LdKE#3h%r}57gX+V=뎄/FIK oxU XP6mwEeqpvUe#Sz[]oAm،8?\"\=GhbǢuPK@-,v ,?2f1$%lu†62PGc9i1tOpZ:ɠZV%30+1Ffeiהި(=ޒm XBvQšؾw؈vm\.Z:#fHW>~=r_nu+LN[;+9FZt+, Į*%ZOD [)3&qTPN9 Ќgx/3ZS2J=ِ(;@X'.{]/l!lxN +42J&X9FgsY{* Kxwށǔw2"h."n! 1`~#!c-Zqf&.9JҪ:'BmD*Xn1g HK+%Q[e:Я'<զ+{Լ[ m:s@,!2~mQ;[Q&j;DikoG4V?.4#O2&&Yfq1!6&ş߼Eb m_ClQ$vX4sWK9.]glk8 ĿT2C/B969 !Z ]NJ)PuS_b^ N٦sMENn Gۭg`w%S rx0`?s" qW}&8;zuk$z3S_]M6,O_n7>;7MٞIflmrwK~_g{5#$Cx>u}TENۈD_c+֯qp;9/#oQFWWm.ULd1eʹ&s< \]FGswz C)py1\BwnЊX߮fCLmɭz,Uݘ 󖹠z3QHXی|6x P}Ymg 2/-aq`r5I}\VN +`W2}|}JSw,>Jpa&1UH.(Wl!=$d6ZLXi;t]=D4rيY4Q~3/ xT`b$")Pbdanh_})M9],}E@Zk7(ZDz@pܘi(ЫsIe ~,BAE@&b_5wtᕵBэW=}Ż@F1`x=8|c8ʡ 9 ےlSlO#"^v BI*8-%""䶻Nۛ؄zAΨ+c1#9+5 e:^ׂe4[NwLNYȚ2~WuܻX؀W /= XҬ p{YJX5"5$]i4ϳiW4 2Rj]ݛj6{$83ڝ4֤>/sL]vLsP6RQ1cuJB2-`_RwLmlE^2KY&mAGֆ̶У]]fX@^ Z֥q7^~4rSv־7T?mR526k{=U`vupo8V2 C""+t]BK(mTb ӃTc3(d+@俤K8/6m_#a^jH<2%n/'rT#bD_G ցBIg`"ܝ)R=7c 0ߥտ?ǬD7-46I?MM.WqӬg٘.2dC;<F,[CuZEڐ{V ||u'a1Rqoڵy!LKnja>(H%!eN|a%̰ǵ<0HUʔMt0. KGG68Ff#=2yy"<=uDT<z׺Df }%2d5>3H-g.v Qҁ*467NB\Hl[m Ŕ8ҏÒ01xͧf%Ex 9ЍnhH +8N}u~q?1ݣao?dnylU|> ( x!nZ¡acȆMg>Y[ZĎu =iin2G%0 l_:[|yϲuBa7 hQ}`ltdK[".rL񎏘iAw5rkOT̢n.E|6 W0V{eF\8=3pu](ǐsGBT )؇rHuSJ y]clsvUPWd$D) Pv 6cP,!IBb4!tDs\f\l;l~_uJE3xNG_,+57Tp4&dZm// \l_-X%Tz0~]I0J+fA-Hx\A\f?)Mmo!k-$4 jʎtl{MG1nqq6(aѠΈà*Q]sჂ43(#rѨL4tBN 9"K{k=ʖeDSZwZ`oS6 vc]"B:QoXdU\ּHlQ%M k*g ,j<_ɵ}T 58S-d`ґ+$ _)퉬'p6zeߑb\Rq*җ+/\Qz}1׃.LKY7 nS‰R~ɒdOHJRLģxOv T[nfԦc+^Xu]!6Dhqw>>ܰm1G S()L߳[r^E; = &5q1 .YxeX^!w8L瀂j5a9YQH \1MP<7SpWiL=W{7<2*YOL28M(cYMXQQا4W9օ#(!@ l@]~QO 0/"q)|NzMgrB'km, Au' 2K>h;q jF5FokmP$w>`SjFF_njh,[R9KI@kJתLjZJFP1Q$\Pdo!Ua1$Q9X( 1(`7'^f8y&=JEHU5I1VAXF£v( ? /.>P'Lgȸ3ڀ񴷩O՚Չ_b@#_DE)h`ҁkYS΋^XIqJy,'my_+^Sd/A"+\K/8P њX~yY?#z'αK~@ߥEu=P}(w0UWBQ&?zgD,O1<ش~r7sL$Wr%Be񞃖5z\|~D]Q9n#S"OrhP#N ޹̏8 C3%U͋Z;&U'0!AU~f B&ʾiUZT=-HZL_ZH&*XDciDě6^ <#P@֓VXl+;p. }ۨ'B4<=BGqL=W8~u9y|N8DQұZKHVᕏ NZ!cR]C7o@t?&2pX_@=;rH%rCkG,a+Ĝj9|3"1r ibUz)#r e8qwQcSم |uibq5D^i PD_Sܥ`.v^ADiQ $:u5M;]V`Y.Ry0R%r­{Rabf 4q{JyC\"ؗ}WH̿ip9=%M}bmC6λKpylVԈ@`g쳆pyxN@n GlRf`Դ#eol O1ܛ!JPAgSK;^kv^T?]( "PWxGI f4'W)a}R:aQh_]CIsa4่i󾹉L֠W'yv8-1`]u?&$13LkOR D)YąՊ5 $_"CyקCU?w+_>'sAHD/ѹXd"פXom&tHݏDΙL\{4VSm0BSA„e ]`nM,Q^Y;qo(Po-!J^b,k!՚I/y —gb/Q҉4ɧW+v p9ܙp!TͬJ"Q;Y~ ᙦ Cv5dϮN^^ fye +?wjfIԾZd'# \a+cϟ#TlRqG9gӝvKqJ!V(2jYSUPԚ-WXWd%؞ 3IyJ-,0[QKҋvoo }z^qOGn[H.v V 4<5Ne\+q).T)qP~\t8j[-2R!1e=ti%Qu -;$"/-z>.;?+TQV GbZta*p $Kk3-po!>RUaE@'Ʃ͟4̻C_Bn8P "@1"j/;KunˊkG홄3-ob;MG`'UtR 13g#oMT630)o!/"mD>s^yrB&`ꪤ8"dV54hh0hm MA}Jױviz.F' 5O->q&xͦ;~b'٦V0W]B x]Qk<}8!}6Gjj 7_$D?y=@At:re.snA| ZIьFRAXЋ)1}>-S~!B$JL<#( 2! z2ݤMaWp|*nz=%cw㑛XuN.)eROۋ>HiW6 \39Xǭc;VKw-M+PrpSIE׵mp(wr6bmháMq gwIhft*F {ye=/կ8#-z:*LpCo;8bsTCp큛;[dGq (}<8S3li0w^~㨮KAꮲ j8V- _QPf>}wT<2,!JHpڽ^s{>#-ؼ}(m@Y,"eVڱוM0SA(à{Jj[Jg'K>Z@!Q0 EY]MmFpEiRl`3ъ8E?@O<Գc} t6J&*u_6&T{F.JrŒb,nQU$3;ZhAEln]pXuW@u;n =dcn%*f@(Q>4&kS׾.N+Y H1=өWU 8r- D;Xp->\0בkrSNAvs1YIQ .~h͗ !G}~'5' X/UmB-@x 3єK۵WqtؗTϹW15ǃQpKǃVyecN!Ar BTWϸ/K:Z^5T׋j2k/MVyexLcWClBMo'A-@P=-jAz<N7r?y7tޢ,"(m\x0qؤ2:SsfUu5.DM-gŏ$Jًͦr-(LϠ"ȡ>!k/ed<}'F pF ωP8}`pٵ4 ir7L-j }`Yv bז.~5+D6(1i1z8xjw'09,Zb,,it WfK)Mѵ0M +cWna\EH: a %NN ]M99iVoGz_!^+k>bqwR zIdg7ynDR/}c<<6lkF,A63_cheqkxcF"U#ch{cx'bȉB?(Ű0^wOqq 9!ER_-sˊ"+œ^(6}(qsLV4L9ςPH3)&&*Bʒ<`b2Be w㳍.Z[փ4SE)PeDaV⫨hWEY!2OS5҇X_ZETA6g!4H]Kg}f}h@_R\VпX]:\=ҵ^ xOLm B#e&!90aMOvMzlİ+ދ60xh r-P 뫰\WғKZ^WÛÌ)#3 :i3! k&W1IJZ? ct{> ;Hm)pęcRr~ȕG䩘YyXV-Dqi(̣nCf}o.cd~8\ظ-g.7J"mPXyf%Hr-GE|L5H/zPPSmI`.w^IHؠ>S`ML9ͫ nn*(Z>Y*2߲On^ ?Ow[+E'nL]¥;ZBtőq4Z=y0%NMxЪ7mb4a4xVj_prSyu @+סE>^# [ak=ᲂ CO7!7j~˩iw褀)ё 䗸. 4F$e-IpeĄgp35,)[Mdt쎆! (A2ccY6CT8qA{R-жҎTds¼ 9D W$Ks_ 't>?%o%( R#oH2 r/m;׶UϸH`DW'Vex~o]i*Ek2r"+-ݫ.;)2 <"]w0$bkoy}fvwhWtW5>ý`&h\A7i TiY9Jo :?[]4kOM0~ JPW PL!%p J[ꀴf<^F.Bqy!YזMHuZ$!tb@Yl)ou9 6jnUοSߠ&.dF}?Bl|@{"@- tEO>z%FK*d8)G3wP0}IaWqo|&EC_wp8L1  J?huB ,(VuNVcDH8RԶD^KH*ţUF=N)*eo| o!K}OZIVDN+Nק d?CQ6ڧà6QX@ ]YM b9#ga3(Og/d )`'[CW`?˵U  \D>X"zG_iSˇGHkÎ_n2DQ޳YFݜc=uä1Rsؘ),buPz~!<Y^xA2m T@NFeUVԯĻ3W@N5+%ڲ | 1˷K5deݔ[UU!Ƙ< 4 m~ W@.6˰|`,-K,pszR =f,n>RcIdu>nb}k @C:#GG>H[p9uZ,6V.og&UTzeyïëY͎w4+9;`P/ FϹS}զڼrdG4Ș{ {|>maX~]G5RUI,Bz"{N"x+1~b;bZ8oyS^/FRԑ)YfId'[Ϊ\9+0iWko:;~!M/nX  ɗ'ՋLrOqYJՌ7LzCfJǧ4`Ɖ Le%u=tj" vѨ'uԗ".Ϥ>#sW(OSR~1}BJ">29VH~Bǣ/ lGqoe!l*vjUȸ[B`WDL.7 !cI'8\nV+LF yYz 벴:OWyPf3"2n ɽ/KRQ` 嫆F]㧟tC^}35Hs闸7)tz-kpyqK0a'h :&R"TO \3Qs}k'ɯ#,~\.V̠x@-hts%9C,!w?|#VTHƏsTҠ&^1.5v̀U"tX^64>6U?!PgY1 H /qը6$aIngfIcZ VEz5l@sj.f敖& VNʀ֩a<`a#IZGWBS-T5@ h6JnSbf3u.vn@ N ? x/&PK8]4LE{wߕH%/2 9. nl6FGV7JdhDٴ(OHdg4^5]&9fDinF<r ԑ"&j"uAm-şeBh_a[Zsg@C-y%"J8XB8sP~Z]_Y~C&ApKI|ϧ^`A6݉#܊= I t|n7l!޶Do)zؒ5jD<!u'xOӪ 4_ N˚._Żc]%4ޛcA&U6@rņQ L6ʞ>; oyZmt!-ɈtAL߲[EFDt>-7R pT `ҘOOe,L)e/ ?Gh |R"Pu4:p3aG/xC*)Ti*s'hզZǗp]L!MsԏCn1/Va(QYatJ+2MT+i+SIzQ@Vє8^_gܙ[8(lTP7Ro7b]um8N1n2!|Ӌ4 {PBU%kTO;]H9+; nEc\.p>j1lOjN%b]t02M,Tlƙ!(V3ml: &TeaR,WrN!Adt-iSxK{[z3gS$?-mcv0~YEpCzO@8$^wЬ&$X,'Ja԰aSIIRq Q {"ApͲ*GE79UQ4sz̸ݧIcp#M{XS|@(T#V'H#V" n?_ɯ+W}g$$2*}./r6xcVxS-S+TjO*'B݁l|Xs/oŇ1cC\u/`x*\9X@v 罷ʏ.N:6իLxdXşAt>zpp"`ۂh 6ƀR9F]IfZWsguM&Mhj} jbPqъIz݉[gH`j-^j)I1`\@. LJ5*o³$ >PD=C|v2X?NHvQѶs[3o4R B }ˋoT^ G8~)-l ;0*ƃoDf#/H1fy-$~D-mW/A)f ,&#ENZdW~ѥ%m',ŝ}LOcT{y 5j7ؚ]/.@6Ueyr*xiL\ɿTLJQn!JGHjGFuÁ pu\%'U`DL?`~g!h@Bk Y&Mć;k/o/r-raP}O uzo{٢FInm>DcM7wdƘT?c e(; 9Vzlz}?m4>!٫ iN;( LM޷3'|vD<6ϤS,Anbx(v:1d__z3tfzfº:֞ct{-s+j" S/U=Ly@xa̷O`JL/֪nͨgzzk0~W;b8']UJuM-ʊ" Fci20zX*Xn:w61J bu#N3HZj/תjӮRXVB07Z'n"~ 3Z!5U5OsCzڥ9k%RZџ.kiɷlH=Amb'3DNsV\dE*] vƃR?ΪdT%D2uDS)Λ(Srqbjb[꜊y$tzm},WIdה9~9By ,V64Y|>ҧ1,a< .Ev痢z &m6sɵff/A#7{ Ӄ,HL,0U xcO3K l]=V]CMH(iMwm(KZbUNcz}E#fqeSP "& R~\iL[ѣD}& I^^C-$8PzOP brNY&l7Ci޹FrB>\U Bp>w7 uk h?e"$c 0ǫi Cf9* =tr(y=btnMiMȍ3xܠ>/P|67L:@Nu{Xtþ\m0+=*O~gUƗ䯦xrlcdk_l)*o'\~~FGeB*rYFʍRB13ƞ<ӝsw-d;/'dM{нlɗ0Twr #*"ao5h8lhWI,gu\ 6ƣه#9Vl=D8 .2ϣ`fH-J*ɾJ_ {7)Q 'ңDuTd_LͫQZ? 2wx&d͢àa~ng3b"swn/\@egԢ WGBQHcZq51>\ۘoe]Q0504=1L;FX.I#ڢRsv ٹ (btTgULdp[mlct{ 6}1@ ::*5omol1dXV9g:P8Qh4_DAB>)\44gPB>Hhʋu%Z 沃@CJ #m!o/A7bZJm/GRvKTy}uv,qĿNjjCP8+4[,߲E(G QBR'7\OM +zeMU R虞yrkXEC4v%?i)ЍpGbEZ\Sȥ x+Rg^ܠK&TeQ2+c'7Uա%6n(bnij#3nh[ @7b2..[ŶȾc 5Zj?tԠk@^86"aFA 7(1p| D:lN B,WB#'3H%+~OK9%,;,>CkabWs#ť}"5󲡒~lptrp>!!WLRi-}L{="\p$+U˱?HnYW E$6Y-p_q_^p8ykl[tT4_Kₓܰ eip1I ň}4Eoޣ\eWH N$&hzz_w-Ke8]_6d6n'hf7ڙTC.t}$vH96T#jSb Mɮ U81B@"vMxC]U>G+) -H;NEKT9V\>șmuVHQfAֆdte24PZ޿74JnUdt&yxˇٗaX0N_¢Rz5b]ժ]H>Xw5vؖUBCuaNmmZ_PL]"Dٿd꧘v6pG_c%a@ >2>*|KS%$P(a^t@&Y>][j` @od#VGp l XBJoK 1,c h֢.V`xв"]۵^'cA>o# ׉j󒹣]*?)-4%˺:@͠p n}W?7sajtF8x*U3 ^s|z-Q57Fp>YfEx.dºOeU5@/ɸMؓ F2&XwB{{CJu4ݿBs^avQ("± Ꙉ`Ի"ۣHŒ %"'ɖisa'6&+}B.2y|fP2 Т܋DhF=)KHEuSݢ{gDqɅq 4N6bDOۢw՝%GG{UJR9~,"Fږ\'(?U'2d7 6XyAe=g^2K>9nKxUAH؉m*DO|I0zC2 Tðs5*ƞZۏj}G* bY98ɏo2$#nNJA1iUӫˎ'=' j i5 b~i+r-E#L˹YOrzO^xi]p8D&9RIZ5m2T<$lÂ[u ~.I/ :$ HD+Be[l NC<ܨ#A#[N=ISwn:I*˪k"`3X&IGT{~iQ9aU#nW n4=]̦%n{%!$͵[߃ڷee?11񪁳q %/à͔ͦ7(jW/OeQ#]9+:grsH$PUxǹ0=C`?z gS 4}4v{ #\&cz;>h 5kro{mZ;f5zxŃuosN6  νqE*NcՑ0~-~?Wnt$C çkRR,PRn!)+:X51qI<[u +焫KTy Y2ɚOhXYTS JV1 Qt#8l&%|'}UPҌ=/*%3#ΐmw}ޗ#50GӬjrejR?Jbb 8y8I+7!~HQ^fU3?N zgQ%4kzsq؆ء6AW,aiM+Yr=) p|.u{C7f)9=joX3q\|WN#V&Jf.*;;*ERo,JM2*OŪupl𘣳`f2TG: }1T^9QX##]€T!DkԑnЅ_7NT47plԦ&&qc cuouW6ޟKpo,xI~4ld\ $`bҦ9Gb;UAC؎e$H̺O/\1ˁ?+W>И4|vѦuΔ7Ꜷ +*ҨfXD5$(*ʁ}Ӂ) RV$(rwB<XeF= G} ߷$)jb#˞Lq (򴘵:Jeưe>mb cȢkMo+"Nfֽ;g47ծD0lG,֝Ke=/e'#*ECJm`zlLZs>b| -Lswdѻe{c7F 7w=.q!bT@;\u?K7c]MdZ 8d__Z]cٲFZ-2vfN0LlUWiJUEWiGH)X W0!c9i?Vq9 +ѾnaG7xb]$׬f/eYqɺ^ c>'?md*\$(*jq=J+UJ|-845= y@4zI =gnl `~YRQ~]*r鳽 ֠~1Uam4a~16/(-CbS:M*n~FfEGQYcT<$ ) )zN2Ob8 8'Xt_$c x:fY20ģ2R/fz.uz;qV&RVL}xi6ezήKq_5P X9Tё< 9ZUfens+sX I;&dVRBvfb]e/g7^` ^FI^jb@@(e?XTكWU\=^ (q:)ۧ9T"a y !<.), Lj7#y;Au{5ǧ,q?ҡ8rdB)Z `j2@l&ZfodV;RP _a 31fϰ~px@cN~>ѯt`W]~BkMJv.ͷt\oQSR%xiQXu%5%kp+ŽtQ˪`3 _Vb/{؋QMmݙ2Ɩ9 oDž baUy[ETu#kPJa$ʈ$^8ژ b!=g/KE)^/ 'p9g[գiTXʫ'mXfԯaxa]$ tl(O9 mף (iAIrnE`#8B,jܦXŸ6`W \41vji[g(t޻ײ'R/8-"34nFßIӲ_(D 1hq`j!5e,}0lQXxzQz֦̭]B=6AUxW~T05sz8ޖ%Y^jq#0Ҫ!(Kt@nM(Ek0Z "gqGDiSUQ*M}J [O3؅A<֦_" nى;=2NAKj=xBÛ@P2Kjoq>!Qjn ;!)Gmd%Ь'ҹoMRxabY`vO1VbE`)rokH](rڻ[ 9m^HgVo0e mdQDJ7G'mܤϾuԅp!_dvZT#K8!DY)=:Py{a瞀5ŕr\ +5o<[L4e'= x, ݍ}ɲ2o0 Y>ݎ```[MwU0K./M\,gnjcgm+Jc%<.$2&+܌hx OFtjc4'ǐϵ<LWO6$9x|e@\"/<7dAJRej.;!ѨhGR74ﮮmr؇Kaŭyve\EW{Otˠ*yf| pXcLį&jj#VYq*Im]-2 A3 H,YhCr:wX>s`@.`Sj"l'9,„Ggc' d=.\ZLw -B^;'-oPQ=Ol^W /!̒n;L@U$*uaLg)[)Z*ݎdLnz\ќO6DO†@5j =xh{țc2sǐE,,ܫj J'Kz 9$ XUY>V'XԢ73n}a9|ţU#˚NHÍs=Pl> y$W"v zEg MX:+/m9@ -$IO?nȱWmDh6-S4°%ntlx+FI~rQ5e#wIԛ7ow3+4dTZ/ `a K_+X[y:(6>ݝwݼ~b^8 UF/8&=|$xӿE9tĤo5yڃ)ٕkhمclS@L*? *NNMU*e)ťBf׉t1":\DvQ^Gdv_3d׭~<D※e7V\}N3{ۿ0¥Hj]o!FNW|/Xhd,Vi(HCdupp|rWXB_kutNХbj>aBpyilTKUt?D ;I!ir-X]@XL |ݼ9BZnD^VQ{m\C?\w>DlfYYM%[hkn9g&|=V|yj5l:l[;&4 3JFl)Lg::WD z(w@AT5L-V4Q9TWwBBa{t,9"6ʔX Io$~D!KB  @Bwi_ޫ敟azM$ŀo] {2VG `v_X,Ӛ6߅ L4C1;=QufΈJ %`|B%98/|u1o{$6MHpyFBl 1 <5yETh4K W"ojgF"#5a%:BHvXe_%Rj͌+Da5GqC/ 0oSr[и4‘1HQbhtK-4LZ%'3AN[m@9*1/brŜNRXuG1~9͠3+\GGt$1Ra9C]M$az)-' apS߹H;z +&%Yg.ԅa47RN:Kب)N,HuHTX uM9=T" sz<5Q7Hnta@0:I ]ozdž8 zsF.07ѯYR}Ƭ #Ȼ)Ǵzn;( eu doJ0M:Y/W‰ x^ZrLMQ֏łFgPD,ගG!69Pc#m1eýWp(JU!;BXIXcWIJ Djbs9U D;(Q##>z u0=939)Ԉ71o2ۥdEF9feRƆhor ҹ.mݓxg,@cx %:&pI L(OǕM#mVXf|uѻv?$T.UwN|5f})KS'0!e3DtV I?#>.i1FOݭ\YWک :)Foh{مG 0*lٷ&={.߫UtUJrōe}YyWUf"t N 8Y>z{}wߎ.'ᄃiܱ>"e= 0&BMs}y"(gUŧv}aU*:rE8]mf2`GXޯl-N옥n ^=6s-m7F|g7E{gv('7u@WA"*7iPKb[B+cnb%ӻIַ:)I!ÿYrN PcYx|0T^">)Bev̙77eVW02<ȧ7roX@+#Fz/edK|DIۢ_X 'ZG"Pb:ܑԝ$S:DWEG5f2DUB$9hfBC.wb+*xQNNx:KL/A0 =ydR8=Qr$섍e V$凣RfK@"˧apȿ§Gttצ6\9jpFy&+i2?Ou[򱿯|JCDE7 O=#d-FˀJ?l6\O %mt 8jĕ|f#xBE`T+MLŜBN[߸&K\ј-Tro\Df 4\usbfP=m0` ,l[ebZUK#txlgUn;?D'&:o5j^ fMV+LeLaǘ2!(_T%j}Ն?y4|@x [/ښqp`GՁ%[T0~[_<ԏ1q܂įjAhDeDjTHkgYuoj͍!Vbnk؄n=65`1.H:NJϲ oI>h 5lj쫰 h97,SF_ۺ;Cf\ZZٓ;ֵE n\h\D^   0DdXMrh3#FY[vKe'u{tW '-,xo~T]G%wP(,fCݩ#. q$ >eWiݤXUNdzKNgǏFدnlqbR:WF&Q7:)'cfK)A 53!х9K+f&ʽ]*1v;hX>}YR,}vO ;NpF"[xƖӉSl(CYWrbJzfdУ4 ]qeƶg`: MAjӀ9gvm ,[ī`| ˗Iٞo@Ѩ+șm F=\ZaWwJ{ozO@Wx?YʲSޟeWa='sf4z 7>QrsEPhN& (Fw G }ii)E+3&#";v #er秠\ǛRw}K1''Hk&]s?}3ԱQ^rJ[ʮli|U.[K4/ < GJص/h>I(wՋM:s[]TFiW9.w@3CJm CYZMcI_2"ˢT'#v2a}( `o!'qJاt(W.iII-4Xʀ('9xQ2VwLJ5<-G6ar Z=lq?}24yn-_ZnґFIqKlv >[Fo 6 ٹ`G0Wh"@yO9Q:߱[-j&IE)9aie~6A- > oߙi*D[8"'dAI=|beFTTL~RlNM섕2xY"W ACM|n=l ~NSaE`.M| Ϛˮ(qag]So围ql>yAfߢrx[.N2]zy&y H&l£~ۿ<¼ t|xfDٚ@SY ?bZo,ؗx&\i X,r~XtުbےG|rLq~'a@Lx@cڝasxw,lmߣ-':5͜0i`$.ᎩӽMGcAR=G濙qBwTm*pݭ{v KpN̐dF-}aӆ-%M-RL]9,KȀP1gzlz~ț@qPOd(O=`za Pûn^,OmQ~;Xw#2gC/;9q"Vq6}GDb`2ȾKq$Y Ё oFj@?Ԛ y ,0% $lB J7EC*Dk3tҗjYԱkXw}V9Le1 idJFdpvNsfuWbګByF=Z$nyYHP^W# ^k_iM v \V n-ohV>~ i# QQ+2_ +=3BVwWJp!i|fe%EP* aM>u_Gw0VծZY4X9`*5=.9ʅ߁aQ:Ni_IhRXcMUyN~ͬZgiR GU^e۳t!K{i 9{zr)ִE/C#2n \Tj11I*h҂?f:A2 0H[`P$kVk/Fڍ]Po/m8AJ&ඝZ$JkPGKb0cNZjc@b@mDhFUn~TӁCBT{*-1j]jc4n: &Vk;psF+v03H\`^qD?LRiz~[{`.!|$`Q]t0d )ɯ[n9> :c.~`kiqWU+[sHs+) y,&a;׹*%t*O9%?KA/'Dh;30?80.LG+ce(C3h&>/d_"<@(3J욉j)MJ9/9ҙld2 wӑǷSGYL-="jdP]$*mrey`7Hib$Tlkr1eʃi-FӛjwLWC& 8e~fB_ߑHeG!Baa9R~B1:E5 `~0+ݪy7c#MiHFjGai%Z@,A~F[J7O&ԧ>X4Y3x#Oʉ-r<!Zx<] oUO,sG=EVOuGYȖ*=ibl20/AMv۹`yPRpK0yr">!@e֖#=ګX3U ;VzN&n9*1_g͓fy =H,ʶȊҪg" 񝈍nOY&?[hfI]^tӆ\ԁ  q{SqT*bx&hfQ6ͤ_\^) (<ɖ(EfO%ɸFp;fpgJvq‘vkw nFڹF@eOR՘/l~P+u(A2'K"wUFk_־ٴISk@z>5y Vw;қC\K@=z|/k=ix+)%DV|Yg)se,"[|b?w/Ys P2=FTeؑ::|gr!cc-NZY}Q4iy= aAEAY" R%ՖIf#O3ooƄg#Va 6?&T:3h܁y v݄Ɵ (ME>y_O3=6 ҵgfUTGG qMd'w"x/W'2JL5֊/i#g#29}zC@3=6e5D 7k]|bX6GZo &uzwisE` Ui+mW3RL؃su^v^ǽQ48Y4az;:1#F۬~LXu5[ 7L0Up;qCl[5ƽ+~VwPgHd]b!;G9=9j&M`1+0GV=c)ZE0ٛ͢?hmgc)Xve%^^}eږnѴbL̮⒲+hOo#w^xl;WܩJx1@nUyct )259!TpaU=4=) 8ʯ.j^x>5@ VɁd<\faZۻL[$Epk+v"H>YOt2sdґFs)%Vb0giwUH1O&m.$ݸ) nT1s>Qy=ϯ5zVƛJΌݥtB+\~@i_ U-@g66?aCmh yW:rx qH?b ݠ A_$=e{GvsKTxHe?3rx`+|#orf(HT=6c`r_Z S#j`\l3ꍂu0 j9 d̢LzA;≇Q{O\}C vs}NĻ㔵׺wd~YxUܮJԶOk34peVJ3)\br GcT"cO}`& P .6s爘-P%[TE5Msϟ/X],$tԱqO\[,e ?#]նs(rj_X>b*D+pE 3ȱy5%uFމIa0JU% Z^[ 5.=(N%?r_@'Lq@sn0"#\1\ K 6ΚGn PLRMtDT?5. c M<0Stm:" C[Bĩ_[׃lk~*g ߴ(3#;q\}b'W| Is.Scp`'pa_?eJq\1ܺCR۔ 5_քpܕ"Mb:A@xOj8ϕ,SJ^?^:D{Fhz >}8]3Dhe߷IV$ 1dRꗝ3$Ư+W\,PvUC#yK~2ܭ'Qbl/yL5vq^[7v*t%,mrx1Z=7-E~]qu#fGU"͵ RĀ7(H]/SFgfy^/*?c7ˏ.*$x 8\c TǦ$&SPsI$_褘vzFWt/O(q#;8;*]ǁV:_DTx}9Z,=Yg-֩q$[~I^Yy"5؈vozuST CF%"Bl5%Z$=ĭMyQmˤr[Y!xg;W|ӿy~-ZȝC)0zq,5]i>99Nf}ڪ*aG?pn[ht:~,z9#vH9򡪎*L-X{xDlQɂ@qLFEo'oj2%XvN5|Qf^BKcGҲ:1OXpf_pH)]rZV%E{߶;9.e{M;w;O^^dc> Gy2~!E dzVދcIa{!Ƌ#;6nTPjT.䁪!GBu;Mr*~1`ON(GWdaaF,n6T J ƫ9y A*Vv) t@f4YY㝗s[a.!5Il^֨:(d6nO+`XrGJtq&B6~2c$9 e!S!.bJ[!\0"ޔW D7zx&r0zCV?B#^_'eteͫ] zgR@Yx8-?RTri^N4b&̟q<'F:NF$+QP7Jr!ϱ>:q,$7[P6x.!a"wS,G/dPO`[d^}'N$}. $9)Z|dhٕnyeN 0W53SjXDdcQ_1gK550g(qV$ڬ{2քǫ81Ao +-Pj._ 12x/{#Oε!SܪoUmƆ4>Zo jYyd26uey3@BXU2q׾oHEAנ~юB7^K#ES6Y@CJXR'owe .N\ꧬqk8dԌaAYᰭ^wkFoZ0^Tg+\ۺh6ePA.5RgQRCŒv{%E?C9^M~P7_kn!yr{ʾQoJ)T_4TdF$9>tof!l.^&l] n{,e†ͽt_)ۉ_k֪}jh<\`D'V/\vmI3qh0%2@FzMĪ~\G,7gMwB'8t)#vil=WܔX \`>y\H .ni 8V5'=uVF+aP8W%TB#sSoHceBP_Rx0V"(u 8h_xt5qB/ɠKQO_ND۽! "Xcmj C= HJ\B__=(}|,`[4^P韝WkݵU\Rnux d| }}4 =4']8Q`Tށu##[tm~g ]_Ds  _e({W>[gKj/|_uX V?\ F-Ώ#fawDQ~v]Ċ;fjEN<4ٛ)̈"~g;!S'ZTl(Y!VG`mٲ"FuŶRJ*æIGem钪ߎ0cVXgaf/ $/(Aed!z&L0i2*Ź DR^bgʧj /MrՈnԁ.:R٣v;Lh򔉫1,ffYh*(ą ǸgcWKZIm|\>E5B*!]CZD>8nh1WEE(=,Vqe|@FXm|py*DPݿ,fFՍzhJv<8[MOK#Gug0JiY\8=| ;smNXmC@odoii?BEv~@ !Y)Gi)1T@9pq5CӒʦ?RЊ?q5c  !-[` ]Lmg &) .(k%¸DZ,? 'WWn:zdC)Oewh~^lŒbW |l5ߧg,،|W= 89Gv jyۡqk|j~)t磛π1aoIMv֙zu$j7r?]n;s"sPʅ=YhH glfGצ{E$B~^9>Zgi]gg ˏTӒx'#SVиe#($Z|⢦ּ鍣@ :Ԟ'Vj;Ǻxc[L$'Y"@s,-.JB\{8d,5!VZދ $MX)(5򌀷Wnpy~BFG`=zXný0sr?7~&شt+Mu)JUkU*0a25QZ=/|;M-qX^|c?Y~7,qpƾ|Eia!Ľ04.(bacF[6Ai3ØVUL9k-ǖ5h+ ၄ODI엕姸g(e4-)Jzuz[orq/ dP^bVk\r LcܯPKA Bl'j*Ѯ)G5Za ŅasP h熖sZŔFϠN19f/`SneN?Qv0o/Gao7pxˀ~Xum!eC^L?w5P7ζn+xLbP2j]Pڶ*f,gyI}7fZ=dB)`LxW2fj}@r"j3T?v?](8 Ƃ cl֖;5 s>IL15@Hz(89`G5H 'ׂ -c 7#x{o9L Nһe~ @FeOIHV9@xi '\X0|ŧ4dx<]g-HVbSոjw^H +g146b(YðXA BXe[ "|_j;+-Mi%hNn:hx㆔S~؏'k'7ojo~k+.6w5ڿwx6nDv[hAo326pz"Q@N;(&1O t0)YWRfL3PҾx*@NJ;7SE 8@*!W3YD@97 2ɿ "Jt鞉@&1?n/RYb\8][H T^zǤ(l AGlǴv+ ,` ӝ YWvwI-G`fc[Y;x{i$IV0><[/WheޱB+#g*TDɢQ ah``>tDGJV_qc=8H4%tS鱆A76Ndb(UP^??=YQFg-= 50xGzԫM6JM7:-Ӥ:\atɂtٛȔ|+km MﺹV !ұ/lWX*WqΌ\"2wٲ 2qxP J*Ntt~+Uu8FUϟSo^ dWi ՖNp=-iGX߅+;^&.{k v+]W ,8tqBӌ3YWK r3KXx?wnex v߬i0 ;-PQ=7ApiMF\\{Gc/zokyD-ed > ж[sD-tNڟZK G kH@bţ KlbN:yԫCvb%p ,ǍKUlyiuJ&UbUnZyԴ4&U&fϮOijmʧGG6dMY3\-~Vw)I*OO~SٶL`^mQs^אnQԶq*cG՟b\L т䅨Q BM3!:!fϟ$R]Զf[8 7AN=.C6JVY V|oCPփnDcToQ\~1d9aiD`|,Bu6m3ՔY:ŮR~:Bf:T^f!qӀ`(\I sZ{v+bGģ;ʾ .t(aQ e! )OC&f/6By"|62~S۰x0XTwM,oQ "i*SL}ބj>QtCY֑~l*>[ص wujH dg9\.?؂P;w>l6Yl ,rI?84*#TP8oQ\[YlhVyWƒYQ)&V7ߏs:T辵,ϰmy04:\M`tw 9f$O1t 5ӏ gbeJ 'A}7EeX DZJ1poZ'F?^пm$ %tl?Ra"jHg[`%@w[iYW[ %'ƂVŃz`'g"Q i4cz{|VYT^x՗f~,= Ώ & ms I5knu)׶ ieaqi.1{H"&n+Tlasg csqKj̺~ pʚ:1@,dgfS ShcH&["Z/PsUV`N_9et= I2T`YFq =44yF՛$ܝ3 v>X6DzΟW^"-CyM^a#̷H> tߘ,ݐjX;( IvM@Aw4Gfh }O8{F-+jI+IGckqm>C`Gp{Ơuy`*+6]=:-_F>Ns+hy$` -EW46iKĒ~fYڞr2BӶ2~  AP-J^Z\` tMk8قV5|zf٦l6,m?{ġVj:X;kJ ƭW-LUZLPL1dB8* ")rn;m:0i:̋Mkʛіxoȯ:7c?!ņU\ Djf(؄\Hdy#&iF Y&/SW/!.kX%W6 ksg g| -,Wd[ll"X$/M el:E 1\ᨊw裩r6;b$l,feS5hYMR@1= =\ ."DUK 8r#پaPC=&Jս95Ku~(V{n:/W4mupr-R1[a\|CD".-2Uܠx!TgÚDBQo.[Z,5c)qOHX.~K'}[(?c#[hqnzEN8>?;;Q Wp"}voVr5=;Mߓ8ی`I PAbkRP)7+h֏6Z tԷGrr_menurV`Zʃ6ՑGkDXፖ!/PDkN}+z-CϏ854Rq%ھ .x\q}ʭ5+/S]$aχF2)JS{ qA`PB'X$M8 x.=iN y?T0]H#Q,/tEOXNc0-07|c#uv;ÎUM8nD>oiJz&lT)mqfỵ3"K{E9PR5l^e?HM$)Y"%i! S 8d6Q0,>B]dOL:O[q)8f*xإ~`#*rRz(s \c֭G - wÝ) Jqd}Ql>Q|xuB{)lMeGdjyϣ_b#{FHR<36֎^F]G)4WSGԨ4\np &lg'2gp7Ój@ 7}_:e"IB#nkt]dt-"f {&py3 )Go``#8?XD+|m_b5"$.qzߏ~Pps_D=&As x4|9wV3{ nb)p>˞aߠQ"4dH2{Kww-?3SQpܗp8EXn"+#LD`q\Ћu 'bʩs4dԜp}= \%*J4.. W@@,툂q{)h>>3 )o$c:.?]@٨wpQja~B|݆҉ ɽ +=2t#>9&@K=BlSJF#vt^a%hnrmh qv?nQ~*#aIFՇԔ_?aW{ ^60ڒ;nw>ƷFm}s`eQSZ>F}.|jT}/!C=M̛00㗣xx 5*έT![ywFME _~埾\o8˞KdI +jjo@_Jd}qC*yJiU6w/xhzPS͛HBGANvs#0R/#Z7t ^3Yk= yK~3ވvt]wٓ=KCe 0N\u}DӘ"dX7#a贙M..9[ooŤ5=^@ 0V_BдudQ [۲̮B'| Xo_SCRsX(Xt+`8b(־BHo);!(^qtX**C|)e@A1xDX*wγaZ 31 @,NHfiNƯ樈Zy`tV;4<[0ݒ4@ȁ)T)&D_x}cehd0gQMO3xR`HxFA+t!ez]yHBD-0ʌKw7AdMtCpE%#@yMvc=J;ϡfl |:M*p}$(|/54 b5Q }!;j ݝ1%\ڕ<%[^l0M#?>vlV\ϒ Zh?DK?_\\\f+R>a}PֺڎٖJ\\]Yۏ Cu09F)AtAH?B L)-CgB&NyOY XR QD2h0UKOKh$ϛ4Yh !I-qx'촂Å*c^5"@l~hPKmӢ` ZUCVU$i1Mpirm KlW^E8MnE沓 -6CicRSor/lEO8?sw 0'c Ԓ^O%8HZ*oQ#RdayW_2>i1nr8 ԴFjj~P0ߑF $z؍ gf?QB^ypzJk$>ѕbw{'RT-'pn۳ "SɯĎAkB'hΗ1wf]~xqC ЀS߮/t.*8`sC*".+~3-qOΤ [QNQ5vzso8&%bFS>M #K\6(\aQN'`BDәXu<5M~о;e"v`,|#N3uẁ0a,V 4kwhHpo`ltbKg#wMaU-@ڠ)ֳS0hÎOh%r y"c _?+>;w×T6M*=әwRò[!h,^{)% K2,Yd?c]*RV\Idɧh/#.\O͟F~zN_it@!+?jI4NK]5Oa6aC5\% #CF'Y{ëX)WM ෴߮ j56d{0*&ꟳ,gսIVypP_) "‹x@Vý)GEYb0[1̈́_۳T, %jK#{ÒpÍK  |w_Z=KOdk g8V3ToEsike.p[ 鷪N> Zx:hRǞlDl żξ5+w)acwX;龌\t컄~ax^*a¬yjdSy{=B?俪u)cK6N$ćm?ncq kr3c/pY8wٹZ4.B?Һ_8d2q!حE` mhbpyC=p5*N D.8IuX%2&+ ɬ˩GS>/0Q-h @3AZF&eN'KR9!9GW*k.7csg* `_cXP 5֢w?{]4aq|Ș2(nZs@z`Hx滗B$|Y%"TzUZ{dI -Y)b-yM:/ &Yٜh+jMFT\ wHL*E%:|I-.;]lk K'pCfӓ*\%?#+j؁/rYQЊbiP$2iC;Bŧ"0g ]R sx&* 91tC8>FKy9:9PQ=6;OUc1N QZHF`Ilޏx"C3QqE"q Q..T6"'EIe`PY]n3< O], ]7rZ'v^@_Rs`eq;Wk)/D33J!٨9&R .za!$^vem"-vQԵ/B  t~k!,0! 0 FCc$~YH+6Q#bUf$9 Ϋ %Opӱ&~T/xOm wiHlLDHn,%;4sLxalh v_>"}b!Vk[:? R-E18MUG S|եo=.EO,߂4AҔt/cwTNұWҾ_[D2aqG * +ȣ;'Tg#i3Y;T~/Ϙ+Bgp3/xȓ^tB+Bi K(Z"#oшT?wqslCÐBϸxZ,Mv_`~yi)c@l13LCm ٲԽr( svw{NL󐶈 @nstCm?L5,a+?VzAcLʔ$iZ~[7uA4mHkCukF#i߼THNDS0#+=zylZ0= 'szԔLbHBIhY)NfwN(:? bnʴ`95Tn׬lĽ`웟YcNᲦ 0OMQ·ٙ9-/ՕPKe i &.2H]-$&pmL&`eo]C৲N}r|g3cht!,PJ0-I$l"z|[;<u>;["rUf'e_-P"9B4`˽cG؁4%2&Ke[nLtuFd1:8<"Յ a>}/jk >,kIvՇ?6:Wck!30 nmr>>#3$2:cSg +r $\^"gqv?(62[_hIxECMPybVTڕ3C+YyUoHuQA8حMBL;0)h ҵ7٥%ΦEgdnR] 5-c_נ[*&sJNTW7\h67"}ۡʐcf.6ZA_"tE[Vs(5 ?dXrfw6W6BJL$vNh7ԃ,wp`|q%^( g$B)#f9Z01v01;ABRAci7S.2hKYb]t_ J)5ռf/#+n ATa˹&xm!l$>C,LeO9>O$3SF :UMƘpB <-˖u-_,+:)u M[&Gt H#'ςV\!Ha3ŠQm7zQS&$0%bq83m,gĈ"nyR |v|ug#UyGS8:btu86Rxbݱ'GYS 1{X ZP5kq.~ҁƠm u)s,?2}=]9S[T໓e%)L.ºCI٦R^jRM7p?%,'#i~,S~W6r't c}B6zx \+rˬ ]!`}El;5?LJ#>GnP"{_;X񜻁/˕0ߝB T 36Б#Pl[DLE'n&_rT6;(['y&V:Ɯ5,c^ZZsE\7 Fp(r$d! OuIpk DgyB&q` Z 찡U$^4dؠy[!RX,yò{e{O2iťɬ<6Wk )@mR(+Ҹ;3h51 +)~4:_Hޞs#"v[G&c:CՇRq=1r]|ZYx8Dq>5ayx510#BzxgqGWsԱ f샅ښze7XNp]dMKrUY]ar㵴v4>$>7]Mn3 #'T>ܙ8x\qIz,Zѓ;zmݻ?t3|Dt7VPM%89 nHUEP\'Kt R^"COsNn:OxY´-k"^ʛJgx16݇"_<&Yfkb⎉ sriM+ iL-kS]sOnodН:Șޙ~J*.5: 7kV0,f)K >j[PTҪMCib5| b/c⊙_$ZȄtu#Z~;įBݔ͂hу\ȭN'U3n+J&X"\5[GB%dk"w;aͮd֔aZc85@y3i K6ʥffVT{g $,h?S;j.lr\q ukv;;D*2B/9骇ƃ2{XCk"ך#& !;(4,?rCGOȨY޼oݿ"TJ$FElh"xLxdƙDN7Pp1㝌yc +}[ #o;[Uƛ ),b# :s&5|3צ4kD:?&ޥxs30pAA%"ig()Sh֗[@SMij\=ʓ'GqA"H6#Y9Ut# ɲJaJyjI\t/%0aRg~yi q.>R/^#aܙCz`@%Au~|egyAHcːHLξ;g/GZ?Y X t1 =DQ΢8 Lڣ_ IYK.J9iK\drRzt࿸ݶۡ1(~(7՝)$D\`:$.QѼ*5-YfD,^zΟy51H:M| (dEQ3~֢$g 5[z; H[v)›NZ(_͋gٔp#x{#lJy6 A"ofWly\)_1 ..I 0i|T 0KMti?!62v#RmFd٤?X{y)_zOv=fWR[Pex`xIW| qQy{/.;g$54GGlQ>pzt [p'لRR ma4vieF1"$QwelV0ۋU]>69>0|j_SQy;Msw. fyzi#ޖci`)&ClJ,Ny/:p2N5fgqb64ce:_*ropֶMPF<& .w-0f &"d`+.T \ *kê?Srs0Rrk9hv 䧅=;ƭQ}p%:V6%4x(NŭhT$X5Un rK-KAxwӜ镀ug^ 5ՖdrK7[mبB-:OR^1[3F 4Y)hK1:1X{7w;|>O/I3]e-f4m,]rIR! Ply e%yon7C$l,O(3p-C}qP{{o.?Pkt{IЈ]Ғz.4(#6W}dĶu|+kR%p 1}1X,~cnoG\rL ~ZWpDqtَNL;, Y 1t=h -k{ڬXcw!U z-XnNG/|HUTd cɗ=@#ofߍґ=]|Ͱ/lZEгI86J=dor_n;"׃uJ7%;C)z5XJ&>@57/g1-O⹶YsQd Lv/O!&0]PwLQT0u=mܛ5c\$B),uDm(<"PO#Bc@B'{lpCëμ.n Pk>8:/xɈ0~+f%5aNͿ͍AiU+=?18fpUiN8m1D}PۓfQzp8zbT橐"sR0{B_8fVOϜ,?Vtiư]Ժ [Y^"ЈBj_7[N3M/N};6VShS\g.;|s4a0w>z枛@8&/H{slKw#{רзQqQ}׊OM]7B1*m @&{(¹Uc0b:}bΙ#7Y)}*9((EI=&vDrcKK2F\9DV3@}gqU[kS0Ff-88DXi h͉G,`T6Ҹ Iz } 72^x0- \:ԱGWAkEbR2hƂUJZBT"O1t=YV '# $QRDRQxōM6+>6[ůsj~$Sխ/$fqy.u_h7G|+ޥfp<(,ۑz]'BNao*_qHtnM /irMˏH@B}xhg7怡'tt't㐂w xB.&L|,!yY$Ȋ+S0>'>֫{)߮xt#Gm5n6J Fv )ݺA$Cʨ(v"V}OOSu[܀\}uuRJRtI mj([[lCb{Mc -jc̐TbS(eDZ d%@r\i88p)NX-?4L~SJ>k"/N0yAN_7l H7 2AYpk&z)7 $t8)Tpi8OI$kSPдț~]*uJ۷;LX 0P!Utg#!#kݟId-ɡWW|Q˖T׈;Em~ן##)}J/f][lr[Stj_̍[¬$ސt@LD Ghૈ)dAѤ3$6!KinHulX& CVQ0!`@/_#.$Z $j|̤6C˼e7>J#w+ÞB:DeێC1ZCJ1QlWv!](9UZNI:Mčf?kcPr,!ZFu0~XJľw/nXSsAs$и=CF1GJU10V"ܧGĸۧ&o2;Hy_RhyGTڬs"iŖS|nb:Jg&*]|nT[jŸm7fL6A7{./}+34ah E&~A. ls֝c:|ҖRB4Q̼"sO _g@} ^jڬiSq<'2D쌕H$?9]X"j|()ݦBlns#JҢ0[%CS6tG\RĘ縒;go_YіvFr9EdBMN^Ř[9{ Z/1k¡M44z!7mpu?Ru̹fRQ$ץA5<W) ^ \1kI^sb$IM(:=I!ACǾ{4-^.ߓVI-D։ꩱy16AmϊӘ5{@{ 3dfiyys8'z3 V#1V#9CTR+LGdtq J(-0ه_0acJ܎#*.8mP7^BVIf–] 4S@Yw3&h1.uq%K`ǦP=*_hv]*ņh>fzJ=GFH*ٞ6&f< @ V(eez7mL%e膱κ#lyafݶPJPa٣9BmU`iaF>1CM$njļ_bRoRāO {7 -I ͚X4q<+-~P@Z%Qx8u! ߥn>iOBgZ~RBxS1ct5vr]~\)1[g=3hS_ٲ0'fo0u9϶dļG&GAN)$f3< LIwt)ͻ!Ex+} TpH'g!^ò /c>SI$[̮X;;;9Ϸq'n{{?=ǔIleԨ`nCG*;ş_E)^)tO!7 숻L=6E~J8I Kvk_N% W+p㊓;A4 7`zaBSwlE,Yʖج,Hl&7w $_=.Fq-7-&vZI%p#mג@;6ih)g6A$>Ο9(fݢ0K'hi`[.n!OUÙndN|*f8.ۜ&϶˂{Miyj)eM<ɯawU &feƔ18G;~(0ADUng,}'Ҽ vğ>R92%z*'2N@H ֺi ,zu* o= $3Wn5ܮ Ґy3JHTDF%7FC^62R]`t-2xrF.8Y VGjiʹmz۷|ܒD&8oqLN4~nw9_T\eIj=B2QFY5r&(z")ՅyC暍i LQ7<)z6v ǵ%4HVϡlF[YY9ߔ/ "yaomw=6 Cz tm0:kS(Wؒf<#'p1fD=,tOW&;Fr˙dSzx8 ٦ϫׅv!a*PBM@32i_}d,' q8`[ 82%=z^dfZ-SQrBr*-O! 28.?ީDs8ȥm05B+\ݏnN͈=B|f>z*y#~Gv'fS˫Wxe46h2cVI# wJ\6%(8[~Bpju+տva|֦X ZF$7!6`DZs΃ T[+~,9G60rU{u?.>b!,C+c^ b8k_$ XX{r2/1fn_To'i++A<Y֮`/8қ2 җkXh/t}R_@ɠ&_+a)AЦRW7+ȹEdlUw5>|퉈p%L@9mXՏ@<::|ABFOX4J/([0q2W7 7qAr-R[grD)@dNGSU9NHiʬHz#Pq&{w_z B0(NLBK*ځ?&S֜SU qDT֠ ZkqYF?iyo}Z+u(o߆ZWsA%w&j_bMe$qˠN. eDo"?[|C cvtlO8$*:0M!=8wQXm49Mͷ] T\Η#j5Up<~͎[!%=Օ@}S;'UR}Y/+m̏$R253{K!+Xv/Gak:Do x<>MȾHm/]IhfVxTaQjQ Z7K )*NiTփKUs6OQ"g8sunJ.7@<\cY &c2_Q*dOC]!M"sg$j"nTn@D )ږ;'8y߅ >U%4}.mmXa&_d[ެ=txj:G*$(fc<0*m;w_a<\G RGǕڙhKP<"_sɱ%(bNPP5lhk<).jlX« ] iBg| aڐzϱc Aȟ!]pY6:A&QnOFϤ\%8'$7pjKai'Jgٔ.[pD+8o)ۘB>݄4+{sG*m_rd%bѡ?;$ސ;NeCqaV2OTAP7[iC҇*91/Fգ(}QOLdEeC0a182!@ۯ wfvx3Q3WgYq>w!ȟ{Uz!l.PM N+ʯ %>*T_ZO5V.^oK,?sNDN0 91G&oVsqb^X "~_ӂ7i#<YFb+?EEY!ݖkR%93U{e{29n&g>e۾n xBꊐǣ Ҥz^&hs- + 6=aDXA@e;:0k՟;ѮA?Q=gm_ (~/lQ{˴C/IC\WV,Auc\XڊQ8΢LcMޟ qP D%s {U]a鑧'q} qMuJu$#S y+_K(?s+7gq4jN" x#SҭA#@%FꃃJ~cAdv-BLzvbK'xK=qpmq}~~W!2F͓be,nZ' ]ؽ9H"<Њ' ķG-#s/z0G2hEr>yO5P{!Y~BU^q/\Cp| ﵜ̗%=9]o%&E[;aB pҕ~ Jb`ob?)k됕tJ2UPc#_tα A&da3OΧ^Io`dA'.j 4.; C_ 8YrI*N?&-2}ޟkR!3`]b۳ «wW"741U[V垬SRsH]gԤs9#d}YZ%!} ^@)vA* Oļj6eR1V$EQd.h˜ !t[V_Eud`qb{ʹjP$_)?OPBKYZV+u6ѵ(׫c8T&: .F갵#Y$S;tvfv*ޅaH /Zx,Dq>8+>kŅ"/JLsFy ְ1`bJt>G+Dbx-a, ڡX86Z@!h=$I]W8♿:)$A?"jI md0 ?'[ naB) J~fUj?M%,8)غAIǪbsF6fL8Bmt+F7Z̪2Sb괈h0ZP0Tu62S H TH$e/[UZ6AФCjZ뷮ZYh\k,)%}h`XAj7UgAa~R’PlbuػiZ&򪮱" :g,YY͌L\i&zÐI0mg/SBIQX}\(g)Oݨ_)q$_t wT1B0Wadb7!:f^B4GH.#p,VPIVX.!c=T@Z+)/#Kһcy)C7(u\s#1{sQxhf 85m~3Tx =RwF.`lP1zw;HO~9Ÿ(ϬpV=nȘq Il.na†r: EĶML4 ܮ={hc@O(Q(xȊޞQ&4+)뷢UFjGL涜֐UwOv"vZ0'tغFKr;h¥x&~'6wm.Rրw>Y_r zBC=D;5p@{6n*lF^l`.0I5ێ`6*wP@O:QxH I86côF)yj$RhotQ8p4Em1CwMJ[C9ETg)/S;>*++MK*sٜ;M &*ٝaXnv}2Qy%#ޞn66F$ NA 1<kLN4oOgZpi˨)pzc8a=/OB9|Ss=SRSZ !8^Ҁ\wEMgv)XDiX1rLz GŇ-p.a_7/oB3lYKuSzl d/L CAXsb}s<#Fl0BQUg3>ȦbDجԭL/KH{ t0aʧuM<ݥ%@y!cj[@8aټu7'5gbO,}¦Rԥ7w ,^v _ZTcPGT؁<4:~lYŴ`::#1]C8]-Vƞ {e[~ ϕHߛdIHc'R=™_[fNTubnE-2~7bp"u4|!Y처CJ0{L+&{Lz˧ķ˗ W1VCk{,w?oPuczl.FЬjϡ>Y$[Z $.D$IH?^ ޲گ!{\oSS`+]_k9cZEC,I'#5Ժt3w9HPoA+-HrbmW6POx,O}y6сf3,3EFpD+ӨE:T"x`ȔN-Bݪ_!%HP~vGYz71L󜝏^5֟d.ZcCxyNzS65*HoW@kĢ&o(~텱0_haJf?L)lHbDH)^3/ȗz=^} ):Jכ3uakHOa!ך}y;%BwjҾ%0=f$C ~,4] I^1FKihUk;N`DV5[0SSD7r#t]ONg#"璡gʯm w.۳C!TI*`M?sʯ~rF# "O>[.zmAU ͏8G$},!d>X f]qR߸H_HҐw?]T)N<|.#sRDƪČ H@5޾9T{4U\"h|,] (n8EÉUު wo~=} yt>tƋ]c-Mq(;tukaul$<s;dd.&)ͥ N\2&S~K{[þ[BJgo!x2CQۨ0x8*Ym ^c[}[O[7H%҆XLu?k$x{ƿNa}oq9$*`07) П ^$-mERpPgdL!=/y_/￰+=#;˹!fy`nD*ImS遴Q&_T$2+id" MZebxo{pc P:fLy0C3.y!7j!Y`(M<[vnVйL]$ɧCQ<aVT@ͮ&WtH-l:aMFvk8W px."fR&-:5,\߫Yo5%ʂ}vn#|xάIXMY 91ƘAqB-`aDw&)MѸ &ٕPT]a 7#*rg_5oH;ldVp<C &i,tw+w2̔'W1Zx3\Ka'ם-( ESp%/L"#(צQbc(8zsjjS.HM1H&94pNts|#)[q$Y1ӌXA~XF(4L~<u2ڭ^ 6cAݜHP[Ru~xW=Vmɵe<QG:!, =0_})FMyq1G%.xpl`/ ^.xЉKF }jr)ݎ\E誤ǀSCtĄ?%j`vAFBX4}__8 Ghy;J.wm&UT9Ž=nACg@Gcv5Fnq$No" 5Jw ڲN̖WB8Y.y( g?s sFe>"! 3$V>4tmOMUJx5f]9UM}v[(;0xSs/߅qK76`_E?LVvBתּfĔy 2}ۉq K<S~]q!ڏ2IJCYPH LItbh,/`]ΑZ[/زr6rLr|%9.jfa(h3gaЍcPfVcr[J/`ߢICaZx`sS(hU "f."wL/C$pW? N{ xl~1Œ D[fmW2?ɠuPSKZ1Wv ImZnZ2@qb O xDzIMh෴^,8B$lRDo9#oPv,:GUY3"ZE&h1FÐc{*W?I3{!ć VRO/BG1ը'L(2Hİ6M#vk ]N-uR[9!PID`!*VܘGX\ ƿRL ߹Kmp[{$uWK㉆8 {,tɐ>2ӿs7?0zX] *1.\/ms阘r*97" FQ^'0k$ ܐ"XTυ NKړ>h*K,ʞsÆ,*L221Iww?t覰 >ͨĻq"1>c/ַ1[wmv8v!ɿeK4kKن' T7s_im0jFv=OUX+R cͅċPѣLS0It5'z DܸKskG/HlUڶIdtE•Nb]v.Hߗk|QJ͚WJE}Y{#GK0-ʴv1ZQ*I1.((}u`8\\Tb Y:VLsō\1rQ+=1G8Â$vxSex3AgcxE >** oo6X0+I?:fd m644sdr2Sꂋ_+h p"AP0;J5|o2 yzf'5lmTh^g r$0GU>9C5X~Z@ֺu!c\D+-*K X,Ox_㭖Z~ZtLx6A0 HTKe,06t||2.#XO1TvPbj_ZdD Щ-W(RVY=Q˄EYbr6u%1}6?)&XllaZq#l4U@aT%?mMFxԴ37rg-#4>#O1ȢBa}SYY` wvE9TSؾ 9NU%cs'͝6\.rQ f+_a1z mNg .q>r<5V@o#,_;)0@ n%SK`5.֖3WDeῺHHYwx8K]qN) Ϧhu4d>QvԲ 5IW q̨NVu[[H] mUݽzבZh@~gM$m䗅#=A{}V9N;A[~6ϡ2Ns5$*-n,q֫Az ~ %cS  $IUqsMc!4<}Sk/~2W{lߜ z^,FTDc䃉ٔ7LA>hڧou)3E_eωi$R n.,KtP єgZ ĒG4T.zl}q{ufm04lD҉?-A$@ (*UȘ)#8? 0Pn8$GZ>ͺc ;W  sUk*,B!b`-!{i*vmMtGD֍,b|[NzIҀ[a1 s_ȧm."§3z"Ɏ* 1S u*Ί Uk[0-Q/gmd-> ߑ3p2,ci}>Uwl3(-U"/$~PJ}<s}X &ecZCGeZas>N}KlEcd3MȬ B R0E7#lkd֊n Us)કV $t=.b!UD^=-v^陼=QVT,I$&ѫkz _BNgIKJ6RNe|>И`S4߻& !r%[GV.hbaoyQ* @AFOpþbgwK*K#qRfWfKiNTi- BJ&.KY.mu74K/c ViH}ڗVv=C^}\VBY+[W_y6?̈́Qs1"jf;{ W>JCQ кzc_ȗ%O300rd|OdX/Y42̙́0If\\z\kQӐm^P ('P?VO5(}"+ѹ]~ػ"q;RYmyF辳A>cWۦ}8Hbf-]@kB=XhOal1qy]W[p Mo54 Ɇ~t戨c”}Ol <#s٥!sWh?g.m.wyaufB9un ~f[=w '͛&B>!ceںhՕT|2z3 GdS՛͚}C `@i^d uKL*HH؊uZg0Q|g.˚txC_}LP`gC㞿 &sڴW;&!a *d-t烏9zә~'-n 'Aie,T+чQIM8(p+] c+‰"`mS|ӏ)'K(e4U1 't[ۦrജ󦹄8 J$t"_ӺeVb"ɋXCuDl3$KgENy p$Nuɕ;3a,^J?Dszv"OC K ՜Yn#F_?F( f:^rHO|%FO$5鱱 T  .Tgn#ӎ߲y,i=@avJf)_Y$k R̒+Et{Tn*'Yb\Y./E+d0"mBtڳ$.pb<2*j%,a89?%lS 1X7hKQ vھwsǃ8lsY/|_hqFz!Q_p:H{LCCW$Gf9?uOSa2Lg#Dݫ=.sT,ҹ2=hi7bLzQ6 g۹L1IOb \!f:kEQ`@r'¨h:}k5z0u,^Y!hZRa1;>čJayHeF=HNMezkR_M]fC%r*}=9д01Du_ (O~bS?zm^,`~[|a6J®APm8ejz '-bg1!0#QYC'hI|pZ&<h׈)vV {0S7\[ڳ{UwwӽЃyΧl<0"]Jb1 m> *Z>F:V%730M"*Ua@/M8}N4E:lb6dψT⭘m%"/rզ"VQoK}piH(lJE//ϝ3|D-\P$d!Pj͠=4kţ& wY3Y2A-w#̈́(}]Zpr8WD02>OIu̱"i$ 6K&XiPlѝRiq7htyó7Z"%(sӍ`wJY i;M?ym%=1Jli̽{zWAnbBhki{~'C{6Pن"PB8uxD( gys=$K ÝQM@]! .a0-M! Ag(d;r.Fo9JżPYoUyE.$f0 צǔiT2YƚO{@Ng})R|v?ۋhmWR\$vU[a7R|/%?56vGgDtS"[P\o~3':fLWWV.(νrp&j6NA]uaos-a<+qYz.Od%<|吆-d0mNnK1j7kڹ:2ST湣tΧm_R䏍-s-q/ٚ!Q'BeA@Ws~bRӱH*8#c *^%QiPkP;}Zfܼ%$hyD9=Kt޸5d sR8%Wf{XotkpH^fnn,q rO= 6⑮z n#V͆tIJ.*аt2ZD"y 0*[_8| >A͵G(<c),Gʯ|[wkxe Q( ^L#p"qTbr*.=Yk9O7kDHųG}@̵ƚ}%ļh;c l+z<,ᮍ1v:; ɴy堦mlY­`1: )iQVQ~wʜ&|D](nI YhY+=`8J'i39͊ĮtOd~0=G gg}:l2,j͒U9p\V'nEg -:ࡤX*I&OY+o\>\ayM q8[:0w!bx )|9r)+_,AqŧDAm}+(5X")'Rf\C)KF:L֋b!Q+ ]%9_Dshc1,J*kcC5> dK"Yy/P+:VFU0XBONM/ 6@Yl,/)ZKi C}ֆ=T‡tTKVwՑ mZ;m#)N^|*Z,sa U<n5V@}#ڙ$tO<.=b:.g8ff_hA-!b ku:]vג_dr̔oCzU'ǺWϒgء3w@``JMb. tO$A5#><F26d$y[T&5Rp`9jɛck< :M<#/Kۃ ^&kmdCvAgl:~wlwnp|hm檆pgv?+Nᦾ)%%t0aכ[HDW|"8KL<| s:. ߁ͩi7jƕɘTEs~[u_J9fSpu}ԁZXyv3P$ /8MU %I>-jCd>Z^! o`(7y9nI2+Lj]s[s/zs,V^] y)5!FU{٘,}S {xʧv4MU]Uzcz UE{UtG G=r׋,6?[;*D?.J'7?_h IL qF|#DRwQ]zNWUUb"[P4BVjx65rNv^Ԕ!XNCd-pfC|oVޥ> D:,J-[W"EҚ%w~CͯVK\jkCݶt\`: 7AE#( 4xyM~D~Tt3@##ļJ aF{1法DshV +Y`-]Rb|{%^:koWZ ; 1IcLNM('q#$W]hâktc@mLD-Ջw̸ͧ(RUǧL MV3cT`q<,A xQzm9dGhO ׎r"{vx]/F B4Cʲ/)!gȊQbmFiձP2ITKO9>䕪ؘ&OoZ@I ??.\'6Bv-kEP735AA^iUO*tbKRUЪsc'8* 3)]#%]8pH2fXF bS/@?h|ǓTӶ=zKk1|̦Wg'ؗap0VbzJ @ hW!p} ZStzhw{,3)+aґ}\F>@X!{AIcKy7٣]`2"ɋDE8 ,gX 9JxW rffUO̩Bb0d^ hOz/Y-ysQ eo%=[CE=Y$-$Y̒N8_l7}7дĴ4FWEs?y6EqKcXsJMq9H.:S@;?(o'h2DP/I\ߊ n MLH'Z9 ǦMt,!D83}Qo#5 W.HC:IGW meZQ/|xxՆU ,ƎOz9G/ٞxsc?'XO$ ҪF</NnTxr˔UClfu1y8A51E/)$(x/ )NIW@}J`uDS8_A, ĎV5S[v bʆC);t(@^ZS}zTJ0xF|>L54e䲹x)jߨ*57=đ D&4dҕ%=npMF]Y F*g>mhC @O9x cQau-];qj4vWG;@Y.5ԘځzrBUs P4q,zJv3DI{vPUt*hk.V bJhȨx"1}I1N,}6xqӜ&ww+ rIQ2}"ϕTA@ʿya#µKX9m_X<1 |qHrf.5P$RSLIv*6oED@?qI&}Ә {LШ8ۖ/6h{"-+#q=ќFڻb|A_Gc7hv֫;)j>\ai~ 5'i8C EXFlqJp~>>"ej)!ЉmČQ|_oO~o0zޘS6v+x{_M&N0{unƾv~"tto\2Q /Hm,'Jwml8c6#׋eMWT`8 gBgo>ԪoRb/SUҫS(V&/86%>=FeWh ] :` XvF>dөI6XhPqGp};-i's6MbgsH +=є'h~:ޘhd8N"_5kܿ| N\ʍs\X9/csFD[L`򹘰8?uDˡ.Ɯjˡ7xpM]h+[eSa9–_6Aν- w:uQ͢0pB `}.o=U0cZ _uW g>Au+_8R4NAsV= mq?g0`}B鮋{a+GW4K5j Ό GvDC9[Hб2w@!lѲccl;c[ T5f\ụ@qHCkw3L)qZR!a)p+sΏ=BOYVHdn.l" ƾ2b :KjwWE HVk~_qV>hLJ2Q})XM  lJ^Far(/!(éPDէ R.aکqᬠV N #HiLHKmv {:*aTI5yUP|nkbcq-4G(V#0<1FF).rw㕎Ϝxe ~/dS,D֋n-?Sdi>:w?8 E/4b"{A3zkGR iR;ʣdN((I &s)5vZuRSeOf"g7u=HMEs9otxU8n灠c*]V&O窥#{2^-X.@Y]O BT}m"P8(۞z5ϸHf<Tܨ(j'hL7u|TIW*0ԷW;o'"EK(^"w"T|UTvriqZDfș:y:LQːɲ<#Ke)8Q:+jDa$$_)mg5ᘣ@%N(G0SQqٷ j,OyT z1 P\~p>}|1_A;2<1 ~eGխ&3VbYI`jIة Jm^iCHgߨl9K$'VZg\)Cr_ t^9 'ume ͰYNsmnS/| Jzj&KȳjK$M0KZ8mPZ"t5Y,X[;(2̹fdNX(*dP>;Q4:+Ӗl!jZ 8DV9Pª*3@J 1DFʻNeO[]߿=GjO&p˿.?91afܘScNP6)5y'_I֢$Q&x@ 1a_`&HxiZcՖ͓pH`ӻ[Fc9u'*)Xўw D2 L\~jk3N>pH]i񺑃 ?VΒ+,G!ߡ23$%08ɢ-ZZ@?jp ZJݲ0Ц%Qvma"2 5@YgfAU` ߭a;;q.|$t49; d.B 7`|UP{\9)NqBo].EZr슒1pp*P2σ r*\tD]5S86D9J/)TИȷ+.{rt[ 3kػI2#}<~K;[˹[ϫk_|0!m98Ȟt,g˛R|N^gHΜT^uC86qD1״B[ @d[c"}PE*u`-myn}0ס"h  Ya4{Kˢs<DF\̈́'e~ռJ pH8>'SN@>i`1t6kμpJ9h&'E]LUUPeU&H _/a{ὺ8q$Ns0Q~_\a ">[9 s쉅;7P+v$-E0Kh<&pau۬3Tv? +7\tG5D+Xf;Nn嵸0D H _#?X`mFcڈ Qu#l9Lb[_<HIi]%[OY<{r#nY_I.3q.7 dƉB-KX}&;Y# @*1ÉhlI9fڳK7f35ݔ`Rζ96z@FiOwXT3~_nrdõ d^SB10E8qBX>*csbI5k걍T.,<(E1"ufr:V1p4,냯.jdI,g}<22Dzd[VTnqNwRELfO Ë>TOB0Y\~^*x*?4ƳiaJJTvQ 1͐-} ZN HU.FK(96i[qCn`W/. >PПF fܗlp-8]|hSeȎc 4>f^UChH Xrf>!(@ O(Qdclv54Oj&[3N `Ыn_9z?`M}c"鴣şb9DHJ"a>Iq}C2޳I۩!\w⚊@0鮔Sfxebڸ=_̰*p >y`.-e,"s1D {.֤Jh|.;beJ DX=LS#Nn(Ù ('Ād|U!JHBb/MGOUpK$*B30~G>bAXүSɄ6|[vD}Fw4=ѾL}'T uΤMllpؑ1 e{+AZM$›hVK.\0cV:`9l%+ aGM[ݧ{F%Q- ](~۷O6cB <YxyKngO@3+QDRdh%bNb8Xzk&.te ]\6!8()8$>-tj"Y0dp/WsrӅ}Q"c!v*~wv0rDmPqe *Nf sd9'BZ5ZfTTjA q˓&\0bV)Fo$[﹕" FB\׳/!W|_Oc5?^̘F@ $u og)9ꤓ:gmϔ䚔P4.m| 3ohqd)k%8[o_zs0%5)zT8a7v&Sjʠ=Ʒayy.Yqz r^ Np=U_S? uO%tbOޱdg1-7,A?ř _?c7< fP\ykg(ܥ{P."'6f˧EM!*zR/bCA+_grh]qt'|hM_A&A"+#2=!LDPK[hcH"SC ZM)u6ߌ9a[,͒%䒮dno(lEp`ǨqdFddA9~1Hp)%-{8=NÚ45 ',2\.Eد? 9$X)"K/.貀c@w}A/ oI(\dFMQ?TfJR<-ͻ{\rȑpQP=d Dդ鳝d|VvjiaE%g<*^EF}pAbse'v.F.PXۧ n י;r70 qHzvZ"ܺZܥ_O)k JVGh{ `&'Hp1%piHWR=zpgZwr%3"QFi瓠RLk.\x-z{[ s1nM6#n! | ߻ *YfH,Yƫ/$".]l[![*>nɬplAWaS=J؊b7m)]<.k@6 NIE&Fh| at6K߶ YZ