sssd-common-1.16.2-13.el7_6.8> H HtxHF\d ?*}}IC]w'd7ι;/JӮ;J|.--a1c24a3e9bd3ad003650be1493b4c73a3cfcc35bw/ iNvX>;F\d ?*}}7nҗ'ӤA݅<Rus}e%E>L?pd  : .5 FZw}lDD    d ? @BEHIKdLyNyZy[[[([8\9d8:=;>;?;@;B;G;H>HI@XAYAZB0[B4\BL]D^LJbSdTeTfTlTtTuW$vY"wkxn\yp<DHehCsssd-common1.16.213.el7_6.8Common files for the SSSDCommon files for the SSSD. The common package includes all the files needed to run a particular back end, however, the back ends are packaged in separate subpackages such as sssd-ldap.\fsl7.fnal.govEZScientific LinuxScientific LinuxGPLv3+Scientific LinuxApplications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd /bin/systemctl is-active --quiet sssd.service && touch /var/tmp/sssd_is_running || : if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd.service >/dev/null 2>&1 || : fi if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-autofs.socket >/dev/null 2>&1 || : fi if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-nss.socket >/dev/null 2>&1 || : fi if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-pac.socket >/dev/null 2>&1 || : fi if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-pam.socket >/dev/null 2>&1 || : fi if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-pam-priv.socket >/dev/null 2>&1 || : fi if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-secrets.socket >/dev/null 2>&1 || : fi if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-ssh.socket >/dev/null 2>&1 || : fi if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-sudo.socket >/dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd.service > /dev/null 2>&1 || : systemctl stop sssd.service > /dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-autofs.socket > /dev/null 2>&1 || : systemctl stop sssd-autofs.socket > /dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-nss.socket > /dev/null 2>&1 || : systemctl stop sssd-nss.socket > /dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-pac.socket > /dev/null 2>&1 || : systemctl stop sssd-pac.socket > /dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-pam.socket > /dev/null 2>&1 || : systemctl stop sssd-pam.socket > /dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-pam-priv.socket > /dev/null 2>&1 || : systemctl stop sssd-pam-priv.socket > /dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-secrets.socket > /dev/null 2>&1 || : systemctl stop sssd-secrets.socket > /dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-ssh.socket > /dev/null 2>&1 || : systemctl stop sssd-ssh.socket > /dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-sudo.socket > /dev/null 2>&1 || : systemctl stop sssd-sudo.socket > /dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-autofs.socket >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-autofs.service >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-nss.socket >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-nss.service >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-pac.socket >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-pac.service >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-pam.socket >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-pam-priv.socket >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-pam.service >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-secrets.socket >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-secrets.service >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ssh.socket >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ssh.service >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-sudo.socket >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-sudo.service >/dev/null 2>&1 || : fi]ms_j+jlh]P]nM; x<n8,HmmXM>M2@MMzMx@Mj - 1.16.2-13.8Michal Židek - 1.16.2-13.7Michal Židek - 1.16.2-13.6Michal Židek - 1.16.2-13.5Michal Židek - 1.16.2-13.4Michal Židek - 1.16.2-13.3Michal Židek - 1.16.2-13.2Michal Židek - 1.16.2-13.1Jakub Hrozek - 1.16.2-13Fabiano Fidêncio - 1.16.2-12Jakub Hrozek - 1.16.2-11Jakub Hrozek - 1.16.2-10Jakub Hrozek - 1.16.2-9Jakub Hrozek - 1.16.2-8Fabiano Fidêncio - 1.16.2-7Fabiano Fidêncio - 1.16.2-6Fabiano Fidêncio - 1.16.2-5Fabiano Fidêncio - 1.16.2-4Fabiano Fidêncio - 1.16.2-3Fabiano Fidêncio - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.0-25Fabiano Fidêncio - 1.16.0-24Fabiano Fidêncio - 1.16.0-23Fabiano Fidêncio - 1.16.0-22Jakub Hrozek - 1.16.0-21Fabiano Fidêncio - 1.16.0-20Fabiano Fidêncio - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1690759 - RHEL STIG pointing sssd Packaging issue [rhel-7.6.z] - Part 2.- Resolves: rhbz#1690759 - RHEL STIG pointing sssd Packaging issue [rhel-7.6.z]- Resolves: rhbz#1683578 - sssd_krb5_locator_plugin introduces delay in cifs.upcall krb5 calls [rhel-7.6.z]- Resolves: rhbz#1659507 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI [rhel-7.6.z]- Resolves: rhbz#1659083 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust [rhel-7.6.z]- Resolves: rhbz#1656833 - sssd_nss memory leak [rhel-7.6.z]- Resolves: Bug 1649784 - SSSD not fetching all sudo rules from AD [rhel-7.6.z]- Resolves: rhbz#1645047 - sssd only sets the SELinux login context if it differs from the default [rhel-7.6.z]- Resolves: rhbz#1593756 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: rhbz#1610667 - sssd_ssh leaks file descriptors when more than one certificate is converted into an SSH key - Resolves: rhbz#1583360 - The IPA selinux provider can return an error if SELinux is completely disabled- Resolves: rhbz#1602781 - Local users failed to login with same password- Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped- Resolves: rhbz#1522928 - sssd doesn't allow user with expired password- Resolves: rhbz#1607313 - When sssd is running as non-root user, the sudo pipe is created as sssd:sssd but then the private pipe ownership fails- Resolves: rhbz#1600822 - SSSD bails out saving desktop profiles in case an invalid profile is found- Resolves: rhbz#1582975 - The search filter for detecting POSIX attributes in global catalog is too broad and can cause a high load on the servers- Resolves: rhbz#1583725 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries - Resolves: rhbz#1416528 - sssd in cross realm trust configuration should be able to use AD KDCs from a client site defined in sssd.conf or a snippet - Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd- Resolves: rhbz#1590603 - EMBARGOED CVE-2018-10852 sssd: information leak from the sssd-sudo responder [rhel-7] - Resolves: rhbz#1450778 - Full information regarding priority of lookup of principal in keytab not in man page- Resolves: rhbz#1494690 - kdcinfo files are not created for subdomains of a directly joined AD client - Resolves: rhbz#1583343 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 - Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully - Resolves: rhbz#1509691 - Document how to change the regular expression for SSSD so that group names with an @-sign can be parsed- Related: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch- Resolves: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch - Resolves: rhbz#1523019 - Reset password with two factor authentication fails - Resolves: rhbz#1534749 - Requesting an AD user's private group and then the user itself returns an emty homedir - Resolves: rhbz#1537272 - SSH public key authentication keeps working after keys are removed from ID view - Resolves: rhbz#1537279 - Certificate is not removed from cache when it's removed from the override - Resolves: rhbz#1562025 - externalUser sudo attribute must be fully-qualified - Resolves: rhbz#1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily - Resolves: rhbz#1508530 - How should sudo behave without sudoHost attribute? - Resolves: rhbz#1546754 - The man page of sss_ssh_authorizedkeys can be enhanced to better explain how the keys are retrieved and how X.509 certificates can be used - Resolves: rhbz#1572790 - getgrgid/getpwuid fails in setups with multiple domains if the first domain uses mid_id/max_id - Resolves: rhbz#1561562 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal - Resolves: rhbz#1583251 - home dir disappear in sssd cache on the IPA master for AD users - Resolves: rhbz#1514061 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set - Resolves: rhbz#1571466 - Utilizing domain_resolution_order in sssd.conf breaks SELinux user map - Resolves: rhbz#1571526 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.- Resolves: rhbz#1547782 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process- Related: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1516266 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1503802 - Smartcard authentication fails if SSSD is offline and 'krb5_store_password_if_offline = True' - Resolves: rhbz#1385665 - Incorrect error code returned from krb5_child (updated) - Resolves: rhbz#1547234 - SSSD's GPO code ignores ad_site option - Resolves: rhbz#1459348 - extend sss-certmap man page regarding priority processing - Resolves: rhbz#1220767 - Group renaming issue when "id_provider = ldap" is set - Resolves: rhbz#1538555 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000]- Resolves: rhbz#1565774 - After updating to RHEL 7.5 failing to clear the sssd cache- Resolves: rhbz#1566782 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh/bin/shlibsss_sudo-devel  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~bgcadeeseufrhuiditjanbnlplptptrusvtgtrukzhzhcacacadedededeesesesesfrfrfrfrjajajaukukukukukukukukuk1.16.2-13.el7_6.81.16.2-13.el7_6.81.16.2-13.el7_6.81.16.2-13.el7_6.8 1.10.0-7.el7_6.beta1  !"#$%&'()**+,,-.//01223456778888888899:;;;;;;<<=>>>????????>@@@ABCCDEFFFFGGGFHFFIlogrotate.dsssdsssd-shadowutilsrwtab.dsssdsssdconf.dsssd.confsss_ssh_authorizedkeyssss_ssh_knownhostsproxysssd-autofs.servicesssd-autofs.socketsssd-nss.servicesssd-nss.socketsssd-pac.servicesssd-pac.socketsssd-pam-priv.socketsssd-pam.servicesssd-pam.socketsssd-secrets.servicesssd-secrets.socketsssd-ssh.servicesssd-ssh.socketsssd-sudo.servicesssd-sudo.socketsssd.servicememberof.sosss.sosssdsssd.conflibsss_cert.solibsss_child.solibsss_crypt.solibsss_debug.solibsss_files.solibsss_krb5_common.solibsss_ldap_common.solibsss_semanage.solibsss_simple.solibsss_util.sosssdp11_childsss_signalsssd_autofssssd_besssd_check_socket_activated_responderssssd_nsssssd_pamsssd_secretssssd_sshsssd_sudosss_cachesssdsssd-common-1.16.2sssd-example.confsssd-common-1.16.2COPYINGsssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd.mosssd-simple.5.gzsss_cache.8.gzsssd.8.gzsss_ssh_knownhostsproxy.1.gzsssd-simple.5.gzsssd-sudo.5.gzsssd.8.gzsss_ssh_knownhostsproxy.1.gzsssd-simple.5.gzsssd-sudo.5.gzsssd.8.gzsss_ssh_knownhostsproxy.1.gzsssd-simple.5.gzsssd-sudo.5.gzsssd.8.gzsss_ssh_knownhostsproxy.1.gzsssd-simple.5.gzsssd.8.gzsss_ssh_authorizedkeys.1.gzsss_ssh_knownhostsproxy.1.gzsss_rpcidmapd.5.gzsssd-files.5.gzsssd-secrets.5.gzsssd-session-recording.5.gzsssd-simple.5.gzsssd-sudo.5.gzsssd-systemtap.5.gzsssd.conf.5.gzsss_cache.8.gzsssd.8.gzsss_ssh_knownhostsproxy.1.gzsssd-secrets.5.gzsssd-session-recording.5.gzsssd-simple.5.gzsssd-sudo.5.gzsssd-systemtap.5.gzsssd.conf.5.gzsss_cache.8.gzsssd.8.gzsssdcfg_rules.inisssd.api.confsssd.api.dsssd-ad.confsssd-files.confsssd-ipa.confsssd-krb5.confsssd-ldap.confsssd-local.confsssd-proxy.confsssd-simple.confsystemtapdp_request.stpid_perf.stpnested_group_perf.stpsystemtaptapsetsssd.stpsssd_functions.stpkrb5rcachesssdbdeskprofilegpo_cachemcgroupinitgroupspasswdpipesprivatepubconfsecretssssd/etc//etc/logrotate.d//etc/pam.d//etc/rwtab.d//etc/sssd//usr/bin//usr/lib/systemd/system//usr/lib64/ldb/modules/ldb//usr/lib64/libnfsidmap//usr/lib64//usr/lib64/sssd/conf//usr/lib64/sssd//usr/libexec//usr/libexec/sssd//usr/sbin//usr/share/doc//usr/share/doc/sssd-common-1.16.2//usr/share/licenses//usr/share/licenses/sssd-common-1.16.2//usr/share/locale/bg/LC_MESSAGES//usr/share/locale/ca/LC_MESSAGES//usr/share/locale/de/LC_MESSAGES//usr/share/locale/es/LC_MESSAGES//usr/share/locale/eu/LC_MESSAGES//usr/share/locale/fr/LC_MESSAGES//usr/share/locale/hu/LC_MESSAGES//usr/share/locale/id/LC_MESSAGES//usr/share/locale/it/LC_MESSAGES//usr/share/locale/ja/LC_MESSAGES//usr/share/locale/nb/LC_MESSAGES//usr/share/locale/nl/LC_MESSAGES//usr/share/locale/pl/LC_MESSAGES//usr/share/locale/pt/LC_MESSAGES//usr/share/locale/pt_BR/LC_MESSAGES//usr/share/locale/ru/LC_MESSAGES//usr/share/locale/sv/LC_MESSAGES//usr/share/locale/tg/LC_MESSAGES//usr/share/locale/tr/LC_MESSAGES//usr/share/locale/uk/LC_MESSAGES//usr/share/locale/zh_CN/LC_MESSAGES//usr/share/locale/zh_TW/LC_MESSAGES//usr/share/man/ca/man5//usr/share/man/ca/man8//usr/share/man/de/man1//usr/share/man/de/man5//usr/share/man/de/man8//usr/share/man/es/man1//usr/share/man/es/man5//usr/share/man/es/man8//usr/share/man/fr/man1//usr/share/man/fr/man5//usr/share/man/fr/man8//usr/share/man/ja/man1//usr/share/man/ja/man5//usr/share/man/ja/man8//usr/share/man/man1//usr/share/man/man5//usr/share/man/man8//usr/share/man/uk/man1//usr/share/man/uk/man5//usr/share/man/uk/man8//usr/share//usr/share/sssd//usr/share/sssd/sssd.api.d//usr/share/sssd/systemtap//usr/share//usr/share/systemtap//usr/share/systemtap/tapset//var/cache//var/lib//var/lib/sss//var/lib/sss/mc//var/lib/sss/pipes//var/log/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericcpioxz9x86_64-redhat-linux-gnu  !! ! ! !directoryASCII textcannot open (No such file or directory)ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=556bf71987ddf41a30ae41f2798cfaf0ba9443ba, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=a393e3facec4532b8db97945c6fa4dce6327b5a5, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e16031d61ab74a45c951e175a21db2c672862bd9, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e0d700136db0de32c4c6aa9b834a8ea3b4270c28, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8d2bab3602185ba0f7b8ee76018cc232bd2da5cc, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=04398f21542a68a744bdc5d2282a45273d6da2f1, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=cbbd8250453feeb8f11be68bc4eda5dac38ae195, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=fe12e56b268e6bba43dc967effb978570cb22142, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=384c0c443250c89891603de85f23e8564702a690, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=dc6b1f32c006eaaa5384e633a21e3769528effdf, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=798ac1f76155293c9824ff4157e787690b30ba42, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=450f51d05e7617640f9c971dc07dd79451073dba, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a73545c86d7f04e46eb51940f57896d04c4ce406, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d1d45bda98037a129b05ad254b757cd7134411a0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=fc0ae916585291f6379afd2090275bd2400c476d, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=9c322bf4dbec1ca8277b9a88a28fa1e6272d6a69, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=ac11834f9be6c32bb7c944bc1f730892c5e32527, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=a237bd670b1eebb03aff12f000e5fcd6deae3b0b, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=ab63dcd903cbc4e4e28ae4f73f81787cde568118, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0deb27c1325880a5b53818c1fac1531be9b4d4e2, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=819aa6e222329fc164644e827455d68ab4b0f5ad, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=e8c4136faf1434bfcf3cee0fbf16982d7b280a6b, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=ae2a855aa34384d4bc25eac26a04d255bdc8f6a6, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=e81bc4101b344fcca71f454727573ed8cd328f97, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=207c53fa4f2dab67fba128fe3199e69c8a57f0d3, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=bdb92a369e89fca36ca94a5046ceca69577eaf49, strippedtroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)(P_lP[?g'U~((  *18 '4#.0(011..)3RhRJR RRR RLRcROR0RRQRjR!RFR#R RMRRZRWR[RXRURTR8RBRHRGR7RKR\RmRRdRgRIRR RsRhRJR RRR RLRcROR0RRQRjR!RFR#R RMRRZRWR[RXRURTR8RBRHRGR7RKR\RmRRdRgRIRR RsR1RR R RR RhR\RdRgR0RRR RsRR R RRRRR R2RRR RsPRYR:RR=R9RURTR8RBRHRGR7RKRRgR\RdRR RsPReRRRR RdRR RsPR1RLRhRoRRR RDRcRORIR0RRQRjR!RFR#R RMRRWRXR[RURTR8RBRHRGR7RKRZRmRgRR\RdRR RsPR*RoRLRhRR1R,R RR R R)R+R(RRcRORIR0RRQRjR!RFR#R RMRRWRXR[RURTR8RBRHRGR7RKRZRmRgRR\RdRR RsPRYRRoR,RLR RRR R RhR1R`R_R-R.RaR)R+R(RR^RcRORIR0RRQRjR!RFR#R RMRRWRXR[RURTR8RBRHRGR7RKRZRmRgRR\RdRR RsPR RRSRgR\RdRRRR RsP RoRR RhR1RcRORIR0RRQRjR!RFR#R RMRRWRXR[RURTR8RBRHRGR7RKRZRmRgRR\RdRR RsP RNReRoRPRLRhRR1R%R&R$RR RR RRRR RORIR0RRQRjR!RFR#R RMRRZRWRmR[RR\RdRXRgRURTR8RBRHRGR7RKRR RsRJRRLRhR RR RR R:R@R;R?R=RAR9R>R/dev/null 2>&1 || : # After changing order of sssd-common and *libwbclient, # older version of sssd will restart sssd.service in postun scriptlet # It failed due to missing alternative to libwbclient. Start it again. /bin/systemctl is-active --quiet sssd.service || { if [ -f /var/tmp/sssd_is_running ]; then systemctl start sssd.service >/dev/null 2>&1; rm -f /var/tmp/sssd_is_running; fi }/bin/shlibwbclientsssd-libwbclient?@7zXZ !X%] crt:bLL'd_Άev#Paf٠[lݘښw ~yE}bקz/&NrA +BBX pՓ qR*;IY}lQ$EUA Lo2cHM@)$(hW _ln$%٧W3}e2zwp"Sp>N$ +s: c}Tvbž{Xg-~SOGf_ OuR'"An8;k,:72|nn_gm)B8.j^wփ5GS)X-ˌїq6VB릮:,z:KJ}瞵;-/8t@@6Wh O1`AZ9e:Μq˒f.▴FOJ^۷R I/f,?}si۽aeKsF cjχ@Rh/øKFt|CV؀FP?0nQTTa"rm!{Gs(|fK1}dm#4"_<`y2Vҡ|ۺ6Ӄ?T3ɮ >VVZ,36?Fi̠Qp = fʧ1&Tr)120P#v|y@@>uZ 9whGot>3;0':$.Һ.xM b=,5#Č]E A5!ajkHj>T| ֑Nb<%sM'^rYd#{7T4^&& &˙wo+">; ? ?<-vjSI}՞ۣo@S0k"CI2Y:-0s4og3ootqpji[oBӃ樂,VH%il's5;-z3,2nd1g[fNЖNv?qrO #axp4s}ZeBoiJB8(G#t(FU`7o]Qm57/pK :֨BMFIlbJHchHٰUw|>oг% D cm೚k.Z*,UƂEl%(!a?tTVZ]m7TLa1{x ?F- 8]J^N=Y?Une`G&?˷FoMaވLl#]{Aھ9D\'78呵᎜SՃ#n,qg6`Q3GT>7p (4wgaJ6Ѳ;r*5/z\T \溿A|]D䃝^n͂{:=UNQ Ȫrӽ?޲,ҹ/) fmOv],j=3xeP0(ao ġMH`qC͓zr)fhf?4ϫ 4`nemR}?!}|@fM@Є<19DTaKĿUSJHuV% 91Pp\rz+#NWǘTc:6JS} W|Xds6jbunr|٦_^vsAft?ʛե[`.Ug|%P!M`¹O|1@ٓɴe]ml2۱;\z))-T5 63gx12߱$BMf_fvm(XW#yW&K5yF,Z:nK`n**긞κua!|fry0=7]щ%oٷ5\VS4U=Ǡ3S*NU)KFhxG/?m4eTmw|O:n2noJ;EVPCàbpUiy_9 yQ؎aW؀ƒ^187 jCUR ȩ]9<>-qo8Mj&عb PœHyH6kқD w"I`%.@( vNM=9;dv*r韨taMkO6OTqӗ \#f5q{ej+K:ydx}(n&YG86薽YDvQ6?Dҽ(w YN'`uM,;/N1Ů+Qrؾ?("@4Nqr!R#fIp5-t.m̰eoͧ0 |,3lrwfWF5XNTmTv1i:%߼On!J<|ɛo0X"s/EV hx5Cj fi7UMw-Ÿsi""3U)wq o#X[~/Ŭ3"v\hIdf2=;+IYX|QxMJwBNOQmF:x> .|Fڎt޲cfª~ K5%P+momr ($ULn,Sx1Oew+ WhDOY}hG?6뷍dQ3`5K{˹Cy2Nxк}qI_U*O' ݋]W~M }_Ȟ\f G%'JAd+.fMH!I+{vV%?͹{O kY9nT,<08\+ggCyb49(LA7bA{vCB8zҖi<R5bK {n!#ݣVmP0nʾOr{Xu/zm`ޯ|-ߝۺ{rOLkO6tj&&"%,fdv@W9|daMԂzkv)䂷Ҿ=U .orx'Vkl y̙1wl`Jx'i7\&*O'V Tߕr!f+T@G-@ [eYD">-Tf%~ Fd V!aRNܫͬ2,}4$:m6D+i͘y.bs[GJdj@,eН"e>h^d5(NPC *>m P^l9Jֆ.qZVfYeaQ2a "Oޯ+G 4:UK2rpƝ;bgUHQH0~BOB 4cx1Y$AC.Fp&֚RfbQF2@W{~KZAW b彠.}7F߶*m }^nfODNf^zi2U2P>$6bw $~%Ω@$C 9_ņhe+Z+7B ``EflWSRRSd9+͈ ?!1盿Me뚞םX#220 ʏxЖO o]]icR 3\O-B`SeM:0:8x79>^v7vhm0(Y.a6сY2Ctr^7o6T r! ޶Ư/w5}.Գskyh;~~U*K&5 tf~weAnGtIT{ݸy. )[S]Ddaڒ"G1 s&%hRC2FU0_UnYx*&GQُt naX=<MQ-:FLZ+:("_BgT{[ldJ1'{uJDm>_{\J)d 5f?F4Ĥ֛OoX64~5V-yU*'}͚W5|z+V3%WL:aHYKs7{h0O<l nJ8 hn5yr2KbcN]Xmk9Q*Ғ.YZNbTR#Pur'XAиL}""YU`9zܨ˺@p H z8  ֒߰R'VX)<\S(䩯AE9R'sRB /P̀#Hɬ쎫g [$9UJ573.^"Iu+7nӡ3u٩wErW Z wq:bGlBWN"|:ao/*B. }$*F*8ڼ7akđ fFjq03~5m/ hum;*>-RZ"O Mx&p^'ܞa}Ym_Jpȡ]>zR#b(ӄB"uo7i­FEji׶\d;%-RsԶP`λ3W ZOT{a]9v'>1V F^# *iw<zWJ۶KeƑ:^ VN G-eTcZd,v8!C1a 6n~&W S#7cjy&|Exa/7 \=$#r+3swcYl-X>v̫2R͐bz_Fl DNoi'νacW`wjcbMX}z*'fe%oVN?^2\I3yU#'ա 9SeZ[bu !x0 dwʼnY" Q,wsk!C>E?!9=};Kl'2ʏJ3ɛWQWr~# 4DK:)FҴY:'t|.Sec:J'$ M9AjPor!ZE $>p'v;p}lY?*OZеOq Wm.- &t%yLqƕ_SSH[L7x3Z/-4~b3['Ś1A6a>ecޖ f^)R횗wq_B)j`8>H8ؠt3 ? 70x.uզѸŪ9c<~}&^u~[kF'&FnisxG\Т+X9QlJ \W"ToGVy$MZ]ј\)Gj_WBP"7޹jAkpƋQ4Wdj 69Kk/SF~2 1g5{q>ӂ̬{K`zvA꡿Me^IkޮO&~~$Fa1$YqȝȖ]02Uk7je/.)E`q3  E-pD{IX쉄^2iDLMkh/4)OJ}NJyF>`l-A&a.@/YrQ%{PZ*|X Pߛ<:'T‡5Cb7[٭0%:&HhՊj?yv^ $8~jVR^9|Mw ʉ\oQ̯a6 E>򃟬~qp,c\h (ƠܲtMU)@û~kP S܍jRo#mc(e (5dK8#Lsb VV{"j=T%ퟛfJGi8i""^2lph6 `VНQ6$"R5_FVDʉ:3,jd qdM4\=1ċs3~ [;#]iNe1ۮypK]%5o6F_3戀7|S) F"ûAvD&q#{lX7yq3YZ8Ձ;?:oRB;~pnb02Y-Ƚyf-OJ+Ch-89c_ҵAe ) h*ĵ£s'1_t(XMlixNdDsF4hJh&eBqhxulT lKF獢  bㆧ,K8ùi6 ]%-}DӃ~5Lc¸g/ cw1` zR}1-SZ_4h暺4"| .\0&!}\tTjOWb#Aj}P©Z|mY} OhREn{]$&g3(cg?R ǥg dWD)V̚ijɽIר0O+M|OJ #U Ꮨs>lpFP>bKTW e7Ez`?.Oajz"""LQ>B=Cu`Ra_*UKIfjKj Fx [e,Pl=(#}(L^D`u)EI !~30Zf xStÿ5bW|:q&4!$ρۅ/ADD++{eN"ȲqyN6_%zq&<{ȼnZYx0 Wy:7 +)ȳ 5y1aQ[a> I2` K4 R>K-_B??>@>߳&s%}%[۱/)7!>܏J# Fvь紻~@];|*)ڶ8A9O~7HX(1֝!f瞥cc/0wêZsz_sI&3pSJWC0\ivv6W#(fHv Ѣ#M R8pO7fcֻ Y:^+rr"iTV&TJJwFñ#*-E ]ViQLm{c,:w,wj{N .kovKm6k3>E KbK`bqSkdmn`D7[6aE7cI5@XBkk+X8RnZJ8JéMq^x /l20'.x_dg Ȋ3@PڏarAbs=uUи-:Pn-h KaJ+j>:(dGm6癮ӜuMAwMOBMpKTy7m HOQVߑti26*"W2Ms @Q[j.f$̲s7HgRgeZ^3TzGh;Y2Zg$Q&-bIvČ &Z՚7EQز;y5bз)*[Ԫ d|O{_9I1 +.[a" (Bmu_}5~i6iqH߱xcm"T#4";H 2hQ^kOw}GuI'-)q<Im, !@/o+{ȡ5Ic@Ì, U|7Z(M)o#E"I Wgتѽw%F!9RU:J!6; J*c&jhM2s0%uɭoCY2SL"E~Ol:>* Omi'^>˯(Ct;x{gA/;i_V>B.t[*DW ڎKFMcVW(QzLnBY N:OQ,EisD``.닗  ~#Qb>oIM:%`m6P }G[Y[@Ǜב[SAq9C?lw"ՑD˯,Iw 6sRtoOK̴N^pM1 9}d$65W#(Vyz˄}}j_I",&>goyLfpX;k[ ?"PLx6Q#q[`8{@d<%bB{bC``Z\#5ŀ}VkqF2/֊|c#YITi7@]P88ǹr4={>̗2ZMXSF чE f>DT,aW`I nMHO>C b Y. XBtrE}dT`_ޯgCtuE[Oh'^"m;֡XX GLNp 갗"7M.+@Xͷ},#w@NӺ엋/K6qSK&瑼;$g*\%.A,/-:pBv;ٽ4Ϲ06ͺoh-9/krqVA'>WKh ݈#ѭ zJ>ҹ)` PGk \CnT5{(+~I.3=(yliy^Rh#62)'nV+o5?2E( .V@ҿi|2>4A q׎|oWI53o7LδHΫd'1&*@]b ȥ/bT  :;/47:Ti#:'QGP=C,} ~N} hп:X48DUiB@n.@]:exUe\# Ğyw>jhI;EiV] Vo({!XnVt}5W( lr6HdƉ~v'#MʐώLPNUPQn\zq<~lZ~ 7k Hm~[E;D~Aҫ6eG&·ˈmD|rUey*eM{dB, 656]cmwo_xK^h|M8<X{+iB\-|Y xWgX_W.:j9e iIE2:,tɉJQy2~ ݁bTtLf{%Ky);-(Wb IcC(lXͬ|hpLOBGZe@ ً+_/$0X28 A's J="ɡyjlWFzs3Pnn3̰= \{| BeQlSd3R{T]48CYq&4'WB`~ȁ?J(N"ʵ;/E4T/)E=. K(­LH&\8xZ<.KX;ڊ05rϏ~o@ i UΕ(g&T!UoLfI|h/WʁgZpI8 K?6#i#F?WR՝ ?$ryw͟m7etNEbJ5E]1e o1:.})NxX$ %V)/bv˂.ŌER<͚rk-xuSOc9a:Y߹Zr @W@٤ -߿7`kMZhCC6뿱%yR*"v7<ھ!='HtHokC,0qmq]>`V*9֊ort?IU2Zqձ 3n*]r" 4AHp5oWoV+5% 0x8[MDދh~~>uQGm\MflTb_܌NnL%cF6K| }ps68nal px+b};R'l:ۋR̻$/E G$Nhe D~!'e,Le__Z1e ]LdBgsg>7O0,,SJ<[7‹60'zg1EٺceA\RtoY D1ۻ= oa$zD+`h&L8aS56 H=>Wyw0&M%:R+W(\,7YkoH[cPR^.:ѽzi…k &*w΄٩8V~nι奇`&b{=.SR/ z2XǷ$Yr 3rBgG߳Kޑ[p`'0d3@{{mc%>6jBs=|33L4#+fw'b%M}De$=c|eq X'=_<= Bf{\c;@FfFXn]qrDR5[Zta;boa]`ԥ6+P'bvW;[]~c7߼QbH>ݾ\5I*d3>xۘ Ljx inI c|Ѷ ^z+guԱb17 [|RIC#G @ ~n0*Lܧ{X]٫q #/H8xp^ykAXur*<6i [ AZ//ڟYsvsf T n2KG`hj`EG=ԽX#:1 tNT:1̏ O#*KD&?CaQE$[X\[#9PtEP/.tʂZ"ョb!f"F%L]}㇈|fq,s@6g}a"1>?zt2OrePu!馿!9$ٜ:]@ OCxDh_'EyC(ہf!YQ {MØ/BƝXLY^ DWxiNYJ?Cw/n]ay~mBπú96QJ0>881{N!h|1¿{_[H?_YW@ "0i Z)U:a|!}RwW.lQScP4ǻp{WA`sG4J֍-Cj`A'JǖTp"+f1n֕"d zyxH ͊Jo{鴳 Gp49$(vr1π8;·vrKTZ_FcHW|XվT(&0إCq8iH3kC{K|/XC~7ΚΨ4}ڑ.$#OM~&v*SHJ3lLskgd<'H #^Lq8*#$8fM(,N]{BP5h=n}rc4(UT>R35S#Rr\ ̃6OhʔLD?blK!) "B8\Z#=>foT4D+lYb)Cw)hH-`@Z&Hr!]$HWψB&>)z?52/ؽoR!NctA9%KNSU V͒[\+SHJN/* Q}K}?P$40qXWv脻P)GSݼ\h5l=FyG-P'Sl;Ɗ$`r1vy`U,xk)ՑEPr]VM;'bW&9"T {}8,0PYr/ ^:v {Y{l8؟90͗Oަ"ӀΊ9!:Q>;GFQϡ/ղl9!k{ -ڴ|3m\<3ŭW*2OxiM]!&MS|[,N|UF4SPŗ~w1/!fT^G,4i6bz,t۩A {T{46C4$wzʷÇ6mY*\A`Z$0f f-_殚lA&ga։VX2aĀPz V.y$Cm/d$8t-K_\YA[z^ RG|O%' :gG05H+ d S3cdKrҾ3>e?m6{ɪR2cP}8s*M!D*fB~J  ,hO68%qsZQ2$4}4 : Xvler اZ$ ze0d(ˤNQ2Dq*WS3w_082J+w}}ԉpHQ( UB*c`>Tu;6FF+Flg?p ]ϐ? }8EY`|FF2fؤBy=q'^ә/gPF֭w$|whsYHlb)V0|DؑCMK34t[%caJji׽Kό=4UxoR:WO(c/KFhvY#n5plc:x=S1Z.qVO!@ YNdv.l>PC1!H}ܹ˧*W= 0C"dr4Gʺ#+]H\Nk&hv =0&Vy `wk< @7S%t_V1&x:/;LO+նm!V k uS5~eH>(ضQLn(ހM9k 1!0ڣt\[o-LZܿ'ӛ:z$Z-6mL0sd%-ψԝ!$!M'KiղK8`d^Hy77̮žx z] Z+' bwcm{ד2lZK;\MꐱπP^ &,XZ살gIHL! ) S]8g^d+{ g2~Qe&2 Y皜GM؞W]Y-ů4 0cjDqz "<{[zV0ײfV2\UƂ"o;9ˊN(]q pi6nz?B¼Ѧtݞ"e贬 if6 ؒ1ZȝLu@1Ҵ1Sdh0TO ̔3A$…@ʥ  =IqԐ vAnݗL2EOhq&PZ~1(HjIijH+b=VOSG2PI:n](- dr3S $aIt-$N5ŸXV%dot&M@iofO,_8Y]{3a4+CF J XMdB_#ԑ4R _T=R)UxԲQov/~ :\%~+9{c.~u8 u`M T^cQ2lPαI4KgC|o!|;^\Lə8UMy7]Ċa19$CH0[»dXȷ $}4*LsUHVW/JԔ[\/ T( Ƕ alp:w'Ocd90 ЈMK)_Yq 时)1lR_|O\ 3u e]1?KĿx ħzjYSy{6"ňR|W/1K?23 wւ9Îpu7:E1|(^Z(k$ jt7z_mݼޘch olkJݤe8J|usEfTFmKSDh'nϑ7|BPu DiA(j/5`0I}%zIp,*£4l>LjTwǨVL&hKJVda ^ jU6P;VGǑor_Dj_J"MNvE^ [cV )bm. ӧB6 ^j1̬m Mx~>5Jn,1XCƿ v-1xnh|@Sb WJz 5AZ)̩L=o耈0)+LN >tfν.) LXE9!uցeIdu5M$ A[zP>* nȏfB= R#@$ч>6VPJhhX8EN T`96Ёk`#vZGst"Ȣ% xY˞WFJ|V>K7 +QҎ&bBL8!dJ$S%Ǯ)ύѧ>Hwf:%o1:\Տ*&AQ-=lCvAON0>kH\txt5d5^Sݝg0VOͨ'|qly'yX5Z&I}> љ8i>n,H^wsۏ>CgWHILnq ۰vDjDQt;l}eJt&;i̎#N7yWSlYE4 i|X l-I?_m~L|ȶi'6&&LSwvGzūIK 'RQEO+qkqkO>rni}g^ngNS'0Ԏ2q^HloM4m~\Դk&`cmTLWFu4:\F%f=iês'U7DdGãG k[Z6|hۣ5gvjPӒ{#'Yb=Ax"=HEAǞu,4;C.|_Wv+%*#]Wq/7ek!:Ȕ H 2O^^'4v7E duM T2k2V e##RK5T~#@k%B9oc_Pjrs8|2Õdbp L^п8ڞֺ302DȎ}F+{4S굙ۚE$Z@Bw5<ǚ x}}E|&$W4AwM##ΊIrxl+V0 ZI<ZPxoXc{hn閣"er; l(moS @E:եgz9iiVkn#K ~iۘV,haCEZow=;UAղ[ CpB6WNlFAԜhdN;LTj(3aj0i$֓TFy 2I£.Ճ\_&2~X}EC\F;@HLEM>eyQ/qFؔ˰ $5Ϳ@`k/-qq 4rwmK MfѾ7;qb C!JF-<7sU5 ~ʐ?V,CS{b1 rSL=MeK-`ڙuPU>~ eTlR2L2/%!:- cPL0&xˡᾗӉɷkz<.8Qf&и@v5r[zZO.ɝH\'Fw:K9ۑ7DXMPW*m<U(C, sHԆ"w GT%q2BbJ1B_}\Ռ=QdY]7/O v(G+XpȽ9J>ݤ \z[Oax"$?AzG1oYv1yJrig1`۷h<Z'5P O:7*rZ=Aϱ\;XOX:[thh['AveO39v2YBR2!C;4&M"~=lgq50;d8""϶)%Lz "Td9:`YIKC\IZtE*履OCݥ0H1ꦚPt4)! %$cmX ;a!O4GPϫk8PEGqbK @ΰSu֨a T&BGTYKkY0 ]2= mO3I fS5'LJY86ֻ/T@,{coǟ`1XZ\7߄.O%rJ@׭x|YVtY"s& F'3浉jo%x\{DjWkVXѯx@Oq& {,f-BjSi4TM3XX64{zV>^]bbqdMe0yt2~dB¼2 ƿ^!_&quf٨ L3m#eV9BB~&r(I"ae6QĒʛds5#o;[ FEwȉm#3;/K,76b2<21›#1 \NrWQV7Krߢ&VP S[ȣkD٤{7K@@CU.30NmZ+ mW9D*&<]2"ʥ8H.5s#MK=o=S/5IEA-ZYKXiٳ{Hں,&.c!d9Hiq|KeunN;^~ yCɝKHOMc }»zWˏ?R9w䥉ȦBaL, E_/uZ؉o ic"4煜P=.ց9oF 6##]6:cnŤ(KM' !O-_ty9h۩sY+܌OWF>)8%yΖ &<3c{+?(֢jgI<=XTO6l')3؂pL4C ]G7Ei|;huG,i "L,fzb(Ҵdb4wL RUNϊė:u}ڏqQ[Pּ .*]/x Qlmq{)7tKj$@i'Lk5$Ug6K1v̡`Y췫 g CI1ToƂdB$TJxCz]);~,AYo 2pi C1nHzo36;5oo9Wf;pdJdwPځ'dTgTុZ8v~ރ>u63Ej\$ G01\3#6HۥgO??B R6 `,ؒMn~wcK+BeĆd"l"1Uq'8:50SifB랧VV2v݃6*.F4"%bx^vL#^W:`~=][A O9T0gb,ù@ v?EY+ hLg ]*KaBl1#^2C՜U\Y+ވIߺ ں,Mj.ѳL9#9lV,{'jH-Ekth{Bys7>u<}TТ(FXE:l;.:(XCuSߓ20VSл:[Dmh% v)_ޮ$VtM@{:U@l{'pqN~ Tv?.bmq08%p>-[4,º~/[yMHE2|Pˤj=p>GmFj1>"r "):6'iť`h}VEk=rq<#{o% ;PݚM؄{lay;4-HLbU k#5!C,IDZE%2HNOvU,#9~yƶ c%$g[0;hi%ND׭6hM/B0Nw/1QsaZL!؃*%z 7*#m5;Ik\Zp+쿸Ox csZY4B$R %-NF!`vXdQw4]xz.VꁟT `ᵳ ht>YM*m@TZ%Tb lJ~4(f8uNiY,~yuhuN)<-" -[H8E0x#?ɇE &ijy^${MUр|*R1Ϙ[~dz D=ډ=zԂl]y _i$DlAw|,n i|)<~v0==v8_CYyR\0'~ c]m& #ٝg@-@xԢ e2h5ϝ1yBIOx_ߓZFL^6^v|hyqGC뒲1 &nU& dcZ~%qӝ([=A2g$wPBm04.|أƊMy[s %ض|ZTCn 3{MPwOS6#cLmq6(Ҹ&Ob͉O-PwF>V.Dzt\i 9w͖ߙ`UiqיX@AUJ8G(a!oOU-f|N;٣{l߾~|G& 重̎o'*4L ~ile-2s䴇/X LJRv8iկpQu?kND HByr+4 5i˙O8,s`{SZzAZxv)$|s(a^uƦ*L0vAj2Q{35& ͻ0b:{kA"vUVsVO[s_mIJ&sE}?Ot45dHմ(R#A+Қ~Q#^=P826:8> c$~RH_EKTw늧5Bz ٯ!/%Ų^C9W|=aVہ>ou(LM;7qxNZQ> 2QE+;=慬,^(+a+Ͻ@cNz|;> 2H1e0D(WfePHf*JYo Iv\lN"=dzɣ@EVo\1"5m!Kzzoʪ/k$(oa\Nd>n$&H84EI\W]>M2ƭT\oz ȴM۟ } Vd \&V2&s0Nw Bu n ϖT@mhi;_9 $a.H`K 2ړ7 !\9jϼ.K^ yS t0DZ%Ց2WXO2&3F]W3vN8bQ G|ww/BnǫT̅Ng#ja)Y ^I4fYSp^qBN;m)&Uwz =z{ՁT9 n+CYtzi/DUkt">A/O '{`'4.qS 9QYfnoFL!%E{r.o*ܻ(w"atӞG 䆗16 qA>ZSd&o೙=l[Fa%!{z[mQڴ,:BB® \I/%n3PoƝxl*\2jɶܮ?G׺ i HZO}cȧxoS,ILֶ5_Ap~(kSnL1F :S.H'-,YaLآK%5ǬSUlNj?âa[qyNźeؠk%M쥑;-4ٜ Llïp1>zn7# F(HF&G Q>'yfnLFjHtqݏQQ`=Qn$˩)9q6)6sNLj))h^H (t_{z.# "}x S_˂-mDc!K|^~(!vv01׭;hǘKŌhb8A*©1?u$= %> Q)yڗvBRY.D3|c5Dܢz?'(wI. θY]|wqqwNFX/5x[JU; a6nW:v ւ%HJg|Y*ђRAM _?E'du /b(% oŢxΜ y;-MXmp*\VrV0^jvz2&[†ŗYh%՘֗9#y]ܟ8Q£;s~IH⭿'vL2(..Y:FmdTqeS9˰@j<۴QN3mW)R`6ti\6fԀJ461.?yXb%k[ݺ)b/SI|TJ@fq0D|Y:M`=2Īćm\$T"{ YsèAsk#y 6M4+ @> e՝&}:O~iHI%~eS| ="KDm"X :a:t eZj=:`PG!`wc G ڵ!qt 4"}UnZt%^,B~ϗ}vnu.X{} oXԯI>REpLՇnď$&r5nnؓ@mұY?lbLXӻQ)9g7R,__kǃƃí0}&`?,jc%O,WttiT-N$3!aen9ŲZW8 `PU~%‹2g i Q߃8~XFC(ވWciܒhtoDŽ^xh-7724Mn;h;יu95y ZD7B>Tbt@H!I ;CgZ4SSJxt<K>28j(,Dj u  /a[SI>J~\`;/wu~zu&ax8F}Yv SSX€9aR׎=&r_-Tx2Dt['E_S+q +H1R$H`( KFGMﵤuLpr=צN#&$0z/[V8@v:n`KEwt+!>w51>B8Q^ "!EWoz=RX eه˸d6k8WS) 12jȞ)("^stK^?D^ 2tTNl;a{[cR9+%uyep ynoS۳˾ KD[Yu8`a!`OmQ;|<6r| l]^`n ]֊2P>6*У2 j9CyxS"ͮDoge[w:/ Vh2y‡Ug4;`}Vk(`T{Do0v{ؠ*PHd;^>G=k#rTwbsUmL_Y*):(bOFXr*}+j7xtbcAuNm_j.7|aIwRXK\^X%`[#A o,UH'L^E勈ՁPk]gZā듻ϒ b LԵ܏L4AsfX*:H=D֠Gj-^ L.S cϊG,;;[Yv#pKSJ n7yx@ R-e)95ϩf܇E|i" fۏG m̚1y_]D&PXCy\ٱ>R+!filPlIU?Navp@?&3zWZ j4.L!E$جF{U5#wi0\*fȅϟ'B[OEZK<P+ )O5yեw9r~E(X }WIpRI5uxCK zMY%%++\HH|s'CszWƛvJ&gDEo? YSY~e/ɾ'm1+}Ke_ eP? `QEG!{ r!TlsnZ .\åw'Lr%7ȇA.m`>Ӎ VFǓMUi<DA1+#LN/ F!ћa-|zm81ndVnڳ m,1<F̼ϕ 2o±}h'=kZQ ^]m1+["޳gaĐ}PQdO4#\3s_9fc}DW13 Xw7niEK߅id3w/U3*ˬRe}mJ||JsBS%J(n;4% \x5f"<| S Xۑ 0a0H*xPHK%bBuW?[Ă6Y]pƢĘdgxXiŔ(xW7++.hP=;vb#}D oJ!ҋ[wdQk墤0?KIX|' 8Rf4&({pALp/j>>xЍ??!epꛓ& qJ=F xgs|@d=+rI@ǁ&=ԅvw[*:9m)^y|:UV}TlA=y`wpA]g Q{9Ka:/k!"!xb䂳|caDuJ1&6`}p4B?@SbF}0@ WG$d`8FpERB KjS Sݫbo71~BGfGw΄5=9ufـ3e0D,Α?*`{]Vo4B,T!I#\m[. vǪp2S^6@}~}v?"%Nc'~ʬ|cB2ҸfV;E*WCF(<~sOKQ4m&_se|.-B:SjW}S .qx7Q&Bd %rFu=+"\HMj{c*0C_ %"nV^5q6|A]䀑8N+ Q1kh%M+vVX}8Nȗ_/cAxbwIJW䖌9AvV1~)t]@F:]TtjR;4|o^hp*i\"Ya,Ug&Bµmn2XJ*f!(S"rsd-c:?ޖpqj!%vH͢lPNN="y!l* 5hZ@,ޢCaX[?HoA Eq\w-9@n67D2wnvԘL\I^ןZppSJjL7 դ0W0?hUfR 5 Gq*izzGd0X1F*y B $Jd5"l+ri8Kߤw~e `0Y M%i8^``*i%Fc#膖wQ:(:2_,|4h$ ܨ0p[f& Giyi{aM˱y 7]ˆ|g9/A$i@Xǥc\B`^p(bվ|#* >!PtkK]` ߤ34Cg ݍ:.kl=#T@7@ۤG T[1BTRR|OwQ!C&x#1' b&wܩ4H vD`C1Vpu{͕;-DSK#:8fl*t4o! `IKt=wDmy6UC=v>\b{k޽J(׫oe '=*FDw=)ll%%b*׍4glŵD3/A`9[ُXNFXDWw74:Bpd`l(lkۗ msfJu7Y(#V9یbYrĀj1&z3]o5pw=lB>ZbFW*K6C.^c]9<` d@oLbFX;E/D4x&amcܝ0xkޛeèKC@ck_Xa"\RyQ|/ 'itslMGæ-Il2ګ!fHa򢃯H!|gRNsQd߱C)sFg{qū'!op>M4ƣ֤a!Œ6軨>ټ vN5w24w <PY[BŷmaNl!?:8wV{G&nDFʆcO.H'o,3ũ gu47x+)("]cW/pUrbUt V%^v* K eL 8%Zu87Jۖ|ق;H7޿넯Fۮ:op)?U ,,]v)md.$թ}>MFF-ޘɽVVANQ)҉" kp]S9r}ı*ĸϰ@VwڄNUUhwv2VqsfMVk@2eP{LQZQXUPs5GƼ)&)}b nF@d? Daz)LADz+Unǵ] x\$wD +̷+˽]~cqRp~o!iI=bGClvf˄W#c ZVxɝ\oF:4[y<o}+E@]57+E<8)Tfe4=۳b n,icx7~Wm@|xT|i>i) cArlC[l'bLQq<`Бƒf{}|=2  e9GrUIl%/h[/eË ޠO`䖇,fګ,%t_t5ppXyUQ bi]“|.;DT%9Z>5mNR§G`j7uCSY;Q#M}֤$h~{am6Z4a4#,odTkǨ)%#x]Xj5φQRn=jd҅_h-v"/ѐ/O/ ʶuwI˓$:@d.i`*8qߣܺ(AST?nn4˖a? e|Or EEN ~wWl~)]b !L9(TsndG+ '.oBf& >) `~n_7m[i+=Y/,)HEp7 'a͒0}ß"߃ =2}yt^xwXSco~7ġ;cFXe"8Qزb)Ai<?o4GP@+%t{Kw,y>@DSgׂmGmZqadM5DyuGFI 2j4ˏTec Ж][?c޿%64RǭE ?!S:8 bh.Xw7YA8g_i! K)Pk ]DNTOtrb'tHV p1x4, Z[.ayjXAĠ -MTg{H Vgk}ߊ8Ď>N*IT@۽ˌnRjU *yXOSd@--J偼0sK E AH|zEN 6499fIУ饤Eh^yDL:!PyKl 8=}]U3MI6 lϼY,>ANwB &>Ta 6E]ڝ'Q H;mDfܕje @#8itqC{kS~^񇂸gMp{&[D 2ƗzpLffoܽ3_o jф)Γ !C/'y_lĖC<tLF05દG1PRMh!>Q>47j,w 뒡e*b}k4u sSq e܄ј4+ĞMCttw;G%}s-]X}@Ȏ}}Bs>Xm(W`<՝ge҃j Pde&>bnṚiб`h.[sJIKVYhJZm&mٽ@Qv/w8k~̀c%q_z'uۨ\f $:lfsnWO>;NrET?|y-d)ݵ~ETv=쌄񻨑bh߷K&L'@Z#.4xe8d[45T9t"HXDB2t D)}j#3L(%]+%ՔJ%/F!#R*3f\ɔjdGu$,kP)-M<&,$$ *jGXň3~.vB *L(] &1B~f(-G茢ѲC|z冊)pLD]+vx.#ׂ5^>.wCǕI@&,H>x=ޱ.䗗6Q[ϥ:_K qI^e+S(?*o܏m.h %0< Vڊ)6(ncEK04 2SBт'Q5H%2Zjb{ ´MOQ:6;I n6[hh±;ǡ^#uDʥ4:Hѭج%dx T'ꛍ5%ӗH"D8Pc@8jiה**ro(7!+^[شol+@wA*R*fRR˚3"`.'U.d-~)2ͪyԁGUF>5fo\;+߂90Ma;y\p s=]kqZ&_ nL }5⍳E^ˮQ4IKQ<5nWau߷PH3 uV_dGL*!Qj64yF1  U}vFTGjQݿ"#|~:{戉*{&1ҸAz°>pÑ>gcJ ?UJ2Aꂕ[%fj@ayK'G6XK³9.mn`' ݟjJ8@UNH *v%)bZ)Cc5G31$gwL!1A =2Ⲗ<:=J45Qs'p}_ݱpe/we8!h4DCqMlN)}G#^ 6B~ڦ z%\V[ ;i)6| bES½Z'a}{:e5Jw:t5˄荕g6;xob3$JP&[`xc7=ԪYJ  zR&[czkOSaFkIO$X"^ӄF4}-N>FXߜ>Uv}NET[ֲ"[m2@ScӞfDNz=jXj2~bPKy^_рic!%ݶ2)uxPP9C \T|I L7 -*z{мtv->`e~VrJ.zFq†iј]HU#',LT`p^{DZ:*>ߘW+k\Ljۃw2C?I>;UoQnWtPT W>AWHHC&H8-=q=Tau1ˁ,) u t>1n[?ԑ}}ɺğ%yƀVb[LHy18=O Tpx]ݺފ]AY-'%SD ut4 9%W$w# $|UXnk8M3<_:,/Cw۳i{_']O5UҎclDbUUd\ u g[ 'pJ|"jF! s;v[olΞc#^$Խ&Yٖw'13 O\%3/Hs/ 2t'7',%vsLXM91˸]Z*$cG~şzPwLd(pW[ν-#նJࣺ*5BjNIƬ}jæpʘ]x!cF\]:G*)9UѼYVb"7"?}M)H{*i1N ̄; G𒛤LG))Cm l-mO$d&ZoѾO',9ZDu~EE'McǬd "'C )eAƖ77¹ ۰2.qtZ.I-o(ȕ'x>Gz=xݳv$G1g+xKm!TD"3M;_LXoA뼯 AFvaPe*{v;/c"LZ_Hb'/)à3Γ{ y6ݩ\"gq&,RdU)Ri^&^5,ŕxױPXVF$x4{KMA3!m/jG'ˑ:FGq -ddb̷L)ve vKcZdo`TQr싍\(bCa>YM(WeR'OljbGp iEDu<:U? rn=e[`̱ [FiqH#mq1BbD֩ۓgҲշ 蒠Zc5FnB288)j(ona8H{|c+g.eH= -pL@<]'lS/|.Kg9DrU{SqP8H+a{Z LPrL'%Jf#= Gl[a'vwnXږF7߼.0zI16M RZZ~B_ͻT5]DD]V*HG^T5Y9|'ކr?uϏv6B"]}7rqͅj iřc] tZh+[#KQk_ϋT3׳r޾Cg*&SOic cO-ź:N/0"m dCd;'wP7aUUAdmsLUiBvG4S'C#f3ݸ3h2bt؝|]_>I{dՃ"S̥1wU6$3NK) %m=ݜ!1PVVlraG3Iq}< GqP6]|%t0?b=&2W`S[YfLǀ@@ɘozC39tB9r o;zfN4uu?E\l? LN"o9PD!nB5Ƶg%SCLڸg߽nԮ8GW=G}4KD)^=yYĸ@(8eK?%<6ژRTȽJ# ""k2VXAq*ODtOH;Wy,k9&vX"U_X)#쁙S 'M֒?2s?ifxtqFJ`$s*m5>QN}'gj;%[31q:\1"+-)H<H\ `=6"CB4F/XcÌI _ ԕRs \U&,`elwR n,rJ앁`f(Ut_똵&&Нh{nPݱ $L+,/~Ҁq?-VkbavMTt ""W.[ JIYcJ Me¬x"@$Al=#zЉ-pptz5gNɾyRֲIxIWg ˆ"sBpIwqI [kb8qH{8-ו~6= J%J~'50vk 9Qa#@ݤDg:G 7%Gu4K#ޛd ͗u}B߭3YMj*knFrDF<""M0V7ជՕ \>! +53)3<.ӻC`Jx*]LCeL5%aQY3^~ ZEyHiCX3{V SQg_'E0B{wKWPHEѭ:٤^{b iht8 <;ďp~ISrTrQa lzY^v4Ei&SŽqG;Zˤջ0fNu5ӑbUtj%C"XnOJUȾ?1,CPg9kS18#`9Kڳ[Pn._*60 (CFmh]GJkgk/<6,1xp;Se)&FXͯ>S(3kyS\U` 1(W|?'Vr8[!S\L2[!qGjˋ4J;99h62Kδ}3үWIj- ċ@me0e~YW2]*r;(ug9/VX4fGBv@sa3خ7Ox8D i1 n ,vЍpCQG'H)u0 T `;Bf,nNsM=oiϭ[e^E d=VK1 c!`v>M9=CZf17[{ zV|fİm⃃@K?ɗA cy?dȾN%.^!*(fsx;ΜjOu|] "7)aPjJUrN!dU6/; w<Шt v @).DƑa#: Z>4 <)Fox6bBqPsS+9I//)d<ؘL $ H \!`iP+E!.g"1HJtR&UGЀ&E03F>)^Je7]Mn@nf`w?¬#gBUr]#'px?j KˡZf4$*O$]?j9I#Ο/ Kn,r]^8m÷ٚaebMa5J˙WF;휷M}rj[0Bc=Dݔw|DvGUsh AK4ɣ9P59'Kcx 7l{S@s4eK3]#73QXzgQS`DYu] !Vԩ_Au$ Lo,\ءn5W7I㽚[lAuIWeiBWR[F E(&7 ODR\JJL :0,w?Ϧ5o 2j|hqUUqN(x:"_5Bp4)#ɸ>i6OKFƦԑAPSq"4n3Mңh#4^ ݺ@\?ݛT<]GITYrM / h٩c5XhT>M'%fT?Y,/_EPι׾ic=00M^;LgJGV _WG9nF vacjD:?oGlؓv#x<]W#2=F(`zhu^@?Lst|[#{VwF8x*Hj[vHY`_q=g!oF\R#8);,"jrB(yE`f#cɒV3 Kt.t5/y׮uǜHdjVqP **gh# Vqq h ^:q~u8V)f]RMΪɞ_oq}R&fzD3 2)S [C}C;4,Β" EĖFT _djm҂z92#@HyBLЦ 2r ҒK"ӭ[M\i怞lҝ>iYa PcKKɌ mh#yWnjqDPKNFΆ( NTTt P0)Y^=*($A >R.{3҄m8;$eNFAM;dt,T#)Ә;*1ްh_sy1h?qJdׯx5㱜vg2unsɚ+C 4,?F%?gV*d-_\ma ?KJ0USHyi?oeLʧ өImpJsGI}H{۟"lOK}޿^ y8IqZ9JX>&e Xe;vߔd8kWčA 6^ (ep2\O凭iU7?F =zL.De *$ WI~$U3~!1~e)ԫ|u(n-!RtwvLAN.C\(ր0s]>ta.lrd6t"6w,w+JNKYY[8cKHRh0LZ+@CϏQpYpñ"ùW.yiO1xuTq#!iY+Pek* I{Tb2a;ܙZo+dAAB|fTneT?^;Rϙ45fUJ0V򹯸4i{K>R@ϔj/$΋yL\ Dn[ @a`_pa`b}],h>@yԊϙ&Z@CyV)/U׼)Ce6eW(ZSQ9~"mbpqMLwJKMoG~SC/;jŠ.S"^Q,|q7k>I+S\D$Koŵ \tAMg;9;a.P4M)M SD9"1zI`"/nIT8PWZD43PJ֓&@-00JiýVG^۰y~'GիeW9X^+ogdQ@9D nBҬ,ZAP%]]dVoh5("_mGy a>ߴ<͚(9O0>/qɮ훪ΖU 3 }#Dŏhnjyٲ!p% Yen?g~9yD4|$өVtٰU~/Bp $g? 94) Қ!Q]TDjtrԶǓB/Cn8LGɯLIMBSo@m$ 4|zCAf*n5QXK/Z6`=({q,#leHש)JrꚖu:1#x-MQ6m,ZYg'2]Pw}l,˦1,i'LPD4Ʒe|%6SXD霿(0-E.u>xt@# Q B7J[y%~Jݡ_ PlYkzŏd?TC⻿ST"UОB|^@AK7꿈2'U{t/&|) H%cEp*}zSǿfhڌzv;&6㖄\4jؠX0iozNKRޘW1ʾ_ҾDd-0|KmhguwX.i9tG ?*d?t\Njf5Q2 ,_^eZ>z&xۃme#<Ҩؔlo*}un/D*oTC[6 rn.>9後 )ҖLV¦KQ|Zn[4l9 o LU4!99ONwó3 |k Gv\ճ#eylZ0vBrS'o;'R_8h΄{B.KDҌPz 6^ĵWW"Ru._UeakqۼECCdmDx HD_ UkĢVNw>x?+b' Qm -T}:߮#O9sxJAo_p8.;JnzbԴu\IKqIvwF2mp1Bà.~#j[2@Jg+*1ϰS#^[\ |f2Ъt0M ?38rP|+&R}h9@H4(D?EY% 0gXG6T uVB#.APM?ۙ7C7 P׃ᮝtٙ?pIW>M$~5R{L8~'NIwLd҄mgIUO:^&@qj+M"QhWNLTU>Y׷ wP%Pj1ϸuzdʆ|*Rme}ydP1 ř4uqL|b ԥz4tC^׺JBS<1?Ͷ"6_ +.DW_d6̚C*cB{^/:GSyk=S0z;"0 P- ) O5iig9ͽѐB9)I0b*?} xh|wIJT(8q]&- v9U@],1G^U)lhhse<%umM:2?>w#z/ ~V[ZHX:#:UFT`ddD!4SXoC_-v9C/^},~e,P:ʌc?/շYchdu|ã=a1;U) _VH\Rhl{ɏ;i6%a}@/Wڀ 1J?˼!YWEPIV`~}JdSgU٠lBxUSQW|$~[:΃,'8;orr'4_v6"ٻ>ّ mL|7m+,e©5A\E>4 Xִ04|=lT,maYzEdBkFq0Ek |6A K|[m bnk-hULt s ]EAo:v5 l=PA燲p8z"fj?H{CLu>ѦPKǵ?hi:i\Օœ$wvT4%G2'ywRw]0 D,wW2wHFL! I) Cb=)unrwf0,X/('Y8Idg k?bুiZAe$[I܃ |q+|G@,5ƂƖ4rgb6e8ɣ#Pg?3ín/:ZKطl);[-)uQB@[ @GepPX킝#s ai& ,l3S“.wQK$B@6t%G~AoPUP!OfNsCn: Ny9ƨyj P&vH[t-g(- ' .Ǒ·[0wZy}ÇLf w끹h7.b ]5f(19VzBNL ŲF~D-&ڃez9.Zt(O0d p:-(J.M(D:Ml6)9>sFED$L&BㆦoyS  _`.G7>pbe?gL,aMuA}٧s(\˫ ÆD@g6' z Nl\ř =.taDm7I|?7Ut@ߖr&FitڮO');|ΉSrP{5ӨN?M۰b2%t\ǩ́΍,;b+}FRi N(O0rp_%HtQh[yԓr,A.tݾzr b~CdfʭO74 Vz]5"/T- ~R0y\KP ܥ+f jWa[ÃCz weG(@*<@;=$.AI-ھXS|8)osXY '"l̊sL.tM=<.r> |}vdϜYRTi^x`z5d lȒpCd*߻EZ[u o^V3\sv[yR^J&dZV_Oǹ<Z 9QM9G(JlsU e>bNxa[N~:`#Ep@3C%dkPLY`!Ws!#5^<^\; |b> eEJ.{p#c1EŻ@mGAz;#83w}{0n 9\Z:>5[atH fC3ev[X-; &u~%Ո?!qh"BXM[ޥ03ui2Ze ӯٌ )tۅ TvJT Ť@j#HFܓ%j{A5BAY_[J; FwKdO/ovN&[fN>kwšW_3=yԽf$f/]#8C,N}'ǹS}`tߏQa6ESCV`ԪI˯us"[eqXا_$VET{˰O8O `E גB\:Q. B0%a(slb٘##y "LL`,TW-Gia86v!tBU5mPI*ѷHeF@&X:O7cM={) ;栉ƅDɿ+M2o_EqMTCN&`J2ɀ|'4d_oOS; X}NЉ'@5$L3*OL4!=%8 %c𦣬d:󭧚| 38rnv!xP0%8xͥ< 'W U;c:Z(ʌ0I]= j#SשޜuG?i᭚~1ИPWINm8 5B'yWUq]˜~hah'siʬ.P](I,NVnaDb4qi`c'9T@^7[j;9%~N~Dr}s >8{w-jY@+"i;{Ԍ?^R^p*$TInF5_,b$ƝwT?cZRu|ƃ _j /]ҷ2hpcA 0`tТebV"(IndIXQqתeCgd5ALbMh - Rv;=w \mOk:3=dD/'A aL:_ `ω .<勂!ӣbx1gĜ 5gYK-l]¼&.տ`֩1wBJ;OvքIBFl>Z?T _KZXh2=E }aygh+'v&Z+{[K%|վN_m&ok5iMqJlʣTDY1y gy& cD=GG牾11s<[3fAE$_i{@~/=:a|Jߜy`1طbF8:I!s~[>G82,aܹ )ּ &E)+ijy($:KE!&!]I"0'-/%M{0RRZg)E G"K([af Lt{QO*~6ҲeBMϔF(Qh4p˵{TKy536\sWٴ[ƲJpLa(:g,v˼jЭ+նͰ˱Ո|}HN#BXӵsc{|!٧ː,xQ̢Zh < G&692MOqxdс^w1Da Cm gCbP Mr3)bp A0 'z}$G@)4adn&RB^ߺ>1쐷3eʩH:h!} x'zԹ=UX:ېhol/Pl%'KmS06?c2U űƜ?S剣Q˶M0Y(2}“Y/k*0"  n.9XMeUsd4>i^.Bxir2 $Tq[L$jw2b^McN!D/欖J{i\t18EgFmA?f Τ3GяTP }?1H ݡ,T,nڈꥋ$2b_!\Qq^}2ݲ<)Ÿpo ׁX@LwүI\.cN}ϣBگ>ps__jwOܑ61Z \0#3vi[EV$Ә瘹XmfAN H˒RZEwtYgF;OICHW~*BFe&<mxZ\{.4ZΈ4f/XW^(&g7'wJ5^Ἰ{E0=DS9vV(ݿ$.}[乀&rPj5:J0C zbJ79uhw~0%&eyY980>V 9z4Πsfe N8  `,u$IW,ļ{7$UøפGT~qV~ƅ R>e6ZY5aA?ѭ'iO6CP,P+q R$boԮ>j Q/A bgRH="\4z&fj n`0c(dI \AI('v3^uM!@mM)R+=aPw7ĐW;J1$`%e#RcP8|U>dT:㻙ꨶ\0tc5ND|MdEF Z͎]W/;ۊ^6hh{i!dɓÐI8v$u)SaK/<6Ѫ-!>6^Te2moG^i]'B$t܄R`BA1yͼ%`cjAc7 lmy6[@ʌ5 m[S|Wh\1qN[(5 =ce1ATQyI8,#+!n#QwIz#/ӾupޅgZ~]!⨑ĆI';ܬ"m㉞ZJ.<(d[Edb֔320XZ}*]x` ݍuU|icgtBVNiif0Њ!oT=@aFѱ|fRjj>9F=wP q/.lP"hd{7.aUcn{_R:󥴬uA.Eq;7p'w);wR(0;#sT@P9$o1Ynd]DlL$B翖tteE-B%y'fE`Ou|$PS$^_RmcD{>rsb K6Q(Z)fڜ\rgJc.ӆQh{-E1("`u LERsCuGAQօF$agsrYM0đ&64> A0S 7X^j8ǹ I23oPlJR䲘Eiڈ:1*RMc[`FKqjTi\x\$+1XJ!ab]©.K+Sbftp?h(9kZ+UZМ_lV N$pcE­c>o/w? ʃMvT/GRxY .RI7J 6g*.Pc-/aqv,=9xz TdKrೝVucEVe塋)U/k3 VoyQ`r85ǏbR~F?`,,2h< 988C0g<3r* $5l. .t"ls%e)t/b{0Yq_-Cޅl=I~(K|qjAV/-=F4A_;8\ҵ~Pd o-"T##τvLqXa ko}}[Uoe-Kˬ<3%/g1c̺C_u6-~]s!eB \4b;AN}`|@3Sq M0]x܊ 1 MEF|%T9/Y~#Zr@iq[/;vnJf/h2 C\lYn2m;%僧;Q8Mh`k RUf}USJٯJc=j.wZ"yQQ[쵮s-JQ"r([x= !AW#lȀYrO.-:zV yWɂCQmKt%b.W߲1~, IoBW![1:XI ))oRգ;Y~HqYN*TWپHQGtS`i0R[Eʥn^eXFͱrǪ)Hŝi1ŷ%i~01 n7dX 5}7f́ق\Kþ#D~O.lݓXE~ڌۏ™.q_rsSꍟ13wEApܔͲ!}$oJt j&a%0t{i2}<󩬵q#\'aQ&[A ʁcgOVa2 e8؝8d< Z Ӻ:8ǟNCCx{nщ&cV_~9sar93C_kle'KRj IX!(3xI+mQ|gD ͪTalwrjv )4Tl1q Ӿݵ[T7.FP2چD =㬹GweL 9Q|qpbgja=+0ܹ=h{) M[2RaݮkdѦ]rV!;e(ko_Iݵ![ dZ.k3ZA[x*lⵊ-~xM݆v^<$L& V@v4+R4Ӥb5qS-xiW-> 30_!n0YTleaC ȖQ"I?~g(<؞߱Xa52w)P{ ^FcXPαqgA5++րO @o8 ~Hk&V' *ՌpܱB(.($~ȱ2XYqJsG+@sX쥭+d;GˠAPpHCiCwl=?(3YSAߵIjT+~K}rEo 1>yyo2'GKiiqb@_˓H*ŁU۱Rg)z7v3UU2̠GidmBت˝"+p9-tթn+ۛ=ZHQLC%p.Y UHO`wRP5 e=n$g-w) Fn&k8lT϶ɏ8s| P/N<u^숔 ۷v{5HԖ{MFj,",NA=@EKIuk?cx&͗/neZQ-Ǐn-2XvؼT[ew>|)rHrE\Cӥ\J6aR%jޱ5!LYdG(a_O/>Cܬ_&Їndd>6oC Ҡc xˈ5A-FvOtZ՞]eQk9@b* b׀ͧ7( W6'vW`UT$M&mCITΐP kXٻJM↴sbeH簦_9Ky&ig(I}TE+7 UvbStY&uK{0z<"._pHtRxD'm +Eptj'f^T~$>YdrJw)^RIyY`&xu|eo_̾[*PC ئ=S*3[X1Vѩ|EX>+nbz!.:G"$eGhy~}j26w:hTh cYݩ^3SA*Ì~˫ǯ%P^`X+\9?T`"Xҋrg.J%xWԉ~~xxN}YqtL>4iUIMI(bcgN߾O.mXC;>O s)$ 'zLE &ZݣzKwd qk$eLMީ3 oY%f`<\?Oހ4K _e 6wB`=0VFʳ/j|9Lq4'AZ 7IUEט_*ik˼2iQp>i&,t¥C.Qc[rW67 {Iҿi)3(ۑ' 0ۼ I}C9 3-'/r3g5>,ǵe6 coH/Z!۶lFN$f6aL8bU;3I|6.NfF_lhc0d99:&|*Havz#bJ0A^=Ra;)``wM,w0+<4gGQ19|ydo,)^O[ 3gɒ(r:QQ6Cwc ͓&q;1b͕EV|,3 B GPD`ZgeeXY2!VSmX-6UP9ژS_t{8HR=,.t+ҹ;$I`k½Ey%;w^1ӒRPr+qzBvRD\?EمS>j_n]Yg^v&|бl䄌G6yE 0*6? jE' iXu(<#l\khPN}ؙzB3q&nmk=߿wزH~81`I~2h8㎳? 1 R=5M%9*=o&D)ʍ}}T.FYnuViQR>!! Bά4'K)m^Я6+U)@y"o ^)I= @zR)ꉱJ>.E.f4 Ys6D@":)ɝfDx6D9&v@Lw*-v?mW O_]S+!j{XFarK G4v*B.Lfv\bh%ƛ2>q6^oP͜D)sߏ=Y1oN>ٮMk] &.X4 iJug߈-*S<<VXbO R2x"g`Gӫ.B~|ZrC]Y鱒Vsh;漗{DZZO0@Ͳʒa4lۮ,#qoGK6;tzc%K0>niBp.o3*P֋hQs{#;۹1rÿbF 1x;ؕ![?rcx͹έ#YAŗTp &NJ )gHN/Ep. ~}c Ho&.[n$|~HnϕɱplQcGg7i<4`@Wtz5t/$=1-wU2ƳWOl܈ltw eHS?#k [DS]>j*W/WƱ6h%fح&D{[q,S)yE7_$Z!*n S@eFI4%hQ!m!6"gz] A1xX:c̟oy ?qlĊk4\'!>T|]C "trj-vg,YH&+ kZTvk׋}S&}1͕(}5]XWs:e>?P 2]I-DnUq^;[[ZJTW$z YƠc_dB,'gÒ\wF.ǩ Q}l r4\ol%I=6^ Ѫy%HZt儹S;8x`?ظC/[}TyO!90]M)Y<tih3,}Qb5uwɤs;6ÄkU{\=FLhv 0A23GܲXoO8-¨փHc䪥,:Y az[߽o$]#89}<ߤו !qYD C;w ^-3;̷}Hv.yޜCmd/K*A'}XoM9=g]< #uϪ^ x(¡p _^:F3X%d9{~ֶH_2ޖ1-h^%ɚEiqNS AV]: 8-ȳ^ i A')snR|Y(t@cЂ8Q#aȡCwrAunr_r(1ΙK]:Jc `Lĥ.$O=sz`r&jփ.0""cQ^Nꊔvk4GV"P墟{Ű>צOaR%J`Ha׽J <A˅\UɪdڲwzFP\ѝǃeH Ikx$5' x-aĴ/:W~ {<\sT%g25x;gI.{G vkb$K Jpq߽ { =&kwF3f9̘IʑTw!V1(7M.8ΞDHt&ggаtNͰĘ q5V;e·bZN U]/>NiVgJpk(ߪTNoǐt ʰ ^f@$.\$) w<ro·d9Ύx?/;s+?F e?WBԔ~)~q4$;|-3f =ȍNQ eKic ^71Wn^#ըLq\5Qװ#bFz9 DzVo겹_-Wqj&NhkbXEJsjT)7Q3K.:A4_@ ݶnNL'0;ϟ&5b+s5Rq-| @MK yB1{5U#%yl#:'&&@ H"ۙscٷo;œ3Y;*w0Jx^,v_H+"Y '(kV#閂$1(`c׆뻓Ǿ\BW8CKSڸ>- l:1SZ 4 9{@4rN;_Ym'GŽt:l:ͥkR&OD6+zp ANIH}1% hۓ1{QD1nD"SĸwoY^(% Mk`R>.T4^a"K?풉yRbD7uqXW9+LףV ГN)-tq@<*s* [Txb0e9SK3&ob4'R~Sbqޚ*,v ۿUh.a5F[kކbXVq V;6{;bs}imI30 l\T;pP)_kYx(G燮),mA\$7smQ;ֹXV\|ɐ-iHrsSajmDMj-AjcSP #:}uF.e>ŭ _BAd}6>*axpy{vUx83$?LW}ݧd,Z=!U#3CKvh>,&%=$֕n7/2}bT$;MuPb mܳEs2n=YȌ4yk`lHYzav+I\Z(Es>8?+ IG2+0pcUDNAVpr/ |-l  !KکǑgdkXΗ7j]RC1t#JetikSd4,cL;U9λ{oEh( h{<`0\; ={ k!9o]U> n~.֎Ȯsi`\m]o1h؁E]v}SZ3$7Y@WZZ2v޼/Ru\oy>,_;2W hG.MϦ },zF_$DpH{d=87-O-eD}^cMAraH"pkIŁѾCCH=Y3EN4r|b任jtm϶UnIM6 63]4 }{Mh:S <§!r&DJ@jW]fOxywCS #_'Wf!Lƾ f*O芖3 6t6;Bՠҁ=P&d 6}<`,KNȜfկq~#ˁI'Dz*": ;Q+h}Lľ-Vkʄi jL`4Ccd D4 #jЍ8 2h-} zd8Ӳlټ ]_ w{mIj܍kS,GA@y~4Bn=Otuz|xV?=\2tC*%xN:DG3D8[W;Pûv [ Ծ>%\#x{%8qZqS=tw@P QC(glsn0vӇXj+eNWzwXH?L76߻ F 3ʛJIՃɂEƧ 0_c4$ tv6Q|Or=FjϞe ~!ԍ+]XfqC.~:zՂ(=4 >htڡ>xyU,?[<8G^X<* }pοϒW6 y d;^[5s+JZ#+RVށDشd:+i Ben;ɓ3kx4 Dn3z :m<t#tU,7qM"z%{j \H6y"ŷ224s:=+o`+p"4}YJ#ץ.%~MGyֶ 6`y 3X-熁1{*ѭ^jZL/׳֭] }/I dzpDapyُbyiJVYѬ*E%&m{\Y 2I`ЋJT#*ތ!U/{=p>z\OR=G K\ r܀%u2X_koP=,r=s(CTn{T!=9\CIت_7s/ šC% 9ep+~0s)phB%Fx# 9A.%P`432&h 𩮀FҭTLX0r듷4(mJyOɷO2Gb{BY4ޑSh&ړ4aMυo>D%gcCR;X^X}l`l I = 7Вʐp٤瘕pwh|lq4Fqj)s8#'#&#(i\Ml2Ԍ$iNuI {bS&PC1 :BVZWbK9S|Qۚ )Ҥ`N6Z Ɯ2Pp@wny2Gro8:0,ߝBQw9V PX>d29ّ}`7 C**:Dw)֟6_eӪ~R|%T#T7tAo:P>](;yW /YV:F<R2'dI2SMː@'Rvü1UK\Q]O#R"Q3ӇDq_c:bB]O%U1nPc8ưR#NUE#+TZ531+!9:G/ׄ1=>o&^-̬}d P!Afy$?m:3;{a()c/a1C&i8[gn1`oBWmM\G v'^.LTvD`^\)A`McY [S :ߨ7 "ޮkLbgN2*UXy9(%Hw@(Jm^o?L ƎVHh\kB ̃eQjAͰ[rdbGӑZo#3?\w kŅy MUm{Ђ5J?q<dC\D~"@q u8S\MQY8߈m8bD G-ZPo"2a,ۿ-}4u6^:!JZ47R7I yMI ts|aaH8S fFYbh J ڃYġ*gy( *:`E-Z ΰ*>v?x,&mJA)[,a_, 椏:6? .GM ^5dBhD}xT(%y^mFnjrΗS{o-ZνŎBo!oU%r8rҭ>4ZAS*9wȑ$qjp F>_R`̋0 ʜoHT ѧ_ّ7T6kt⼱7iWp:Z XDS}(_2-KnfЀe&#@nxAq>Fe-k͔vЀ<;ib`0Cjp _v" L71bon~/kPf_j%rR+?l\]1|_楡֟ۖ1xe@6k Ѻ_>[j69DŽi~4"!43Lo֜UmL(Ce9t g20{M>a" Vbyv#[d P} l "_FfŇp> +a/c"B'u~5@%?(m|jØgQ%*QBюe!ߩIWD Kx0aXm"vtWK7f21S%D(,!NB^=BݠT`6O[Lݞ}Fziz w]KrePgs;>AT Uaz؃wT䀣DyѥfPP-<^.m*&X-># yq=,@0oiwͰ`WZogs\f=[%CNNs)6Hx֪)r$m7̒2e5DɲJ70ڟ%`٨͊&{QnR0wVsMfݯ H{ K ,л_@cA;T ѩne_ܷJz [9t^΅bDV͉SyoͲO2Lxs] Z ұ- n #|9fp|?@OC|3 u+i!+o;x^bqOWE[z\A@|D#vRƇ@ USx9&6h,=Z,) ˰8"B0k]Da|Gh\Āg)@5 }Z00C*\$/@_!e0:M]T Nsh:z {D'xL vy<%YW1&r7XצH&Ҏى`@?Vz, wouo⢺KEfg?/2/ v}:u`r%v3u|6v*acyT "~HIE6E2ow*>bknig$?f1Y^Ɵ\=\Z&dvrSAo= v|wl64nty^R,wL/h]Cn8=FMlGu - bGS6L֋OZMÉ5EV.ދp2z)`5n|~ K4>W@9ExxɃw[!b !Ťbd9bŵu3ۣ(C} 9W>! rیK>ViFRh -n2FnN8t3ì=-C`m`҅@^~Pk%@w >w@SL ZX78vGem_Y `Bji '/C߿e޼Q붚\۪4Q6ʻu|t5ܵ7fr=L-#뒔)X^gjA㣌"0jea1&y⓷[m'RT>C-Jbo9%/yRe(lMq'f*a!UàJ F/RcNj[4~R *"t?Km-3AZZ]:oxVpKZLa3I`K;lG>V&C8.6K'M^iNM$ύR6 6߂$drZ9>׆dHvfI T pM$ Q^Btٸ7̵3U)Ux,AvCkQ 45&#H(<"oPNђhzqĠYe,c{nx/elhm_rfƼ8+ p0S9nJG?A_vW)%cHg*`vd{v;.)rX.'> Xid&E)Uc|j~٠H?Mj904T$PqLxxh#M) 1O6FpU~2ë`b\ٴ;wCe2$`Qhg.L3UbL'T<ǣaAnJwLy*o$.~gQk[DCG).?U(\+^fWYZZZU2 Lm YِO E[j~/bc̾A'q׼k зv%pi x]PZLnnZH.3mu¯/N>KU(1I;1hlUh/8?ߔA#cG\#+A Zb\VIE[wP{|s4qjG(2︵Fyk\Yk܎)Hv3aO7̧gxqHXbJ.ஒ ފ(=(eb 2 p~WA @j+s{L//Ӫw=jN1Ȥͽfy{kնCV#*ۄΑL(^.4Q(ӡO#  IjfMoSX*"iTnc載S3$xʷKQGwb7#2Z%$Py o/cFW'J#(0z<;giz͔vT%&Zr\Z>KPg@ _ʉ[g9g5hl}zqp0շGS0STBڒ  ؔiPeU V9sҹd]~w^afa2fI]Dt74:*"moyn`(6K.z#1##u].`atgZaJ!) =Lf~򊊕`PZ!:LW;ZL @bj~n7ݻ Au΁J?4?`t$5m厮zn&bM ҋ议zoQvkMDO7ity:''n':ZWrR 0gT:4ʈ^/؁.kE_lW$F&2bsV7&s^g=XMhBwW9^巈w6f9߶N% P.h::mmPpFe S/[dkaX|B"q5t5-Ju,͚?oN]dZ^֘L0qyf?{]+/=pcEn9>>)}5k6K / % rЌO4ꅍun2Y`Q.tXV+Wpx†/Rp԰X0}ڔ@ش=m!@3f,} k8*MׂvO̅\1&\)aXn GIf`(yoRXKUmqտc/ź pmJ.!f W/Ej9T0#~v:M5%{W-oH@v(Ǚ$iG)4Q},%F30vZ,lhA6I0nC~?-X,bF>A^E-J38&oU}w:$2iz/笠[']D !|ahz;6/|C@jD -JaUTS {1›Dw[NrWHJ_XLZѢz n+ YYN?XwDg+1tj?E¶]?Ҽ x4iL z5I3$vW2/juD|p"{;JUvLߑRyY8%~ 3ASOS9˂Ʃ zHbNn#3'ExtĔع5Ẅ́Xȓݵ}V#Slua ;3z`d2XbAN~s! 2.n~"X܄3ҟ}vxܺ880 n:I̼!NGfO7w#ov^ m懌'wQ{^!NID#*oP&py׉!HBy=]gM%꧟5Az[Θ?e}DJi@ {-)W6W1[;j,2-X/ .YkĂ n.HKyo|-a` 򶓅;qF;bSI@ j.4mqKNM>h`MF@dGOGsҙ薉 7{(>}w!?)c,kZPytJ %x[@>[f$ԡ0x\0ձ 0 :)2!4(\y0$`T|6VN(8XqpY.Sv(lIpm۹lu5J >Y& ly>~YGl[2yX(Bg+7ҒQ$Q MK{ɖfqU6toe_h"f-ę2)'Y PpX_b֝aguZ":q;l&6I:(0 (. ;[yekjZ&إ4'zˁr^rU_'V53.( i,D;%78 #CDVƕ|n>{=r^@8l|Y xn;'zbϞ-HD }=oѳD\),P&vԓކ4¤5,*&l;[qkPknBfG 2 ,}z+m_H Ryi$93y 6<?F^M5󵶕q3zDNd466~"j1UjqZTLZbʪ'%Fo*ҜD?Zś7mגW%F9ۣ%L J>YTN$MnAnj, &a]>Eunsxč孩-G]f>MwWX5?WmMN?Xq:S(\J}t?9  .2 kVZ˲dI2%l*O8R}NU`cBIݫ#8Բva|'K6{Nx2C,:ip13e *HCՑ&e;Xћ ._Fbz #fZF;k4nL\sG Km b/~-ʇd/VC6GL|ϵs޶U>Q8Hk*Pf׋{׮@Y5BFefs>6e}YXlI#7U;'wtRKKMmHH' ރx3%}ຼ=wz"gE>`IJuM{4k~Iy$BnI'{ٸKO ; tg(Xκ`-I / M`CU5½\1po?̲#WklvL%۸Ҕ޿R&,cbC[& & Cb^iY6A .bT21iaPW B߫ Ue:X;k}85!{}{xLFxG#f\i:x*ߝY ?H9W'W-zv^3,UŲ"锼D }S"ZLr7 7mLC]nڦԁ*'i&0>-@3QgV;4/W`l a0x@ӈsϚ.jߨ!6EuaWƫvT٠c j87;ژT 60Pe8tRU׀aPmnB3͕2YR~O~*CpN8\LS$: :ٻd%Tϯ~v:2ݍ)kK__qWQ3`,aj ,sF9_q`tE}]I'pNrxr}wUe(0Ĩ>HM_"w]gÍY'PԖvMWClޣ ~)ZvK6qq =D"*ePKKxE߉;S(zF/aOӖ DxS y9Dͩp--(u^VU|70\-X#Ԫ}WOP2$" 4k0 2g/ͅdlPS'bw Uݪ}Ӥ[>, G7,[e3r@C#!YVqхC=E/4@@2}Hqqt:Voʫ`$cå}gg%) Q `G}&2.Ge:d)qr ADĺɌ=karimrYhNX)CR` mS<4"` yx`xvY州p/ u(" ׌| -:O[qF0x;bE$^? g7(묣bϬ.j_^ VDol]vjG |I@L ʫ p#lnX8ې!1\C$7*;)lo$4Z2NKl2[P|E7J UjrW2[3|,-iZʧz CM>GZ\tCtLdײIb [Q45z[i,oZ3JWHօVO?W%۰S(ۼQ񥖨c+]/C!8P:"(5fRήH\?w(PX5w.fIj=)(pb|vS̞BaGkvI>[7vb3NRhB^Q|\AHSvu 4tB H]kek 8Orv@6Hw3lZ~ 'gޏ(X$LY彞)AJGvpdOtg @3 XKhCi1N1HH|Q8rl5țm<%[O}(3KSVWX1ʇ{$2+( LQn 'OoF׺uij}ST!tyȉ\ }F?2F\D DW)p\bq;+"J(r'ܷBޜQ`AI ,*V7gU{ʬh1dWy> ~n[91{1bڐxֻS7]8dbӊ TO@00 BUE-mX*]}BI*"/  ʌ2K'ɅwqRբXud>^$‰wZYXE0(k2Dei~]LEpf`‹\QT#h:wIpjŝZX Ô5T#iL TM] GA.D98,rjtD1.R.a:и|m3 TJ|Ж14lNA׶&*<`D @&‘ 1Luѽz]\9x[+kU #7Wog`VzE`j;R6ԋRk|&3ˋ??$۫h3-Q4Mۗk0P~I *3Q0WB%E-e^&gДz5% ;rqjx,dhV '3-]`Ɨ/ };*sEX~2˛uN$RzͰ~ K|C}!0 Yف5i~s>jaʘ(/<$Hry<]&rJxnZ7pf`-s_Ey9o>'C)KouE.i\FA&m/+:92Ax rqx@DBe~Zwx<8hGKj&/b;oy0u 1dԪݸaVT%:|8Aɣ".wނ<~|r]ܤֿx2grb6 Wa~)n"ȶ DՕ70KUt!+rt-7;I RJx8b1^yfӯ?/󁢆{[AMw  D<(J{aF⁠2 (l/RyV؍&Uʏ?=r9,"m}$yY1YS:c9;!jԙ#}Q6*a4GAR(v&Ɯ*z9P2&˭ ?)S-]A:,d~: g=S+}[)V×SM/7[WV'bn<1dK/KM5 ]Wf] cwhDIxx8m;$ԂRoVxj(9Hъ7Kxy;4T(hY^JS^,|@ww&-"%/)vg C.Q)Peɫb(ѣnf%M9z_yέ'15VH  +qR)B'}Z\GUW 9[[>K%cq9ADk2}'n` B5(0֔3]cDF״f˴Ky04q/Г%IK&$!s!1sbv`5}\eǰFgzpǩYO_5v/k>xՌ%IHЭҦj/d AaP~o %I[ad4FKX,8DA EX*bÛ2<]Y@F!# gX΂,jh&xV׳n4eܣfsq`K(x"1@VP\eYh6q:Uyc%@A* 4[JQIq+lғcłf! EZyplgW&RҌ. YR|aU&:MW.[oU 3q"l͕>LIXvښxZj*VyEz ex>G^0&dPvJMhkCB , 4«P#떦@Ŧ[rI 2o?9/-XYKKrOzQ/y *JrZđ75zJ-^_ѽ]17 VN4yl7'b߈|7HE7G؍>ϬJdqiQdfBdm F^Vjgh 72OGTwsPuH8=9h|ɑ;n$̳%DHk\DzAQK. ,iUd'#JC.z13 }K2^ǚ%2HWtJ3 Yz+D$yo|OJuy,/5Е뭝6~L`i D>78g4]ۂ> s߈%V0$rГVɇpL[r"C`%k2F&o&x/RY ?>*+0!nzjf#KnG0O=% n۪v '9!ăa$z5- fN:_?m9y9V]y`u+N[;r>8 @ +p ]5qr7ry8g,+M71lVEML HHjʀq+ͧR_Zb!G),4<&8_-r,I_Ctyfl\n Q{&Q66`T%u}/}}%7H#cF@ VvϓdlFV-IT:.ˀ~L]Gsk_ U^&iT&Bfq:Tsȶ1Kh}_^Rhn'fv414irFuhŐ yWPy(ܧx٩O*B[JJ^_CM,_3 rG f+P,,_tr.`nҦݶ zl;Q<7%c'+{{'ŜRG$Hxy)G8p貪-gTkPdl];^ E?;ꔴb6 |N.vۮ4TV#=GEWvJ^G4(2"QQLB/8B7JnޖI209/w] } n:%-~[@'"2kTkBFvH N^ A/@H9R"WA%{r\vR+n?)y~0^%l~>XY jzEBU_eҨ˒VoA3z\qbKFKY]c5TixׄFXEp(lxcP>H-I |]ïRpL CQ_PzhI c62~e@Sn]/WY vt`6ƽJQ]~ t)tͯ]D|ر]<=ԍds; wE@Oュ=5 a8kA}S6Y'h> i)1{ |+NDэkva-Ќk;o:y\>&PW "S#_CX}R9%_K~Lf(F_F)PҎ$pTQ^33XvOkx&60i&w$( kfH/U jɝiZK;9fΞ 3C5U'+3R`+[&|$M+ 5V n%/5wYKGK9M)Gyg$h2-DԈΊ,0N߈aAZC1,Q,{ H6OC]_q=#_|F35:*OQ@Y \]<|<ʣ͞8i5JFt&og. D_6yO<s$ " @ץ;nɶeSHͿګT̶ߠٚʐx}.L*G DMKF[ "3*B-HzcɩW̤Ҙ㐶.]E2&䃡' {57%IVLF7#A,g 2+9!<2M+,v5_*˿SD^(#i5s vf@!^[TEz:)Ĝ -@m9wHNB"}@ ZiЋY My: *ҧ-{3S! O5 *Rv& (z!ݝj !wR\#=>Z : al0{tIIkX2Pu loI!$YXofl8-I9S h'R?ٌy`qaN4N:;i?暙Z sE̫mL4sत5EރXd5xE˲H!(K ڦ&~Bhdg9aC3FaօB{cm&,BERN<|-OQYbu !e 卞XL9KI#ϨUP1nF$m5Yaעz!=95$= IkP":/^:DyLSP> xןY _mb 2m:"l<:DqJO*&{y`~5سTm]\|O+ +N .;4KΠE1T22%c&e\/3ד !.NiڠʝY.֢eD[|M8eS?ID=l&We:r08ڳcAU}JT'td@^cNfp`ĘZvUϥ/[I\2-Q֌!c ߰ # , R =`=jL~f/PɪySaabA%n%orV'!8} EimoGULO: 쒪C 3M!Χ?$i$]ao;+{D؟R"D <њuڴ@\ZżeLO~g 0 ^#w\$fD[$A%B"QFl>J-5ܢ7K9IQsĥqe>dg5SoTLcr ͬN__QJTUp50|,6f O#*'sPX(<|kI-2kZ),GS]@oO0peZI )%sjYǸ5j';z|gA^bku{뜸,cQ8o3+;Lsh:R MZ5g +C?×|2SrTEH.滋-"$S\|>b6d W~ 8UK)Bpln|B/4}:*6 .%d, -N%X霧_L29>B]=i#xC!ו)QGRЊSE4rY!#3w`E L#OZƯOZ0m0f3o]B,<(ft(!I c!39tCO z>Sh:9CJpG#nj=ϓdC Z={搎nBJ%|lA~4nBD\>Zۈ]2*^ڈ&S^qTmMs(̅}H{mu`Ts }9,WUnΐɭ{4ߛՃj{5)+jwXmzL/p$T.7ynҋ<2JIk'Wd|Q }}E{t:|~@p'^*}ymN3oS#] ߗG'> VnGll|9Ix=^y5Gp'K,8$UF4NW9;ArK?V:;j%[MN$ybgdϤЏ]2ΗnteV@'h$yZ\8{gm~7+禢/<ԪWt 2iAGna~,ND!¢CaG,q@ _kgxo, .nQ~CaT|R?I͂>AS"TㆄlۘG$/pU6A@1f%U(6mؽ-$ 1>N 2]s /EA]Y<*VC[zub' ;m30yG6~ֵNHa҆6(}M&7~UA(\fbt%fy.YY.\.JZ|ԣ9t:)ͤ:Y?wBANH+X0 -/iV)򲂔>+;CU/]d.1t6R[eCvyGEmdCNԪriN_ :sxAY{Hnyt7QI5dh{vu*E 0f1 ctWˁ´UΜnjȷufK4={N#Iz [pG3%Y2Hc"l ErdTk6^ =/dUH\LJHh:o%rנ*D>1W'.mMU4{7sk5"FH;zfk&Q8!v6ylo6D`P'97QE&0iD+堿ղ)@:ʵ;D']oZ6z-JW VI @ י͝2w4/7F` ,b*Q'74XLHT4ۅ8b yP=&f٦u^=_贄R̄ϋ5 qz+ WUly~Rwټ.X(ӓ+I\ 3?^~Oo/ {ٙt>.895 IX)aF5 #,>Dܧ!.,~}sGӸØHQLB]YCr~4QoQn/$|*rdÄHΗ7rUC%5{MB}Ƹ~T4Xz5X)t5KMѮl_Ms0{sb)B0~4*i^%8Xˑ%.ۚhqGYi60@^dYUXf^}MHh-t ߄$HQdvL_, FZIJNn2C.nz\hkJyS #c39wv0Pb$ńT~}F ׬(TS-t~ EE$EIɍjcjl3tE$A!*|"[ufL$*?ű,d`QE&0KZqg+ɝ2}Wd|' L^ |S1=/AG)@`}Ѱ:%nt[;gWHi;NYHد_HVo~!#G :S'sJ,=<:2e,5$1&q"p<Ov=^°Z9u8^71.Lxol#=VSE5HZ[4ԛAL"z8Q]>mb\a":Ur,?AC56~)>$DeN23FECm%^HOC2ћVݦs7!,!e,SPZf/%eZ-mw{s|O;l9eP@f^~H*,M+oTbȼIWֵF+Owf= zCv]ԽwȏK8,[M/bMFZ/(1f;? L^jU|#R?DN#Q$Ch)Q $mΣ$GcqSu+}|4?=P uBXW&:fIXީEG2KpNHC𢞲X"w͓,Έ1$|j3/9R gH8aqEFb09keVONu6jJǠqOZ&>z凖d1X%ύ=GUȒdڈѮ e^Y [{PN7Kg,bEyI%~icmq֪b4mK*fϊmZ&ݗ4oB8ؾwTtAu* |waSM`M  ow[2|BGfIAaCf#%߮FsYR.Öy/o,H؝ /9XRܰH|YL3Aۄ|6gB7]'=/l<;؛Q8 BZ&Qz[ٺHpRʍN1 _)-SH,ጡb4/‚hɒOC p5Vleh4*:ll|)P'H k!Tl[;WJI/q<};6pۅ/* iA7r H/+~H .ϭ#nOrK7 羂 ұEiL ۥp$5+/H-]&XkS^d%1)$ $!@_qTBp^1 80bI' m;G!+Zt8"_ST̨SۙRB1x콀tRm)as9O."HP5}ne<'"ň]"8 }2dIȠ`>ޛPw.#*ؔ~?7U+v--7]U<4y憳5w#9ăpQDAT(Lz?$w0T|jU8VgdʧCPe,tjGaT[,0g\KA6eTM[kBvZņۀi st)`39s%mkrNYp1 :Fslmu/ۖV7ށk4`o(rIr|D8gJ3~;5d˄P O.n[& v2`j_ESE͆ݧ%Oc2>ߑzrQSQ7L(ßWYSj\O[+c;$x}4Xnm m 0ZӬ%+3lg\nA@fth^혜wYlယ{izD=i y*#2UY^2(nt9f3[YМQnsNpOhI/2ji`a9揕YSI޷A9ng9Ã"luɅB#!M Cm5]za :Gkiam@ B]T\fc1$ȡj YK㍿fGE8ّ+}vb3զB Ot~p;AZYVYSȕ%' RgRÐћם6p*ha-]/P}\i#rg'smX2o39R[mzn@,7m@0=,YB|2аdO3:HY,Xqp`YE@x(CON-r4C z7ny!M |g0%.c)C"m#-\w%ֶ#lN =vwǨX#vd ܟEsyGm͉&t"8|[5pLi-;` _c3V5!׊zĘYJ)rAʓJ']'OM\ƢK',>X!t^;j!D#C穹t")Rh׈"0Cq}EϦWJW\Hp \W"|~@4WV`=JgoԼ ҏeu uz6yw:E#_ENP]L؍ t[x0W0=| pc5T/6HurZWr'{`nfň6g[~:}LA:/LZ h&:N <71ۨEBkg#X L#&-QC â9!Z( JMV%OUiN)gq`c~7pFA8/xE~d:Ԝm]oq]uќ/ÍF+fuev*bb.fPD@TE} $:{Sƽ83?}m k>LCjSgjIIO4P'- _"x#Ю&_L7+e֐mz' |ӵ٨:LDr):e;4B 9xd*Y-RL_--v`S{_sA?v}7I(y.ՑPPzpokIItYU=21|ֈ5b[+ɉr25r74 }tMGN]E|&&3ଢ଼< : ht|_,˃*"=buvt*3@T}|xbCwg & |5;wr8750u2ºO2Dž8}nPm\EX$"HwD(J;hGu.0QG4WuR-i"6,hJ؋|*RM,Typƅ 96&#C3LHA>^ye*`ՒfІl ~'- 3s2E{ve)7ϾyfX}H+_s>x@C 6kPEcc;JEܴx%~12KA`e(!.Wc驣g?7.9 F_ dC/'h/84Wi·.+JŔx}GRt0#$hБh6"oWݞ %T /\,22~;Si 0?FSm f (Ga(g6jhm{1ά* Y;`$09el.)F6)b~g@`KUe H 5=D}L JT(ܓ|` cf8jZF ?6?by :~V%0& L])J>' vӞfqbW`)׶R9iPl{7)Za>а,O<+6օx14MK^ʀL~&Ie_oH-WR,K&OIl)\nx6WfF Rv]%RwMlvV&uDܵ^>(O%hO7 <p6v [%%;B]\gL&Hr I&]b?菺MC~bPё?pX{CM(mTp.'93=JƩ0tdXTkw=cBUc%)cRd(Ý'f]ScEEb`I`Cm:d$iUĒkڤQ<7YAm|A[v,%7F+2*qۑ|uui e_.U[fpe_@f(XJLkQU{OEsݮ xPF-.{~yXGAB)ҩy?Sr,=j=@ᗰFgtJ/+E3Vp[Jʈ*PI|\Eۧ$SB$Rh&1PָPt,ǿ S}HP&K.)ЀWzן<#JMVz}CUbemOR`.?Drx +ָ+o6&Bka4) Y}OL6vVt^sLjWX :l6}*??CO7L6 $We_;DkΈ/ZlS<@i$~&~qW+&b.$O~zWa`It&S/c#eOpA"hdL̟x<@&1~{09i1-~ͦk@Ȫ taS]8)Bl0^|f1e V; M&YK r<Յ%2cc%7H5IxtCWG!8@ ]A.W 'r LOyv {X9JLX͌d2uHN8̈;Jz,K=Ҷi#1]8~+\‹ XvV|̚S@b2k:a2 5y$=`<$N:vppΈ-ÿ"_#GXvt~atP}QqOo>*uwdo*;}R,hAB9mO?k#+7}oikڻi-ATtdfIL,vh3zFCFW&5GBjߡrFd?BߓQIҤ⛱3e>[бtw䖰{NWչ$pY L_9 VNrJ'fLפk7mJdu Ceu]F4{.w- $g/j(z概G$ҕ?ԕ:+ZD IW0juτ÷5V;_ݼ,5{_>w sDwAO[;[ 7Àѯ.dR`:uh`ٌʑFӗ[|(L.:Q*ߢ`љܚ$; fN#c<7u 1[׫Jx⚲b8# 9:Ղ60`W]"QB_+1óͭK崅L9GAլsfR- ox곳g'doIB}&I~((!wMϧ< {٩obXzxWyV!Cxn%@}B/cX\B|7)n涌Dll#UR_jᤥ)(|H2 g?zmGlct|箸'r|8c;Z7iMX2YAF [TGd\/([0JI. \\dmtbCxͤg4h1Od*HԿx 6>3aX-mᔙZw^Syz~j<]} X)Z>iȓo-A"vKT (Ahq>ǧ2#%~f\PA\fM;glhp>um'L$6drM OZbb5΢ِMl_۝d~BGE.@&?"\HܡшAq?z ڊS-swlwI"_U2PVRX8`q!nryW *rPdl'd3:\{$;ζ.]ap5.irB*ןxװH% dӣ!9"t1||&x׆{;B^*~til͂l8MK^rs2v(4_dI͊pHK=lZlaR"6!bUYEמ'JG>$;ſ_tCa+L0} nݫ\Pi ăo21jAۧ>β4/Љ)L7cGmO02#u?P*AMX !4`:)ہHJ5wcWiv2:f&򃋦$G1ps>c|H!e(^UHe>ѪamulšX wKlH-^e?Kqͳ=쉄I CBpeZ'JȵuCGzO2kˀ8BҪhFf?ggI1!7}@K~u.&7^>j97MԊzhm%40wQ:B&^bua*q=(pv 8G#rZ\%z`cŊ884WJR|:d:Ոġp=V~g/"լ%şqI1^<αP9*3}hhcH֖֦cA ؜&_[Тd-*bTU\-ˉ#\2UEl}D y)%OdbÎM~bP *\*}p(C鿣;MiW"c"CWZDFy, Ԟnx Kj5*e WΝ(gSyUq c8$6#љlizY8l$m %]Lc_5,0\5\#rb)C~E{ B;L#m@ϚǷeLt_&nVU0RPqЛSU8^;+QL$*ASH2N*FWC 1Y>U_5ԣ5.{l<ʆ{rz͹hpo8@#ĢِXDI 1So߱?=ui?5S^nw @M~TWG0D3^tGf;̠%5RSj4̷'[F(x!ymsAL:GRV \}`LmOr(U.4") jRJ2nXL"I?;5ž.\|#33]N=19+Ġ[@6fe%ۖ؆lnX u Vc~cv?2!p(]Dh7Fc~0/= l"/D[9X*u][upǔ üCYi!ڝg S%OԲ#dE/K#a;o}̩xn1"(GE(]3kc7gLvk /ȦP{Ǵ{_S;*a|#:̠!*Ic .I =-` %sI@)$z =vե9,gu@5^a}B᪯~9{$@ L (e\Nd:(yg&H8lޟtCOIGeh)=wO28(0m>r+jC V^.}Wb(ZiGh^b=j-}'iU[2KEF˪JыIASQ3]2RLG%,jW?o@k>Z2DT҇)l`B!$ᗶEj3by&b55G.)Y+T|窾xϖn=[PJr> \In3lU^:ۓ˔(ՙ7ڧ76IW wiH8*f H9 ."[K?1U|wd (!Ի&B{~L]FU[{Y=Ɗ\;Ap!-vz.4tdK |#4Q1ȲEǡ'`sRѵ!Ynp)?n>ax5D)I,AjHȤjg5A3>ع 6@;7ӎ`J1C迟?vOt˴+124yޯ/}T@Q۫m|O{2'E}>L>ŏ /. βBɠ4[P- d>2*^@Lc^{l>_IT9,lj2w\- I̞GyW1/,ٮD7lD({Iͳ N MUvp+O9QFS%)UNՏ|~67ӃݕV ~N/\o\+IqTS^7X"%̈eshbUh]E;chġ]/8 VŇWv's;.u^`[KCWvXa2NҬ#y2p$b&wExo!R__=Shd 꽍7Byon57sBRĦ.Nv#;(MdΆhFcX3l3niIl&(553$vQc}ݖh"Boqh-ۤglqCʦVNjtu(ۤ;|rs} 1a使ȝ0^|X ݞBQ f{yLcԣ-438C`B+={ELr*{ HfyMtQT@͒!AZf]uC0݃ՙ e,]j/s}7iRVz0O{#^_r\M ǫ_~)k蠖 _H;Zb͉uUDuoxqDP_t{1苼cm;Og3@RD*SSV~&3~Bw ݋unBoBxWCƵ,ǒd2jd16I <=\ŒyO舢&ԕڵ3 N41Fr 4p y(ydDTb͢.=+uaU8$Y@]r(=`Uu馀9=$A lղȜhFBIc6ߵ \q$&ƼYG)t@ZzesCqtl1?4.!i~:IN2cxǸ:lOMev@7Î}[1 a(F}tљLgwJhV| f)xH"|0ɵVͧ%8#w|o'6Ts}GOə_|Dv9 p`#l'w+5KMmF{b1n0,M80SZ ڷ L |%:pmsC=hzfGE1cmքN$ ]-A'IX"{ uLiUϝ{˺uuU_gÁf({P6_xu OHqgG ߛT!)l9qIk^s)+p 50^ TlQb*'L$⽴!ameMEuM\}eFh<:rSaQfօZƽKpoos <[8Ap`q袘Cci}PBrmX𕨰gqL^DT[%|efuT4W%<>@8_^%Ջ={m#*X"2DfG\ _9Zc9~(k߾CDd4)U@Zk Kneƾs+ۣJ)Q,Pb-q6d; ?_@ eIL1wŻ}SN/ k7C7? y/%yWe`H)ǂV/}Ϸ;+-҆ p. h^,5߹mLzJq]m8KyMBw,.7;v7o2Vp_rn#(Jiث\~t-9 7㡣56.[w M0,{ ".`a(+|qs !'-òte77"sfß6>ы|Ho@BMYUǔ5@_XۯuA8%=SB!I``< cצ9=zGo%z^hv5%a“3jm_Nϩ .mHU bD0J19l`m`tJ7m&K g5g%#hRTFIC)晢Hѓ`m_bp/TEnc2G}};n\0H :XHY?W+1IT3CCP>tF=",$=U VaD)&\ӇC]vM-a z?ϭ_~M!H(AmD KѶz2ƽ0䋉Eqtyјͤ`=l|7Uզ>XGWZq@Q%-ylO85WHJ9OBo<%F.R Y<>1Žq%̱tvydtw]Jf:g$Hk);w#;޳t|*~x A{3maF=*Im7DP\*)]nSkc^ h"8Gw/ HhpɈ[~Qmz2C4}JpɒU/1ׄ^ERNlϔ7HU#"ʈm7)])F%!Mt$MiRƛ%}6_ୋQUǷ9ZiwiCF4N aBo֎I<7"g3y1*XN [V[Cv&?X}  FX]_~ia2ear8ڢi?>!;l7!S@3[A6P5 ez~lDڨR#b`GcժZ*P8]_g6~fDIN]3xM҂j~="/׫+n]>(7bdRrޘG"xanD_قBn%BB32[+l xߍrٽSB=AbVPԜe)Q0!%fog):T/u}0yX-> Z`モ*qg~Pqv 0|d^ª]`,:V,'>a,.jy>:v+ _w~"ua,R5%a 肆:Fż$Ȍll> )`u5@R)4(x~lsȻy JE*ZTo蝡;t$O~3n O|n~q3~kۈixbn!`pS95*۩B?aIvs'T:;ϽL~QaP9Xfh!^AmMt|ODR: DgsZDWdee]g 7;5:0[\K6ؗ3L=G~ƒ64ғ8$)JhZ2]9c] zY堹5Mop^q1[ /-)?/v\O/Q+&fi͞쐾6X#;@ ){_jK`5[ˮ)*_%"p^ewVTrZut߲`gwUC}rh !=G|Q 9^כk=WP"BЍuqU].)X= yza-tșY7-X=|4s^}N/I'% J5g{75I ~̓J&:Q;;Đ%lvZ%9n%+`!  ӽ2x\8LZ\< S_*~M,C6ίkv"UԔyr| Ĵo7ZY*@: СЍN {u_T%P2űO8N9^?V}(MD%hE5Ę2cl|VA Mt]0xd8eϠkz@3-dFG"_:eZ۰U5F!k"@խ8b ne2dƦ!ahdM1)bhM}?d0}D!ȹ+ƩFl B}?B 8gdI S-Fj ȡf(PL9N6{3)db2lw lzN烒z)x̀:YyUE>qe@c)u#ׁ5M\a$@(=[3ikL? ޢ?@i\ѰbW8t 1zݚ%7^a)cXIOD+N2ժul*_#2:țI-,f#L\8Eipk{_wr\u_6 m I꺂}/2;0g:nR|pMq(Eúٖu솩opaf2 fҽQ^Dt~nU=kAV9䯫:0Pi6MoG& fYҜ$eHqi=_zG)_Y` D>E彳J:4y|." 1) 38W]"'7!^z?^LDWJD١!➊t .®O1c<Xn9d=M@l*K/x  tw]3y gRIAt2+A;#2Ut)H5#iέ$-t5*ONľӈ|d9nyJ0c kٮ` `Mʢ t50;r ߶]ZWe8|X <]-%+H*Dz)ғ0& \<^3j4}ÕQce|HA43YүMЇ T ujG04u4Veܨ.|??*]{Q퀓lvjr#)ڛ9etׄzQ'nIH,I ~9LM4Ҭ Ţ4c57,U<B7" o@!bp=]5C9AK\FHFNCW~{%>FQaۢ4m,j$/6Hkl j!)2 =Hӡz7 |x6,7&,='Tryg1$~y_d9mXlLh?n̖^o䮄dpm]"U[Ҫ}Nۈ vBhXwv[ @#SLdf_\|Ho4|\晄*Yf{G= i,'}g4#-}q=! O$˃@yPW&vѴmCsЙ g[-h??.q=hЦίF[*ҟr@f%tnfWũq;6ہh!ŭ^jV*J9k;J[+ 34e51.mPo }M=#oWɲ9ȃ8F{MӒ'҅b"=M'|})H -#ܹ)ȴk_4[5{@:IyߕSyYԫ.fZ )Ir[|i"2d䖰܏6w`R8F*MmM{ݴ|;ww ^r(H`壘<|o?qyl 7Wi%;v6,j I2h&*NNXKgSaˢdzb(fpoR $ȼ*;Gw> *B_e K|t]I[ Q#{t_埬zF|m{Qr,_C!XnE<#UpAmhdo=(ޠZrZᤐ4f1.Ma0fc` KBu }e~ jgO1꽆yL3G L %p`jF ܈e - bk#@!*2NK+* 9rmcj" }J`1S ǓwH b^x7 o(3K&z"PbbG?a(GS %Cu'8gu䵶~L>Sވ>UA%E^;'{ 8ܲ߳`7^$<CXY"zWgY!%ndrN}Iʓ#`/O[@G= 'vp?vUCLs2\qgǶXC١ ;8crd 7*TXzoεN 6)lTC״Y:a@bJr^OU.2 -|;vx-Dݼ# S͒}<ưeǝfiFmcVI6vUN?*요t6˨P3"Rƶ{*Wד dMGŰRR ~/ Z^X \2MsD@V!O2ѿVzmL'}iC]KEGZԀ Vy0,Sv~@l38hWb[+ܗ<fՖ.F#j%Q1g߱j?ЄtF㭀 >@,GL~c<^5R4fHS=~q@MfSc1ZeP$(khValKq~fN٠of1A"4Yic9 HrHk^V2_ s]8UR4^yǏ S۝me6H BI̙N(pEb^RAe.I`p"[If:V+oc6&% ahqw"zeFX0>"TYQj,\ܥ,XPsRbjX$%Cs7= gtֹx:VZBd 086ޓ\ʲ2*h?d9|χ4O/eWxQ$.g.79LJ?R @ss#q́牙Vc_(͇؂cQ\n Pfpaٗ@+Be "|Ы{y|~tz2f%50 wi9b`n]m&?6"FB;ߜh"0 󩂂։lCI[2LHԏ#0?b>H ;؉܍Cˍ# !Fp2G4oATXg4F|4|>/圍HSЩ&%{kkC&] v[ eDN:޺KHwnrF؝]b\'UXra5jPn|@y m5>QXFYnJ3 HVJ֍lwB-R?o]8uAk؀IR Xn-껐I!k:Zee dYQ3T: th xΊB\,͵B h?h|CDkZ_˾@fYg,޺I_Ɩo\Jk;y c%A: _Oi'{)28ͺmG7vaM.#ݺhϷR9V# ׭ S'2plф>~Y1ژbGDۃYufr6qlYYxc0!@8=A6vkJ }E 0\+=އ @TdA+p\슉֩K|gnDpDPk؟o*Aǝ6=kJ̘i'$kz~+)H:;$lg^bWnnwr!/&xa6ׯf;~bvhBVJR'%T=ґ_BCu?hZu y-u>I[p:J+/ 7ꝷb^|wXx5coT Rk(-.+GJU~AB$3nƺ T;7{$qBOZJMŏhiagH;G)g\ui ! Rի(6ɶV{l[8CPl.,Eu9/GXr[V7YECײfP874f%{l|f5 E$"d3v`SToS|)p5E"LbI, +5/.9DDSFڀ>pA`[>=߀X VίTt냽{?VonNINMZiRcuS-gU "JGp h-yx'I-K2 *ѲU|6bk;@dd0\?s"UYt?}Mcɩ1ga+̳ TM7ҙ=&ZlrqȐz{꿸t oеMu@2=t+Dw H cQՉ'Ubv mX\ycHD8?>0KBp; }$,~{./xiӡ2I3+qw25Q=wRJ!vK.Њ`lg)yV*FW^!x9esѝoOAF4=K~:ӖS 7'v PPfb?q{ͶP ?^zWŽ]=l0g8#1.=$"7YT_n<Ć ܄DכMZM)s~HD43+d~`A|9D-<쮂9zz )]. AP*01gpiڲ:nU"TUux-kW@̤){6* 8;LNfyc$ _E 5&m=}& 2˒dV \]OB__?U;q?'E8kBDp&k!Cu8^~_`ldcDd_Hrv"\C ,1{l-m^oȈn2kxPD.xKKC[d_1F34#jp*vA1W:'JwøO]|E%=y [ kSn';[a`xWF^xI@9) VU9umׂA=QiHIW'ޟ3!lCUU9>6 S`IS31[C2Kf􅴧l-z]ܨOBD\©|TSH!rZF'2ULh!NR0lk<;s<ͨѾBJ6H3ߺ a%eU|:~m{(zn$-'^~~pA[%e =6H Y ódknޠc9o/~!cBԷy';"p/`jP(Pʨ[Vg9yg6x2hk>0w*`&)^h_t:DrT`61 p" T u6u3W,XL/6S7[_ ]s VL.Cg %7̺=ACe<2~IKnYkƸbwvenL!>'o~,8ɶ61:sF` dj =|1ӧu:IfI›R}(=+X| k/ ,LHI!w{@sT/S8ܹ@{0Oo0~ @cOFd803{3Ad_u{SLį`͵ǚ nZ6tPmnnHlx¥Dz#76zݨʻy|@[N`"[&]`*};Z (jj?jtFL*ݞڙ!y$1}+w C<&)|]/:RFNUl&5AFr ƒF)YA& znf^Y:%}9V?zRsT9FWKy]I Q;dx̄@-S;qCb838t kP 式% ޔFڀ1nl=@I{:3ݴB9ͬ(r`ldc2/\'=aI7T5OM8)rtwL$?E$Wf{lt\Z׸?\:wpLn:4EOKݴoWQ`֎Jzf."a&UOr'*ibgz 0nz䳰%va_,n/A'id@zAu?1F;U_3Lgڬ夛6m Zɍcf! wʍ]zK!?5|aԌ3y;i ܀ޔ^w-i~ &k ;G8j]]@pzB[:Ӱ) wGd/os⬎5mC@}r!/נ|5NxyOQ6&^* Qb08oa!y6mˤ&S/`1_-]\QH(4p2ѱVv0=F85,t{FȜ Ʒ:$P2_7f#pUtD5U?7Q0f =Jŕȿőܒ>8@ճO~r4.V]ym-eػS)ag-^iys*h679Ȫj+d~3PBI+jST]PɈUk$oo~Y_ qT/W?f/fT= 0ǂZli}@uĜ= ='85fcgh ґh. 甲A(ڞ!t!}t: uHE.69b_, #N>` =hE2Y|u"z\Ŏ=:z F{/AF6ʌtMiPj y,3e17Cސ#c?( ˢ 7(sQ6C TBNW2u"$X4!.w dаX㛶CG}sGq2bZäB/뻨r e u}X3i"VS7.qS؎uwx+QT#Yjd?S}: -d ,^pKt2Wy]A@Fm0y쓃~E8mgAGft>6T0%k0 R]0! r~؄J{4?JNè6D:x!Īpt—ko4xE|Hz.Ry@;6voe9L3a gZkaxJX5:]bLb5gL:T3cU㼧1RJC5>4IvqahqRW:XҗB3$y+^ ,e[_DFg8^il,4szu%|o vXI6)̫~y֫Yq[q.jODgK♖%6.]aJ!!s=8B%ÐF^ӪƟ 5_8mM_ez Jjst%z.!> tMGh PDe4G aS0ܪVUf-)F­vQJ/m7Kqpv!wAUo://!UAغɌ;jeRsBGbOz?[]^4 @xcK7w[q_Mg"9Nsؼn]_Aei@oR BNwk7,K'[zD?FmTr"őD"o4Ei<3d|:-,B)q3̴xGIT_^c 5 :{<حUٶW1\s%&oVK(ΈB6b^VΫ-QZHyt=x)SL|ye`qGCu DC;lemJ_e@j2)a_ajʼn󊕣bb)d55--- kj(BƁ a:AɖR%n x%ɔ^qiwtSB/H(%{M͵[mZئǟ7jQ (ei*~zg\~_l`5%gObpzknuP˱$wӤi ﻹ<'AS"G^I<֯łbVzY` R)y@]"ؠy)Y̿q_-Aw,ĹIISME֦Ϟ 2X2M(!ymJ4F3&IsʁDuIeOc$>R?_Ĭ_LRI;Sc/;0z V=poƌ%hT*` H  P5`ocpt:sUdhEN8QuO~c g$Ԭo66;bYLlj7)5%Әe3Zˑa\ f89lVS5*X?l$0bS տ>3I[,ȗxa|)R.Hlf0:ٶ\pv" v݁ň/_W@>TF7;N|eށ5>SrYB5Fꃱ6;\qFiD]nYD " 1@kR}.~EʃpƓYxgznU9 1_X-|!~6k;sG$g4"pP0$P~;7p hc@&|Ixp"" %y}bI"1HCcAԟΣ<<<@$mp%B<,UG>u݂S g@]##("V;əu^v_=V^yOvV] ja{K c1SL{ !>C{%y+9u#3u< 1{v}2u(' ;$8I\kQ`rEb6'P۔.->T#Wh:H8ӝ8VV+ ʵ ޚ,Ud7NN_//h+OY*MwLKكbDo@qjQ3xyX66|c WuW↪xg[hٓLG>o_4Cb ,jPkw]}Xr &g7-U&&,Z|}]Үс:r9[bzǗ`FíruO~W؟'+?:YHjVzr0^d/<λRmGt hM` 4P|o)Tryx#d;VTek x܌IƐ s 0v}2d-TRiܐ2e:.?/1L+r!/эͷ {9}"="V؊Y]7=6s" * ,sq? ϐJ\mxs󙇏+l/avX'7φM5BKL,Pe@R|@G1ii=³g*:@x|%&xjFEr4Lrgfeɯ"$L[K?!ekL~8Yp.wx~:͠-[ո?/5(GNR[N,@71:>QaV ~M"#:b}btO:R"MU`Wpev"WlIFvB>j&S3bdĮ(%ҦsVi669 E?Nf_!`CԲ&c.?/0OQgM.O 'ڞu8*xu-pȾ]BSu $osO"f^$ {lrɑ}.HQvh\딱Cv0v 2-;ʪ2]W$;﹄pzDJZۺ)2ˉ8bpŭxw9Om?6Y.+ .f"0Bbي}ÝTV_Љ:T"HN釣Id<]og#,"9/|ۨH^vG*8$(ţZ蠮\L#531Jf2:Gk h] /$э,L\\ {]ym,2ir8Q*7H#rUeѕ /#`8 \守T@m6Ts,g>0;` 4u0|d Bh0~'H΄[L=,9\ $TqQ+]YSyKQ@2kPZ*~ P!p?N!547Gɚ6mV7Re|PI|uHc!_uFSޅX<ۥN̩ nS퍓4GE6W^f9cPZv<ㇿ鑬"#. Yth,~dh)È'c@!3 l=]ynty<&l?"Xo߹",%>x]"WOtȄt.xƽ}|6(xjU䇵O=5G coNgs[-8NPh QYWwsE\{aq[Z?NlL)05q>hHz/We[STFS}_FwTZhnIr2ڄ-ɢށQF<$-ܬ&1"{ Φ n_>6MrT);:7% ȉ}iRPa3 #2՗W߶ ?*bC_5߉T{dV)kUYɴ|9?^[1\dW팭Ǔ ґU1`gD )5 88ڒ`N!u:mFtNM45-5p{!0!<ͯBPGsZ qʉp -do'n10Mş7n*#]hӗ<̡gfc<)GU)'|y^9201|}Sc?0sAq :NR%l@c3n+Nly J$͗8Mn:Aǎ&N Ml3X hJbP2-3c?;kqd#\QӒUw|gO04xK\hԍ.sص_b CBRVQ#ϧ@k@ P4lͫO QBX 2Ĕ*%68y!JܰZDfNI1C7w0ɍJV:"@'lr#54/U5d 4QlUèu)I!XBB^; |֠&HFl17iUV]˅qp-ݰ')Ȅ5ƉL#ޮt<(ڏh:[OsmQ?#]c!d*ͻyV2D +ϖ(8Wb?ݯ9[a2FWEe ;+e HBpReOcKtߡO:ǜ3^ 1<7Ҁ,TT =-IG.@H3&y92jK$Ud J'8J]Xva#P+o Uhe!,mo(uⰐ\i7K>,/,7x"\A*xSŶJXeD90 OsZ 3Vg^d/v0YCvsvT1(9緋YB0#;~*P(pKaK'%J~8[4`X`8\~Ƥ؜ kʒ,kطfa=V"21qe\(ntZxF a#.5#ͯPOfl&brLAH0xĦÊ[$/83^YXponV(hb1Ns/ ,U0zMŠMg>`]PNyIXq0&r𓷥:$@$׻2PA w g4$΄l1 $?8y6eNG UҭfE?G(ϿvWC.N5G(Z@$Ұ[}Tb#*U`a0¨Vc$y P2 H>Cn>AuObLp(~szX>M]R*/qT|f&tj@7IJ!e PnһTa{%W+)Be_ 0?E8ms.byۖde6ЫN 6OGHD[b?Tضr*K㉇x*)E"kފpk }yҕ %h6!D;ٿ>Q#Vo(f*ûWh%m7"RuZh~i#z] (SjQN1T̞kRZ&=G.B;ZܲYT[?ӆᯊ>ɤJ-v[WOn{'P.;\v\UPyxmMOH{.+Da{66ÙbWXT? (֝5\ lEѰ58o4 Y'naB5L8mpi_*Nj=ӠVȳBGtUH@M:= At9xtlxRվf *0<>I_ruuP{^4WKF\FTV5zHp ޳~\PX0U~ޕ*B2wGN?AaDІ g-}ML1Uºh"u3GTb-i\2<њKWGًw#o+\B~Xl"tn4^(FL/8>3MV"oVM0=]l# p9Rț*=8ڼ)h-RQGg4{͙ϻocLewo"b_҆4;>1NBdmJ9Ԓ}ވ^L^űOQ/tZI.|wl[ؤ J:YǧMKcKE6#7cCBTY'P%fdN3p"_;&Rg:RQޥuɢ}AՓLd`"Zg{2\P[^Lm8 a`U}2I1OB.:7hU{XRa_I8\UvIB" 'zX/^׭Jd :bxP6B]`y^}')i;V2ɤ_ޑnzi&VbK ۉ2;klB.F # s@Ӓ}ֺا5Ob_2O)mF ^/ B%I,blDg!Td |Rx*!p+Kӧ$\"cF{?q‰}~<T Ca;w">{Т< 0}~eW=+ jbh(\\,q/I+oQޗ Iƭ.Tq틞Lbaa@:L}P?C2 ԀO){gj@V_u~k1ޙ~(:Hd*ӑ%3Ҳ'3W }jӳk6$O8'Ąe {/ c ֦˙ۙ5 bfkihX"\Ef& ,aP=q [RʧZ*v0>dxqɬ6PBpo; /VuI<{r v@ @~13\;vL9 (aiah}>F*hJeu w ;˗@>PwCI9mBGq{kzva*I! Q3 \ @Я5f`>¢eaq^x0} FBd{}01$'S;'kCt{0"ImգXa8&(1?7nv02iCzUܐ$ ]#dfP\V&V _ ޼30\ጝ<+$ήJgp<_dc`/spa( LCkh`듄f59NEy[hws( J /y.½cYQ0Fuˋvӵ uº/}J *'6G/ep >_JbwB 0vbbuJ_3ж"\VAҁm^wSo:.2 cOӈR,o$AGYm$+\PCm_9BZPebzg.g(C㠽 [ 8% s'YΖ q f@53az\4a8zX \d/-}<,lt%/-x w/ȵ*i@@Qe',3 L/V8wB`V#Jg@EBDŽk&E7)C*Aeg_OGdTW*1%Q]J\Ϡ)P4$qsU2`lѨb/Dydk=i$ޗHxo&'ίKHBOYC,PpxݳZ;\qȼ!3]0b2^WXUWѾ;faʿBsce\p<={也Yx郥K/}~w3^]d#49ӾIFD*7ʔ;Y3lºƑA&4*!Փj򻨓?@H>ZI˱4hе6LCK_&r -_~LJ"Yn/Ϙez`qJZ3~h3mcy}M6Б>Ij 4A%+8c6PU"w^ۧZð9{@JRKP:B5É5ICn%.'Gyp'_wu!X";3 sccJM=I+_.r us`ҳsiڭn14<i*6EV="(KفJ#~IشZpJ `j=4;:-iz:kh7(ө&D4@zzgJ'Ւҧ_*\1%l#[BW DQli :(&:_K ֣cB#k`i6QreJ7jH}tށjb.KkX55c vF*9ݎ[g ?< sؕ?<LMʠ|F4T/6tmC.k)m$ |C#Q DSyER jp, v9IaJpQ㙏k̆n]d* V$vDHH^Gβ{w9?|X%yd?tZ(;qͱA/jl.Ud|Vjx\LpSM z灭מ*,YΉu܆bkW-}nӨZHz5 Yr7\Su q#}&K{"d&ݴv,*#l-TLQm;jjm\P聆aLO"&Nzv@N/ ­jFǎ.gZT|BUESIFe7 GM{[D_qTym,pַ.L=~46/)t߃l3YH9dle;]c<{}qgpݘ9q"Fϻ{>]m+4WC"tJ_(r[@T-BEFKfRF#^ڨ4]mH}.Q0?@m;H 9(Z`sY"L3SILdH&iu7a*>F{W(š|QY;S}<r fOż_&n+ <9vj;Fy.D`ֽ^s$GJؤqx۔Se3z簥l{4>A,(jNl3p0x_c@l 3qZ?o&p+K>d+;FikM0u S?ТW]3 ^Ce GxPIz]?Qڡ5 MF: ^PK ?wz?RN'~:2C7{׿Vn{Y+ :DqԬ)9tW7*'‹n{%KO M!JN<ß55_Υ+6gY%XQn!x0ξ>v E}X{w%UwJ,ž8؂"BK \3">38Ǒ:OU Xc u8R}Z&UsOtW,K0 V#dp<4e̽ǚ[.S-EC*El^J;.h?-L#cYgPMp\ wǑ_֕ jƠ W k蔾8j_X% ⯶Og1@D54ZK` =C`u2@Ȱ.$OT K+'¶K<'Jͧ#uQ?`IܔψY[Y^6D+$Lc6Zt=SJ4F5g |NpžzPr?4ϻcG;t%h.@k@n#g9OR{Eu=s:&/0N%W`*,IٱfQ@N(,RhOץׂkŴrb{3.CĄ7$g:KzjV}3U@W }u'a < {OVI7XGBg&MG6ߛU.R&חc t(+ L<ؘ̳WLa-ʜfv?ʛ9)z-%r"~"lޘnzCL`F?ЦluXy6_Gdl]KD@qkWy"7S,7T#_p~:Ijm&W0 M[jHGsH%8m LWX%䙓oΔF%&}7 ρߧ NXr[\ )UXN}.hA"! f{/-0:U%KLO8XCooR^9o7W)>ƴ\6A-cVzAV0 `^t ZUei7Ԛ@'wK25\&` HN8MXgf]#}*gyGCfY:z"U4'eWZkZFRb G%c2G0PM|bHJ<})'t[Y+į?;\_S:{c׎a OxBr]gO D;r ؝ư zGΖ+[207EP+{Sv&i0M qfQkKN3[Sdc[R':ٯ!i%nM[?H,zn|R;:NJd` Jz5XTh40,yMc{ fJD*T3c]7ekjk%JҗFNZK]+JZ]vLJr`" GP}G݋a+l'b 1 r^;kb|5!!ʥѶy}p=|4l:h&xЫ\|W_g>_2Uh{co#^HQ~~f$s_ȘS4O((Vf< b0"rh2ٜ́prܠT.C2gvgS2 Vxd͘7,(Zj CKl1G_\`$j8T)A/9Xa4|Ǐv] N^͉J^r5ЊM܃ZnPvJ%~V$׉_[t U[Qo(|P2a d̞N}FU{ \WfY۹w kY`(w[߀Xe>n /zhGsC=StR>lЋ SeDS3H;NWQ°JocB! JsHfi" ^ih;Wnaە2* @T}K^ʸ"82MJ"d,s&$n!\A I[mԁv/R/Dw xk-&=}:T1Ӓӧ.8A {vFpkwWZI-Zc#̠ 88HS3`q~4X5w;+nQ&fSn]U"Iz1&bl.=BEs.Yjo@ٲৱ{ dJ6xA}m+߰hC}!~Q޿"jMi `:F+)^9-p_hdeYMoY4BCVC #wE (GBM+ohdu4U̱J+=!zk`F\mX@αB1M? |p{\-(Vb[@u u*4[R<[ x 4p>.Am4IZGtQvfOk.Lu!xW=o5Qb‰SqDGŤh`>܈t0`6rϜmO˷B$OfMU!.L))sq~(^X.r'ʶ9(.ɛIvB#յ @f ,N1bw+v&gyReQin̷"({,i;h]P:]BNڠ2]rF'>_* n510hhu&0Ψh20dheqڊ3-m1n%L0;0jy? hd{}5у dc!pv &H*цөX%hb2pۣbDE!6\ iS/I:O1w]R]L M$ҙC(W5=d߳WM4g Hs W|DCњ^s7E."wr~B7a*YţtS S)xќZ|tN}~[iMww^Vd2  ("8V&z]6m8ln3dTZ Oho,IyTsoB&KKyHZr'%h;1BQ@(L,5>t0\sG#nq~ OHߐv/>^"bKU<* Ȍr Q;B쨇+4,sWq1^!m횪Ųk'clMx]Ρ$$v y\Ȕr bt}፽' ]gq8{I.#bw Y(V\b6aGڠ)˩E⹂ RP7;cSBAR2i +IV˫aj)^l<ѦQm첟bU?}q$5WAfo 9_W24 (N[[-Ŋ׹AUqd^(JN؊b@5!bR gJ֪B$G]A*$ D"p΅؇zKiZk%{AZ3?,Jmdq dP'_  YzXڎ4wH4? go߼sH ""w ʯIzh8 q^vfò X}ևXy40rc'!5T3EpqʹsN. 3DKm94N?K']_B'~N#89*ϻ&&xJyL69wZOw11Q+ɀ;TwA&أD8|ʵ. 'w E0`u( =l r8UZ5S( 尤%נoraNuxE'DݢHWԝ$b$ܰf3̝eBtPD ,N pkͭuy4# t6 a*FU[%ѡλA%ܯߩMj,(:%.s/1@",^Anh̿A2^R|ڞJ<3xڲ{;K+peZd@G+q*gaH8ϔcZ!_ĠEЫQmܗ*=WDo]@;vZLƍDfzt7 )j튴z'äaa- r$1&,3n ho'v2RpbUXoE0>r2&()TE=qs>?d"K7Ģ(' %V. %Q,~0IH~B'U?ۯh [b02Axv6% .'Gtn 27~;Γh '[idD>yMi4a&R@l(_Ztk$ /+l+FA&ܛtMb5[ea1[E8XI=$6f)<f{W$ Z渠d5tfC<%ܿa݋/5c )h(>FUL6-{ d*>Z2HWv+CΤu.hi(7LP&waBydE avʩH v(\ǖ3{ c DQg󐢲su2U7 ES?>r;MP/æ0sr)\C]鶴S$}j?HU':R2|CYy IY.v3׻B tYa7Jb (! Y+ eR~ sw `u/\ӆZ1}ˉ(U.::^>鴉 n.8ok~xGL5{q1;DT_Z湵dCiv"w|j9Ȓ\e6+y a:d̫y"U6YU g)qp44ꀐ>ۆEB9xWu>`pn&OTGUvsp"(1$C]Fml5z 0Y џB4kK?pﴠ;+ <)$>8są[H'ڒX@HoA{LHV5KwXJ) 1#i\ozjIM#y<$u!ĘZ0BG1ȌΨ'ۄyCkYxΧlѢ ~ qOZ(^?vb< _J:Ks[}~&i &/FoHV^1pPߧn\¦d>מve75XwbNJX _YpK9{con:L&7Gpr' m]V wa59=[Q,m|ߩ'NkఄG"KK S2)A,Fn^֌\4MG-=s=4*/LvN8|~^}B:kxI,DE߉7gS$Ӡ ^,ϓz& +U"'4LގNNO\kshh5ڢbDu\VF// 0X,%TRoAe-`*{˂9o֢ɉqbqXjPt+U/W"[24a ֟ o]u<3`e_so\vР.SDp}D:o^2-:%<$?]!{cI[G~|2pA:\yW]PfM'9}3 5![7=Ye>cݛ̭:h[]I4 )݀-&!Cue]nY7Rclc&u/q\+4=1YP{2F2bA buՆ;8t\g8y [ QR EGԲ U;]m'S`@̣7n3X+8xj}L$Sm^ y'$H> J/j;&7yXhԕk3)[8(nҗnҠCggPoZ6Н g8xp YЁm j5`ޏeB|Ђ;}S(럞Z#7jhOu'*BoJ^#8000xD+Y"z[(}_jY$1WJɯ㒹Df A@~@:$VK5Pݸe7Eį@".$j\^y-DOy6ae?Nq Iv;|rl 5q$VwuRɱ ZP*IݐzA .&%O8+V)gƩ6kĩIpMcS O?`CP & B fO.5jԋB<; l d.T(,Xg:A=G ]}J<þ*@ccs-yQGSIzb0igCxa2a ILwcn\̮[.OijڝFV6Tyk(=uw͊#<8kdY9hN3ZY"(8]K|!08a!PdijuF9=Lt.vfwbwJH2|!]^P]d`Q,ڡ[ Y*:yDmo Ѹ2]H8paLnqy_rs4#C,(fa9w3PlΦk|ҾK$LzLީY.DY1(^-2cvMP*&t`#γqޅYz>Q{BQz QFYD%hڣf[-]]]++g+@zdV  24Em9`oO@jB&Z|rH AKr֩H#?5TWnNd@v忝9; `QmotKAT0o B7y @`m.O$+&tIPY**0sK .ڷju2&`WYQ.ؘ\X j+84Eljb,]8AxH6OW{X/#gE 5W׌͍F_elHҐ|39s>//6(a$L#l!S8%(DHJ1|b"0nO\p1.pK'f9-1|DQܩCA l Vtj08rBIxo'dcR9jAa>sl[~u$8de Aug*%R.ʟى>#_uL vBK |{v!\ r :J͊ZBŷG6&&-蕖9t);fGyW"-D%AT= 2OAN@Dt| ,ogi5&ELO?ת>MFk!!Id3鋃Ka p0Bp/TI.nގw+{#Cݟ;J[lGpLQ65ۋxi9BN1md}Ua>aσA[B5 XC^t>X)&qϲz1jEr8l3r7v;L_:4O0ڹ0(Mt2 V|[xD%wDˇY*m:t]u5̓Mkg: ' 1tDÀǍ=6 uKX(f'ئE;Nε+.Y9x +jbHIA:ҝ>,fK9)j~He'4"˷.^苹[ղ+#ԄĶ ݍӰ wNeG3k>mV3Lw$[:̰jZ 8cY+vTR_YnQ~`+uy c&@ZM6:Z9 j5Q^Rl9;O# "n-(AV%;=h4Ry(~<G,@'%naX&6JIiJCSӪyK@ּZ$^ʩjc=Elp Xau+-i+_tS"J_^t{y.$OÉuȶ<&YB%;ju@3◰'%ZDFy/Z8/ H,FQUOn`ކ 3Kb%4aMȐ@n<ޤ/'C<&.Į9Å-`\ |fZl*s67q n |2Xuu/[mڭ$ZPήHe7j 8p@xp/ tFlS ^XϋNpש20Eк,xMfAs[U- Yz XuOX7{.q"h1/vr4m*x!`F\ƋliV,.t;OXW(b$vXN5 ~Z#r|G6̶W[@Qx5(s.pӌzΊ)\nF^k۝!2m1:#*kô 8g('[䌒Mi-v[ωN:H#}*L}A >RәdgrO`\n\HLu\7]@KR.Z|V)vNC~AdύZl .R]T'7Ѿ%Nxùw.&KJ#pM q ?e󚱈.6xbyc)xh͈KJ#$6\O=2=c#Ih8>܇z^@>,Zv{gǷL*nClI6(%܈$C*G(F-3{I\Rx7,uj.GV}=;(B| jNyo/E{5٩e,ҍʼn'= "ua^%>Ûe8s !]cN!]Ysu*ۅNhmvB׉.@Mxmiے4ݺͮT!- [0|v||.䁆=KL"]LD*K\5%;ob{Y#aCO+i`rhN ,yK _`7x<*v6M0?Ɏް%BF<:&fY!=[E μB~N/b{@ٜch`|:K YuέKޅpJҙn(<-3Ԣ9G 'W24!t5P)WxZ _)cKHo 1|EBS4]=+ OD_CD̟ϔO܄g!+GAǢZpnǙ'|ϜVblKJRYl6}8fQ>#">y|.io;~qb0>ӳ d)| QALK\ɤP*}I8}nRv6v&ʴ-˿BZ#M~9`R~4l iâ#y+DZ8<;x63g-`vw ڶ촚D=DŜYÀcfC"]bKxgU.k /0b.u=K4NgV5]XxXs IJ&#'Š4to`l SQ'y5$c6)e݂vn!u;ul/tI~ةjㄷ!*=)kYl,9=zz8]:_t>z٬jQN<ٚ0S;|g1ɤgW '1 [uiYЃw}:Bi $^$KF1i;GzM`>*r׋p]eT[/ٳƺANd#bX{l]FY : Z>g7ïgX+Lލ`l7N𒎅;p$ GnTL·iW vS[@\-*d$h6SXlb%}5U:Z\ވm !#MW,,j_98}Q=Ԣ 3dO[RZp@#jӵr+S-.2q4mxk+N}ieVHeNN6{SkUPR<+{; b-qis|* *!{Z3 ^R9XO}sHW8l#uqPs̃DO=o rwwBI 㑏?|Kw?D=gFe]W5{йg{S'A!j+Y No-afD4>ruyNCջ*E6 v?h+PAaD4E^'Mlb͞wOQ\%k@/ aŃ98p?mѿ#qklF~j90zr=FJ?vEj1I4fNCޢ {UlBsrdKd>X(?%ZFPZꣿ,NCW8j\zn7k"ni(XqD}vOvZFaFҥ}E8KCl%k}׿kT!,lux'VAiCjP` Nn~LS:k'NE?j<=TwygE~3,(?U:Y eڨPE/[>/p})XYR{?0#mQBPƭ\pc} vUN/x{MVW pd E:$ɡ#zCb#C!2H Ƶ ƂR7$y΢ülc:4K\~Ɣc=GEH_f; _IU[֕,U#fz- RPGOЄAN;W˿Ԣ1=QN߃_ qg4/)]}QP.a:Iqk=Oĸ85_fMCɗbq7N@u}9v{4.ʁ7c~J-TR~Dgg#nL-Z)x!k+ReX7l#}̓@TXBԯ>׀y$H|ԸZ̎L3 Phߡ?{]F,Jur]L$ҐuO/f^UQ3bZ`qOve_HoC(]}0`g;ִ)""t]~ h+^aE/1Zu*SOKFh;ڸz?~~?j~(VX~0dڒ&n_] fN=c̚laXFg- Oܼwn5M^QFOKjqL]} 4(Ty!+kMNvT" ;jLk&lBx)7,(֙K.չ B G*ޙ,ۼECuL]B#(-fb̚u˟KLgzٽy]G5l{~PpQOPՐд{VL'Qq})E?}G5{l.QH{ nLceeD )wWB$Յ:+%DSsW3fJr#\y)k086 b`q]<ҧr7퉍O=;xI. Ue!y4=WD~3yiW?`B >:~80,rPPFVF^F;8@v%a9R}8FL"vjE5B֥<򢼉*?jk 0d%GQN>s*cJ%E3I0ZyP_$5\QELπ<2HWw^beĆQ\ .:Xm(@âNQP=iUذFI%>>f5J؁~XPo`-m"?4?r'v9.eQ(yx @1x+p`Wzteh`a ۶GY俌w/=¥on&<luc4"J6I2|t9VYˎ`'ìtevA td Ho]`<;qJ8);KъvL9 Rq7ℓhfIS__AWx!}@3fԄet?},?NcIJ]$PFLa[8o:$YXW?.e|&{9H>^wǯg9^{Aec:zוJ&3AЉ'jԍ;K֦]Eu$xj6rN/vY̫l,-Ma|¦N|nO9>`D '&cVY}.yZK:qz ͗kdw&3,F˾,/h<nlP9Xg_{|#[ /$ufŒ.w-xjDr;߁!* |۴LȋDž ?8s੥"D/c!D M.UBA E_aTjpUy{7Aw"romy@ J<*좠[TG-٣0ajuu]D [ڥ6<9T%c7[o:-7܊ `g"KS)oڑK>h~;i#qb!XZ7+Y7} fmLeo R[b>)8|+d0ϼ*h]MkQ ^Zgsf[3L<9@za,ƙm^&G'SI7h"YDKթ"'ܠhpZ3(N06\[6]jեH^u d5OqYsk}$=1tn$Kzq7bbhAmn QsUMZi$>̿/qYqk]_Qm 춋Զ]I:YɁ{4]-q h- ky:1QW|f[[l3aºg,u ԚO)f?CL2$Ye_'9<Hd6lѐfycaVysG"̣%eY҂uq/JϰoO-fZlĚȋSn_;fL4l,DQPz(;&B)- 9.:/nN&5qVHHm}w gJߨ =XNC*5Id\S`bW|>VjRYN7pa;ޤT@PMzRћiwQb N}ԕpyp bt[Sj 4މG$P\}QOO Y>=" &9%M-aY 5Nkcu5:\Yvnn-kxT-d&'?6Aՙx1/ *5aF[křLD&_auAmͩnZ 0?0զPfd}ӵV!"hsaIu/JP[&iX@g X_3?t*~>P^tR Zh0G4hlFh-6rVej/@wDdCz'j>gaZ05'C7O e]6;A*VO& p V5Wv[kGIKۅ8|@eF Lr_}PɮC쮯#KUBRX{-6Q>6?I֔l[{0o||OY)9Xm.3E6ں ټU]5R &?&9y;e5 4=yx27 _Js@P30=8Frg3^1O#˜ ypq# cxdu97PZKO蓱4*OΤO´2կ㺘,/} w.cCYNuzvt k31P8ER#&4ԹVQ" 6+{fRR@ӂjuK]vAfÅV3c!y=C1N%c?06b<QM좉eZwypr@oP+f8U uwON@r@~i`'vֈW%h''+}P^O3$3x"F>$^LЍEXou#Nh#!u!b.A+xG1m6v)|E . *S^>Ɉ4A(RD5,XLnyO~׫y^1Ӹ1},P+F̂>\bdtIX\ Paxώ;EyF=#)z"}8Fe> 7*"r]Q?^\3"19/#CPRg˶@ {!x|٦0lhPIg)sm`7wx%Kҧ&dJHJ38gwl  T!C%]+kq yNZ*Yr$xPB•_=y]O<2G'6Xp5h3kzBxꡀؿMW 3o6%,k]2(qusbYTUnaBVǘԿ>ʏN 3p"Y c̹VbSHM 5ߔq@@Aɹ/EfBC+"NJAeFqسs[˃l_LOHk*VDS85:Y*UHKw{6x~EoUV+pޒܸo9TY =ys8_ i<<kP W޽Ze3c {0 D?bh5!"}Yh\Ϣ\ǚDSz6Q]Ԑ$:\dkhp6>p\|P3.y;}?OdvSw ducEhWu YKa#- b]캿]G|D>gpB\F~c&ţuck"&c;LNCFLdޛ}˘t GCȽ3'ي?څ\ Њsc*!o;E6qx 3h37jzT/JU{ׁ/Y&*\SwHi@Hx72B2c'X-fV60R8NlEDmQY,kTܤlUH wf71}7t npݼ>pa>uy!GEC<l| cH+UWpP/8+{bK kHYUڐLz"ukBf: ]9uW-ɢꓭ"H1*0O1['3]1$s2h=j709Dm= {CN4ȖOyU~v .\Zwu{6;0zf6Џ?X7+b4`e 5`}sD*mпnWiOL0Ҕ qYj/ЎTH` U s}s}{O {TcdhprꀴzU7" ke#cHSZ[ MUr_+D~θ Q7ӓ)4n!U@Fg{9J 2O6ߗ_Ű^u!򃾽`+l';;<;+ZQi6I4ά&D;ڧ,E dT uMf$iZȊkv̮Fe]ݨ5um}y7:NN/pR:S=tA t> dY-o_i%SGw;:wK3kJ Iͧc{đze[! ><*g×f*/g~FFْѸl*E' If B,Ljislϥ͜xys@ ΗO]0ǭIܕf@K JzliLC?>JbԄnClAS@3'rGVojzN&D LgcLI] &)*/Y^IfKc.48}ʸȽvZEUʽZh=T?9Crdѥh.A-ٞT/2mRDV x9|V[zIaWzQmƔf΀dqoo8N= *dk?yքq](|c9OHnF^8:rJnd粳>yFk5,z]~VMrW$7BĺG(>}oTKګn 뗾Uk˽^1Mj[!.ݔ,:s~m(]q>;^@f>حu\Hrb|8@)E$X+ᮥ߅ ڏWG/%#[n jP4cC#+y08tmmv }1޷!T(̆C.h2 ٕ,a(N )fQlu{N農x0D޼_aPP͑n*ݑ 8:.mk[k>"dr L)3rFB+Ñb,'!H3l VzZ$:.3%9 76oˎ o1E2נRsj$"M,Fώrhh(( =CwҞ.:ǡ5:4Y*F.*^F#Ry$k1~4 r;a{ڳJ_E2Jm-Ŀqin{Ү&ZHh.'AUn~Y*Uj(_fwvL|옫'l8 Y7Q[E!9PqR bQ.* MxHla%;6c%AS+Uv}Tl}f I-b)PT`m޶=nMa4D."I3tŢ=B&#NW,ILXNi+eT;>boMi#heHĭ\O>H !:Z[>qL <޺ZpTo{8DD uk65W3E6oOBNS3n@m{~s+ B6qufken3z[;\1 A꼃FtSE%tc)*-_}c:v#.8zYYj %-Ū@YO{b!j9bh琼ܭf± A(Eqf=B<<|r|5U\ճ|8rLy|_ dUc#՘J s3]͠K:x,6|#7^*C d=*7w2?XCa&g.lLJ\b]yFE1ד?Z v};oqHf}"I*j%\#g89t0iNq+yDZ4Sz0,CEd/"ƨ-5GO,@FKuHcn,\*'gt;]u_Y!~lDž%Rw&0N†(zx7 G%;nHNZ#̺AW~/lzGw`Atk TLP]뿏w!Kư{K&Eni!wUƞ%-މ@oľs3S:H%AxN0 ,r-fͱH!#8`o5eeBOFB!7F5MR]dA7?D(6*\3Ir?9@,KȢZ1~ OA[MJeOry!jet"߰ m +rA $ǫ:hdp XrAqE*|LHzqz7I+Nj?tmxVQn^[yN28&{  WMPC- ?B2# %\} #sfi2n'#]hD3Mt$Z^]ݺ>$Py)xh +z5F]M6V$1Xbwy'[$6BaUTgN`&O!:RH!Y$V,&ns\9ӊ:]vk#@iJ sz:re-'cѫXְ1W4\;Yq7m-ۙc#a$KAn,w!L,cz~1A`XUÆ z NWR##qanP7֛cj-ה%VZGTԬȋ#*+֪1`w){j8:`gc֚.V[cdx 40c9SaD CviPVYy؈mu{CDaaHf' rY1.q>t>J)5oWct$ ^IVUQd-p2uۗQхu57Ko[rrmmD32D:_e/AuqpZݱwgR-][;m ^L" j 3X5{uQx#}E+xGL̢Vo^ΘSkvמ5@ZkgSo1]]Cc&^=8k(1 (BnmϠb aAoCED-{Qh/: G34u!!Mxƨ:#w  ,v!4/ȱBhS=aS!gAE8}5BI%P6 tSmJYs\rX/@uy/VfS%HW¢>I9~"9* J^+zF${QNzIbnƉ!^oO3P!DV#I,<<8LWNM&bT,E{oщzuM)N~Ĩ;;V=&ʤvdYnQ^TXq~<jz7= +$et*y(,8'B@ܱ!_yJd@|G+ PE&&W V`ޛb Fc36?x VNȟvq| h|6*Ijy07+W:sZRz~ld$~&fJ^_h|B$&Ժo=c)p^wxrd ]ʺ@[zMaT4ݹk< ,8pAG |=fتZ6c|qu- jZ8h|ZFC5>ZtHtcITdMː"ޮ90ú`:Vj8j4h`wcAHUE> jDpos9"ڷn=Dy]R}j}33OY N/ ێG,}%Z9{r "NϋϕVtРO3WSkjF~L`gh\łx?DpI9x QYނ<d52Y ؃}q@v1Y8u;|ykYT/떏 z|D=.8ǵu(1[ (fۗDyx[Yex^)AiX+]N!U=Hho}}BI.99VAf}kJshNjxsl%@# %VI=ĿO?˚Mv s,}s NH=Yf dnHZ\ό2[_FVvwFQ6@]BJ.k f86N`D*qZదm= * )?h}+ ^5$ν/e];~'j=8/D#;EDžY\%ب;!Jذ\^2,ea"+y. oodp811U~vf2-5!_ 9o:A@;}D'%a M n[(.6#{*\*[w[n,6_x̔ /_K9zȵQz5Ђ"!"peM1q C) ?wEv!kZ!q] 1V~3klma^9ZIϊ l8[ޘ)v0NjjH89iM?%:#OLHn[,k'U\p~̩0v42 .qli3ъh(l0-oYff՚6izJ~Cd(2p$LWuوTho O_ _1;&NM;Nhw|U"z x2?Qj\;?hj +ھ绨D͜gԖ}B\j`8C®(Ԡ {ﶭS#" Bb:# >^ }OO{> |ɗ˜B ۖ)BPEku+%T/d~M%7ledv瓬Ե})~7PxVAhG:̆kK :/ADIűΞ {9X[ [ !f/@N|M?\LҀN ʋ{.b^ ϔ/ Tw{RoDΒ%!: /i=Q>&#QLOA%{p5wbKmy鰥u# y!Xq{HG./O4:5uxE])mb_FxiU֎q%Tt'oTge TW2xV xPm!! x:q5'ٍR.&=3DMVYnȂGGt` ׽b"} k7z}OJ=%I[W^{,?d}9!w|cI&BhױV:$}VV.z7knjw8A4(%p[$kx{Zz+bf b2sk193||7b7a=<(5굆$s`,]p^{Zp Pouk胆?D3c{ ]h7> Z EWcY.\VdJ (o9;N߆4>~ (U;NjvêD9h]g&a45U$]ܣ[P|7XtةΨ.׵x5.:+~7nq dTHIxR8$u-vYPm:m DY\ J'ycZ%%BPW{|i2{7/<Fk Fd1]aĭ^)/lOetÀ4q9}ؙjau[O!AG=Uzq zi(aEuw1+m:: b}kIz:ebZ$r ~-*ʰ$Oص@mWy slaW=-=샻e(COxj)  &b0ׄn,MupeA_L*co: ;=8lktPb{q`B\=+"rޫ+J% ! PJڪ$/MX-vzOZ9֮Y%D.pllHAK^* C8@$+Iq᫅$ЍAch6h ^k"tUɜG=k`~H4t.VpG[p.^j~"(iNH3DKH=ғ[gT{=KxPS7p.>Hv\acM$`S]}y[Ϲ´c>ן7fc+:T `+U!]UU]~1(-ҿsn/%nPܺHk*Y9x <:aOJLK])/pS|8{~Jm·eNl\oy:73\?m : -lTs-.btj4:k޺jMnNӑ#uDТCU1*2@hF9 K-qhYhHEr!.Gּ?aYl 3~oà ,~`w* E:Wc5%庙lΗQ?m `E_ +XwɂfvCy$ "vI %n"2JmvĨ@YnKYq协"PWKQbr'`Ʊe3 רr}Վm^ *}όFbE  "Pr.N0JvWGσ|59#uc.17^i+-ZU[La vM~<'pUW ry7 `M)xY?of1b]0 eI,(!L!יz%]Ex-O?8KL[5pM!\KZЌ'fpYbt>%Tr=v;'i<2RӤˢhdө< at~<ͭ6Uc`ȯ854򦃶tqLSu`d[qyl[66u彏/"b?SR^(!:`xVtA707)EwFz<(.z_Űr:*bxI`[K^pDHnhL}~J <$׬ +iVZZas u %Wf&Pp4XBE;h=?욈_=o*1cmΠ%[Љ=G$<*d9W*pc#*0-;TiHhZ;5 o)?A|%$ ?:*hR;<ASVXù>BQā̱ &4KWwK W9ߎ Tqu^U6U++C*t|xF6T @ZVYGyۻ='bޛZѪ# ~{mڍlM(Ba@ #ѺrA {qӝƇu߰{HҦZWzjG; H轐PI3O>.B{4~DlE'o%PjXΡ}'P=)DFR`}~Yub7Ō:Mk>H&I[|y~wf2ؽ$:1A^]wŷFZl"HS 61=qrK_Le2(8V5W.~`+S,yIj  IW:XӴ;*-;P@%ӛ3ZG0YpwFfZ$SJq.)'fp0FLnԿ2q=%A--\ o ơVy߯vhkF*¾cQ(8c Ąa`R@A'Ge\°ORJNl M"~.uc>7Y VFjy_ԸseZs )m{]YHuZ~b{+YN\2;R?Q-!_~;H5EBirec2M].}N>9$)@9FJF(_ WҼsnc"^ꤲ3lděL2I ›@ ~ Dak{F1r7+pqx3j' k_7ns[?S!}D蔍>2<)vhjT"N? hy&q}4NBGҮ#u+T#wt hfzt\I`|{pvg g%[ODU| ~==#;\R+~mr'A`5? "h~lVQNdBC ]yjޅ~0i3ϸKgkh)W\GuY!/#<2q4aEY`pjxߑj!,8v٦A@VF TPU5opy̤b%F)Sr-ߜz -$D\ ʖtߊHǖHٺFS,p=ٌcp+*}&yf?&/w(Mߴ GJNXYw! aCL7:g3Fm?źGqU&1}[13vSX&hLu _cK6!-wBJáP6w?iwv7']H$}VuVآ4Fm=>TӾVD,s&SM!A"|7oC\_\0c1 ypHA2y  0!ϰPmdZvv/=T,R~S}lbn{{MbKQp?xQڕ'aU 7{ OLJW0?)B̈nDb["?-Ɵ o5LxtΎ `5Hύr'Tvwv"9/O pgUnHQDDqahAgInG h7Xî2(YhR=ڒ7TzG# /QL OЀu-onO86c?-v_f,eڠ/2Ŵm%RN>G6&uQnA1jIU[܎$"Ao(D Ԕ_tni"p?hKa?/#,9m]P4R6#+9c'mP(wVXj$7"ؠ?WH$;T؈u"iSMI xf$ϯk'ykIlӱ<:市_b(dtWUhh;7O ֤AF\r320Ecŀ5[)G0 a [] ,.C A#F)cC Mb AB~<7ĸћn!m!^c Oʝh: `Ǻaڌbc\Zr7(eՏf>)a/_%2{S#'6*Le= WgHgX.2| yHE9DIxq o9g߬ E~hO9ռ=&IX9FXJHq1M%VH=GcwMs /,暊K 蚃XJO'XYc|D9h=kUR[5% 7\&UVsK<j2!x#:^$ ؟>2&y`zP^stە*l>v2Uz-Np-lsnqpid {d(r6(niQ$^ƤDM#F-cӊmtSS1>4N#7eJD>^AOH'fB7tR_+<2CVvWsL*3fۧ V|k1"wF:l6JEqG. . | VԉDŷfh5Q/UOxh4bSO$|z~vߕ£U߭ld>D`)=gԤVԈB6B7m&=W o٧-R6(5ULmpB<,[k7yyN?,Q*GM,p&U9AR(3KsM*!}3&v A,STݡz2iQFr"5iH׏ؓ76HPLU.p&x6'4(;?kLLvjoh0B\`@ͺ_]*?v=8-tE#ga~J~⺗*}K\I"I@=#ƙN^ވvG_ج#zBaN0LOb20 B3Mdz!mmG{Tpv흫]X4e nd]`^yUk,Of,5dՎ\Ǫ$F8hDYvmyqw?+Yd&xj14k&.eV?sk?5+''Ą-PA?ݹ³E`xAބ_pCȥRmu;/JWĔ}U}P1gy_;ym6,]Bͨ5f$BḺ{ퟲr!O ]+u: S)5{\6 YP~δ *2?u 4 Jϟ _+,5W\^/W'?G?DLIǎ""1%{~IE:}()⃹MA[łp(fN'JӪ&HIzP?Eʜ]M!ggeceɾODACI '܈9ש\xՄ3G+ C`sha k7rJ{i εq+IFsrCS08 ® = u VmV!`<]7)QG-okrU`Ƙ#9}Z*5 ?k mQ&lbpUV0(q ? ga]U%{Gs0.A%)f5"ì %]Tga1vH"ɕ-/b+W|MHkkB82[XR^oKSTЈ~hY v\~5oV+e&v.)?Æ 6<l=vhE0|7,& C:ALaQ;O=+VzYUSB{_q~P2A @#tC<`DaxмpSs 0,{i(>96Bݢ>2!KX# ëeGKݜf^v3IP<%_?3tn _Z;䯭|E#R׀m6$BڤmV.j z1DU BM:i)D?-sbs֦zI5zߞ:WuywSD)*k(HpDbtr%*Rܗ,y/*͘Q%͂ y1d3Ւ [6ޟ|P2|R O>KG 70g` ƫ\CP{U!|sd 0-e*6P>AVoG/! Z&WmhmdZ)Ë]8Qdq+ImDEUv,m;X3"4WG ]+S]ӌk KK2ЋK%:dXhQ[D-U$~&ۃYe:^@[OxRC8}\3ޞ74ҭ%9TG| ܉mXz bea}}`s]De~'iwP{\G8UMaeC?UuFcioU"_5)DwT>7 %}]#/dN-߄%y#Rgg˽B8#Hi'Gg8YtM$~|^h.vgKivEv!K*:z0[dQOJEƣT~g" {Z"wKC/ņ⫶SK4AL]Pr3Q`z@u!{E }ݚR\]-.خZ]>V>P.jޡ-{Tmuikޣ nw-s3rL=(S#p*"wlA݅:qjJU}nґ#y|X@׷D8;چm]-b=6<¤hx&GwƩp!40lU}HXH続>J;*$`>Q0#tnƘ 9N˶.0؜*h8Z|k5[]cySHMq$4 K7-4¥\#nr?!_x9T%$=\ +rQGվO[ z«(XzqSFu?GZq8kDW2|XzOkbTyeSMU8{gvS836Wň"Q!mR/a+teQ9P`]JP,KH?&D@e;aAQ*Ӟy0H0$V&LFdB*z}5xIGgm-$XFfYjqߟU| ׂإg "rHdq rʽDf,#"Wfʎ&B-MO/D:ABIGmW  y;O@%D@>fPf@b]Kixג|ƫ 9(g%N>CCQ@kt;9%xXTO 7*Y ='f8#y[yj|34V4.5 n3 E'^pwTbNWS+].Xro~nI0dQ^ G:cfUX`*en ?_x}=uM[;'Ga74H5Ɨ9VMD`B R&BFO -}w5/r$jFjGc}="Zy9d-OvltS46J!,]`I< UK`x56( v=׮E[ q![Pff1, E uItl,l|eoCiztfHV\9xa$U$!"멢\'dTmUML[⧎ZTzԕ]}m~9QlּM8Gh $a[:TEKȖe W vT1Ph1GxKyXIio|F=;|Mv3]>cN^"٦>yRD?yM6py9!Rjm9t-wD%)F6TV]v"ou@v݄uV8J1>5kq{grݭ_D) &m^6}0-" O3_ XxG(ARԛMGxvJ1x4=GYOQe+q;) UIaxg&r"=N塴7 c"@ _ad@ceh,x3-!jA|vq])+H;SPgzTrZt ƶ(IqakVA樻[wA?C$w+, 4G.,(nn _gI {F{X F2 y}%Pn)֮P/dMOL I Jۿ+8CJ(ĩB~$Et 3W=f́pbR8yʽ W1G2=J l1N Ybu1->C-F<? cK]V}6&1S:n9,u5Srv-kHrpGvp]ZD3iB42ɻ 1 ķlBM쌢z7Wtkƀ{*\Rtsa)Ǽ~^0ul3ea3wG>V_qvhf6McLC_%{=qW)BsAsY2]8;f̘V\ɮ yV?^'Zvc--LZʩHbÆK]!]YĔN[y$!ڴkE&_TvQu?&kRR}mW,?60č ^V1Q|<.[wEtX͕b8:#(i)um$*ArGLv j@JF\m u4ŕn;$S70,WPY_V//!d=O/e'SBDLl'GI>OV|K!M_ ?x4qŏFTbްfX倫5AuDlVkXQq %go : vQ qddR`[O !{,-FJPF)"8Z95O3cѼZpL=a},5-s@QΈE'>seύ͑Ov[] z#{AMqͳ虼g mt}1d#V#YE|ьN7bJEWlsz~kPoK_`%W XW ٖP:?vrƼ7:I{Z2F^RTnR{$d3+,Dm*Bvkٱ6g@`LSڟo*Fh ,1:+93a87ܱwiΌV92tv5_SBUF\6 ee7p,ġ}~rlPuZDCm 6sJзyc/~3 a]ŊE ("JiIrUpw'U=k++Nhjz@$Mપt !fm[:t)mˌr`2}7y)]@r L%-#h)+3rMR2c:h4Uh,T _'ExGʴIpG TVEN[,u+Y$84%"旾l*u9$Lk?Qb.Ҳt-_$ރ}vly?[q,D.<7~.WZ-8MptsI1 P-Zm]OLxp,qyQAkşŸFU~p1|8&H] l+a8ùZF1N>/Rh}PssyIJbb0IA9sq(upQ0T[jJtU*/g!9 ¼B3- Ox(j ʭ0_ Y!BV:jzңHq_(m`lMFlKǤPcW3!&#Q-WM$J,]A%:Hni{[?{j(.x4 BuUcf`X[NB+z=qr4bueEsiO({bgwdsVK?>F؟~si"~ cFIWXRs ҇VTLcZn % g'2- #ɹ751xSizϾ>|OXbQ[?NF'يO%J! ~{Jۃ*8XދQfzS@,þF &1E_asuNf"fp1|<&LX&+qQ$}j V^wEK(P ŏ*6 <2Ӕ"nAtBT_=qG>*wF5 P5Գ7O@iajsIW\,1S1FcY_\ZcTx %~e.<7.yԸ]ב 퉲 )o CXHOWMG IYt1K OcZIE%ʼ]4F+ǑeDxx,:'c+~:U.2*hM QkJk FX ~੬8^U-[i9p{Æ[mxiJATg?53m҇p \I.ۧV\(EMWݹ'LE3G3OjI"lOuD@e_5 9~̍JJU ںEUE])I ʫ_p51ìt=m)= ق11+5gN"쥜ciBy35  RBMlZ,Vߞ.F3G妱+ϧ(ᷭ5ӠVoH j;Rv+P[`?~z(ce&IRP)g\/Byًi>$,rxE[JW}:[dQS:WeUNon"FʾOe_ը$I56)sx&,e eY.8',е}hK, v(wJz06۝%%0pu(u6㪷U=w]KV[Dc@: VğjPUh5TAh)#?%$OZ(kW&tc2+Ni==sҀ-;[ʝ&} ܁~(ʿ㚆QsGh( 27X᱃#xzE!"c⽚xw9A1"Lx>򰰸 ;Ot[^ S%5XJ* #vłj XYEXLp.+g&o`FB.i3Q>gA1 SW{gpkWyםznPB/zŻYeћďJ/e^3YՀ _c EQ 2Ă;<)CkZ4 kB2[- /$l?K}8IcV[M+kh{sl[yNJwv}&e.ɅRh {pÞ+cE74ataF::m!:BO|b`3/rxǏ 9I{ǺE_A2zd=)+rbc3M}#U(3f"2YB3Z "g@3ɱdCWQcı’xMe M*7aDMppbL'N~I8GD : 3bl` ){M`.2ԟD!Cs~K%lQ๠9'v@s.#H+˯2 ,a(ǟ{~V[b;,G-7yC%ʒ8dh8pॹز թQ"ŜY)?[x{nIH.  6_Zތ>aC|M:F[_ *Y?L.Q`|; =&|;jo. =t -VwG be}v-']ckt+P.g1т7Y/5䐮D)#@ z+[_m^݉ʚ!=O\i2}J26to0ޒ<|~.%5*g<2>Ǡi/Nkvj,Z!gXt1ꅅNm7C%X|u9KM4R yD ❩6Gfx1kDܥ,诅 NU|MS<_$uf]GsgVc[pHV[IlINwͣRC(7"vr-3DIe8~v( Bؔ q2eRq 45]HHZ^v@ SBoVQivw!GjdEÄжx}zY@n6 u= ~CSeF@9J#M0f#EbWIV5@bKfoJYas28k8~}}qnm9$uHoZN\xM@q(%ř5=s(6{fsVzx_|vLvF ʳ MF/;Q]tϧv訜ȩv@nT@D㻎:Nܰj!xc*5^6s{ic\\u ԯgʰF dƊ= O3)ťuD8zҰhb1=#CM-1 ewG"Gɇ3f`605y2ߟrCd BC ^n!8A(p>ePD:TIZ;sPLff660'f980QfD'nsrB^Y[!{>O.=b }tDy][g:H7W뢏x+ t I𫿪(͡@I#=4 u.ۈyb-d|FߺvF銡E#7ٴŀ,? ҬnEOY//Y0->lES7V/_^bq]['aYX:ֲt2c9\>*/{Gm&VU$Bf3fP`k7t1eb}Ov4Rǿ]j^(|Y%*A"Ed6u/vYV.5cgBW/(L >(ԡjxG$UWhQ=< P`ۭIU]J5 7XH vgh41okN{[Rhr꫎蔃h+}E**٠4) C"s(2Z5& -eISH{O<7O*I2I]tjb-%t7H#B--ƁH*'Rn!KlSAO{.ŁeY!_< dA>l>5 |'TVshPW2Le")]D BTg=Y"i>rJ.wRC>roiT)5H~q'dzĝ>'aDOJ .z"`Oء_zAE3,-lG/?1 Β5,"A? Z 2)RM]u'IPvU6*y 37EJ?UuZa A' -Rݒk[":@0PwvFwCn$E# "ѡ NuO WͿPYj19Isvum*5y>fRu3*:G/F2'R4gx-cOJ HYOn)"SiboaA:$+HVQ\Xaf?P]S?H`s۸t9 d%tuI^kEТEFCqŽ鹩 "{ ?L+R2y &mP4ްᠨS 0a&B( 8oE,Z1دµӋM?yuI_6I{0_UD7-'m(hxY-b]E%I0w|uG )fGSgJR@r rtx5 <8Ey(pL9c$ #Fup0, 绶Kw |CP)h|(b#'֧/2 ~GDZ0r=+rLD'G0#]\d<*Wl7dHx.xGgFH0f "kOаԵe"\6rzYBFؑN*KK(;O7ءBąQf~XGn#Y /wOfTz19&.Pa)30SPQ_b$D4t͐D¸9[N6rD(j 8CN#^uHUV&NZw㺸;㧆B\"{i}/;C\~c.7+]9dFjf>'KV>Mr.lN; Q5YA I3Ժ VM_nzh]q>c[^pogv}Br޽$VWf gFUHE ֻrJ(3 y5(NQwseZ6ȿc3U5EM@mlRz-mP+_xLqŤ%piUT HCRtw;1]0`nzF#Q¡P m'; ;Bʽ'=n~qjAHg.L $W#)Qc@u.95 6m.  oȩde^iBL@ .zP4h9\~,}^TJxrھNnS^( 'Qݴ؋U).0r^PZI ϩ#$A?]}P%Ŀd˂$i=0fbRHy!}Ό貇W{WҐ!)d-<6:Kp&k"?әEC־FFΡ kn\R5xX#9q]2E) 62-`_ݶطsSY%ct[Z45 F)l$3:N(<4VHhjtq:@ͳʲq^4d[.Weky +/;W:S^4M ~Hwͽ}f4-eC/ +g*}W: qԓ+qAвynFK4u1 YL lӁqTI/1CJYCy 8>7ԮGN_ƅ@sgGT[54ՓyU.$+!nHjCfGg'tȕy/)1U M@E'i}<_VM :b_Hk^n\B[V>gMqQ(w˖d~dC+^DKLkrF JChŌ}Kot-30f ,EC$vl^dqX'ܻ%z%i"T2(IEȌAJ qMجK> ͋;Lfš$ E'w?qUo>dz !d, ?D9ȖAD_&`"Ģr/څi^u}\[dF' )&S_m+D6>FDv.(Xs\xJP l]YVA lRXNuW m7c?m2lFo;hC': "9 `u ׂ+;|فpHQN` 0p\TGe %N$]S}8;oy.dI=ߖb9_ȥIHM?NxA\9L`e*yH\,L83, r0pNGrXVHidmKWޒMoY~:sq)R3)_1u0x7p89予6 CzEBƥЊ-=wӲ^:|'w 5YXP.*]He\*@A`\u}څ5vitA@HO^t<d 1?{X%ÀevD(rhD¸gh,4qR7$ Rt'WabIO L6"PPiR*o<cX}D0* iF!xq{RwnXEަ!Rl\*%@[PFX ~=rs^j[22X SoڟkL߷yb>l B` Dj߷If?v .zbt|PzCu6~-ћn@@$'TMO3I"lB]J#j,ƈ>6P|η'k˙ެWkG.:9w8U0 RWQp8Y|veU݈S?_"Q'[81:NxΘw_|$uN fr{#_VA)Fy?;$u}JxI ck,M&YB/:.Pxe <!֮mPiFXS ?a싐ĕMKz#:^gR6sJ!~ I!nGU3ɹg6[L}y+mݮM$-ܛo]C;˟vjN˻q7ρcR#{>ɘbP[]$ӊ ōWHh6e}(h2hEj>t,2ew .%:UtL?V/,PΐozFopvq2н̺N/iFWeGESvE (!B%a [ڟŁǼ2EB;-@.>p5Sdz~um+kMkXҍgQb ?G6r+铟Ջ{ dX a08eެڔcJY n$UF0mkE%?p'zI*\4 f?Hۯߎו:w۷P.;/:w8A!:]DWH)&'EA][͵SiFE<7o_g?MEoPD9ӑdn^V/P#tgwOMEO+ UD*yb~CV?Œ;0m#ؽ)`kA295ުŃmqIŚ 0#%!Krr'NU=u3iz~%;i xg~!f*93VWgGҏ$f!oלae$ lԋERj|!eM w>?AQo.H,udP~ 5܌G]cM~ĭyJG]`Ys 臀.n,buu*48H&/6% U .WD6K"JԏC0:\i 6nV˲ι9' L:]TtvME4djX8 pȾ7JSetB@FJWQsCN"*u= 0ҕtx*A^%|t#}^p&d]D'03&VP{fGp1 >DiHk0"ΩUJx Q[\ՠ¢\/چ! !n ƛ}d `'4r͑`k T8_ s};I6")Z=esnnq)^gYE sy}o\7 I!}l2ŽRE銁)X(}xh,9s"4>sPԂMjCِ[=!rM}'ŦsZ瑯yi>q]@.P%*` th~#qK]xD zrw5c *JREôKb*PUgvDZNqVMKz`@n+wh,ePޜx&ez1!`5b;®Ohr,F}oMl},@?5ՙ*bɘ R,"==40"Mp-Pk8 %#@C"O?pkw0Gi;bX)H\l *S}W%ql;|Vn7j>HHCS"_،@ ӡa'1xE&\췑7t)6}-lJp"ndR #REA T25W}faTP98X RHd|?WS{C ԏU R褴r{9)j6ZnɎ XV* ùh'c&j{%tWD!BH*BBǰ|>N1XJ LmU#)&Y"r@."ijſ% I;2iC{h!;n8*W r+vC c< VsWEti$tSU9|? 1`|uㄒ&azk4*{|YBQJ8)f7ɷypTD[_5dh3ef{  Lքخ_Ka[{hu` #bHs(u`I Q j%gH0uٟ@$y+y#y۶DCe|SeSAbwd.13Y6Ad Oc'j\y` d3}2{:QxED&@#5`̾}vdqUc6G@4(!<6(H.FQ<T.473)mK39~J =d&n(l`~]7٠O<__=sl6]L#B؂V\0nF[Ϥ;]z1&3;|Y*^:]ՏܛJ n"%al.r->m}99-n)E!c>_|3"Yѐg&\Ɇ5ůjv|rԠ3F>jK\sL%Lt7osL^$a4-!<D,_R+!(G4IG6cMla0 _Dq\'ʠeڔ2[_$7_ԓ  7 M[2ZTMua !ZBRכbVmvBHXAqF([ z(p8dP6|u}`,ӂz+G OP{(m:n>,Nxȥbr&9.+CMɡ(CLHB| s+wm#! ydNg9*^vδfo.R}_ETJuC˨)[d8 +W# G\Y?a_cAB @I9:ye깙{h72& oѨ $0 |bqT: |+L3ʐg575Ⓩ Q[߮` Ji^.4P,rZcGX)ߩ خ—}gs-t\eٛPtA[#-؉>ofЪ͐Fޒ%xk*6D$A,