sssd-dbus-1.13.3-60.el6>t  DH`p[*= F1_O@+Vsh5M1I),\Pt n_`J<.iTIpG3 82\0qҙjPЬ&Z)=)oڏ$!o×Y7Zf0$Ү+Ds &+Z\",K`RV'a2I82?zЈWVR6[5C&%q!M7kfCaYTJ㧼DiL';Trڿ<^ӀTBG?3z!xMk-PoQ t8/IKˀ Y6(̤V6M@LdNI6:7x# h 6Ҹѿ9d0H,qBiBU~v7(\q_ IP, 5Rda)0(!A_'"ԘذAC]4Ǿ>4qjViZۨz߂C,G#*9ԎlH+b\ko.hjbNMa3[@كch*RdM)#BÏ"*rJfYF<5% iYpq{EIxAY%:fŁ%O M mbdR{ ?䏏˕cj~1L 39'>2?d   : &:X^d|     .Lh1`11(894:bGLHdI|XY\]^9bdienfqlsCsssd-dbus1.13.360.el6The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.[)'Ox86-01.bsys.centos.orgCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686L_K큤A큤[)&[)&[)&[)'JVpn[)&e37573ae19c2e2afdab9c4af7d20b4e5363c87abbddb6c4ee495e60dcb5b767e85d871557fbbc6df906098b3c7590510d9942649508d8c7f0e293e66943064187d82e0aaad654e3d442c54dfd4b38f6225125e86ee446132882e4c115e9fc2fe8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9039447195ac072d451c865386dc47910116f644f39cc9d7bc1671de5a08adf399drootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-60.el6.src.rpmsssd-dbussssd-dbus(x86-32)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0libcollection.so.4libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libdbus-1.so.3libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libglib-2.0.so.0libini_config.so.5liblber-2.4.so.2libldap-2.4.so.2libldb.so.1libldb.so.1(LDB_0.9.10)libnspr4.solibnss3.solibnssutil3.solibpcre.so.0libplc4.solibplds4.solibpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libref_array.so.1librt.so.1libsmime3.solibssl3.solibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_util.solibtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb.so.1libtdb.so.1(TDB_1.2.1)libtevent.so.0libtevent.so.0(TEVENT_0.9.9)rtld(GNU_HASH)rpmlib(PayloadIsXz)1.13.3-60.el64.6.0-14.0-13.0.4-15.2-14.8.0ZH@ZH@Z2gYyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Fabiano Fidêncio - 1.13.3-60Fabiano Fidêncio - 1.13.3-59Fabiano Fidêncio - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Related: rhbz#1442703 - Smart Cards: Certificate in the ID View - Related: rhbz# 1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6- Resolves: rhbz#1326007 - Memory cache corruption when rsync and/or tar to copy owner and group info from LDAP - Resolves: rhbz#1442703 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-6.10] - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1421057 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results ini failed user logins - Resolves: rhbz#1487944 - ABRT crash - /usr/libexec/sssd/sssd_nss - Resolves: rhbz#1489485 - sssd is not pulling groups in a trusted domain, with the Global scope- Resolves: rhbz#1438360 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)1.13.3-60.el61.13.3-60.el6org.freedesktop.sssd.infopipe.confsssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.13.3COPYINGsssd-ifp.5.gz/etc/dbus-1/system.d//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/doc//usr/share/doc/sssd-dbus-1.13.3//usr/share/man/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablescpioxz2i686-redhat-linux-gnu?7zXZ !PH6Ӯ] b2u Q{K:+t lt>;+'3j񏶠AJxl]hnq.Ƃ\4]A B20sZaò?,Kf]y3`(:5lhNXuOdyW'tka;VǙT-re7v|Q k(Q(󹘯2^BsnrE!)q%BlRKbCUlrN[RV8@U7ҙA D"ZhSA&:0MQZ!֬ic9:/I(KbE{1ioƹjsA:rfo/Wɩ71OL\W0xkcL)+EOZwA92f\`saU/P[ܦNA Z N>M?/6yde&^ =4ny][Q5F*O nLz A.c֯DEQ_tupOXuu ?8aΚ35W2َ *%25PE{2Br4=QZϏ˩o\ cj&_d k@gE$jw A==5hcYZbC}+Qp<+Tm8|'u ;61i:JeQ^Df?e.feRbTػzDy9 EHf)0X;gC?v=wTt^}p0+;B :[ÆO_Y mV[}49gd*O#ܨ AՃLX:Y7`λ<-ҺŹrg(Wҿ "*QMs.rX 8uYnZʨHYCv'+4!.~Ԫpxx˳DVrP|/P>re|bZŃt&m4o|`(5Ʋ5 /INlwT䳺YA)Z|%Ge"V٠g?T8bR\9blRL"WP{E83F0L: jY].X{C0pn΢:$ @r$77^|ptqx}:&T=3+ tw"f ]jֈaI!|dLQ{),*[Ea(#Wj3OtFac^? da $*$?@ {-)j&';}nFioNRkz[b䁀O&իwlYcWj3$S9{FNh"Ԅ%E9оC~\rrB$og")O7l!szH¿+ebe1[?,T0`bl풍[/#]|85HLxKX$ rbD4^D[` x*A!kcZ$  6^bŦ9nzU>i+^?0pO"(KK>:ښ86[DK>:,frsXٽWBD1\gC^Y7KC K+*%Fo&.V;C>1#pwPe >ssƪ@]|Xng\/LłERuCt U*zŊZL In%֜iRy=+j Ybree}+x*P 905 $ *+6i=6{a&S"䈐ë -\ OYShL8u,\K2sϛj?P )`7 sFH\FIӬRYkHE#MrNշ|Re )&I_Z 9l OBœQ@dܘM J8 J="Iׄ WL H ܆ Kߍp䩮r3> FW@<7:Hp1ңd$-Ǻ|TDu  S_,]ߦS*tKBp\\ 1]_P:znGnrpLrč./Pbpg9|UIfs"FU Asq_OJ`)z7 .ef&g(aؚ Pf>=);`0'q~rDDo_? պDyBwjj_d^!w K_JO`5SRQr@UT)k YUZX;Z"2>;%>P!As"pigH_?F0=璩 ՜ɪQ srH^֤ a~/t@r`Th1T<>RzN> $2}ӚF _QW"zAkw7?"wSf5 ƌ}^V<X\2J($VJl ge (BfTiP@4GgM˞~Z>K$}{ZZo?l@5!7@G.V uD<#g4_*.N gQiAmv\sDAA犆ZD %QDA5e AgmUtGݍ|s_z|TbY tmQ|;D2KS*?>}`9oʖVbH>͜q^y'Kq )c=#߳Z>S үPd渴a|^!,%;aLFj0VQ QG PW*4oM DC3W& ߣ< 04ET%aW9}8qӫ ea^ PW\zҶxq`!d烢(:snع Z,^ ^Ą,75g^ъ)IA9 ͦb}EH&:mBGVp۟*hY w#2 ©EĊiLj{xf6pd7`S bp'r<|4uۃi7Ϋ:91=cm7"Ycה8hppOIQQTyo5C5'|fWBMQBFɣ Pķ짓?5.K՛*![̟#rvWl(>/z IWhX#p$L8ͨir svsź} 7&wݒ)zfԧyo6JZm\.h5lh}hiN&4־Zˬ}Tj"K@%#jރ'61{I@bi/\׭(?l-^˯ z֟ծ(-y(r@kLWTc4ܵEDxS_ G  _nыøH48ݽ\Gd^*8F 27g BE~7 ")S/_.g]@oI1?Hb P4pV-3ެ@lInҼ1@''X`w,+ݖ5 k i%{n6k#Y&YpќѬz= ~ET hR= )9G ҈[⌒ջzi+uY*bOʧ|>2M1 bd樄B*O=.cm/HR˘҃fͮu8lJ5$fsv+ <3k0Qa W*vƃ^a.}CY}8Vof bߵc#z/IBݠ06GMRn` vy#?r1R%*z8W4G +b 0wsl]M><Bݿt4QT*ZZYAxR*!PBB/lX029YM6M o<#"s !q׉zLNC# \Re!YLYǩ;QƷ#dx5YC%Erۍ[̗5oż$ j?!k3*2o$$K2ԼhE.JD]9a"ʩP,;}. BWh ı#Qd6JCh\r~gc3\Fdc^G\??3:|ŷ*hF *쇉̣?FoYunBPސ @jÎ y7[6 =:L@t(1C|SO+LayfҦA?zP jI7n3b2#yFܳڻ9Dg"oԌM[ҵHXQMgntvq)v\!~$7[l{)òBbo ΎX be<|gap0cS^k{V׊Ҧ86u꧳4 3#|9&yI*騂c*!S?%䕛 \z;f9 wgZ!?˄0`j,_M*`eiޠD%)LjnIA=)&K+<+wkY!xOOR/pE9հ*#t\ +#~Ǥby w2>-¹B#6"@%)`C_G3Ɛ&@"~ ldr3g90nQ973҅s}IрDšC8Gė +}f[e51K +/ LF5B,,#kyz KHDy2% a}S9s0Q x^Iw1sOIⱾpy[cʪohͫ^ߧΌt\dVcs߿jv+Ѡ J>J0wy`lQ `Ej"PW-p 4TtT ++7ѣԊC[OU|`u)B<4]`,QZzN+ȡ5eO,ip6H&?M<;?ADf73mO4M6՟6V}jWb`Q[H !Jddc*6 ͱ*>pelQ4 :{ {2\2_1.艳lF&m2,.ЖLiW*׈')G*ȱy#CD:nжafI)?_8@)FD&e\_]Q!NZ[Ǚ,(gMLi6(8's#CR o7c&!ٽtTf}U@>˃%0EC1-@%$^/WlIXɭ#d]۞N%K>\ܚ=XێaQSrVvY9nI,!e,C? &EU<ҨkJMA\O_Joİ<f8UHCx&yxꏇ;̳[?H/(w}G~ hfb{ ϧ)veL‘)JcE3]E*b$?WɑV]*$QLgҸ F44֩P@!􃸷z-wfI#&]'ӊBC7V9' =א>@!/=vj?ϕ֖QS!=VMv膙6tϾ}9rAm|-}~װnR|K /;McmW=D`jP $$h"PoTl>Ʈ)T~>abö虶#QζΌ'q-:S]}iG^Ţy,a:1+0l4֣pt{>h\zB0m%-^N.> OXKB[eI0k6miiW BJ*(5襡F"+(o]TϱuRQk:ܜ%AzVYAE&נ5  ?v88gVnW0@ILM/m eн>aJ>Љ*>!y[C*ɜsU.aXvHv:G"=Yr'D|+#YK}ќ3 2䚌jd䔡w"~_ګ 1]l/5vwASʤks;;ጉg^s矣+/i`?("cmr*H4l5#qnMu51VlᎾ"vϺ4‒Rcm]S&Z0K~-A$G,#ӲO̚LA X#+O`=0a {<(J,e5$3Ox8cY3J߆i4&ChĮ[%m\;)kuf҃;~^e$ڥW)4o汁T\샎ϖQ>Xf FLyM'LL%@u_=.Y)}V)I$0eފz!6Gw]SO!Q@|A9Þ+`/sG_ r&TgO\R7ⓩ݇PDY҂}L{'~.ăQDЂq ;N20N9FD{إ,>U_P?7YaYẠmW!"4&(K̃R8nD[2=٘q":DX5Àר ~R'0~AG}M6vPm|*Y8YB/+=l;D,%,{3YI%K\i^M *@7JW b!eIiw|n\WvKc25vju$֜?*; p>cj/c[ݦV-։/" j7!4@hF BϢaD;tCrbrz'\%Df}9Զ@[Or$ų)GpAHZ¦d}.p+\8+f/i9̯F=|Z[߲֠#T*/ ޴GV8sXؠu2uE GēDST 1@S&"NRMy;᫹Iw_2 G cE -RAr3FB%b NĨ^0̎863xV$^a6̛Kxch?X Y#^n4T͜1IY_빧Cd`d3ؘP: YV njWCٵS5z+ׄ-QGu5]s<ڭFu"|Fi|h+WC󴉰LFjMb#t ^4ĹqJ3OGNC+h.Xbx};x8,{C)mp*mc1Ɵʮ#F/ֶbZXxrFDg+\fe'8o>Gw !*2D66aY:MƝS{q!p (rf'OɈ& Ew=+a@7c-:qO"<*Fv)Km4OXEc*2r|8BLR\5& 4859Ԉ0mۣBĥ3LA;O9&l OϠ0&l\SQ%5壹x7#Nm 6&MOf5~B la0H sJU&%w)Nq լQdff'ܩ]LyXjbp>Z\8PVB;X!Ϡ"=BE'ۚە[YI`3(-;}i3?+f Xp_YI[HDrP6۷=+"1Bɩr|]ޡ(f O !Ea, հpjd\DZi{m _+bc؄Cr4]wFKq{ UR7TV6C7Ǭ`R:&p =UjN"IK ])Q@ߦ fѿ!#x#.2J{y}uq?/ӖRy s JBM:8$S/@d$J9ÔXf>gi Ni O -c}R @VdkhRऐ<fב&yK愈_TǍ[@U :o# A~Ng2-~" 4fU:rTp@@X c,w8q#Gª [\BE86t){V| Rn#fRnQժ5>C~z3s$Kv_5Hm0^UqM$&S{(f!U-k&&-YF-k;CLUCפG^>z.XAF K~hŕm{x4 FXej]L*pF/Ik0~7CT=cK`;$u'/όԇ\f20#wZ?ړv%}R7H?s<.DhЎ0tdT$ZR ܣg&z"x>; uA>T+ӠBCB[4|~퍔d2!kxFçgsC_="Pzdʇ-E~Y{DmcU>n&&vwq&Q 4N ?ӧg2V{ȂIgLZgT!ʘg<=߀;lT,TrT SKN``@Q`7!أr v)5ΚA®Sv .莍%vj8VnuFmmPF2i@G9s WBlX? M.Fz˶!u=` =Z+wpo\o3Q7A"6EBR QkQ(qڡؚhK Տ&ݺygɊcz^1YH2ju,q? V 2) iFԫ1X\0. 7J8. w8$?F<8*羮yīǀ955cn 7gq|7$ė 3ֶt娈L0 c>>[x[:%iPXB0x\Es†w&.xãk>ORu#1rڏDG@TXF_GL58}Ip|!LHoRȤzf3_d7y"=W 9< &xG5 l٬ltNVJ5ZJoV.뿕T Țh.Y5|Q#850Kcuh+RJMtÑεBlCS B6&>w5ΈzpTo5`CΌ?@ r%{=T߄˅0Sa+E.!$4@ 7n¤flk[qz\B`y 9b9ɂ: QQf+ֳL5`JaYl =9%gX)͆$^S+%ύ%t)|DP #-|s099ƃt󖫘E#5~E]۹g4(87۫ZIrCgDI{bzg~ #?%AMAؒa6S*g* v?ыT%e VSMB3M8LT^M:|!`"5iC#=T;XÒC؊[b5{aOcJ{◄!&vnԎXPmUDy7WkPϫ/Ҕ镞1QN8J_l1b +uK` ==&Q ྸmF(rV_jZrQr)+d[jߺbR"AMq7&I*]>|?{0nty)~*MIE ;ϱEBG\<7yZSY00gݎtzJmuf'9+JD=;CH砷>j4SJ{3GDPBqGXPk}(wKZo3<ݪ 64'0ǧSYbZ"2NO.P J7ph~Ci Wh(-$:#h6s[8zbQsW9|]Kv@01gJ)1M 0=&e+}>:}ⷸKH{ȿl z{ab2DTsY%N yKEG]W@4<ۈ iUMX jLSk)iw1" &Npmv%8|-ض4a⤮<l2Ă ph;JQy/gZRr KWȂ@04EÄ7J!{4s).WnUm@yb,rϷכD+i.t 9WJ1~5gRTY+!{ދ^銀 !Wj2.ĠSiIO|._u_a:HD|@:_kS'Vm8rWWS))G1yZ O[O u1 *4r60C.]6'r% t 2/>zMf-h)uN(2b,WXmx- yv<@Lw'9+/UK$KA<<>г|&5f'm&Lt.m/-w@Yԫz)킯^.ɶ^9wa~ |sڣ /` 3= :L6hofL<@VO& UfĆoJ(Pf|)xF'HDnBsYy@άeCjv`QO d!l5v{d7ߕHB*Be`\=F~²K &~byn 쀎nZuX^g}NpS_ze#9/^hxLob [w]<}#DfX|ͯA-yySE#\(]o/|,6wqf4FKHikeG-GIRaPE S$*)hZuɘ{[]ԧ_KeCw}/L5 <,QUӾ( vTwtjVAMonC{u$S@iEKJ'-J$]Dq y3TPnmPn˜ mR&՗j/V)܄jG'Nq#8^R,p53zNr+TjKuWOT 5 F@|@z Z@zvQbxvlWӦuItX`b]RjɽVT;F*'x}.DI.Dk xV&n,/MCM?(nn8q@ V~X#լlRlKB`IsEJ%:X g/ׂvDSEI$EEOɦl2'_3?]0&la)`:ܳ]!&GmarZLwBL]e];V'*!4u-IPjAdW_Od?tr]+ "(!S,uJꭒz,E~]+?]ľS؀n "z"j큮re*Ea7(&Uuy&BWq]%8 Z02ZC}}CTVࠖ-Zo!!-I=+}/3mZw91/2ȴ y(HWNKνܰ{4d Cѽ][R #Ȟ҃#Pj/Pzdߘa>Sz|hϛO' DhxcT='n%g^[]/y_ZJrG^+2"͙k =w|$FZv'jue̞'DRXK5]'*QLJ{' <92ÔqGp}ic^%=iyaMJ()gP÷Yfq37"nYkbpiO3p"),[Aiml5_3 |4=A&^##EIW _}B..'?Ge*/Wwwee|,ߛh)blŁ|ˀT)sjlU Iɝ 6^we8[)Ψ`;X+Z Ā.YJ/VjqG G4G6Bq mqROp|S܁79P= ?:>~dx~7\M;Kg?KC8bcO=9GDl_D{Zi$ #rQ.E ̠پ3M\3T(?4Ze'tmԪ@" L:;. )d5+i]ƴ̲$U#URm{ST/;Q_PuA=^<.`~o?<@zc^\/UJq%&> cjEi(.KAg@A4ΈX3L9\΢'&قY2qbosho5gxPTu3ū0.Cl%JhheT6h&Wkş.fy*BL!,[D/g5a=1 o2 \2g͚lX PCp5'_yD"/ݳ< I -B4w1rnrz'Z0GkXw7Qr̈́=5-QG9udO{4A-%B P Jù&%`-uP̨%W%OmX4]#~R>Fʜ|WS N )5goT%3WԄƱv睽Z :GԻEw;QpIcܧA( \0rC+ @Tׅ<SoCb3l a%k3%yΝm>c6C\8{`dzoٽZLvCMq3{nY\7gZb8r~`TxK\\3sF5ś(S#֯0`OԗtKE\ ]Ӻ gxsPu⌣:pˍ!yUK2gQ0'p2hcsp25KVJ*BgLs$;1xSEW ́"PbD2%ht4ua[< ?PK j ~LH(2&j9֬}A lC,R.RdxQS"">DܔWc4dDctNauV]. l9p4Z[eb?Pmu}!Φ}, l3??9!Wi{U]BJ؀m2$~T3l Q23pZ*?mŪBSE)v_70%w2!MNkfr$zn,~ͮfkr0G6r8_Qx|%{|,+qYJbhKqˮBz+*TXʢ$%ʾxdn1:]%Pai{+C8CsQ-M Rv~KĔJ&M 57$w͙?8s呠@D.678Hqƕ>)d!PGY_m Dp4!(ޚ3"?FRN޿v|dgu į4TK-7 Upv ~65;ܟDeŶ(ELϬiYQyO)y!?'X![t՗KEytQa-מ۝#{r೘NwMcO ڻ8X.P&Gy bk-2}^_~o?L EU4s^,'gqQͫeNuK_j=tzX5%+93偓zSUMk/WKoceZy-K1+|n/ +$v4)y6L$ e|Mf]ſ``XgOԧ6vCw 3$,p^"cecbBF\CK$;بJYo+`Mֹy zoxe *\gth3y s=r0 b5+>2 iS֛t o:!u {[ͬc vązXOG/gDib2r2^k4PNj.,rWOs,"ҷ߳E6a:Y4U4&An@-كT_K/[houa i[#n`;TtoeOcI*8=.,y;09*C{.bJ2+A`R7ѪNMv;SL oavdzjtpJW*#]sf!Nwф}ֶiaP >>,ȃ8 vʋ%_XLj g'YTkGCA1 j^$|f/]mX 4GOܪ 4Rj]1Uˏ+F^+<2VG!D@\w 0nmPlH4>EvmEY$[2͍BEDPXXy^HS`.OPbeJ*S"{0qqP؉$TL感zMM7/a4?z"J}JH&5.&Tl^nq9!Ӛ$[(;V+> x =U*O9{8v"z'nNMӢGcA̗eV`'[m4BXYlCecuwk{~s3-C!SMQ\R?eWEҘijVˁo%v@ <,(n0!glzaߥ2Ҥg:BQ/B>ZR:vMs+C`ԓ˷m݊ȫ&Xj" z %+.WFmxŹi"ZYa/>t>ϕdFhJ;MV/((#@4ۢW7G~ne`_] %i;^Z s0tK,mc^(ixre^g?;:vb*QOBث SaY_$(QԫۋL0~I'Jx\҃hUwi:>s*'oe0rZV4~ 7`Dȕ'l}hVWDDcAZyznmB*Xn6 0&E.2aaΥMsŶ)G8neE=2kwqƄc{&?Ωj4m%vz oq*2GU;Tr_;b?LW'닐,%|u_4Xͱ> }*wX DXJw.0Z}PI VS/=Oim:qO-piU9_0wn kbxG6LjvSXམ"RCu7 Q}Έ Ճ$9:5,)+CN`ڭ4Q&S+ߜˢW!#q#2qq"Y_*IҬ*!*+a'# ⣒NPmbW,GiKn'Iޅ`{(`TW(:2ɠ$?oH]wj(`@ 2e0MZ_Y ??,ZB,5(n{份}kɜԇPr+9{b?Rq W-"vvEj'ui!t bXBۉOR!iPk&yu/y+K'(b VS]\2f tުU(oY-bwEà 'p-%ٹ^VQ_YoH(p+XKP$ť Mjd^,ͫaa\G8rJ(H(S41A?Sq( K̆~2Aѝe[A2&k-5e8"TbQ{1JO4/ ?bP!t>"{k"c_Uc4zx!o]2jR:^<,豈߈w}aNRTqW-" iX2l,] `qi^a1uL(uXA2ϡѱ| Z-"A0poDƈ@q.=; ;?=I[czaP\s1/F}&N/6Ӗ?)d%[44>jvcej5/xNM^\Y8v57_|e\8Cܡ@(RvbփyGqvfƫS;h8!Qڡc|;-  9D~ p\! @~ħNBt%,mPlF+& OJvr|n'YbH^8']n@+j֝=i3$cCCTy,+]f3LoĆtyW)LU&nJ)˧t9Rμ OlCml/p!)EnrzfYWb;Wpo5nA|w–C gTͶI4G2HȀ2^ghhr B$ W :uHAx`IMUmPzD%Ւm+;a {4$Q6nza9G͛OX+IjGx|f{ 1:TOVK|R#6tTPڤ5 sʚoŪedTk1m 8a/5'&]EG;oE#aHc _l͙R ;O 9GwylP1m?Gy{D'#E`犿Row1>-4 ])y.%FRP[``o'a"p |RP518oiP19R?N%WǐҩG1WaЧ?xkuxWȣ Z(h@I Q6 5%B!Cpt cG|[keʸd&*| F̼S<;z%C V$J̯ Hvs+ߟ >ُ(&xfv╡d4ω!j0a7Ůt68:mqiAv* ]a4̋o$f5 ˵Ԑf>"r"~К%ב> 5o]٭}BT$=q)=Nfn]4e?S^\ G60؝%xW%{(*TN W\`R`NCӡ7R`i-ڦc|a +ohWneWLMvE'79?I2~*5Kx{ra˒?2mZ9 ls5veXv\t(AKNpwx0W6K3YG#dYlp8*T(:ܽDmKpWLj4acSZOt{qD]BAh&ʅ!t#,`0BI4H A/zi1_ , ƈY}Ѱ&S)Ky^$_=7 SbӚd.mIiX 7JJh7 o+OR/M8sޠ<Bg𒈲eu_۔ޘ0>ʓLuyΘHY|!JmQ ǖQ~Հ&;iA Ew$ݳUװf QqYB0+DqjS)%H:&QL pdD7 @D|A;TDπ)kоh$zѥn8{+#$}բu-׾ ;-2iJz@M4 m5q^ւ6|Hke%?G 3Ϟ+܋$5V;+)јxH0`]|)@@EG!|+Pׄ/7h両(* $$F'+f!4,dı@J`3Eu1=SRu˄?F#ÒPp#v&YӃm,Ja}/[1׽v%XF(hƉ 0zq-^( W  i;<%3%1;fQv#{0)?=qWO"eC")pԛ`@_Dx~jܓRj!z>nRB3$4NfW{d}ݨv0"|Rbn?F x@çxReN$2~_b?\]yPow6K8>ϒSg{о8eQM)PIiI? k2iSԒ9e0H[p`ӕY_@0D|NZ/M|&b(^4AavDHNval0;֯Hj+09AV!Xc*DSJX,3C~?Q@v9H1/Gan'K)! L왒TKOOTz"'!nu*/ fL*:iel@>#}\;XP5YH^b27.UTv\F @Al(匰4Y5[lE]xd#\#Vo΁R.,UWFel[Kun3 P$EjVh tAwif*CrGpl+7;H_ χbsѫ̐?{0.re'%fK\^.Gt4+ n9brnHE~:6g5~($OFZze+b)l P×IgjGyu avW*M%qRƯPf8 hL+CzTqS,|;R5D$ DV& v鰭(b’[f-FXNn‚_*Z] Gwv/ NdE*PBYk, džFp3e߈꯬_cI{; )96fM[%7mgl| f9(AN+IL 73[?oh d8)%b/):)"jWܒn8يus# d o~frQE9l#D}x))Rh}>,|h(|(ۑo}Zc5I\?G6t\LDdm̽ysR~9ki*4I w¡X7[r^HP3T7g=MQr.tkwOɥ+@ _ny4|ݽ:Q_ f|䶪r~:}(2ݩEp6rP]Y&ې6 ,dfq?O}l,E5`N7$nȽPd l$=3r |>jDY}xwig,-omNQfS7(&n>e[4"Eoxqҝ~w"{a2 ! P \E ҭ1LڝTQ 73jH!;03nMydTWĮ0J!y]R^~!PW鉝Vݔ?;c )g^ Qm$)CBԍ<&x,]x Xh|jK̫gr-et+# &`JR0]TW W߮>;“0DVGDK\elkٳeE tKy{u Nv9LE.B곫xMxlWLXwAո`$`n =dmfnZ뵺GH&vW-ۇm*y%22O:`[ɜ Lg٨ )#Ui;{Փ}y%b]D_k}G+'1-/%zsx,d:+dUSWX@[Ey,xӰ-{|H `sJؐf\P)I)%V9QYj2ceoylgAU ܋2a&ϳu)0e>&IbTp?`MYKyHri[BtL4jE Rz0hL;azH$" ں,Z&ic'gcfp4d,f,97j金X1Xgb ZNІ.`Ȼ#ZTGXjF-TZq#XuRZOo9`ߚO 2ۊec0| oYj Rc ֍+fھԯ385Z:Bx4In? Pا!0n-BemmǞ=~tW̥Z7tm`H- ϥlS6YC0t.V2<]*ؘj!ΞD s16:TG)t}Rv)Ym.%`֔z6m Psy l態`8@Gtxks`]tVԝ=b?}7AfRqZT_ᨽhm)>|6iF "-䅚ѫNa\vw(\ /6]UP_V'g1Sn$%C{Dί}G?˛Mf':eF;tdlK3C-q|<تɺh:-/E OEf"mȪCPh<|} N HH90:6cD9r䨖 ՒkDfwc{ C*/=9 bıe{&8&P8 W@< D"GJ4tܚ9Yr'-b A{El:&gZ0azdc!;My j S'5o3lX'ՁtN @ 2II| QUtf({d9 F"2ld/p3i NYh\2@g#vp&jd!' 4zT#t;l+t 40D:a/CYzrV2HХsR=f$21ѹ0#O}.ܮ$Q#Rh/тs;P`yq h "'._z-{H mcZWi#\/n\SLߡf8Ze7fh6jg#Wfss\Jj~["c܌@ иАFmҶ!oêj5Blq nSx s@e:B}m/F>`Y }}gI?*˵X &͟C1" e([W h8xu}F&Y ^e3J3'ywAk 9(Gsa֕i7^Œ92p8B$w4FNJ׃Q*'Tƭh'>o-CGqG4njMy-- *qWnڎ))6M& r=w*W3!;e}ew;I oB`LCϫ X>DdSE7`uNG:1g|6.KsPf C̤.C09PY!庘Єq KoWI:40IHKy3F{*W7~\QmNfS%=?Tg}jE  @__oO>18t19M` @">^a5/j .TVۨ.!UTrQfgc/P5Pi}?@̕qZ]]ۘ8`]}!ioޅx5n%]ҷk|͘_izU^3>gD|֜ ͌WXp5\s"^eg]/ptt_RQS*O"s[t T=+8({bMIBZ}y#Y|UgOR·?/9Ji }\7%w`L {~L捘aT{dR?/)_UR]Ɠ|);jH_~UX BaN؋/\UżuUWuϵi;"'PC-KA:ED` ]3_đ9D'F fhqHӊN,K(vVHK4KI)%dŠ umsMj9]ňGnh<R65fkLm@;2qw B'-K}>T jf;/jf(mf~[0΁F*:~i'7@]glRg[_j}%f.b2 |)M*.zpB:X$jO#+E3eR08L,@[M;@86ԃ_rL]w,n !? vujn;=kgh5V;B8} fdI1_HBa6dpn;h:9QLճs`'VNb\i}>x6 3vc]T#8=}{#+@iL+ʲE0 )3jkվʹa7:~Ȝ@F%6RMʒ@$I =I!ɫjzEo\ʶ! j&zt2MZۦA׮ |~@mY!j- ~ǾQKUwvo^*y1{XmzPoZj8>]jt?r{lW, |ReOApI؊z;i3U4?JQf,x"k3J1^T;yḪAGkk66!]^!m6ײtrP"Cr~ۀcy|*?s5ZuX)ܭJM㩊CU+A,9/}.=8MTtyR>N rSŹRZA`,SG3+ht \gJX2r$^mL~R1OG|OvTNf49qr9t & }7~ȕk X^m"b "<''Y|=+ 3*9̥k9qL{&.D C"0(C!2U;G޿!5/~ɗ гT 2YظHd)9_o(*ҏ"|>Xd9QV#ƁB~P޶JŠ,3VъFxAy}mW@mX G{^UwXUk1 wU*A \ B{Sm|3ư6:;aoELHrT8hفǭQj%Ѳ;|t\q(&wMp8V{$'oy2$T5rueqF%|L/*l > xq X񲓗}=se3a X/@gA侒W|` ]#Z_[СHhTdtWę@_嶥UrRc^ngg3X  )J 4 k%hyר?v 1`Tt@O#Jza pJcX]caZԉF l~hcx5hAo@ 俁F@T$-qjsRDs͗dJuz~k@jB^;׬f=0}SX,GtUd~«,,PNm)ag)4}aY{ݑJ07T cV&^Vc$dqPL#k(# IНu"yr4n^ _/qpQ[d mA߈8H#:<{V$J&3}XM%ѡ1suKV\ jQzb7^ NHO;b1rw!l\Չf H\4 X`tI~?/N#,%C?Z., |BIo'\vl݄$ȃbrZ (,yw?fhGCظtgƚ SNzpWh>>|3yG= Y; m4˓ƫ8;;T2ؒAF: "+*OށDY~$q&tyg:yU[τ oXԯJP:Ñ7RV kacAߜKـW˜NW'I#m 6r=1|Ps/52:75l2Asu%s }$0&~_Uۭl"G8(=YҲWx %c3PιQ"S ~D-# K:$9UnzFWkH7ۋU nkta$u6퀸o-fMPGͰI;cU,EBop;PS nL.ϫ&MsCv-C LBCUf IҼw~{3{՞fzCɽdBNc ךEqpQe\oNGj[U9SNL XR"@z\OL5LsPͻ?@&o&c9)UgO[l=+s:^-5IŘ0MAKl {HqWkfp2#+8RNKŋ`<3 qEOfso*I)i;Q谿<G#*_.@o4}gBnp7f_INǟIjFJAw W>zMELő*T ۔CK}Vij?vD8-k)ERSkB[7MShMcȬK .r0 9%yUZo.4c9]r'ne<8NʉD D$8 N?ۏ8qg.Ä=~\|wgA5w4TIPmy)[?jyu9Ԏ}uM,^7W8j:zùH,a9pɖxI5eN<ԙX)P/[kr.xP!6ȐK*RgUeT2fe 4dDe7\=32Xa]3ZFGgs1@0[ԴC}lXdG9(Hv=c|j3eKa[d(Iі _n"2 -nMB@vtME-ip6-_;;P!r.aOVv]8u;(i5???A%;KFq)񝟦Qt~5g1t]d l.^ma.>Wv7cu=u'Ji& yE 0ghwdy Ioe &,G4/G"k=mGI/}R] KbDe-ю9[߻m`t+v&)Gҧ$:W&|MɲbSy…`w֔#<{O< 8`0(?<lWpFԫXkhFݟTi B һaLݝB= "Gyv|ЂBk bn;$n\vr]2jB,^7$4 =/!9~:Dc~)Ԭy))0鴳W"ɪQv9s[Q"0I}Q/W 7ȟ+x`)} ɣM Wc:D]e[FnT5/dU܇sc\$z玓MzPE?5MՓ?) ҍ"l!U`k"TɄ r!fN]QFMI6`s8!K`%4BLi8 OO(PH[E#4MtV9CŕK$\补p;pvͣ;6|u8G`ѢMP+mJXS`퐜}@ x57YK:]f] Z&`w*&r(lvs/S/'}tM)7Ort9E$Bz2H[ʙ!O%.PU^`#r?\kIh#by"mX"!3K,mG.C,{aV?FC‰FFCh*s~fhm{іφ} 1\+>9|p5swy :z6KG,FĄ(㹃˶ӘiG9j-ҝuJ&kzs%Yâ5sf8WEI9qaSe2Y.9[)w.$SX Ld69ZڰMof7qKOEj==m ֚(񲽱@.t4f$Z;f/L 9/LhP'gxVPV^0h1K;&B&b .b@r2nJph 9NUmq^`1}bo 8HRoƿ%)p4iK/dx=)+ =lV5qƒ\LƇc)GO|ɚjF.L5wRYBƎ"xߢ`"K:A|`yN/#᧥t?G]eFe+tx}df܆yqJZ;fnC.?gZx1)MZML%0]k~+È&M0%*Ƅﳁw-Brִb6FBaGLN>M|#3/I."U+%!JSg 4=} ܸ³Sr-I#6[}}?VcP;@M$W>OgؕPKU5[CXX$g~aٹ dh-%|ۚt#g#V)VӥD9TJ'ف֞ӗ}l|tFJ2Rmdl xi1YjQkw82 &{x/j2fm>Y4*;i3>Ғ.FXw9$N():$cl*n8 Dk+v:_ Nk\_OzƄaϡOJ \a@PXk4If3 0ߒh*~"ג]X̙YZy8An@]"=4C@d_roَWig}ދwJOmjv2V&4$R:f?h 9<}rl׭)?0E' '2'qtpEɖ7Ib'PF5;' OC[jZhly&"N-hs_-~TCZ@S؟ lЊ_bdLĔ|~% -hsvqV!!1'bٖW&*`exwf'U ;H>A \u 5zov]pJz_2@{sr&f>S;P5/zHI"5+(j0Ozor74Sh^`y|× Tzdn?uo+c [IjYkεx-pkjzMK^KH@& v u7?ӥh\6(p2;%b +]QXhݢ&Nn#Cv ktto_jayeRK\Yf—Djt)5skJcC38ey1?oC ao !j{F|gliBrĺ[ $Q'?CI॒xv6>)\B_gFs.]9Q_@RC?~˾5S4˼UVwu8VT8fkY#%\U3Lġ'5IdicԞb`m,թy pb)s]FLo~fC|&OX7Pƣ$Τ:+u=G1_־&I49٠/:E' +pjD&f{ 9Wi/7? Rxڀ+^?s.gk9lM*AMcD_Xt1͘[bA~jGcѡt^piU~af[_ [9EiДH|%1Ax۱>)hT9m,Vy۔Bm͛ߊs5Y1wD*x<) l0"}%IAkxK|o,*.t@×MvTGZHqWDU؎jq5.EJƩM'۔x]p*RCx]ss -X MfI=[}ac  !KiU]\91M^L|rDt=>*lјWh(BM jdcN \y%G;Q-sGW_k>4 ćo[Naن*4*:'Bϻ|W Mt 9~cHYo.O6=p,1!-z\!JQL,l&gy҈pu\.nb*b0}S_x((w!0J'4M- AHTﲎ?Av}FHɼk~3C],U6xi1p]t` 8Fc,Z -4;]19`^#L㭮߮=TCDw",(2/paoB.jb}yڊ~iAI],cZW-,tv\xtEkżnFiT *e?%+s=j@0u*&|R'2mW다Z˞oYYohCV6w]bouiӁ֩11Q9>S1koEle&"xVm{:Ƣu(7rBóOuW=Q8W*-\kM/H-#"?mn(ۓ "xy[J?F)&7Z`q K EҽVP(b{I_`MŤ]ۤznR֟0yfhy5x g$e1n-)A>lx YasGMao1䂒W׈ƙ{:DA9%3N|U /ky` rL^4U&HK<񃆋Z5u|'Ehr0 #%m!B .& N+3Į'^h@?߰-N CA+*^]45Kp$]`S@ZZUpcqJ=4"sK1hȗh `)SK[R FGZ6#.O2&dp-1^[LƧ^cU=h3~,S jTY܅dcHqxݘ)WO/eTdg-\L΁q[rQyt3-a ہ-h42w MJpbDqsQS9Q~~m +:^ \W"ϛ+Jzc6~oʨ"]^ڀg(̤,T|Diη-F@TJf~Q^Ͳ-1t2,ixc=R6u [B#sRF^&Z9(hE廉LJf+ 1Б@D+pl?;`̮/eJ1Ʈ&S$v c$nU{",BoOU `ڴʗln^-xSTim{&Ks󱐡"n榠t&X[NZɔ>znb˵yeP9XDpP*H>~ܝࣙ_+cAtfJ !(|p>B0M8G6r.y^WO!L%:{o8Ƙjr2RҳE(&ˀ%I>rGw%k8c5ijðBs?۰+hQ/M"sɮB]q{C\d) ?ވnݦ_jPXX3RY2~g5'tcs͏ 52Y F5on1a; <۟hч'=ǔO[5WSʜI K ͵Jp3ڂOT`hq4!)d^/Q ;xJiPq12_PhmhjCJ٭+1;oϼEGBBɬ6>2 F1mѿn[EdS0BsEv#><_PqW6&-z WEukی,p=xŕIp.g=`r͍#,& K`B& sRFivfBR_+6E #N>X~.6򐍂+ oNިg/pil7K:MKAzL▎|Ch\/8[bP.')(E ¢s$:xy™JTZlS̕y=K?nm bIPCjp~uݮ$;3ҽhO=jЦ J%qNLT 76DM|h%B暢v–gh Mo3cāce.dz*RtpI0|%g89o޿B}}?[ہ=31j7,u~ !LjgUO:0 Y>q(/^Āg$]a'%-~I\JWv;X?RjTΥN]F,_rsԚȬٮiР4~5?DRr/Wg᫠rV"(mLdS+_;& z?}I* Naחg Ʒb*/k0!.q(\XVk\ h"?ydBr^^r3`wnRoDb>$!x.B^BJW0NBuD٫ &JzМf5k5֬c+oᵚS$iɁiYVKk{axAL-[IgI+΅GZb~5CG9K8X?kk (7VzjR7H./NX9 \RËAP@Yg@8jǁWe9Svt?ݎQl-O_d޼7sHgžh)"Ha"J QAon"E>G["Qn@MژBdv;D-VT*\uURc`9)hSE-/4u*`K8.ԃF˛EdhȾ)v8ׁPY/+$ȸHxDZ(um6 ~6drNv4A:?#u> /cc-_Qr-yp pu# eh_p#wr@6cj1~Z=  zud "Sfa:)$N~F+;Eo"L/夙;m_Ǧ4$htm휿:uMot9zXoLab1{HXO4tKM*=]K'**` ZS)*(E͐ O d@CWL5L3,R㨨RY-屸ǡM3,ڋIY)EfQP]m>,WqE~WJ#jdš9PISL>jБ}䂪M}(4VWstݳN2{$BHϫ6Y!0&jY>e%aΔy2 M#ѝS2?o'"} ZPݰy>V 4:"hG S?)ekŃU9m/fAԕϿt BN$ >7PwJc5 B%\hAD Ȼhd4s { T)ϑӛ0{LJF:`W;\YҺ S%u\ el1! Y 0 2ن0l"dR!B{rJ=ʋ!6 pul'hȎ V`v%m~>Udjyة$>,N,;&6#](]('F4'l҅*Ǔ7KP$\"DZx^>UzJ~Q2 4RWO h3I)XEj5. J2.o$؁ B*S&leڣ˩n)Ki~ ѷP̄Q*dA]Լ#W侞 bR(d Rs?.-ֱRO9V ёh:hu ưG1yRTpԜ=@T_VsNjn=t'|49NE[G x=}enik#' +=-fJ/l]Le-Vð7}?g]ih|vBO6%= '3 :3^狑 YMcC2;lɁhd=#Q9Q"JN%shd#Ptjq !< Uy>d"(36HX>9Ќ{4#PS}vdHPLy)jS(LC(JESTTuG/TIL{, f۩B5m$HfZOzl-?/l}92VƈAAѦ[ט›'Ӻ™*Fkki=/D͟܈O_>G(1D/p;U8N69[DZ&ZR&J93tEv, ^>iW9+ҕP Q4X꽒\6BfݞY{>upeBԴڈ7/.vݑ Y% O:V7ǁfW FlY|[Hvƃ.MK^e>LQ4=7&-}Cw-JvU$n XDD{F~#%fekLz)/biE -7c잸LYwǙm'Pp֍,5O5Ij x vrT-vm9PH( T =v]?2”TM S5Ԇ1C4%aGH1dg{Y=*d~ AnFA50;;,pnX$YDi ZӘ+xagk[ل%2PղgC+° fY0԰^}C )y`;/tr5):~ƺ/jKr> CA..q{=H. ^P\4 7GovhBÿG[a.`8 LzfN;gWA:H ) k`oez;D|,FrW`I j*V ?i+9JmF&`۰Hɧ!?}ulhŭ $4.tl?5("QIO1 mzQHtXPY5vㆌՈTt~}+f=?"pһg-q> 62zFX oԦіF2SRy"5%'!Qm)0d#@k6Q~bnIC5ms-N)Q^*|[XOkhթZ ֗ 4`$G6*dFflF|13*n(ܨ 2lTH[lqOG?67\c #Վw@("B·#.^ VixM6x'7C'C4NKAl#4NX&q;u;Xʓt^21 m tˣtp?SOJtZ(Gc]8ǣZ~Ag؃#"b Ak"psdvq]sQyNg-<6NJ!N uK 3*Ү)np 1S ;ښ4WaʔeVsMo"k+<>lVm:ifFXa"BE0KW!%Ofr 5K>^&2Ys*VQ<_s,!:+oz7K c$*50 6[O 0;_945$ =2ƀgf4ETsS3hf);yS` Zhiτ,vLʆ3eHs޻WOϾ*k=-).7 /~Pr#-&:v0V9_z슢5@ڐ;8 8iVDfsuڊ9+"D?i !cLb~ cXg$4IR]fk-S}m])e1^!"@;_.VKղkL:1sW%lkIƸ D'C0%gm^6 g⢡mF-J.[cȼ,LARFy5"T.A;^Ci tNM(6%z$ƉlȆI8uʮz}4>8Sz@ m5}6ۡA; .k!])B-!-e%|G6%unj4;G.ژ:[2K'a\LF[+}*ٕ3&?IW?" Q.;r.CmYdsқnΧkz ܪ6X_[)C[84ǟ>pMQ'Qy@qq3w FXCtzz C6c:N7{p ԦkY'u5|#g҄ C!F0ȳh{Sy$z2n!*2K*o=Q(wslR[,X&<YMdAffg$jZz:KLTY TUֆWRlxF,O*b<۵p)J8jQ0 |@R86qG΄T$X\Mtӷ+s5«,3fЈpP}]B7Dryxj3 s=*XAgVCt,eX}!$ѮNuEEЊ.=bLh>ȡ٩G"GCKRd/(s:0ȦntTN*Q]mT7JlEr'#s ɖ Ӱ8v0{(@ǀqQ{Ҳ8%V|Y ƅ""(,۴N(ru,3)k!}P!WƠVO`17G+͙0[7\~jߍd5ڭZz /2ɜhY\YSxUi>Rr3 N?HuCz?6N )FKVn#L|`Ya[,UhN_%Ξ%}@s-ci Z63r5Jo A#Xk QFxnV xnkomަU A/[mܘ=ԱR,n7x fc_| +Wc3)0) Ƌ%CI~}¬"=/bs<ȶ)=A ~Ϋ\u]+ª=6hm0y>p; ^c+ #ޤӸdz#I*wݰ܌mg) uEd}~pb}+gǙeCJƁPCh5J^Kᆡ"&I C=mZO}0=+<د/ri2BNN#I5Eb L_~yB'qTqύǥr)}>m0&-劺K't'j۳FQ(Br&LFD /O1ʪZmަHEb3_n6O+4b,湮VP#xCk5h xhDNujkՑ٠iS@V#[ʁt($2^Y9$ZSZ R桼eT8Ee9l`) >V][?Ӧm Lu~"--{+NA-~ ֱ+R>XCW]ӎ:F;@(zdK)Ȁ _M` MIAC=ַeS5񏦶_釙Î`=k\( ]~z{1SJ^} xn=woBf:MŲЏ/'IBz.יO)ɱᬎbl n*Cͨ-&&#%n(g%^_B`H-a!Ԡ Σ ]k3'Q-qw|웑pejVhp%O!0d`5`\13 aEnįwD彺tDCeD;N'[J5Ϩa9\}D05~W3F:$xyr#ZEWNYA$դ-L 1~7- yf`!MwaƉyZ: F lM :U]P6;>j.0RuES$j8QdS^5'h)c&ey?4*'y.\I@pF :Gb-KBwЕĘSQ%j+_qXGp uАXLk!G\/ yo& d?'ԅ'"?.G3}WFl$|k/z }oh0Xud/n1^Ooǎo#E~:&!/؞? @hE>JF8fέC'%`j2O4VSCJ$ BF*;VCS|(8[R?dP1|h :fV O~>GZ{ovPsDJ5Ҵ 3RIe4{i,6egIrc7,˟RI Q/sinvaKfՒ4M[[d}݉g@=A^nĜwDgݬmKu)5h=]jQ]lv7XI, S%'SFB<yZA |PzVuFXţrV}ץf6#$r?Фöe u۹]fP)itq 8҄nPz ʲˆf*I㒚)[$[L`Ahc"Z5Z")cL/FXf&Zӱf ˙)"ˉ)m1 )P̞aS ~n1:p]>'{ފVLDj]VC}#DvjNrT ;&~ WJ|=dL랒ïLs+\N>}O127Q6E7M oSd/MHw^XH+fUbibeꌃMweC/dvmD.΂E+j7TNA?Ng x6C;$g(M[G̓RBKkdpibl\v άТ0m n{8z[7!*Xɮjswׄ?qugmؕ.XzrQpiF1[DLaK " k[eYҫD>eIیv6*S-»CӾh |.AxȀzBφojBVuMLFU3#ɂJ3gw|StąAA k>c,9L+E`(|ߘp_dI@Y)eMJe`XmfTPDo+EvOÜ}{\$`r:O(6-= `L {hLC|2?6g}?TҎõ٬v&p.O&o4? ^9v"u0fr$FG秨pr%„fF % My#KCV#nƧX Un5ڋ',})ğofēq 顇 E^1$NB؁. <Ͱǣ jwp,lR!7=K1MT9 lۺuOsHRֿT3o][b e֫}Ԝ\3 p! NQ #U߀~Kfu!=K,d= yy0ͩ$#|ovAbdgg8`L_mεEuSƕ &-j>`VW uv+\#ʜQwgoaH;\ d⹈$?.5<- os:RcudURe״Ck3/٘x`).Ye2ud$좼Uإ w*ߟ`pㆰli> AԌkPȸk. Q༏jn!m1!.v}_p٢1AҽOI$NTϓ+֝`3LS=%n:_T4yYi5"51)A}!#tdPnZS2~N^]N>t "2V#Ĕ0VFs=pwKepcU\ :PV ߎ^|* nDz'!HU2=/FGI^+=l(wzKjhu0t ĔJy; Nn.^ܕmm4`WИ9{I/ #d) (ц}+A?w'5 z3eom"Tu}D %jSΘ#em=a:s t;LtyvKLu'1̛ Nv?j'71_;^dSUwUw5G{ըFi!2@]XW# @u.R]$):cXMVOw#U9nhK-wh.!@: gLx|ۿ=u_?598j䓘6}cN>/6q'Hl~[xD<ց,j1H50j=_IM Xl}8f/\V0;f2 (شbHpK%ļ r 뇫 ?y'yFM﵌*2S(gFHyZ})Eo;^şETWԑ^^^eeqv eNw\I.nwTp}&N |7FS~.LB9-C*?A r%\M>zy l-i;o$۬Y"6`j&%aoj 8 NpϽ횺3(I^0+|Dϣ] (y~D7{E~.6.NN/ rrLВs_MW1 $2> HȿBЬz6 _9{FdTnw A'BD4@VY&[r^#odVLωfXؐPun&e+f|>os^/2*5VNVUrgI=a3\yh lC*^&A_ YLP7}IJ؊A%*y-Ꙙ}=p%H\y[zKlP:w5FpO(A;7(Enqm{Ȉ؊Lk?*M\i/spf/logEH"UटȂn{[&o;Nq/۹R5矡DC~PÉ`4!8N[$ȅP1Y5pd_< N~J''y.wutsj$~Ap:[fpV63"Xt5*l\O&j@/ pg ;p!QIBn Tu2sxP`@Ycf|Rg3VhQsqҘٶ*M}݅0E@vEwd?V=]@9o}["Ǯ:c߃6`2o͛F 2-t k/I~ +5'e$`P9/4ȄDK3hQlg4TjJJ{#Yy,G{Ӣ!Cy%4K|lFp("N]bH5lm ['KUïm*~s5ZӜ;HB-Ĩcܲtfӹ$6NsLY C)0L1 ]5U^(:&9_:h oZ~1H%p>d>D;)JϠ8}1Sö؂b՗n VvAy>7kKC4U{{I_8kǘqb>$6h݌~=Ғ=N;Tπ5O#W,\s0K"4}(1 ?:ҖxrjNpjY0>,0\tlWdQy7^LbW4Zl&*a|η=䕶/5+d4cT-}*T'm aX_ C:diᜋ,Larť|{H7h_^=j%7QlCLJF5B Ωc,h^L4-\4Z5@ @2nEFJ osZtMG-9PO]$O8`YP`'Dv&qw.S0fɪ"ւ{(x")pcX"Cqvd JM+&_[,-t*>x=!:T\cKm UfyΈhWqt􅮿W}M)$wu4ouy#(kgKtnIA{Uh%4"3F"V+ UƂEtaDB^I?X#oPN; Bn5`ZzK`~Ƶ}$|_T=h5_$"c*McsԂt5Le-l6Wd vXO|.ɗ#4a=d)]t 'Eo&dq=dy3{\`Y"Cq%wa1jzO)dwRhB)̊bxGf_ ʫ-q]߹ZV er-hQGmFtcr|(L:E;OjBb3~ egH.!19ySL%;z.G9#&_/9@zz5UVg D[H+><`r0D֪<D5(2mߝD*48fx]bR";5iFB= Z36 ,(%Ni𠜯nZE[|ͯ#޵ [9MB<}0T|Yx҂~/.V%Gv`3$B:(qVA+ߺT@b͂|i+.sWap&nAax, ot>%ϽL"kϧ\#:Dm"hRoSlҖ k@RNf4\0(r4ZGg[mF/s%7K.m!,UBI C^7QaX QC96S/.: H 4+OVL^iiԛI͹s\A/c Զ:4`Y Zry$gp8~r>J(YDU%_Q\\j/MaOÿMLB$Y| ,՛5VW?]`|=6Q1g\Z{%JG^e[%L0fr9)QsQg] &qt )]o%eGA;Ci&_ʋ*H"O"02!hU"N (-tvPyW6=p"U'^ d hڄ0LWYC179AjQb*iL |.j b䍇{/gXBp4tsJ7-2t\E\(j%`,w ?x{%ng(FV‚E prrbp:].0nE} TtbYbR#D8FmjI9ISl[ $?y)dZ~[=%f"eIjl"0q'4K72P᷄>o% γ! ]'z_)dm=DyxpM S$zWۤO597 W5+䃎t7<w;QUDQ7z@niM;',^ԠW$LE/ x+ݜ2**>KB#jGCZxAC}mQW]w!rjjY? 2PG}h'}FY(jF9 4fZ퇌ۍhLt{xܥ40 k; ^;.IE >p &9h¨MAwUaeEi FR26vyOܫ{M$!UR]TA6Q3wC-pu]qT?+Zu@D`KbEǮ۔<9Rbf)qY4ۋ"CƊwc?}2ف0&_^ioU$DzFoFdݠZO`gnz+Ҏr0苸'PΓqǃ\ҩ1ei[mŽ9[Mc*ku7M75hZ[ :PtN2QHh=WZWt,=S1bzi#J`@ʫig}!IZ:['PZ薘;u3plGŒh!`i^hD7\D8lw *"&\dC r %aba[KP,iyT 1>gg`5˿E'tPSɭ,  sLB[BiU[| xy89d=38M.f`PӃj jXۤ:zqG ;T&Ѳ¸XnEd4>ފ4Vv^lfo F'MEm1c>RrJK\"{?ʍ hUV\IU@dH5紛k}~B'ydW O4uop~H[5ir5t$uJgv<4VEVtϷ !^ n33)y*گ~<)gi ZjxKzkJ-YG?EURSMF4 eto%C.0pIh)' ?X9{S8e+%[ Z )mΏW*DZ,\Shd2;9*xûz' ?P(=M"7H?71q-mgy2mChW.(x1#g[ qCZn( Ls cBge6CNangmy+C%}o(Q5*ZGLQM$Ix7W pm48mʦx߽-UAYgyb-SwWxe;u˿p$+g PhC]+TQsT?iJ42iZ+Ƚ.ǻL^~^€&K2~wR V%?/qc-{E[g!XIS\EmGAenuU' jQk `=n fs=3pzs S &  T2#@nD4ORJ2&n=vnZMFK3&}Id/ ihmDCO*q37O'odO)9HL-S#eϞGչZDaBI0U" #P+:f:_gLSM0lkgMJ>0JYn-.x9^ebm=GXdg0Xχ ĒL)#*UOJ̑7G֮N(}aocfްi:2W+c \CxQ6.u?H DRRxݸjeAW:a%ۋ?Tl\ƻz`(7vQ(y/~,@x3TH#f_\pw[[i/\PqN7,XDLDmW1wTz䌲Lm>6UVZaNdˁ{FZM{;9@[L1%g@2u[vƩbXD!ÆsAٗ'9i5X3Tj,Ƿ$37NAk yz8{EgblEL-Jv*x{lhڍOJ6 1k]8t4 6ۃlWLAOT}!vteyQGI>F7& /A@ Go*-gKc_2X}^5E51kRpi_0bŬK4ќ5cG$S7:΀B}6V ,',Jb6y@hoNtjN]&˿ -z{̀fQ$Z/`N߂lSÐ/.p# "Wo{/ BI1r;Qzi_;Nt_o0i+Q4T9ݲEɁB}&ux_? EZՔ"V''1Jpnv":j-7Æ( )dbIW<Q[@Xk-dpЂ.Y}dD_u&.0LܢQL{.-N׎ެڅh/:s7 jVY;L=tk2TU2Ū<d;:iaH8Fį2ZPuxrY k{vQ|l/Tz- sxhn1JYǽ-WCh\ߍgI/:u kIQ/36r38!Íqep(frE tjN*VW * E1ոOOH|5q$QW铛rn(\SwYn@+NF ^g+k[ Bt/7B2M Nh>`uRnT5KH)#[/6|B?=bKn< %]KIݨb۷!T֯ors=fҍmP6ʹ@L~H6$@gZ%F&N¥@& ܕ AsfV`2"c,(q}΍~#G 63Nep[)>UUle}#"י`PfwVupPH&:̶!ueTC&>>F$Q{0Q9-] oKrфjnFM'%*~+!BKʬ%w?7ɫɼqӖjK?'abߴQM w^2k>Mo£^&@l>KH^;;:vh8!æQΪ$M%]#lLK4 j?rpR&MTIvYtT t'"G uF": )77|CNߙO̻rXnv/ 蜹>ơ*d^KIz|]Ѿ8fQ d{pa&TOG$ 3;׌>P4#ږSL$r7xh핢Zֽ|98oz|(;-~~}[ytSAraL\H7 >GnҨsÄ u,&Q1d&#ڪ]bae*k\|q5vR!NRqDhy&ݑz,V Y6@LE|D`|M,/'Cn3;q#}T[b(~a9ZJ `:=V!A7#w[Ĥֆ! mlc=d+K_. x\[5ӱFq$0+/J%-!k%Hn.TneZm=?0d. (%C|0: ^']KmAkI"[yF0zSRp[> 'crӴg1 ^Ml8J^nqX~":s5:Ҟx`y _o?sG'ʷ^BPS#@sofRٞct^K~u ŇBT\0y?bP[٫ӿmjl"ߑ :>C%enҟ\n[c5Z@2QBѲ*}Ӿ<֤?ߓ4vg(tEZ7_0!DpB{̄σʞ~Y|ǐFyߞp93D[l{6hC'~ w3$tUՏwU%a+vdӟĉ:G)]©'9/VB]5xg\U*$<Ec5|O !rV!Nh_-\Rj1ܨ \8@a?;3*5 yd : 15GH 5KT:AfwAQf qIf-6\wpLV su24q@PsO 1L5YR8}@2` .O Z2 ډ'^~ kBe_4dUJ;[aɷc\߼87M .焵Ԡu[OK7a9 Mݞ }8)Ww1im.g$FWC"xef2c*}PN{_ [kQ__+P3k6|Ok'oպ)/5[e9)=yWlBO]ARBX8!NC RthQ88<[C[HCGL AG YZ