sssd-ad-1.13.3-60.el6>t  DH`p[*= FD,.CfVo4軶&O%ΣA2#tɸhu rlj;t4>ϠA({Oսʼy/!b4jXc1AD?M.nK=4ߧx>/#KD2 (TE(v>=(@ G!߶B"5 -|_]"ay4].ͱ7J$#t]~*[NnTU}5![pܭJ v Rib/YXFÜ̗yj.uzI*Z9Mwz}1DοeWr~UB?k:BZ"kFЯU@zFs/}4]"[7גP-cU`z!daf[2M1V 9#pG8{·`^8u ^ k˻k0M1(nﴈY(=Kȝmi%L}Ѐvč|أ9.oz_[WQ^au}y6Jǯ.UZ*?v!);2#mԦMP2;xַ'hlb>5?d   4 "6TZd|     .LhAA *A   ( 8 9:fGHI,X4Y@\`]x^b@deflCsssd-ad1.13.360.el6The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.[)&/x86-01.bsys.centos.org7CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64(K'5}A큤[)&[)&[)&'Vpn[)%[)%8bb25921be3d56f002f09d86610943e5bcef1dced82b8175b2d8d43c4f3966f50eaf42ca1384a3e7cb29113915c5420e984c8813181563f5a1d0c0186af4c61e8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903691b82a0c9618281b11e4e2d98360f449f60fae9306b95d1e8f068c614c0f490fbeb908a32d32a2f1fcd160aa670032a93bca06c610854ae43686476ad27d616rootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-60.el6.src.rpmlibsss_ad.so()(64bit)sssd-adsssd-ad(x86-64)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonsssd-krb5-commonbind-utilssssd-common-pacrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0()(64bit)libcollection.so.4()(64bit)libcom_err.so.2()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.5()(64bit)libini_config.so.5(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.0()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.2()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rtld(GNU_HASH)rpmlib(PayloadIsXz)1.13.3-60.el61.13.3-60.el61.13.3-60.el64.6.0-14.0-13.0.4-15.2-1sssd1.10.0-8.beta24.8.0ZH@ZH@Z2gYyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Fabiano Fidêncio - 1.13.3-60Fabiano Fidêncio - 1.13.3-59Fabiano Fidêncio - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Related: rhbz#1442703 - Smart Cards: Certificate in the ID View - Related: rhbz# 1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6- Resolves: rhbz#1326007 - Memory cache corruption when rsync and/or tar to copy owner and group info from LDAP - Resolves: rhbz#1442703 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-6.10] - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1421057 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results ini failed user logins - Resolves: rhbz#1487944 - ABRT crash - /usr/libexec/sssd/sssd_nss - Resolves: rhbz#1489485 - sssd is not pulling groups in a trusted domain, with the Global scope- Resolves: rhbz#1438360 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.13.3-60.el61.13.3-60.el6libsss_ad.sogpo_childsssd-ad-1.13.3COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ad-1.13.3//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=genericcpioxz2x86_64-redhat-linux-gnu?7zXZ !PH6] b2u y-iSqal7 ]cBʁo蠿7g}3㮆l%XN1{Yr-6e^܎ELE=H\$0<^?MJ4>/J:8v.lWL;U5._eTU2nIP>m5薝mW) !W붝ww0LT;X*>{$D˟{JDI>Ƒw{rdyr 0K8Cq[H]Be$ hKÁ22<−$9Yw4;Qx/C`XfIPU&@;Wv%Evv P!@ bdc2PHW\25`|XEIW[;d V36۵_O?U*xB*[2Y&SI"@%ůba)(XN*Ҳõ }pU=D0x&c#M-v5DFXo:r:5R}̻&PA ?Z#gmG.T:ZOD6Btn)[q=m$R&eܸ/yϠYx^~LBC iNarzDLf9PH^~^) w)I %Ӿѕon;1=]9v#N,lṩ$ |MNpj!tibp]µ k\~Tt?" >C_oy. SO,XHp֪ˬQ7?s;cgGAøф죓a-e`,ߌb憑VblwVRڵUj3CkIh-yC %Ȉ< ђ#;΁k-HTݜB~")F/e㤵Ɠ3mP}J1kèʐ/'05T}Hez[)=I&oeK K 1Kl/E] Y jʠ 7h>YV xF_nq _ˠfq\pO *I=?RF[?)WtB-8}'7|OC(-'fm,/! KT>6dж0)p k̶m\z&ʶb&g稲7$ O~z[q].Bdvkdo@K"U\V䓎JX6(*<E^ r\C@ ؾ f!7ୈM =iw%A(eu "ip dnOZPu/HӻGqJB?]n*.Xz")>s~'5!NQ+1GXPLmEKj}lvjboOގp1^¿uHy`27D|߉, І׼{X\n{*yϰ'O`pSd/>{wӽ?" ?5<ۦ6%Tw}(\(#;Q"SjW d4F KBtq8mI fVWBN7h_ TM,vn!Dϗi 淩-Y׆}To憾vE{gO*j6N\Xk?lau__XT a7 ?hC ;A2ZiQ/_onC5{= #&"hdyS28@%$~+֋m`5œ'Pg@i黇臓-'NXii! ! (矟\ +u1KX[p㠩+P`iJ|υ5B4Ew FSWnЅ2_B`0{+c.2r MlȚ䑪6&&1>Lc{ҮUb<05j\ZBHֽG{^qS pgk!3s2J3?/=Nj,t *vtx%O%k{qj?LlqEf]Man8DTU1EuK\Iw?S $W_ŇHTa{\x8o|k,.$Z_zjf_$x.& 1W pY [:q`U6c)luQ7q.qBͪ>Gf-9X>r8!+uI.lX@B;q1#+ybZ_>'"^T_/I,Z3 /@=g!S⮓AqN, @( `dĵ! bj쌌3fvŏk>eO?@ b&2 xYO#TX%~Qm[L݃Hc(t䌸B{7 蘸bw=f[VJ]NIc;rNKbp/5M 5in1Չ_Is{|*ZT#FFٙ!u ;\7|}?YR>xJPkl9,.YxBzk{.7CQ=$. W{3Rkt4O2Bѻ X,7nWe,+&g yL%M¸<!X0(r63mܭO_>Tˍү8+ei=Y‘V;E ŔJ35W{_rJT4Iy7^DS |bvL(Ouj EI +q1vKg]5)ýZָ3(Cs#| J}ߚL 5oatpBA%o2\Bjt.ˎt JU{u.%F?=9GO+w&qyμUXaL$NAmNssnc*:Xݚへ50"}XtJivl^369Y?xqMYX)qVau]߽JϨXA_ۓdc)aW9,'w՗R:}!<ܞA`T`hE}\¶ \ Ʉ͜X~7|9ks{aAWAgPJSFmgI3ʙ7cUL)ホHNʜ^ps.9իvHL*)Q'a:n洟RmHGEy@"g2Wk;%8E;0Z8DcL@oԞqԮsݔά0}肈 a!jݔd'=~"N+3"y2<U%c֔O›qVUfذx5!$: P"o%eyYzLV_ t-P}ryi[Eʨg{ b"ᾲ2D1z= {Qrvʨ`"/ +玧X~A-qj2s19 Ya//TЄ5{VrωsA2ڟ⇢t1KQ[h+vESߦSgRx@(\z)dW: L/7Gвl,1BKi]2Į]b͜IPW܆+~KQ|Q>>ع,7ZkX|nlasI{Lsgҟ)"vO"廾V!ê;Q)ΒCfLSF@UzcJ{FOHRT9D\vRXZ됬!>V4 R#xs+ڽ(M< |ԋXq,"av1j/@ΕRe6˙Shb~_pc?36YV݀-9"- \DGI\oZLp M=0l(mMOp=*TY(Iи~ؒʡB)&qHk;#Fm\,+W[.y8Fڡg91,}BHp=mxP:"BwbǿyhC>doLIO'tͦneJyjudNzqլVbeZzY 21 X6,ce7Qq+}.9[,21ۄG VZfI5@ν|_5WD+^28.8uBy㮺O? 괐I[ckm͒" $&J㉋??j%`"*np]Ⱥ0PTt8Ԉ[7 x2 #7^$ O(A.$H~U;$n+%GĭԃE<5Dr12pC_1:#$iTƹw#oW:؏‡E})K'T!eUs|I|~dϓy4-qwK KOuo"fa(nkDiM,TpZ4P1y.m֓$%"VULȿ#Ť!g;|@qpG&9_InmjBu_> XGi "Ss5.G8ؠ1]D0uPM$3a{~tQ twz6Ej`liQ"뢭-lAB3g'јg$यOBE*![3xL9u^ 0*PRB:pNl.[%WMppfZU#x1!P`qEMu ,0{Rh)n+{ 0V$ E?3QT@g}%4 Ν6Ҳe%geٓ?`rUJ˯6ƟnR0s=hI%<̀8"*-0zzA`\5/A݂#ᔎғWM7UȖVPU J-4x_B;r7ntx8ۈ3yCz=? r%WҰiVȟS@r.u gy\PԷeL E+a ^"XӃ~(6'_n+3) 9'O/!p\LeHJ3s%eZ)́{XJ6629H0휉 `lGe[hIoV PET: h?ƺz(e=Sn=p4wW FRq4"I}0ToTn7Oϼ#fh|+q2r}m FebwꁩVMbVq{UGMqNGR9%0?`A%б$cc>ͪGS` ٹdbj~"o@۾@(=L< ƲO^vG* ҏ6WC2xDfhxӹs )\Y`&PAlk$SYBJMa+wZgfǠ,tYa655~;~au~/D"͂|FyCO^s эcրֹ') ~9 jv<nWo[x2 3c 8 yv_2pE E;qg0]Wٟ$teB1y_쐈^GLjVUZƥظ'{ATXt3)l.`'g%xo1N> SJTDrX6Hݏ4ΠkpܡzcvJZn}(J6o>Sl7VdJ'"%V\4oshVq ro&1 ~fw(xMz!--5UM٧ ":1=L<v y22_0 ŁѦXjUٕ/Y%;`FAʿc1P\Vҽ"iʺm(⃂*͜_[ѥ\ Q]bF,HH\~Bj XW`,``T OcBg);,_/^Iɡ+!ĢB-G(mDЗ}@Mbex.Kb} ͵?(wfA }vd8+pba[BHHFrVmY'd6{HvswUr /W~{sQN$?MR('>%2C ٽLJ?0ѩ*DrNcaí PIhhdyHj@h>#{Ja^KƏ`])F/6'/.?Y1Bׇ,2`˯C+${#5R(>銎@f_eB W} 쫶T飈ڐ5/yUM'*pn'e:6kb j{} ҕ'{uyZ@T끉BF4JKrz^Z./[t]\\t%EM\(Bkޡ'{{v-K sO/#i\,/Ú_[ {<ۘZxT'X{?}C.sqBz)Ru€v_%qX.<,hO2o.~9T`D2 `!W9ytj0S5Wk4Uvbb`LOs~tWC#0>8Pf<ZBpՋ/62 $x:XM^.C2LEX/B>^4%SYb&vLl?zHV/(h@l^|}߹4f-IåyM7p֩J3H)ތVӍLu)&yɟxI߂< k ی|ExqvC8/]˔/a/yV÷PQ~R3~\D?Bq|Ĉ`gQ"YDڑBp0:.H:G/cq![E u0|$$!)B/}%yAWr 3ҡ=;G%|ἵHss ?ၭNxy^O)lGqUQ^;IH<н_ ViM: ?4f~~<}jʈnq|L| !jĞ:{dR[]~.kdvU!5- yʏ(ZExyKx%ռZݠk" Mf[6TZH}fpI<',†]ss˾t;DknKۋW50a9щc,q PEQsXͺS&ʑY= O[Lrbp$% SuY0칄U٤22#;YhΤ F9Ƶ>@4iw\d#E kӳgʺ3%ܱXG\$ģSVӀ͘I ; D(ڋ]ʹm _B^ܜ5PM>E= [3ݑ[$2_Ti>V3k\_=F RP*mC ԱJo֗oXWk v<?éݬ"ѕPcu1 ^F͈rJ"09V`}ݬw6ހNJ;4Qܦ[N`fϗޖf߿y6d oTQ닁&OV!zS J`u e.N bd%cŲwqTEͯrv=^RqIa+σd{@ _8gjsս.#S6XTV餻@j#@t&sm7PζO`{ wۍY*v⸀i|?-sA?gt {Ib X"dXXL-- ʈQYҌX:ij3ՃR=ؘSʱ##,ZŏWI t*fnjϙhqg97B]7Z&.بyq5@^w!!c6lz9&[)e r[ *ZO6:}w6a mT(VIJ2O y2fs CzgbJ N^ҽ(a6C[*$Sv ={uk\`(hL χ"A&v=Bg<|VVDMYPU^:C?eޫ#å?*Z\B~S ^n,۔h0TCM̴ŮIRZO"ǔ0+,s]I<[_1Q1c)Np *d*VKle/* Z'jݢ,UBɣ3O.&"^9vW=M$%@J_޶7d7,E?S )Zlk.rm_RERF =^`VcuY*6˷i6m'1PvM>}}CbC=#*X2Wk|O}{ӑN0gT_/2㮝$; Km z l^F JH)fjq[COIcz@ˬDkM r٭\P̹A6~2%:V=ܖN%u~EL|+/t!_rCN<7kB">{-17)4X\T4riuTp}|#N 1&ς`FOD7Yn/4%tt?F%7zSF0'R_$Ooyt>T'Sa4xi|K71pe`@FXl4ki'( f])ӝ&U[&ZY/'Y/]eF+w bJ:.Q&I}E5PIgŝ ,E`pEHnM+&p2Q}igl:s, ATQ!R$l^V+e CC |sM@L/فrEc\Iql򸘏b.Qpl{wQ~(R:ɎGU\d$2s_W~9_dd\_\vP&p(FM|5ef:$ҵ)v:/̛[PӞR۾ˮ9A7 >HSsb럆T ufMRM8KcrO0 \C7'^Mb3)V +nn@+q ;0䞃rϨPB;=}!&}7t%Kڊx\DAM`w^U|Lvi𡁵 tb3Zc(ck@W8=TwԷ[CqM|Q 4|Eg^τ2ݪyވK5ux@-VdNu r "Zc ޝY㷽Ns|tet0K4i iTt2A12Ӕm'Ј 'ݵR \̼GMyY䈘l˜=`buxY1tqnC#ScGȋ*qV;d7&lPv hchEMn\LwGcM<Yҥ%D~o.jd1,aJ M'т(k^ 4*_>g@S{9H> %;[SNWEN\5ꭔdڬ(;ZQOH~Xsg,zj$ZH&ƀ~#="8OP=5!,ۧ7⫭SB$>#r)Al';m, N.Y*k]VDw]-Bz&lpX_`{mWGN~VH͟YÕ~y a@MÑ/A,b-[ d1>qTIќA;?[Yֱh\NEt'8,&[[+uEst'z5MzxD}7~d+Sݺ\"Z:_ I!;(hnޙ832ŷO#/&Fbd$CI*{[׵w*o,%Y_:S.X ∁cfԁcK3D;Mv|uPj54VƳWVA=`:,eϜ`2 %S/6q0tc\7Z#y-\9)9hG hIv1^Z ݁{qMS/3E`U{ȣݖ1^N{zM?s,e+Tñ ~9&fUV3xy䡪<m>CeWYeT2 ı)0'ؿԽ9g۹%^r,\,cX≦TZ`Yƶ<6Gn%/{|p!Wxaw듾sWY{hhfS3tuP5WapqhTnN0E^W.bd)xErexkP@Nvh WVLgx@_4t{k匡vմ۝"Eɻ }z}Y" h\krCER`ͫJTA+C{+tYVs䍤7~r"*vԨibjXOԝW Xtuqs0?Z Ć-)eMzyHB)X瀣H^cdSӃ.*sU+_X.o />9 Bi_"5{L0e4Cq;^ LKJ g9M"bxR%!h*6I!eccUGF%΁J_+8Xƞ|K]lèw'vC:J~HRb>$:6(˼R\x`}f02XqVqF%$KXO}VWE/=1er,ɃO%Ә;NV Uw1"d.J7_eP2snW?_Dsm€ڇ"|Ǫi(((|#k, uOrc|rhNVNOiM:sʯJAƎ1H r}&L٭ b~F~q6D5d_4ēEcYMt:nPQN@ ax744dX+C(†l=I$S]þ w!]]S@S*@³$ۯFw|${OSN.vT]ώrI<jrr-NdsCnl5؀|ђ Ew5&xt \({d ԃވ wJ<#Y9gB.z}mjоXIm,wg0h92Հ/UrbTJȼ$5<~7{b!>J\#S>G}o!ͲcWzoLx0#*e7$3g:ОF:*Vx0#D"hKJud,ꕴt^@C f`k8Tj }·K$EKgNa*SLWDiIlPH]nq f+4w^Lt N5 $18wά.`vE têlRw0vX\GJ]ݝZ9Q=B$#n0/] IŨ1(L$㪃uu_ƿ^CVБr!z9;bSwaIl zӮr"|l&~@B/c*F@|MkIpS7rA׏~~f*n& ,U8j=޽|&-]U0҈±PUɁbHF`їX`K5Bms&bɮ{z򪂀ҟ:Q7 7 3J6z 3=<<@t"t4^[Ɨ'dȾ*6lAIP*_6=5D#%RRNOݒ܎ $2 {qpu#^u54CnƋS 0!\K/B5i1R*qSz)8~9>ISI(m(+AV'_L.a/;K° q h;2D@dI$@`wM[= x*tzh+F`wgm=L38{TjmV"Q6\v Eb"F.rk &X)>5tI / & Yc:oHzx"1yY-C p&;צoBbG]7]8 ^A;݂黥GDi1M]^Q<2 vOE2^m\O4jsBolRٓݶ{r l_߶ͧ""1>Ń`o3(z0+Dϖ͹b9j.p^鏱 C\26{x8MjY-:$ -ɚ&槱1td!9ɢJH/)n`BY'~uܟ=)!Ezn^ K[KW谂s!Bʹ UFrwt}y4y@MЎVΞ,(Αcez+Jir4LByKQ ^9j/(W:wg[f8?-M:W9!ml*KER}fo3Pvc]'Zjz^)HVIÀ 'mZ4}I|Is9(bN+s$5gN4Rx "mLk<1;bps;re郋%nB7Vx#s!Sl&_Od.Y_Ύ_`LU**q՜@*!n7#ʰJi/SejAY]f|h `Х;0aT E8kPaP*af=]?:|N,5[W F@{rB40\g̃r苿唫PI/iqkvCBo7sASM?FhMkyjLYTcXAgF Ĥ Ru춱BdYڜp}*P@RE! _?0&2F]oox?\(pvZn,cr v{hȢm ][1,+>;7gǶCH Аv:^ n'8`,K/ ngcWAȼ[;'Rs \C C0n-TrW# $t}]o4sDoȊ f4D#18SX^bꡲ2~#QR.㹷u@*P#6q^3 DžG0/9e,i~_B]pAYyv}Hq5TOo<< y+i_2qbn;Zvu-"VH (K⭴> 5 <_D⯲u5>pTD4i_e7Li碮.Vt,,=ډpf66s( _# )O +,l''iE]%ϔ4'Gԇ9w 7vڴa !gE:j* kI\ugԖ˅\C3sI\hh țL(pl|${~g('E6nkoQSit9ҿ|TL嗤,MYNO{ qCfREtNG=*V\ƏÉ#=ExtY}h衶U Zc&7Rn†dwt5<-քp Vd{ĭ\VFS'`oXS<Unܯ3&WdMV GL0.UHHojT.Iǫ!Ť?- 3&w_}X5nZƿ}`:4!pSgO1.Vs;puѝucCu)xi؇Q`j&NP3{:.*>r"=Y'pmr ]h|J3߬6PZ/]B92Eewo sN[_O&Qm`1b 8[r - ٿ,?Yga FJ*!a?ԍ" mc/dN2jAdwS7w;[J6xJ^0lթ?uptOz{ ٚť%[BKǸ`>5ʼhR zd)UR}`gߛ(>ʛW&.|`JRՋ?4w7T_1a>WWPyzlDd_TE5?O(7sI+TtaKzU`cxƛLb^j !^m.EW5$Tq%\.Ψ͛PgB7Wz+ r(bdB/2rd }QU:"Oh&I lmQq_/sj+-p< RߤyPmQ}Do)2(&:1PLC8V'yrM8Ӂ:!6EY&׏%ha;|1oMt/BG"XMlCcoJ~fXr^*)3ڢꑅV@=/yHG tQg=|Hf}:S -fTnL_Iq7^};{dUaddJJÔ?@2OؗaOh&G1=s4'jrs얜Q `w]+Epҹ0<ї.(0-.*CE & 'v.nH%u}FzLܥ*_xi3Lbwc=/Utɋ;gnOI&KsrWp&>,uTs{_X~yNF.e0 $h~LIXSyUpe+ov|0C}7sx{T%ܔѤs3p.lIHM RBqYm:Fb>c\}NUFa2nV[Ղ~& {pa(S&-,%JRg%?Ih'SG뮒e`E$$M/Nmp\)Gb=+@K@}wc|}iJP?sע>fF )WNqӥtL]Y4&PwQv%D+yQ54F%npg !fAg89*{`c"Yh[Ne!S}Ec{C2"&6KX 'iǧt0u/mdy|q.mzQߋ;S]XD?F*n͚)v;U1uܑ,aΫ3l^(i{)"\#ǭKܗm0$(UnVF(rS.{W8;Ag8U5wQ&za#xA[OQ}K+=*@l̏P˸FS'QW |,^[3g5MWnvlG~W繝:vldjg sf&Ȧ6J-S^SwMI5''&4ړql{?q-@6mzZ~. ؓWU=bC''b8\ 6@b2J@Ƒ_f) fөXv N:ϽW^.PH* ߵ~BDRTr^, 3uM47UȍVl_G T1G8hoթ`l>:?ӘM> } [Hac_%nQI׊᧋Ѹ <):yfunǽMOP# W28]zM?q.ȗ[˺1+0c0r3^4EP- A-:bt-kN#hϻ)._ ""r>e-,rwW (4sYکEL\X{pm}G@ q>}W^ sqlPr~kP:ȥޠKdWBKT]}p1S`cp)>P&U,yۼϷxsA+-h(Y<6\Ne D-iSHШw7O7yWEq8;;ǑpDu&z S In [stnt񓟟?.fmvJ1Q]hn1-qƢI yP1] \xQZ&zVY礪!ܠZ)W3Q&Mb eQIuR-EɆQY δ)o/.:\S/W&y?8񫲮π{:\{ &=ښ-y6K0G\%QըaZ[GNoIvl!h( x`J%īD@ N`+.^F҅GMB3+io출D4k9>V\Mw񂴿depӵ4v1#kK]1B$S!;> K۰|2dA@ "A}yqύ.'1H xȮr#k">wmxj+ݜI| lֈcn乚9 e:AxA*F5"a^a5i05Xq(ʷPl*&ؓxOj oxV8_+h4#xQ_{ʌO6>뺩lL'yv& Q% m&*"FFã mǏ-|U(w7"Ƴq!u4 zլQ駔XItAqcfCpH[-ra[Q8 xEt)(*Nh߯5g6wNμ]*"].Gͯ<7<1ax@e{3 VY:%:9+ʚVva~y˥ۡݹVʰz)(Z2pДW9,.,XTa{krF[~ d"Jaۮ?tTi?i]ByRo¿DDTӱ-dy\]7jQV1(i00l,{& juPLDVxh: *4N2~%K.y.JX1\:1Tu!N`$nf%YmPOOX  nXF#Z,6$R`?SVjJU96IEV^-]5xsGa4>dxIC(4B|j c 7ƩX~AQr)F"rQRXǧa@gKIv"R&xWL!+P Qیyyu̟L6<@y@ j6JRvkU匰M%_ a(nKhYE~ch6{_ v@ϼHfo\8iBf#p?\-(!8,qO&~X JWIɪO@c'N0kO [KK\0T9v:G7 & |޷&iN1?Sԍ:-/m4"OaiiCTgy2Je{Sݟ-G5~@ 2/u%tőX!l|wQw;ʻԣ#HQoaLŐS}gCLe0;UV3:DŽ\܁z-waF @1u:xW&%KbT:Dsi%`‡ -f ([, mDXHNMhJ A2&^&T4۞϶xCf+, {~֡L3tl ʎv?I.a\-.vPnqiCLϣ~.Kz(שyW &byVۙ|&_AHқDIؐd_7<|jd%;[(i$^lZN`9@'jO82gH[(ih35{+6` @!c-NĚ9n]rW#|Z}-@9v;zӽy9 PB9Nf^mw@3oo)>1+AIVoVM#EfntWn.78n{ `@hFi) l+`_V:V/63[2ahgE5L ۫\kiT+ d^:&;#q I*SUmR*d8ādɥn"TӬZ2^Z:@F^@MȽ{jظ=o,spOtCX/ib94HQΓX@!a/E'_, mXHYs5Ab3&s_c"ͬ*=TeM*Z[(\۝>"sM]$x1~S)꠻݁])1RhVP(,w mX<yxl,r{;p{S+ $*D5q/;@6ٝm.DsH 8گ# ,>ky|~c",ߖggj851'hnKi`Ry0=J%8ΰ!l"( ӛ;R!%}O]LvixK Cl/] ?¨j~z-9U w% !,܋Cadh[+^i$[NQ6VDSEJRdn%#y1FI7.)1NJ)%AK P_qVױ|V;' Oւ>m6v7by|K%]˨5AjΠ5*@hqrQT7uߐH|dO=j/,Aoj +@oJv\(MmYP)kPnp考{\/e}kB2w#Vh2/!y7<,nͯ5S/T͇^mpH'h 4S}1kITWZ{1ܣ5y(z*qVYNsȁ]vb'rU^)%B[Cb0nQGw)[XI(q zvk1V$]ӧcjn>]&dxǾPc(n!{Z]inXpJ7 r{-JN;ǘ)I%B=\_[b_ҿ}?/3_drXȰ`X~ Ͼhօʹ<ySw[XӪcFC!E\;WW0 PaYzʁEW cMYE͆hղy%·+?ёXV, n Mv"?Û&M?x!1I iLF:hZ6Vt{9w{ 4,Z6WLEJC:M6y9A)f2BB뵦c SOil]]`` NXM70w`%b/n"VV-iIձ>La>K.X{Lʛ=a _N^4tq~.J2SCªټJ4]V㮗eص";^B (JP1JR:E:2"oMvnnJBZWb l b ϋ%, CBRt`çCSg6x*m;xB98C,N`|Vmiևc{x"%0Y׬Mob 82kG5bƆ9F!,LPW/;^O_|o2+4­la\bY};ʔxPkT}҂o[>VgS*)!< ia ʛʜ75<YG1PDޒ֕&Nę >Q98?J!p?GY^x:Lmq€ZuAHʤr>{r/8=L]9F)"ummTx)=vyۚxS q? !gGƅ`8=6>˼O,)huovIPɂg-iQ5pͼ Z`3*EZ%f%*>QRZ]rPƲ-Jmc$Z@*+}Ĩ^ۼж[ֹSvϊ8 KhNfQ~cFʪ[1tEo?v&7a7ZRХ6&xVd8]؃NTPCX)s{()vgYUGl,s؏-_(.ڑPbV[15brg JѤnݴVm{֣ wpq$xN‘K:@cւ:߂Vp24(Q۽5?.3$Z-S}%g(+w_ffY0I{UZ*F$E#4GFa*Hk>^}8f;}p4^~EՀ)M nHj$Ÿ'b;" zrA1cq*r+NyiNi®0VƤ#d3lz>ORh#,[JhhY|vqujނ7MjJ)1ҴT4citoBJA@wOXj&bOrumwɴd ^I团p[KȠ9z,1E~}-PA޹CC`iޠ/Kx"g Îů* h@--M' ź9h9غO(yYD;o\.Ҵo{"NU1j퓪4ֹbc, 0 a4rVԐ;$)8HZȤ'McI]#40ܜt }dl/ }ٚ$Yp zD5zEAK46c.99ŭ䇅@.VЙÝALv"V_<}N1›%ͩJ,`~&H7/iEjxJ PYbh%p949G\u=޶[$d_hY'XQXa+C]F*I>*xG{yŁP"( T@sF_%I[tARB8}ʋ`.~կg1G-X40rF@ ̔uU?O'2,9U@ <ǹoOd*.i)߽Bi/r6Ůe6W}OiuNr7zX gCvωv1xFC. Pwm&.zp?1ܑxQ[t"0S9I^"VDjLJ܂.e3Wo\힅7QlmpfM?P$^vc? c+TR3ADvQh`QίЖ{5$iZ}4,} c >P$$0ux O>=gbZf!만-0#^ {ܚ*hl/YF($hwsO6Y$$l#b1FLҴ͚vVw!a/P+2NFIIJ&^!osDz|)`\Rw Q}@OZJyQcBDŽc (5G%G_͒ʺ3hAAZ-?a]/;[G~U`Yx&ċc]#$&A&dlMI%}a -OGWOO Vmtz46G4oT7^_/>Ԧ\wKbE!d@.K K#¯ߴpvy 'ܹ^W013M.6+diOo~NtzGO\6NB\L~pjlZ`Xlw0= p9N*&jڨZp3/Xu[e*z!VtT=K>%dCߢ2IpE֞lF24q/Ŀ"ʛcR[#.OJz Wʫ;2wrWq*$ ck6Kg֟uST,wc$v*y'/LΔfRt6vnJwk,#7wW{Coն\xg NO2B4k4T\GFٍJ6@C&~TE`ך |ol%膇Qz)ԏxpkD9KPzhHDHL9c>9cٍ50(tLCH}4W#̾+hj{|Ai[SlWl^/: [џbA*#ѯX<.,+Ca/9`ͪ]4i,dN0N ᴒE}7P j֦X F0k8ם EO=V&Cs  CtLճJ>ee/O<}t!C*WC,ϣPG X>\eNeФ;U遀At (ܨ5 Я 71L!8~'uwak0#kfA}tWy 662x_5 }&EءW'f G|ꀃ@+eUM~ /#p gI9- CF"#:޻{A Mf)kb Q0Tt9ն"8O@sNHd1958%J,qkVtWά:,x3V:fvf+pn_ @1NiXNeUkY)$,vٛ`ZǟUܕ2~EvbAYgBp]LVM\p\)'I|#[Jע .~3J:i^Sqyiͷj5eɚ0PҜg<*,Jk+E0{|Ztp{' BĮ Yśw~W#nLf#ns׮:CI(X $R2\)=kP(]ٰ5^k`.V&K゚3fW! A2O!=%kaJY7D_ΰ6WA7USU7(+z3SIXjvS: ;OepP+^PEc[n;y $k##]_Q8gD,K.rGP)(K|8u1f^6SE*A͘Tm)Ɛ.THukr0,Aht#:=ڗ,݂r"?h]wodf\c4 # XLΠRnI~ 5Xbd 7 xV ؁=xWA(Cաġa? iݐ6=R +תZqfa01ک)]w]SVmp Ta`^7f[CzʋG%߸/D9Y북Oc}8rzCWl  8kX Pw3[؊ݬ>}vۦ %Nql64~pg GGudO5}V܉ݠjN=#oE2D1DDxR8Bw_ZH( ηYg&rr o5Xم h{JU*Y*i6U^ou^6'&iWX((X-o_\_,7n{y&ax"'S]Ih517.z7,q A/Hz븡S++m5Z?p &Iy]T[|DJے}H?Kbs[$U_Ld)xWam [P"^sG/Ug*眻NIٖ < pp% !my;nN <=w8x0 H$aU0[] `𼖌ZcJб !"G.εm&l !gWsFȉBp徴m`A_7 f7`Zζ_9 2-K[a2^(QDH}s\ iђo"v?)D<f}!3+xH<߿ D3jί $K Ŗ``ҬY fvxJ_9 *g9$>cVUr'I(F-|ޣ?Q*G eh, ܽtO? ~!~J/Y١lSہSr'GYHS2cd/^5@"샍K;>M4&K'H_ yz_c/rJ?[ 4TvIy=rm ;}* mwAMQCx%^+nf|_d"gnzg!oiREj]j(LIe/I '{s5i c"O.:RPSo:x4cxd8iR3_=ْ0cKerJ=)s>E2zRnՖ^0a @g!m]_Wوr3/ZɃXqUKpݭtMl$lASkc78CLRi2:'PӸAF Zl;[񰋉\]bNt1iO4@&)!Mءad`!w3N{UjPTkmSY@pf/'7kWٕ3<"s̝OÇz א1"_DQE',#(B +{7,r`8 _U>G)yERMG9&%hFԠ)W:!ԉ(haHxgsx ""!ݫr`-K7>|w_\̧W:P 4nAh+< [R1)(,[T?ni0= &JmףZHoi__ĎM{zK}9:np2C"<3AchaY)< j~4 [^+L~QZtOfJĂ\c-a\h "Tװdx},S跡K94EkʠN8"/CԒp-!fb4ݙ{!vOi3v?Ie@-;"'sR>}zOR~kwc~Uw#c; ?a|jJ׻ иd̢!2=1c f 5njbft%$w;'[RрNJ9{٭¼DN;atUK6 ]^=[.P"0X %/F %s%"ۺ-bx9rbVO^{a }4l.4`GӔ%V%%fzMu0 ƼqqC C^32u3$+AĬ`ڜPHc!!;1|{*0d/d2-%;(=^\9QrXF6$xQPf\fM6s-Pb9g dj=0MLDՙΖ#ZOԲHԑJ܃]140` S:MB:$<-Zda]\OMa{̓3De"ZUM!Q?\;=į<⽆h`gt!U[FVADJu_GbOŦ2R& "!|q^ eЃӒ+_s =EZ*J@ێ Ն!k)8֙Mk5ڤg_smdikQ̓Ǿi.ǁosH=r=Tab<("gS,b^D,.:Fk VEH{Ҿ,iO.U-egݓ)j)N#6Z-R4-\3TpϐG+NEa zT|1Gwt_5ɵ_#!GkIA˫XF Օ"troPn0G+&lho<5dKI3edd uۀôX #3c|X\fljBJeIn(KtzP2?k̮*#oWUO.&20Vz vmSA_A䕢3>eC-`-t),ZK2owb&e3C!YASvS#3ߦz]0$ }fl:q I䧉g-yGc(%!Bo xsHj)dFפdA<ԚX 2vkCu7w{9yB 7,s0#zg5?b eĞ22iUwDdmRs4{τTrרK,YA>3&x*MFKy3-8"#*63iuejK|+7ad}1\f֣Q[R?B=ʋx\+xhOe*ΰV(Rmq'>()t?NJѝ?8|ق[':TPZѲ:Y'Uok.گznC';㘵.0j,#I? {C8\P~BYFpAoG 1J7_tjgt.4a:2te0o,jnUKѯXOpXϗ|ZHUO~>-9*kW@>kZ^k]+=~1)8qS!25k4f@TB1y;efme>,o2\#76pLSz <^j*r@H&>i-TCO!*fWծǕz,WnUYjjC`(%DPf8:SNhrAiӔF XN/MbgpVng/zrYm(,A܄h@KpY僎/rd\Y6Th@ 5xnGuXM\\ԫ'A!#E!UiחޡE e2UG4^qe'+m~&C=VV)G7ԾC϶:P¬1 `J RhB@aQɩ?>۰d$dG;Y#Aلl@NXFEj-΀:U;RfO\D˕`hLǨv/%CH^pl-[i- 4=Vl=qaq^4\e=čkeoPdod͝avv޽3juoP>!$<%wt g#'-@dMlGuUϺ>X#3&Bӝ|}-28p^䤣`>ҷN|\.¹3Hk)!eX«xo@@`OCÃ-W޹(;z>@{hx1+H6=B. ,gA!Ӣk}`艱ب`vk[`|:vUBeٴ-!E+9Nj#1Wo0WVgB+= \~e~[U}Ds3Ln {p0^!ei;1B9ƹ@SdT%T:eu>e>`zX|HƖy8HR, L2ؠ([l6GݚF9ް(5g7XJ.mAb*i]c;| T:?RgǞP.nUq"c&d Z mH 1catV2O~ %G ͅ1U֍2oyuڣ">d8lĽS}$ɭ+{n&^fmtKTi,+b\H=K:2ſQ~x'ȅ/[$yƱh*Y{0V03P ۳a؃ 7xP29huUP[YsÍOT-z0@[ C5+[rsz~T1ADHѡOMː\_o+Aİ* 㝎mskNxU;Saݝ+T]3]}}fߐٻ`!Gg"CY}\5hz 2rd4 0|&Od\ \[G~W+䬑M~Z;S5e#z_`$;ǦLJF%/{ wt*,9*^KQ ;MwM b`!ϯ+!iNLv'Ud{Oԣ @ -0CChC᪢r&IrHgQfCdv0iQ# ن?qwR`=,k8U j7\Ģu;zAEAP`'{),_ol 7 :jVg黧U7#퍗`bL#k~^l?*I;k/7@/_Cm2B࣢`R<ߌ { RKzWӝt1} U֢X(yy 9,(åY Jbnқ7 C@Ecw42R k oxvtbP0wv]:^ N%TCm0I覽M,x' MqS5^fct|nQU|{+҉"P0ކ۰z~(̕1&&jMN2 Zk [aEXSog9CPSOhzLTc0 2^qVuпK;>5L% n)Dy2oH#A$ESCK߉,x` ˞XBp#4plO<\Y;dVV9^ۿ)jδKFܻIp;۝IS!}Q_6O L3pQl$1!Ds,F%$+}/j܌9Ivj֔nA򤦒"Я-^!6Ybvi,8A-~?;Z g >uVt1Y%CEŽ+iS;Y:٘Ga}r&%b̘ kwXt]&6o2(}7+TrAdBݮTʞJn҃s8_4 <F5y&H G߇FxntwGIJtGB4ɚNp؁<+(*M9CnDVQ]{fڒ%HӋ玞8(ARV{XF̖/gIojgL|0ȿGe3@u%tu yBJfUYpDkxDL'->TNF+nz O{.`hUH0U⩂d>xέկ|R,Dc9?ʳR ȍj2L3H|dqRthu;9uYj6v+[ o>w3E4dy0q`7t`<3\q\L7z&B6S@7Ѷˋk6C#.~U09 uh۲-lFf Cp ¢vZ\yNBj~̣+uJ@/dzdCyYݭK58W}M{/IIuswj[h@]Ɩ Y( y MQ|l73DEӽ /ܗȰ'0~fWW,_ uĉlßNx _Ge*{]HkCڗqh.9VC*ggk@+Я+NRj' ~.\!S?26Py~;*- B}90^IxamYE~QfRdQ# wzC\a$]"jL,aK4vlLE;fu _ G-Z$7 9;\f`)#>%\CQCy Pzv/h7 n&Ϯ,e橫)}UHY=r1:iDŽ4TmT= "Jb'ݬ[cz3]-(,(n~ܚD @ eE?l8*#r&=)?a/ +3wqsߢoAn,ШV) $vDZOxڐa6Ϗ=cY}N=΂t: &|zl=+A#崛p5# @W6-̊d}6Rj'FW_w0#t**J?פ\i\s-ŤBA;h򽘣0]r@pTm:K X2Nqۊ4F 3{,N;-st;c΍j..@W>Y|^H T *6%* 5y9<oX@C2tuu> :z(`p]ACX,DQEARZa^+Z8W]7Ө N[ hI%5ٻ|~KLW(JB'f6|,Ӏ"H|Mn= mY謍Q,&jfp:dbzy`-6 ̙'QeTVz*=-$ڹ׷ZjIdĝkE.Q&u)B_cLޭ$&vPPDo{@& wٔګ>[cM,B@H7HouZ~a샄z8QAxTiCTyBL$s{/ MH?pz .k(=$}H~hUpDא8WNC"ܯ˥d0wq3*SW//wyT9_hm߿{Jzv>A ]|oKJi}<jYe[15WD$J-2"@Q4 ͫƑ/ )c yHjtI~5xFݯ~; O=P'*qT2zPk aUMWK ȣSN?(+l魐%uHoڱX,.AB<̩%g G67wdk3wEoT'pgULH];25 Z¿.o5!,{601t-Ss0G0yDO:YXhdX!1pb]QkcVwK%zY@,gYHq~vsJA/ tOaˆ7$`'t󖷤)s |a,C Oɜ2'gX72H{w @K,/†P N 8D~J2oק􃋼X|8s!Qzbʢ^,NP$bAG"ΩEAlL&OV| Ic :¦W|A4`Z5iWh*O.ݓp֯8υs* QF,}=:]ᚰFzcBz82jc_r!Qf%jSTGч^jQQu>6'DR"eIJrkztҁy[a.JNI:ɺ&cKZ!by꣏dH(JK9JDu-[8`'?W;kvd4 S oL<6Gql 2Q\_['vنrn}Q>|9ZB(@auXʞ`Q?@4y':k\Qb 7r_b+>9sRu@ܺ!\jCn1V;5 Iݲ>|bL(M}o]g_I,6LA///7؊^0̔jG!Ŏ$~H1^pE˝Mafa/Խ.C]דHppDFO\ czW . ]E31<An ??@Vׅ\/5Kvh/3+}{>,/ ( yaך` 40y^?ϜZ͗B6W+~mA_p Dc1t!)2K+ڶشùHn@,/ ĚlE7 T0uz&.R z8SajvB_t+'{T/!z%k [؉fKt?G|3T7(~ǼH=A;LRb<v6g[Dv0 7k3-)O6R+ʹ7!)JJTqē2*@Gw /RX]t[Nw,Ӷz[(%K*SrQ7g(qpcp(p!8To{bӍ|]3ู2PnIyNNMQ3:]<ڼf!Ddq"msG g.na/%u` h' k0Y8'@,$ͰИ=-ܡcrQ*$67J"fģz)K&0tFi 5LwfL BL?Y)>W_e]jE⊦^UpPi%A`9 7RsQ(D9y\m8텓k?0!9Y{ni̔I/Յ)AǾp-ep)x{AqVLG]fhKIة`@K&sa[5{ʧ] Z0j[ jV^27;\XL>Д{iL3*q,= kXfi3Ekl&g4I 'ƹ u[*Htv J쯂aA,h1#ƫ,h?+ wOe*Ix̡kfL\O_^/yv%~pKNNB0ΜW2*R kOoP2u{,j/8,p|+.ܖ#(% dMŖ)b=ۑ(sIѳ3+W.CRGT :Cbi{&uL'r!`BZ6յ즭Le[rMkT߁C.6vQ|dWD"4`gCZDE ]1pe!YWo%ǻ %3º"|}&Du.; cWXaƐ\EwI( O|늫3 gĭ|A`q`T*L_( De=2'O@#aXrwztg&wox}@,:X34DnQzn#!2D|L`l_1 / )g햝Y>t)`Mn.I=e꙱fڳCeO78^#=^o u)B bUA0mH˲g&J' 5Sbl_f:p2Ej/P]I?>LDS_@ /5މkV}jKzu`l$D$b @NRiv%!jȏ5[AUA6+8^@ma#^9ܖC&F{a:8Cj[4k"(zB >Q#5ڣ%|Kτ<̺i`g[i_K xRqd:ǡg ]ݖFo6;~i\RDL:q֣ݪ*-Q 7|,V]D]Ԁu×>^Um}pPQyүR %#U4 U "y%0 ^3W;ղ` .ƈӉXUplS qZQ3<3r@Yw'20$;:/m>YLwHeh)Q;lcge^* ~.AFՍYT92PY=H0wyt~ Z_: AuOAl HV&O~^mAβڽ>,&/n-81􇖽TnXq.NC]-uwċ!)W\C"6Jk29뇺(}ae[b JU(,Ӱ=j\7Q8Ԩi :}Iɇ[y,}D 6w zOZS_h燠(e9fEY?I=}YtzdJ>e("$f=\L o`{58M4]2M/B8sưN z9\A'knf%vPv(?7]Y^(`toc}wjғ%*~`_ -ZfA<>GU/C!S F 4*6SV'`bZP1(𲄟؜qbrXzyFq5`̔BB{Yo/d?0sO\ߋ8d$+,;ٲʎj;/,W2xZA&ckߨZ}UQ/d?M]A6ՏE}.bw|HբSkTAJ[7V_{'ĭ'ٴ6a2hG N|o9w7I\h'HTr(ܾ:ݖ(3>` K|65M `tYƍ(V^؎J(ڜl bi\)lW9ܬa $|% <ÄyA _N~pAHBs0 1Qo oՆEre6B[uv)԰A*0Nln5^X_F3p_s)*goIeEFJ:jX$i"+~2=".RI7ʁHRo}c}@m\\|҆YrITӗk9;T}) 7*Tnb?0X_pvZՓCw0L7`T2 Нg*"9]لW$ɚlpI5H{TVzmt4v0Z^[z JTRd|V +Rr|Vx-+bjM{:+J&?Hdһe@V9 Ks ?L ^=-xhy,`jucSBX^R[kb 4^baY7 14z\@N]94 __FU-B\'~3'27f|'ok=.w$μ]5+LѠs!D;* ojܵozyI8vp2 mMpҞS4kghaiskm?g|`~h^_uжzڪ6'^_Dn~pj`"Z׹:=%R oc/5dz04iLz)+/6Q?zPji :ܿظjsQLH)xmyhy:5Z[ϝƊq Cl_E!B/zÇ %Eab: m9;@RqJg.'|lg0uSKA͝ Vb?RiGO^.(nJ eS jwWȽS-h_TC=):.dRRgȸrOK enςA7[ ;10+ʕ{ڬ?#IeS =5^fR @~Yې}|HRh:"27On Fj×nn=MJ8iO`\jYmxI b髭hMbb5kɄ~Z0 w!Fnh@h'o:$<^Mdo aDn&gaq# 4?>0jF 2i]8_% @̞O–%}<eeF֣+%ΕE=7UTgt›4쐳r4Y3gĝxKi \5W! ꌘϧ0T:jsbE5`3o [>l't[%bRqNzsj,ra.\6}^j 0?5ljiW2K\0b2>bb)݀NUDMZG]fGJ"tUKxLI Uc,UߐNiڪEu[ƶM>p~8/Igմ^0B~<$ G1:;lD3"cgYY s^*z˻*( N~kmވnil_O~M׵r yx6bfQ{u(λQ`"3DN$M)O}L2r"G5ƥhLT)<֋㈻kV , aH4rl_F, /kol) fRmRWBuM& )uǛU!y˕lWz0;P,"ԬJܕbi7H܏fUMwf<]HrFۉ@; @3pzޑ帲[ \,fQ̃'U4/9^&j N8(pu;O@sa|ybɮzY z08I Fs40^%:SK7ѵN`{(s$bޞد8e6\)NbZ^L)'uT2dj2ھ,vwb-27QƏ( &DL~Xl%u6b[ ?H_R#N"{ y~)b{~ő1ѻ]=9oe y(}Q㸨Oe|&dOF? VؽHd / DJGq̰  pExdbeC&b|䋲[BK(kք# GA`}N%l噩t@ Vj|m,#!!>i  m ݏ-NZٚ]o1Tm:F/,x2 ;B0SdwSb"5 `2ӯB'M*JZeޝKL<4\bAgH!m Egu#Pm;@;aoF3S[p즚USڑ |!;b<o;M%N0`D*=FM@؛ƙbT<'v5CPmZkuMɀcR :1ysG]4~nU ,jR9hYwp3s85 'Qzbx~nh[xǷ~GSu5/Tsrhk&f > 8%[*@2f&eЍ Śd<7)]ӕwu.>͛bSvi-Mғ)xȹvS_m9ֶ-j :1TtHYp{ wJ`1:wk("Z&D#=hI_Qn,BG1,% f!(,6 cGP^(aﱭAJO zXd ڼ?f_=>}EL~} LfKӰ4rEv0H=Tnڧ9%Ty-_yF5%Ma3K^iZaaye5h eO+HߔIZ zSS[N *"fgXeb*X=ub$CqKpQ>T54@#, 8p(IDžD9hX*qe:Ex,p<ϙU1Sc1ÂqZDԡcC{V< cIP;-$&ӮR^LlKY<ڐUGk-#W)0i"SOj9r"<,uFgե;=H-`6So;bdx_g$g)^>KX,< qY< [&]Af_#~ -m|Xjj$sӋ״=O_kIzJk(VXY vmrso& v>}AbLtmLRL2ڛ*48gz#h-׊XDŽv ^y J~k~ zcgh"x!_rz h|$춂ޖ#6&֮:`? ,_9|V3gP ^DctX<\Y$tE k1`[(t &cb6ykyl8Qv!sL9s;'IKg_b *'fTlDlѤVژ&Y3w|cSM'f\ͧ@?/xY;u_S34 C/^ǜkx e e^ްnHR 7Eõ&+0-Dx\s!!o}RnUΖ[qҩ,3D%.[%+t҇&Е!TO# bxpdp56Ƴ;X85[;H*o}Rr76(c)kϿX{bKً~dt', О8TXVI-E2tso]&!.K>,Ěƌrоk]T|"tbzQjStW?xG&POg؋6x}^Oq KS]ӥvcY~ z<<[y:|Xb]Nx ]6CSp1ntB'/QbSkOmhj5p eU84+EnN2Ӷ&UOۥ_+i_j)4{@3g zF=:(m{mmZ gODA4ƪꌪ|mS BKvZq~uؖ"à4.ŲXx:56X;*tT70q!:)1y8M2/Z0H(PҟDobB-j1\ H5|8ARUOƉl4\n./4QzV8Z8H]%pr5լܪGI0Ü Yx& MA l!"QbKo7R'#1;z#dl08wSaCeȯ}ɯ`;6pq;y42" 7|Ӭzt ŵc5E=K;}(D+Nk:˚4c]R^ֹ1 KkNK9}>,NҤ8 Cփ,Cr>$sQ}l(Pկ9FDB!Nl*¾̋S;yVI wrJ?9 30_O5tg7gqo=,EMs} P}<)1K&#Ї sW Wq2> 2kNG(eymk+f!##6Yt5wDR91%|ū;*IVۏ ">+2π#+ ls֣`%-9 /,mQy0.UnT)~oy=ق:jx=Em4bofI…D^ee?}pzyQU=2mWH҄G ?E0Ff6X>p@(P!8n=LsL%b4o'Rg wQgWcT HͲ ouX~B_8X&x=VSԁ]'5-"r}& 7#Acx,@LW sy1Dq %?EQB7LO9D]meV;?5g祲\u:tx@e^˼Xv= j UֿX]"Y14e?;k>AP-Ԟ[ԴJ͜|"H2̣HWgÑLj=H:#zKV*55dHvW>bHiXϼ -8EuҶ#f)IAuy鐇M0%@\)(cW{(ڡݸ M$z B)ҹ:-2bcO՟Jab,Κy;Y,. &4Odž+%dlHyyG/[(a7=7]F>vR,R]q[Oĩ&t:mh891Ïl0NwG(Ֆtr=`uq;N@[?jyj'r I%kpyp,u13xbEOk(m&QϠ-Uˬi1*2sN&7s𧉝X=8R{sRm_.UD&(vYGYcxZ5iu\O>"quҩWYBLmqvXGEq🻶CXKr_gx 6**9+u:ߤ Z.|U7=kf2FEA4/M_&qo%r6F~;6{\ߵFVfsq"Q!o:\Fln4;O QI\KS:#̒:ir}?O#\0~6CFOtR\&bcjt_Gn`q9-aYGk: Te3ʸ61?}[kge# s#U{5]d֯F+'jC{(՞ KǤ (}.) {kO{mpT{rjT,cheM bUF*ح`w=QV6ۏ\jl_Y9|=_gf/r_}7}>MbbS_v8}w˖!Gd~KFڡ:t э7'!5G1;-C7Qj_O6wUΔ0xцdd0&#Z6vCYQ'#o0csb>$ Q7>0<W?? 1l{s)eV|rTqNZ|EY}ӆ;'҇(+Q9Ovh"x#oTIԃvRYwoZ;nմ,aGvu οKJRPG>oCcb42E <n/"`gFbU_] '` !x VwDiS>.qIWƨNLe:=1)d`oDƾ\~p֯B̼׭C[5EEEU-RkZYm2Vo̡4>,WFQ\Jknj,93-p5G)&t2suH+$.`(ˇBHGza&b1Yxr-Kn&-,~*291[DLV"wsE`Tl&>_f{#lsTmq0]1=41Tx6&!*}بdՔfW_*a!"_Jb.0eC'3˶ݻ[GEpqƕT)QkP-˿¸9އ0q~uP)飾Ya:[85E(o:L|lde%]Hi4e V%w#UHҒG3@̠&1C[2y>J6</Gλ.MAp)oz<[X~n QA&OQvX ~M pEJ0<^礟qY*y Cvc#~j`\!;{Q 4DJxF-g«`XWj+nLr /P'@8w=#ßޭb@)U|V ǥᤚىsxCn%OhKvsBpn(IjvՎg\ܡ(R@Ir)a#mľUьO2TXf8,_Yd|cS[:ph9a[`^溄d PnJw^izX@kS.@ Hv؄۷b (WgLBfye*ip11_eKܲx+NM77$c _ juQĘE~)>7-ƠUnT`P`A(RP zBEJ K3/NM ։=e>j h5=t4 Tr}.;س|/h~nd$qC>{:#;/r|en|:oZhr&08Q$?$Ac ආ/)Wf*֥TVPy&o^njC@Ò[T=?6#TH"-9!GYCpZ|؜A@D0"Nn1>cW{pXb}P?g(5-)t H@`9]8\*E'֋`Y ʫ_ɗ\,F1=()osZ2q)>LHѩJ ` V+ n1`!/)>ic9JoGo 1WGj>D^N5iᓶf/VHG6&6<5kBB،AK6S0Y^ Qz^k0c+M 61[>TqUwMV7(*c"_>~;RG ğ7X%M;仚9PH10!FF@^Bm;_v6t⸧j@В?nۖ ]gulJfTb\zab/Uc4c[!RLl,@h:tɵ65F7VVCF B:XC]Uvs<2O'[_ROfϹKVps%;x] P% /x42 .h?1\B0F*Ni MNk6d-}6-4X:`wԖ 5M"7><d^o:dNhYJgM*C02y7_q|Ss jءsz c?8yH\yTedu8_6|-ѐÝmGuC}PqXD (T䓖]a&’'-tY'[a_y[ߜVI㱀C—%WImdᖆS˙*D'VG$[x|*d U` SQKD ʴ-˚8MܖP ])7aQKj;^̼ĉ* ;d Ԙ5h06`XL>*@*ZX6FPG[.dD}HS)w@8G皋Lu]Y I40Lh<2祤lxAslBq\"J4&0_Ď]b=w ,wgU&'QMjR!\2!~,@@Xp.%FQw@NjO־' .MHwj3ȡkW_0=DbD8CWhA_(F&f28(ř!;w"L =R^o)g|zcb&rñk>0N3&Y:PnUC+DUrC8,#* "mc+>lcz͹>&hrK@ C4ۋ??Z> i ٿjA #ڌ JnWÊM~i$[U@%iXBb؇!Ĵ}=5w0/U0A D_ BA^Bgs 0=QU=دSΝ% ,:Qw b@^U+o]pְF`3$&B9쉗e˃i(ovJ|Dr6Du$ wP:m%l?t ^}A-GƙSBϨEۆ q EZ *Eq͞u+ 4$yXBCicPr$%*H!Z 2^šjf͹_?X2ux3@&r /FNEQ]ʴYKL$Zl{>찖JaJLtz 6ӄ7)I')0B3&7r ȯlw.e8f"YyZ >MqPy2 ).z te?D"vH݃X*# UmǥSyV@-'GD`aL>2qL`5B?U\x!ߧWv5\l46̫~kzEF;9AmJ:BW5PW|A]x*u:¯NƖGN^~Rji 8;w`b[~<,-{Lj> t˅le6n7H\08fFv f43SAK5BLIG@kR6׫wn[WԱD*| Y˥k_c (PHxRRr;nôgxmXBnt6!bra `1T(O_o֒ @L:XK.O V܏ęކvV}V$wF--Gn($zN,T`KmвgKPM3۪GnG$|.QG]KlUJJLٶ^ G`;{so܂{اx ۈPkW qn"ʈ?>D pȍ6x dVdt=˴lX;rɰ hto,edĂ $Cs`Dfa DAP8@1 ӏ*fLxKiQjggx3?YN Fpٔ å,겺BW}o]$]z`cLQ|ȵ;ܞ%n޾5wLC3HO5!v`w6sV)Ka8Ԁї1&*b#2yy`1m90)3dN(H"%i2$;C6R$65ӱ)8в?(Fgvׅ|yO_gܖ}׀5~HJˏͱ֞`če])^"1b]vUt9}ѥBG1>EerA8;AˀQsAk|}\z3rw l͋\9M .q+ԣ.qCjuG ĩXyQOɪ^21`v Ml1*z.n߇r-f|&n?LZ▻HM)`RhTFqUp*?gYVi@|a& @əfVȴ-?'ߘ5YE,ϥq2d47qWSptSv)M!TD؆*jwZuy"paaD~$U%3۔}Qv;A=Fl\hD*Ty:3t`),0O=Q\Ę2cXqb[#J;l4U&' 0pp>Wz>.Et$8㽎-:(_ίA<!LQ צ{v" 1_au*K̜-=i%,)[BŵQg^3^ߋj@ qd/̤IH temsfS$d+nF< @7ソMM<]a/ooVQO5sy/&ǚ۵?!5+(t-cJ Ք8>K*%2"IOkf^[ Odž>?z89yb`$QV旺@hf$ĕy.{n͜h$tdϱ`M/)ooЮ^@I:ёCGY6 9hauuP8YŃ%! b>2ߦ#LI0z ^F:h0J^y!+Hu~z˶SdoC i}L8O #*N=wQz>'4ّqm`:skq~[ ?@.|j<eQq/*$ID@{jHX:[%AtsMa^K~x~?CrƋLpknKi$"zJ.1'n$K:/Z(+OBa!ýx+eKi"t$Q~qva"MK=kL{582{Fp-^\s;3 (YHyቊAm&7X\({g˟aujm,._}PlgUs 6JYẓ0h4Bw$W;KOnmDKJ2HquK)SMtH)(#žtp>);nEeί,HoY.R ޅm VFXMcG.gFZoXP,G/[niE0@ bٯמ _]c܂7.SLg5}]Z -vAwV'-VIL.,ԖP`! <# w}BAVkȧv_J#\Ή8~"Lp{?iޣ\AXC+DMB$T4P_ mZ0/5/#ZMv$WيG֯M,숐cOwQ֟],_?s ԕX Vx!y&z0Uɇg;+x̤owFքT(u iނuaj̰;FYYx>P`,0YHAkNr$ jNM0IX.%+pN +{M&ήigNtHQ82<$q9ؑ~a#I^n 廃a%\0ۣרm.jnxְ;s&.َɓ Of 9kBE9I?fp}_ ~l_&a+J u;Ƃxޤ(*%b@\Naɤ᲏dLoU鸎4ZlY#?šP2eI7Eޥ@:.Q\{/f0up@)AYzzs (u"N+YSitJmkQW mALd{,^HR/ha\ nZ[MLi$J 7g2 \J_"_u ! sLw,e*@(J$ĮVi> <ԓWv܍ CS<ZDNJs x7 I˷lOm(0 pQf pמ] .QlXQиnŕC\G1 FWG*?p(H a~ X*KserSd&W^OiCL5vNK^s/L)M416vRF:<~Ak-pa'S9\1B;iiڼDM_ekF6aGJ0$—Mg:)Q^mfH`-[nR~bqqc}1?fJn `O"5y\1J [¦BSl@4)G>%{Wn\,b 2㶻nW:]vdyXp2l}Aqn|`9ƪ/ܟ9>ܠ6BjWݿV.bdrY&dgL@DKت)&>'܆mMQ\ȑ=?On-=P, 1;⅊ԊZ( ]Slm%L-lXIqMYoָnѽZ*Kf/?VAP{ׯ/Y_gE0cG>i(p׷uk񠀯ZTP4?:m LԄ?ID3.a>!@ bW $z"My\w:zQ*Бb>ݴ`ƹr<4 hh!(UbbhTa(שZ P/ l1-@yOOEκ ' 4˧\a7`sΚf[OuF$CM@."GZ#\&`W[à\' 0@ eh4%' 6q*ȌLdj Ųlz7(tzs(M7 cѓ'egJOZEu$%~ Y,Pb—!k~C8ˏ5?'z -DcZ+1sRsRhgޗeÜBEp@b78} h|6;\q#7٭FgżHA':ZJq6~O޻QKElc?׀ \X+̟~3#\R}| ve64fziyNl];ï9J(:FGă1xo2l+l\2W۪MS>iS o?h4aE W; mUt|ʤU\(!88 vX|qzEt%mKC-6`sM&N2q^^+UT+'(m&]j5f!EEɍL˝ ?Š;t fW9, < ;O֣HT+uB]!`Tg4 8bbx8ƶ6Ŗ RhJf0kHy0qC5l8*#kOnfS AsMk-ImM^V_(~t #iZ%;HS~(.݂߁6D1HmyVO+&O6,;cY P{"(F=\6韍*pAMyt.C!ogC1-6Jn{0?K .]9b l3ʻ#o!P!͓/dʆpd3kŃI"YUqrŕJ';vy7svq_Զ;%H{2dGtEV`fHnh/O;SOQBWkѨz*7΢V.Qm G?:sԜZ1[3CRޱE YmLP0]>E0bYTyM%U:iL@$6izS *,5 EgN/Ng[rSq^S! ׅX ` !k_VyW- ՚3e|k^P4;?5I!Po2OUt<-P@6vsJ#XW vh8J>Zp) a8(q*?G_#bWܲt$'-TXX PsY) d+ե$m'T߲E^HUߧ/u֓ $^m#0] `g[LD޵,)T owB磁K@(YcmЮZMh/h9% kyDƐYͩѥ$u9D+p}va^.X_KՅCEԃfd^p6~>ԛT r֑U@ ȺGɓbf0=+a')QB XM[ Vqde0d89hSqBkHcp铫5}h:zjU/x<_-+ZysC wv5zvH |!7f(8-fMg0dLY6_6 "Mь [.źEKs V;e'mko|dj\+yw‰sN3A\WSŠ=M ?>6Su ׎":c6㶦}z ٛ|ko<R]"]; N܍\$~$-JBo+P/>tKkCSBDL/,(,%JI/J!M LJ}]ӂfMYؾj0XYp-9'ս0W18_ЙGDCgfI& .g cmEx)\X憀8x*Sq[[<)@U*q9T<1!7mhЫ\+H?ч7Tzk|F[K-P8rziE\Vq1a:`R;yQ*bygśdyU07&+85,pq|v=񘐊Y&aLIG{&C!^%gar B-隭O Uj*,3 ] Z_}әӀ檓Sa1' D9& ˌ 9W@W\RׂظRoYޜ^%&-ŠPxAFp G6&̛sBn\59^T#C;JlQOTyӠÚb "H_MSSt Դ`)vُ+o6c)F vc4.qڬbUo$#>-BX[oLƕvdMaLƝc>PuoDCSzx61QV}ߵ3~fnFK}irFIcKػ^ D/ARv39KuZt67Z9 B:r5b7]{A.kܐ:։ .Nkc3D֌TR=axQUBuFՒ;͊V~m BG5Dk࿘qN>l!XO#|)zmUfi=ˣ;k)JO&}Pk%|C/1lg))Y}Zתdviِ@-(J5<1c5 esP9*7ᘓV)x…$ )ʀ 9M!6ǮoR;nm0Z}EJnlsivq v^Kr8MH9s<+jNh%/w/sܡTbur( SApA 6V wBJbћ ũZ|NJ/F1_隬*!GO1 FHan aP{HM Etk LNck1=Ķi-" e K\g9h2Nax~m7rz|1ip߸mXxn36C4$">H0I 섉?S'Y# a`&fMhOĭ(>h[,Æ?CM麓$ a,C,9JJ73\PEZa  -_,~t g\b{U3˓֕O,֞#҆'{L34{_%*o-(DЯ)BL׾T Hc0Dw $*\־X%8TQhPd}4Sb!CF^ k<쒣5}#+c#U᛿TE>/#dDQ}.C*h5trBټsЈ5U<eT # -_hLܡf֫3-7UU`f̲dƨÚOK?ˡòPNͣArg'lNԘP 6e⃦-KO e#G!C6?:%UpeaNƄfn#C1Ŕ\vmYdYtD>=Ndl?;FW sUf/d7HEAq C7]A*C|URgF=ҳRпWy) Rs"K&7qBI$Μ\dkO{cU(4F']*?)myD|U _jh# |ggxYKcF4*Yl17yс!Ysi? &]fmtA-&G hNeZL>!'J  AZM 0p|?~iC#'?hիQm]R9%K[7"^wӇ/8$׉K*=8)ՍG€>nogrTi 04_S7n܎p.#F'~Q:ʚZn:iW ]8,T}z?<cs=(eMC0={8aYʗ"z4&x>sgn߉fp*d|v[X)xw $~WUۊِ#0|3; #ܩ 9z'z@4EhP)(PéHrnqUD>N~cv5?K5k$='O9yWTj ~qk2vo`YJĂ0^dXL[ ؎{Auö<#ʡm~ʙ?lR5 T\C!nM\oS mzޗ|$䜨1 r12X;2g[1I uE 4FgY몊>Ew9֎m;e/"ov`vIAy>]+Y8)%7?ϳy*XqiطǰmYdn45.7m92KRWtqė9?XMR2ӘNp@2VYT0,ł"!򪺚;]2K>ZK.@9Gֱ Q*)Dpn?`3  &Et| ^h:]lVíKQ`S:1ԝxu)5:~0-q^4 XHk%=F/ -.CKn*Ix^ "?^)L–⚬ͣ׭,n< UHRT5 aDlԉ4!f2\@})nC ~AEp^T1<gKC  ~RШȩP:G,M &[Rb#WRQnue6aG!i$ƽ2@|נ)|&ѧɁ$AO +%zKW }yLC. UMdL*=%$xAtRufIqL[:?GZb_mt V+~ K}õq7& \A~L7SʌM G6H»Qc\]༏ڼ$ũJ ԊJH2B}p飸vb;AQLw5e-W6&;K y?xYn G.© #$xkm'nUb'\COp@ +cPE[8a֜=j9 h;e#3XF!&Fڬ弊gpտ9Mɟ-DV`6Vma99W[Y?ù5-` NTשCG Wܩ;(TˮcY|[mV1:ga[yȕH;r.$!^D(]lt"qyiH <)rOJ Ӈ#b(cOX;bMΩx@WE43 ]F`܍`?]=9(Bep- ddFR,+jU/58Q{' Maϥ"tRB2VyfuN͉0:zPT_[xa]W@H rgZ͎)yC:)D ULpN\M&;;.J?CI>&. W^}7TֽB A ,l)]R@WJ'h'*05Ĝ$5LjnCCd(a\Qq&͋1̨o8!8\ Y*Q˸M[ќb|.h+R+>̳gO(UOʳ/{|xۯe l] E>)ՏUOYp85J9=+$/+7AMBgY~ݩ{HXP ҞrC.uW)M =2:ɼ~DS!ۛ\.r,h)6-! VRH _oI+9?I"ǚ UPܛMJL6MAfyIa]f13$d83W0D4o|=dg qKzr1MLTpNqP:Bh.uF*$:^Cigw3jf *YIn mKcKΙApI뚢'L٫I%dc b;5񮍺<22 t +y*NJ2~&(h+ɉ`֭LCX0b \eb"U:M`F޲om6y4\3:Y(T  Q~Fs NU>|&? #B&cH7p8nXT'AP yTKmh Z1c 9vb ozmRs~?.pbD.gpBjE Ժs}F~SS_Fl>DNC _XܛP'cʶ+#kR<ٛyU\BT"q/\ڲ/ /0rWP)R ]C!Yjk*2іjj̪ J3M|{R٫ǚ" ݵ@BpU*nB} hxtϋҳB="{n@l~b\rz ?Y1q:n,]A DxM QGA+=ӧiz,CR1)z߆bhvI7TfszPq₷yƕfr:ǵ#{8_fFv%^"Ǐ''t˔ʼJ$defkq-@VkZL1[{%ǎ3ǾpvDϷ7PBݻ1C}õ A%kRd<$D1.-;y] cR#spa IgGB¦gQ.J)gxJdAewMŁ' 2Y5׺kV{CQU(La|æ#G8$GO΃smƜ#nTD~>m+Tak*AT9=L$xi 2M)l$cTך593qdvnfbGӝD)p^D^,)^s5A$J嶭 -%RWzWO ̄@3|PkW 78#fԃZ.Ҹ#zZ;5}tZ{oB6^ %3C>(5:SݿĿ`؀zh`.gh%gp}$:2LB,ܣB3q\%RsEbUu[XfyI\dg:~:9T>1|﹄ti}Fj ]B0 +܁]*ޥuS{Q! 7Ѩ$A>MzH?1i8%"Yrc&ZJI9EbKJ2pzdsc$Ofx Vq-C{7f˂wƮim\@T@%;;\-2kMhn}Tp#U',U37U i^%+q4 V$}5dX~u}7)$4<"RL)ņUu4.IESWr)YOЉS؟;rRT;;|6<Ћ,.d`|:{^}Õmk1hm:w^C*/pId$!K4M8+T. 8^H8zw!7UZ -Z/FD 2mƕoFmզYu`tUHe|K972^{9xo$&aWl"8b`bftj|sr_f]pߊ.2O_ .$Sfse3k`mDI#5f;n2RxDҐ=`NDm|*~̂HfT7l7P?H {j7(^&அVNz~O9Z!j>EsL#.G"s;ZN?pPDO4+Z!7,( ܺg7D ;TDE"+F J*]ztL8lU mlMzU\ÙW>O Hpt>tG2;Ww5t7GC&< lhALډ~r41;,u8# Ak-!UIk[T$ٷ)Gxj:N$@7[TݟOvQJ {#FzBy>Wҽ >W/:Z)zÍ8~&١@^U|$>PʂB'EV[5\,#B u .IdWwpsbŎ/RfrF[- PNFEsJ X*ZyR2[)۸w`v,8HDϟYoqLBȺ'Y묊H(ꥱ*,2_#Hy ؟r+,_ |1sjv hU7 Êi-g]XQ=xLUvȩ" ׮NTNٵcFՅE}A`T)Wt8J㞕D¶8+ Ƀ6_nɐC>5HEl(WV,;X"Џf~Q +:}R) EJ0fD.$ :8B'L"]mc_z3h1Rt/<ٶ crbFE+B=etoiN^ws'Qn>䫌w E8EKmл!B~j2sɳ.P,z3Qw**BbO\j'bqʺ0bnq<\B%Qy=L-WT0ѴWm`A'IPzPW<&?w3 o$=dP=T!9k:}ԘhB0` FKW(6؆HhǞ0e9YUq WĦ8qR S!ף`+ʼnJ†>U*ޗ)㻨 VNa 7<ٽ; ^5:T  K@΃WbJEƄrf'(Ԅ/0 DhlURR-WXcx5SIn`O܍&$-yrsR{x(8>@`k …+9/]ee>MYz@z,oJy7#6)N^[>TNP1-X``>9ukyBΜ$!e54I.eUhc[qP0[Y3̏*h9tC]ѠU<5r]mAq!?:(- YwXn2,E'A< )]j邶J*} .pɼg[h% (9RQ>qFB9#K檅v x=,U,CrLBs5!~F'\C OFJ[,I< s,PT4$#yb =C&oH&&m׷$5@ί=u7y=$#KDOxdafybsv[PiI,+V8Cp]C,V0#,t֪^?!}x[׽z?N%K 1ϹԜǎA)!R4+㓐^#eS(Ḧ́ K8o q k'" cҹdZIӅѦőѱɔT[S igngoS~. $YCuB1fԯF}n<M oAcǢG!.9+2˻$Z+hK}WW?&o-r1%'Bu?XTy-_ZR+14nH%zё2lتLu<_;B9dMdC%U_$n8r՗lc;e(u+ځzXV1O+cW.m"9L@EVWϾ,ɸ4To1lF7/\$YMO" |P9g$Ut(R,{">-ԷʤđD$ U* 65WK=w'pnw% dάĘɦÝhIV-'tyeO!dԚnM@o"`/Z /NW(pfbP:H b*KHeü3LvYFzMT쇕d"̂A岒 zJpȪcdzD0k4+7{:)e0yȷ˩ˉF6'EW XwkVHYÔ/D';U-?فY99.CAr;׻u>Tio;$uԦ\#nP~ߏ~H|awRt+t|L`X$2t#M6~;z)"ly2c,&8\:.ކK[2gYLk2"FV:>rr6R_w_WjfVMКBZ|jQ%.S1o_$ƖfWڧ GL-$ tAm`HYKf1uWV1Z[,_uZN1I cA a7()+$ =ڊè ?aK+4iy5@YgX M.jީJOUҳښ˸#^}1M7QgB5vW%f.Fhٜ[ e(l¼Yw-3C-uLcw`v8/0/ZO@7JsZ䱅!ވP1k>E ;L`Ȕ%O%"J3zV PkPI Ю ֟c9PG.˾ERdr ^̮$]NVop|W'lԂL)'u6NA))Վ^.3G.#ѿK>*y a:gC[~FLʒyƏd+ծ~"xh_D'mhk) ^@)eU;{4Vc,#$dzlZ6U(qDhg]Rf=(v{ oxzRtfNXC )Us|n\nKU)IK۟ ~?ݾɭ3Erot"K*;g)Uu@9SkɊDIo OQmMEVq#k"4]|O)9vifZ P9W~oĮk:O8v@[f 0fX@;vpތk1nmWEΌ*RUv:u$h0Uy ~) -NQޥ/Ef[#̔vOAmap*@}zl<5;Y D az%"H3iE$\':@"m\C#aZ%ImdX|(=xc;>Ͼ*{;dSX3,asAvE~p/ ᤳHEPNd.Xb79P͋3:Q='JSnJ)S 9JsT6} / p!f:P]g[G4[v1o1pMlx UR1TV?޴LUۀzs6D}݆)gg,8tȴPX \̯5$lvmMMzvũצq9]}@8t=IvN&stz.< :-)~ؗuJF @v jT-Jh^$<C jj^DkOߢ*H%<]SO';ċ4IYo$liO @JIF I0}@k&U.^C-7k4ŗ1[s5)*$W/N?=J#ݯR9E/N .DGl,hBo (/~jW4ld_gwGQ:W=1@J1T_澸0|ӒVΑdԸoHO+KtCwJV +Jq\`1֒4g20PڳGmV2o& A.t49i)boR~5v 7sK[fN`M=n&3sUԢq?t&'+x=tăCR׮\kJ"~S OP dUFт M\Q7(| qF#AQ]X;j;mpЊoB]\eTku;#2R [$/:b (_B:"d#phh!X+z((d5 uI+IiݤM.㺋p]sݢm;\cFڢ_ =]) 1،Û"7c3'nr~˛eny\K޽`$LB*e'[*盐Sά͖w[ M7{_+gXo-@EZLM7$-^o;t+PF= G z%m|LbQMVBՆKիQϫRe5b@f?Ժ}`N3]{4 +¯X883@Kc}Tn0'b #`E2 }ѱ_qz<+t zY8cvjGSUN$j+%SF:НTVXL*,ڭz|5jLQԓg/Fp`HFֱwWͧsXG"xm! b$VՋ.kRZC/d9w,ϯdCnք) a<ۉ$D(m#gi2 o:R:rpϒ䋹uSR;(H1SALo)t[ǹ@,6x?I삓,gZ0S+K5,ŋմ :.b/~hGUL1nTlh#fc||fs?):1\ezV `x~]]^JCwZMFF Yc?b$qyrOڲ(4J yab215 Co 3-Јg\!($d3'7y+͠GFz.@w #'$󤘖F(>[rra=0_QćO! ;&\j#>o[>#cBwz ʑg,D>m~cJѫ< ŋܠvGhNwcB{'*Q|hYˢfķ@;fJXxEfggoor'c5T~>C gRCE?t6Ԣ Y؀7-](Py99H#CFss& *ύ pF-LMѵ$?k55ΣƶJ_9r~NlW`^b,VS*& rgT74JƈcFPx!=&4 ÎRj ;`nOo_wULW4\akkFdGF8d| g9m:MJ]̄Fr[,++bN1NۉIs{XϗQ{*dts%(9 K<0Vɿخ~XOMIoBwB%Џv?9:f?/^Eeq99DU,, Za< >zy0wtMؒv%2_^2J @MΎ?81B_}eC% ]7|tF6=7ZsTEF1Ÿ/@́Aže5jr@ߑ?:ޣ@D}{[T+Fx9aMc[6c s޶=+)zJP`i7Gms㥋^g*P.^#p+'a<&Er.8%g09VKPIRX pjagʂ$/Buz ı_X֭cU5ʱ kkJf3ܡ8bڍ͞!#ܘi|fݥT~ DP},**x6hwvr'k}! k Ĭ pǧY,KI:b֙^d,Dh2H7rf=`OӻqNGeTP%no|FuB ,3JV71bE rVfcHE *2]kKd+nF>Alw\@W1ЈR55zYa-")'~%v{Au)A]Iɚ0+J.A`p4aTIdIeS>)|l<,l&b2?`]R.7kë@HSs'Fkr-+|-ۡ.M{y9˳ZDhl_@:(c;Ůc}9>.6IYQT{>8 4*!O V@f7c/ܬhyK+$oFs*'3Ŋޔ/Sȥ;˽]A68tzhjՙ9oySg)+bE Uʽ@ηq }_ՉRD?~K#zfr(nb\tcԒlJ.2y|p%y~Hє7(Ru<,HO 2~:eŜcsjSxѭNa^[L ǵ2e5je:Gе#XzOtJum`EoD$q]UVѷƊڎ:3pgF55#`E [xq6^U1+q}½z?~Q*Yi50G1\]⌗ݧky?5يbF/p˚JXof[~-ID봙Id U}0z1d\=4ؗWѨ{ei{@֕x@b &k}T S+vJ?X}k_bFMɞ^=;S s|jכwtz Dxti,fI (,W Wa ۞Xp-b0 7ݭoR3iň48VŸ=Q YX0ȠtRSu-~2D{: E#*Ķc-g:uF jKBx~C aݚÍ6$j`^ֆJCvUV<.(ݍn\|N"q%ib3zI5Yf\ʊ%!ĩr{F emJUzᱷ*5' pS*չT\",j.֘i/'jB#vX4?wU;h֪l^GNtOsWjQͅ7\T!Ƥ$͆Ǧ~?<"Lf][nS7nm|91>63Q!a '&2Uaܬ5v\87~ ,?p"25T5yrw\?1G|YpSҕ;hz^gܽ9S8p߼|i~z{_L'2#Zg  wtS$g$:=ђm5^? 5D"QDٜx"1 ?ӷ'` }Q$jKTFt#2Dy/12 tOb7Jϔ\n{20sў0oVеaנ<1V4] AP7hQBwRB1"̈́b'W-v˧p[{)MzdkI]G[y%bӉOᗡ}7ij<"gp Uy|t!12S~x~ =-B%XX2mpb|mh~"N|ԉ7=(@6VyORtr!Y|GHt.opŝi|邂9ZCpf9dm۬59H.1\m+Lx{l0?x٘k/s7+8jt({`QdK䥟Pr^֧B<ߖ?"݉aH[SmHgwt&}onPz:zk,sQ #)A$ vS8H:evRw>~?=pwjPT%=r? & H]8^g!gI{0NUuE[OY G.FLJqj"opOC̋|f \:dl=u#ro(Rm1)/Pu;@ccuq(zUx鏸 a:{G+6)+n%PGGFA051jB{8]F(Z}o`ſgR T SPoxhwf5IKEA7K1"L"¡;=J^W'=шmV)F@V3F2k 4qq <ʃdvȥ`>4=e",QZAc-S<"fz2œ,HѦh Ω,C¼߆O~whfD׵-| BGpGП2P_$NV2TA@8KR)` ^x$`-a; f54[[' W 7!_d>ђ+밯%[}01>ҺGC s:pJyO h6cJ:;QΐCMV@ ͝nrY"Sͤ+}v Nf(v :rힹ:[y.~xbxr2 X쬊\˲ Q@dN8o4&˥%?67>ѢIei,r~D__LYr@P0$XHaxnl}x@˄ |U :QVq'V[gԤhT-L?tg6"aU5jQEy=[=#~TyUmZh`gq335S^F +dHa~ݾu G5f($[o4c'xUNl(t<t֡@( ߓQH3l~$Lz"㘬 AMZkۭAF3;y0&y"CDN3t.F=tWћRD:}D=W*R2I.~^)vFGPOhsGYL oT,A-_d~(M>n.h63@A]َXky wS!d45Ah7fAbKI{c++#ѹ;Zc?t9&Gr#zf{8 f [ȴ&=^\T/R9cY]1IYt-vlpfMq k3ٴL;d]Vꪄ}puID&OoGk:aTNJy+[5ۼ |!MX P>8s*_Ň,Qu8EJ w{h:Q1 ;W|$O4MH 7ZO"QB!V(Zv-CX=޻Az#T[:؟Vt7ކ}9'=-k$mdcֽ&GaO\h_`b۸7u#%\++ =3!T`m7fBrP4_PqY\KN ťq-ݐ+s,6w7 $U)pl[UoL >#m&εcx_OY(NNLX^?}aPgh`>|0A7@Safbx)V(1qޢnwʟA~^l&%YI E0_Z h$cwK=K̮)q~\G};M i_6V0T0贤v  6rFvv"%=߃˟ֆS6AUyu{ω1/` C 07Pq1ߥ[8o Ȃh}m75@} Hm- eh(}/NhK%^{"Y]h(i̇cCdmpEjCſV1}vi' <*jri㾢~ K;DI X M|uvےcۜ@J&O%u4 §1؁znzTަo0q9DZo~X}P,Ryw<"#vrNRT+v*c;v!mUo4%\23*^i)au yiaQ)d o|軄^$fҾ Y 1 *XNWᏛHʑo>(?ʋj+45狯M@$H5L6 M y@ORlo-B\0Iu1w/"v"X+0^18,R5_-C> " $`X`8vqYX4w7iz;q(x:B52ٮzf wE'6o D;Ɗ*y=,dG!mI.^Y Ad]K`Qz!r]1] 16.Q`1H+!o%IS('BL^ཟWd!B[ZCzU9KR95)dTz ?9 `yGuk׉/@AwD#Q{ʚo\s_Q53 |Z[J5*UR9NMebXQ SI@guw3aqKYI-?@pH^4E2 H-H!?J'=n@͚|m1{D>j0TɈg Kҫ5w|y~ed9P^ qւ8P`H|2 >#OʳطW-ȝt6~ ̴Uk?ݰ' SiKE??4N^?E+/a"4L?^:YO>}^ |Q)dUdREYpJ7b M ;^,(nU-4*1Ja$QKCj|USgBfm(0`W)k޺C5S}_s!UǺɩ3M17]9{t麇VN'\p]:2;UVְ9e?%RWq1,~Y~WN"YΏlq;6⋇A&h9 ru(/Ğ.n}v* "C>W| Y:$:_ +їfj靑7QPvBVf0քy"I e7o/Y ,hhukFm-20& qҼYQ&e:܍v, '7N<ñJ6Tݔ, Y)orۥ7 }^"oGkP° W8TN@_8pTaް 7v8ċ=z!sރf ѭQ5&a hzUoǀĆmyg q-j^cǦ۔?:L{8^Am+h?j$ 2~moq J`Ϲ7i!Pܰukf$@s ǸZDZmq*SwJ1>d*М9'@㕝MSePszp8tVDkxz5$wEmYyvO])+/2 Cʇ>zcQcHȥEQ> :B3Yb}˟% jF5(nxhV͡=GmסMA;>/2Vh]U$q]ڰ(kM8q00D}U=\۠0Ox"ƻLs, g5ػ a+=bE9ǥڷŸƱH˞04u 6y}ȝm?l ~qӆOyTyND:3ԼMGD&n@c  U7bjD89'~cVF#̗Y#p܀+=fp*`|8tM¦~Fо3TIm$i(8AgT#Pw$hQbٯ'6IJ^D݅qˇT0@I!r'srET/q<;!ߠ 殑7 W.Ec~"-CHZ9c p'7, {o 9vIY?;1e9f#uۅS- ?-|grE.}5KG?:ްҭ\$3r#^d=`VoӚUdi߳ܙO̖$kC/Sk:Rz@eLӳ|ػFĠdwܢE&$ƖNbC75?j1_ǁ9$|S~9TKpI꺳?l` wf>, \뼁tN; ҟ?N9+^)0࿦3N<`Ț- ́}zHPY.nHlqPUf7Bާ\l+t&ʧ:@FD838.PBB3*:e?ty1DŽg_a,n `? HD-uI5}(}֙ZW, ˇH0S"L>?#*5]H R< lߕ T+ރsjy t$NF @0$V6- s.8S,f~뤹3F-+M=GoJ*>6levQx跴5k XLlGtt}rp#Ym1  XU7VRu>Pժ>.}6$qﻤ3&x'? IpiOӘՍj1GiF*w eR{Ժu]%d*Y]ONpÂ*>hVR+1Ӯh01i]^EV5t! g{_ L"O ilvR6Vel{1IfJH) c]ie{D%!p #ojDS!jg neD`\7 6cQu7O.na_gۓ-wJ-On,m8FKf;0UKTJ;KǍz?|߄{JUV[C>ߙgv ׿25dUWOB}4܇! @U䤑?JZ)gќ{8:ъc %u[SYt#n=yM;0D]_qoUjKj4IF.iq/=ގ]e=-Ԯ$ۺj'[c"衤5*xi-1\)],tG+6&:y]S| VbIW᛻j,$ t_ݩ]f]dsX.j*}uNqw/#wJ.@TЙ/l +"&;l6J@H7ZF2 dy, dIpb4|DNT45"0=w RvuӪ!9^ BJkg}[-xw@Gҳ/Dև[?vI8}quý;t ;u+'GL|u>Ƹ T3N $ݻ-p9xY"@ٝV!*W \ؗpO7%hE?mwVnNG _҈ eb Q#FF%{cp0'g{??5H(Yk9]&#E ODJ s&=}ːb0l>,Hc:?ݣׇ4|3 BҮ$gU\"@1ӵX"GDYxl5D9juy j YEνdHg\ ܲBY~cM\O"$۟ʹ׊JSҢ@Þ:iyn!A'X!h ,jkeMH#Y*嶻εɍt`bGY"L30G 4Y8vH}8B 7f6#^ש.wE#Y%(~)9~Tzܐ/ :>v2;>؏z&=vj-7$$rY*-q d0wk&=k~۶5ddٍv I}QmbSNfqп'/&;h23_jߠ^hZY?=m@ޝQv"*Z\2S#5WjuzۼQ.ߛI5L%wD>-/gjȓ R4hN7<ִDiGk6dw "Y`3nv LI8ddO9r΂bjdNx8F-D{ d}E?"##4ц&RQrAq*3·8) \&Ђziv2 vQWmmhuyu%")i7xր0u{,4yn-`CfZ_YƤ>zXa2oI1G3"B gB)'#@C1~Ouӿ5Dw|^3_Y&] 6 +pՓw8&b5jM&dDKUA)Ylݷ'`>J`op4!7¦$xKAuHڛF{zjG㰺9r9ujk\3X]pe.LV Bi^=nl`|DhR4c칃N;yeL"7&~a*~8xY@Ȟb:-oSrnղ5beYe6aQa{;{B x]lfBқ `ה_a鿂C7W@LSݎx<9®7:Nw֞:.`k@v;ϻ™}`G3KJ|w G]Pr@wrEXz!rΐ:Mo^V!# ],OIwAvXu¶ш w\+~^``Vz[Ii-dT%Z*Lt3(o1vqvqWynff,=ccNK[?A0$` FC퍫k mMT~Z(N̶qA%bΙiifYaK߭K~ގ S4;&eӨ. ˷J٧ZnICS4"KG4U!Q;Jmomb3׳᪰ՃAZ޹fm_2skoS6Ѱ7} :LlRZw!4A2yEDY]g2ʑӬ{,^7 YRC"r;U..!KX ?)#S&KSFv}2"\)tS|Ch4 ڞ7>O/f(u|dp5AYb]yӭXᑢCjjP{dQ=qX,es{'?9m]۟۩ hQ󢵄AkSfsvmdwX+UƫDE`7ÁM9zlHY ==67T˂/V0yYndgoۛi_3a h10҉`f9VG2TiNUS${p"Δ 8f2\;T*=?dz],+mL= MJ 5RĈW+Σ RcGƳW<[[ErFS\'`/=s.Sz:Z6x +x|{~(,@_QFpve)`F>{4؜^T)& ]2Dha$P! ;$H 9|bÕtRehg ;\8Q2N?6@BD欤'nhe޿73fhLb7 Q9!(S!/׸{&N 0ےo 3b`W ?v7b0M&Eu>FdθwJ:<4F+gU;l& CMr)j>j1sW|WcEo5!(!rMI39ӬTLcWcWwfO`1۩AӉКq.I^#enqC\EO},-'PYLY*ߘiSVy.0,iVi|xO 3d(Ϲ$=+J˞[pڡ,>!+RJ_"@rϑY8Og'nz|)PH׀GmP7N6d ?4jk窘Dgg{WjAi?hQȜ>!Fd= :zYDCAnJv*/po)3@lY59:D/nPvW]ʎԒ 96S?^k(@d?SMOo-n> 8VS<,^7LUv䒵}+аO֬7o|六3Pn-G3Je D}AlCT(hKV"isYOŲ\F Y57Uck7 TqFr109>FƵN"a{/x QFIk! ̝<+m7c\pdkS7uW"!pR/ Mwqc*\N&>~W$NpIMT?!WEO$m@<2(7)DT__6d}cp&ȈFW`l0lbP\^0%!+* z /؜c%7Vϱ/VDZ`A$罇t`UEpU#*օ=e &F `xǵ$"s -3D rcYżʨ9) ~}IF6 4o`d߷.|&[=s3@ j 3bwB%$ @2j2; 2WTFJ8A#7\xܬ/{PmPNLIwJ0fBz!tΟd1K< ﵺƧ/Yc/~Ki袾R%v} u9S2E͓|tLZw}ɶE^̵%4泹|vX>'NVA?C;绂Y& PiDϥ'ud>R=~/(oO:.Z?x˴Z_y[YU6O#~s{5!tx7D@Zo{~IsKL8JUjGnhv/m ?YJRjSob![%Ys6̹X$mTooG kO̠acKfOI7%A!^5\ (d LIێԒĵUj *o|ӭ(Aφʙ1ɰ̀bS6}_T>+[(6%,2`o9W0ƌ}xlAmh|g:DD̛%'\-"ƱȰǹ KW0Qڀs:xA&g˝9$ 7\lbWo %tq7`=~׳gUUZ'mSmvUQfL= Mf4NQ{NJkJ.20Ȕ|@@xF"j_A-31vw~(0hڜ>0zj[n#yكtJӓ5'u^:<Շcq.ꆸō3B='k\ap_q_ >$z0cOk($eUa\P]rܘrӂT(7gB8YĻ ;6a|-ߑ )F5 uv؁[I a׸|mƘ w8YI"{2 ~h5z~$ɥ'dU@el< =ki^;zqBOjGp>kc)RLMn0P~1d紈GS@ b[ 4zT ʚѤ3&,Dv Kf_W婶<nr-ʬۤ7e첋~YCBmm{HȄtjmC$/;.&SD+ %qZIhȼ/+֥RwzW\֩7ɄZ({]3\0"AW^U>D4ڋf#q3:7O QP& '^,lRmA*C+.2OkY#B_Ud s:IR ]ׂQ &hk[v+{1L)},x}< C;1hjIt5{h.}Wǐpf$ʸ"&-Tc`/ M:_]Y3rt_VɓtkEu8v e4-7Ok'q 0OZ"PC H\H9򳺄]R9s/lw .Jt[:߰5=Ds"J%uoz'+siRT}`OI*E|ְz)xHakG"?y_-e[wrxv52a40Ьc_zIZ9XG)Ec?/鋫3qTZ2!P .eHh? ^(`F,3Ne,Z2sP YA#>d>4븳'Z&X+( !pj)F>/ wme bON")!V&#H46c`e֫%{8=-2}ӼaóU.B9X{ KL8*ը~u5AEy 4$7bۯf@]t{3J(?b|!%_L tq0V!T!ԈPb=;h7ͿLd}VTi5ho_V% v7dI=W!=U΃&ΦA\%O:v|es!D&N1oͰE7{{^R͗˹bOm5ALL1}:@!{^$:@!mI\G YHQi][e7S$d ﭘt  S?~)6D_,q]Nl`fLΈd'pAى~/(-y"8KxȮ} Lq1[7nyEG g}(>`=+=05~NTc,;[o jv.Ju mK`7,M?niS 4 , Y/{5Cgo:mZ;F߉=ۯ]|7I./&f^$0{+/_'Vy9hx_̎ uW- 3?# OaȊk8` n$I,l9do3c;M3leFT3a>vV壬(_'?A$KPB4g% T1 +VIX9GTvۅL>@X!.K Hg0͝.Bƙ'pI*r-`(ů ntE֖A<ףط#2IX|.1IW!_<ٶڅjb&t( ڹx̌VPIsGʹ=NbғR'$1GlY@InAKe:)sSm20 nU9h>-ԥƥOw~~5sm :d\cn @#1s;*!E4b)Ĩ:)V^Slx '6 vRkR~y-b   roAw[+6Y.(,iF-.Y1 N^ދĽt|"+fOS?9IU1]HSO%Z#%9! o itdis_IStsC<,{0]@TvPqCPé7BKp';1tvPBWnmWz]\LӜ@}ڡrFqSz[SlQ̐pTAnh3ZۥYL\hG)>t;CnTv[Qn,|UAx]ӾFz҉OSnF G-ƋEꕊHBj|.@x_6aFc1ċ #ƿ7Kv}BV>zb8SI@;|'T}D}u8K[7ts?5Qi`ur>s)L$xFRa0jY3Yy tCm4¥M/EEcCxM14 dV}!]xIz HdJqju՜kLPՈ<5|ݞYKJ? 'TZIWMb%f{%t:3?|Q]% #E{?r/%ev;Y73$߇ L0=s+G*s:}.L ߓcɭS2)NKff)~ (S[7TB . Kk)rAnSIg2Bz.<~GQ?VCvOukm[\U0 2Ԓ 6_kE >]-].WږrC!ZmR6]YzEw_)؝WǢ:.{ZIKթ05eܙ&^̇+Cmd5Y{G`Gy꨼2`61}DCD0ǞvpKO >_?s+Aܑ {J~H RzAʴkY/vY+aī'E/OKX<ډ6* R[|ɑSM^Df۪-j= M1"NE_I>Ơ#b-{+GnB&cLEL{!ޘTxQ-LW.u(Ws_4 o7 /,quHz p,2Lj}*V?kß7HBb[SZ̍U>˕S7nMI!ALm@ i q/x dHHA[_x sF~9"lfco $wtpB,taL㤃U݀C$Nm oŞ6]ZMkz"=VxR$5g;?F3" s!07d@NA]2]^4Cw#IGpU.D)՚ʼn9/Ve7 Ur p K5NJ_@:@jwA aޞ/NAmSa03y:2*/ȩtT*MȀOb%Sm [e`Z!vSJ%|]0~;5FW7 %9Pk2. $/}! ;4'Q^fyEjIַ_:6|2q_^IJPs zʍ 9O7H_L^RjS,D%_&owfL40|OxA "3oйKd0 M3jdͦ*9?eQEqP_;nٰLY(J{y{6`׎RV}Ǯ4 r vl%owvcVX#60Uh`?K% _<^ Im1;7ws$fji䲅6ퟝue3"PT]yů3|tШw};S+WEw.BFJ~ <*^H )4@iş-g-P:r$hv=^ `y=g)kUlG>Ɓ@NKMfpЙJ >@k*?{{a7;ЌDg_" bu?Z1J1~;~a|5y7: ,'Z?D}' zP} p!m K3i=ur Γ厤.0["LyɄ/5w |?e,:XcT̹-D>2jWRڨLt.8QD]ocf@ɧreo?3>=&\C2j<)4hf]2(4W+D G 9Y![z{OeVtBWmA!MA,2!qn9|#Eu)1 9dA jm,ERC4{: tX^"ADl}\'/m9'I_@&Z}˴ңabj2j#l1՟6$SXmp_aGdC~ZސrpKhdFM"89^ug5TkO~Y284^Kn<5| "F%QN&ᄷ;-ܽYG-D)OH.FH[4ACDNP)&@eT,}vo?sv<`XAR_~.Si?`Z TGWl6T==ay+KzD5m&29P`6 b4Ya#vmRǯqj @Cv'a{g[xRH"Qq8M@7< ֑_}o-3@EPX?/q;-q;R EkL gMiމaO98+Qɣ(c۞n"waU1p&>6>9O4[5 JȜv2:qJ/avU :ld4Ε4 #s}:3 v+ovʳC|+gk(i`ԍ\@Q4nIf(E/m&VQYz2PHEV$]9ҝ B sapu TfZ~d;9>aG+L{&iDPsXCߺPp.&$h1}=HUVzͦrgō&HVZPE/Ip Q)Gazr;E9kboXGq#Ju& . VùET©+>1K8m Mbx/+:`4MAEn+֏j5iA*7-dfH:ڽhDEw+*Q/`d֡oeJL/V#0h-s0k׹d^oLWF,2s-W3(q,ӟgl4gvR#ءx0;^xNt"T' 9D/@\76p|E; r:!oe@,Efd#fE#ߵi+߸{ؕ. tJ핛Z/ӣ* ;[6` 6("zg5$ȅ:¿uZw'`-X.of1lɄp:\MQB`p`nƋVN{*YY`{j|͵9WtwA(&ԃU>"W$Au_,̣E$S WP~a73+0ob3'1:?d3`93)Df/:^ތzQ\%% ZǼf#S:ق|? 4brf3mo6Lʷ\ѯ_1U[w}e0ncօ8-yErYbMbJRL}E4ԝXC?UV{1sʷRSRש&48=>yLiJ5G~~5t9*Bl.S iR+jL}|%L t9'@ف'q_'Sj26m3((ߎf%0yJ% B'̽иF!Yĩ^7`Jf~gT5% .O]r8ޚri WcE8QB.,7DbD4)Gz8Y3LWYٞMJW5byݼ]k}"C f|b!H`b\g vnS \@u~ ^v/UR6 y5`ƄTHDT +D(Pްk="Y(~ 2t{W%x4rW/]ǦW=PLg㵉扎uP/yȐkĦSׂ0KW[v ?-|5AM7etԊMCIٳi.W^âeM߷<}.0k0e G'q(_?8 a.FApq- 6^soH[2ۺÿ s4'lZiDúyzi5u7 ];#hBPۈ eN[㒥\6"Z t)&.V!`pK=ӯҖ]gjMflV>-$ðB`@z'}#yԎcR5[+PZÉMTaR>ޅM'Pxe)f7ΉRyο3cf\\ vlWL3z8duOک_ I2fԹMXMR;̽w-3uMR b,F*FO]vi3OX&E\(=΢o@_ tLH;KYSm:s0>!gok=|{޸-3^p]342d -)(UPT[''d|"XK;laYrقyEÜȒ YZ