sssd-ipa-1.16.5-10.el7_9.10> H HtxHFa.? ?*}}Y9:fGT ͻ\{$@+\5eN?fb1bd715409ae238a39f8bec8acd6641192481d5mt -EFa.? ?*}}dg{M(fbȔva@u"φUsW t>>*?*d   ; 7=D   8  8XxTTmTDHM(\8dD9tD:D=#G#H#I$X$Y$ \$H]$h^$b%d&De&If&Ll&Nt&hu&v&w(x) y),Y*Csssd-ipa1.16.510.el7_9.10The IPA back end of the SSSDProvides the IPA back end that the SSSD can utilize to fetch identity data from and authenticate against an IPA server.a-sl7.fnal.gov fScientific LinuxScientific LinuxGPLv3+Scientific LinuxApplications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd DKt&/A큤Aa-a-a-^p0a-a-a-a-34777a1e2a5d89d4b5fd91dd5167d7664a22222dbbfaeaf99a69b89985870dcdfa1e56d9f08c12176ee2119d9cac7ba4d1c812f6f5fcb8ecf4007f7255657fd68ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903c5a645b31fabc758ad40385a5ce992de8972d2ab6c1873a032f97b7de8785bf3a05f7da421b62de276aa0f0cdd5e392311e0ce6fdc5d06cb3d47e9dbf6eb943181866fe0e3a144012dab71d4cff8f16ee133c6c92d93f2f55e66dc3224c8cb89rootrootrootrootrootrootrootsssdrootsssdrootrootrootrootrootsssdsssd-1.16.5-10.el7_9.10.src.rpmlibsss_ipa.so()(64bit)sssd-ipasssd-ipa(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @  /bin/shbind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libcrypto.so.10()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libipa_hbac(x86-64)libipa_hbac.so.0()(64bit)libipa_hbac.so.0(IPA_HBAC_0.0.1)(64bit)libipa_hbac.so.0(IPA_HBAC_0.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr-standard.so.0()(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsemanage.so.1(LIBSEMANAGE_1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)samba-client-libsshadow-utilssssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)1.16.5-10.el7_9.101.16.5-10.el7_9.103.0.4-14.6.0-14.0-14.10.16-15.el7_91.16.5-10.el7_9.101.16.5-10.el7_9.101.16.5-10.el7_9.105.2-1sssd1.10.0-8.beta24.11.3aa`@_ _G@_H_H_=@_;_;^3^@^V@^m@^^@^>@^@^@^t@^r @^^@]]*]@]]]@]@]m]m]p]p]p]p]S\Q\Q\"\"\"\\\r@\r@\r@\\\\\\\\\\\|\+@[@[_[@[@[l,[b@[a[Y[Y[H@[E@[6@[0@[,[,[d@[[Z@Z@ZmZ@Z_@Z_@Z@ZyZhu@Z3@Z2gZ.s@Z*~Z'Z!D@ZZ@Z Z @Z7ZNYZ@Y@YYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj 1.16.5-10.10Alexey Tikhonov 1.16.5-10.9Alexey Tikhonov 1.16.5-10.8Alexey Tikhonov 1.16.5-10.7Alexey Tikhonov 1.16.5-10.6Alexey Tikhonov 1.16.5-10.5Alexey Tikhonov 1.16.5-10.4Alexey Tikhonov 1.16.5-10.3Alexey Tikhonov 1.16.5-10.2Alexey Tikhonov 1.16.5-10.1Alexey Tikhonov 1.16.5-10Alexey Tikhonov 1.16.5-9Alexey Tikhonov 1.16.5-8Alexey Tikhonov 1.16.5-7Alexey Tikhonov 1.16.5-6Alexey Tikhonov 1.16.5-5Alexey Tikhonov 1.16.5-4Alexey Tikhonov 1.16.5-3Alexey Tikhonov 1.16.5-2Alexey Tikhonov 1.16.5-1Michal Židek - 1.16.4-38Michal Židek - 1.16.4-37Michal Židek - 1.16.4-36Michal Židek - 1.16.4-35Michal Židek - 1.16.4-34Michal Židek - 1.16.4-33Michal Židek - 1.16.4-32Michal Židek - 1.16.4-31Michal Židek - 1.16.4-30Michal Židek - 1.16.4-29Michal Židek - 1.16.4-28Michal Židek - 1.16.4-27Michal Židek - 1.16.4-26Michal Židek - 1.16.4-25Michal Židek - 1.16.4-24Michal Židek - 1.16.4-23Michal Židek - 1.16.4-22Michal Židek - 1.16.4-21Michal Židek - 1.16.4-20Jakub Hrozek - 1.16.4-19Jakub Hrozek - 1.16.4-18Jakub Hrozek - 1.16.4-17Michal Židek - 1.16.4-16Jakub Hrozek - 1.16.4-15Michal Židek - 1.16.4-14Michal Židek - 1.16.4-12Michal Židek - 1.16.4-12Michal Židek - 1.16.4-11Michal Židek - 1.16.4-10Michal Židek - 1.16.4-9Michal Židek - 1.16.4-8Michal Židek - 1.16.4-7Michal Židek - 1.16.4-6Michal Židek - 1.16.4-5Michal Židek - 1.16.4-4Michal Židek - 1.16.4-3Michal Židek - 1.16.4-2Michal Židek - 1.16.4-1Jakub Hrozek - 1.16.2-17Michal Židek - 1.16.2-16Michal Židek - 1.16.2-15Michal Židek - 1.16.2-14Jakub Hrozek - 1.16.2-13Fabiano Fidêncio - 1.16.2-12Jakub Hrozek - 1.16.2-11Jakub Hrozek - 1.16.2-10Jakub Hrozek - 1.16.2-9Jakub Hrozek - 1.16.2-8Fabiano Fidêncio - 1.16.2-7Fabiano Fidêncio - 1.16.2-6Fabiano Fidêncio - 1.16.2-5Fabiano Fidêncio - 1.16.2-4Fabiano Fidêncio - 1.16.2-3Fabiano Fidêncio - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.0-25Fabiano Fidêncio - 1.16.0-24Fabiano Fidêncio - 1.16.0-23Fabiano Fidêncio - 1.16.0-22Jakub Hrozek - 1.16.0-21Fabiano Fidêncio - 1.16.0-20Fabiano Fidêncio - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1973796 - SSSD is NOT able to contact the Global Catalog when local site is down- Resolves: rhbz#1988463 - Missing search index for `originalADgidNumber` [rhel-7.9.z] - Resolves: rhbz#1968330 - id lookup is failing intermittently - Resolves: rhbz#1964415 - Memory leak in the simple access provider - Resolves: rhbz#1985457 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-7.9.z]- Resolves: rhbz#1910131 - sssd throwing error " Unable to parse name test' [1432158283]: The internal name format cannot be parsed" at debug_level 2 [rhel-7.9.z] - Resolves: rhbz#1922244 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. [rhel-7.9.z] - Resolves: rhbz#1935685 - SSSD not detecting subdomain from AD forest (7.9z) - Resolves: rhbz#1945552 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 [rhel-7.9.z] - Resolves: rhbz#1839972 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR [rhel-7.9.z]- Resolves: rhbz#1875514 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [rhel-7.9.z] - Resolves: rhbz#1772513 - SSSD is generating lot of LDAP queries in a very large environment [rhel-7.9.z] - Resolves: rhbz#1736845 - [RFE] Backporting certificate matching rules for files, AD and LDAP provider [rhel-7.9.z]- Resolves: rhbz#1899593 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() [rhel-7.9.z] - Resolves: rhbz#1888409 - sssd component logging is now too generic in syslog/journal [rhel-7.9.z] - Resolves: rhbz#1852659 - sssd service is starting even though it is disabled state [rhel-7.9.z] - Resolves: rhbz#1893443 - User lookups over the InfoPipe responder fail intermittently [rhel-7.9.z] - Resolves: rhbz#1871288 - krb5_child denies ssh users when pki device detected [rhel-7.9.z] - Resolves: rhbz#1853703 - Unexpected behavior and issue with filter_users/filter_groups option [rhel-7.9.z] - Resolves: rhbz#1756240 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains [rhel-7.9.z] - Resolves: rhbz#1851112 - LDAP bind can fail due to unconfigurable DNS server timeouts that inhibit SSSD failover [rhel-7.9.z]- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete (again)) - just bumping the version to build for proper target- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete (again))- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete)- Resolves: rhbz#1854317 - sssd crashes after last update to sssd-common-1.16.4-37.el7_8.1 with servers configured with multiple domains [rhel-7.9.z] - Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] - just bumping the version to build for proper target- Resolves: rhbz#1854317 - sssd crashes after last update to sssd-common-1.16.4-37.el7_8.1 with servers configured with multiple domains [rhel-7.9.z] - Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z]- Resolves: rhbz#1804005 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1773409 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1551077 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1507683 - GDM password prompt when cert mapped to multiple users and promptusername is False- Resolves: rhbz#1796873 - [sssd] RHEL 7.9 Tier 0 Localization- Resolves: rhbz#1553784 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1836910 - Rhel7.7 server have an issue regarding dyndns update for PTR-records which is done by sssd on active directory DNS servers. It is done in two steps (two different nsupdate messages).- Resolves: rhbz#1835813 - sssd boots offline if symlink for /etc/resolv.conf is broken/missing - Resolves: rhbz#1837545 - Users must be informed better when internal WATCHDOG terminates process.- Resolves: rhbz#1819013 - pam_sss reports PAM_CRED_ERR when providing wrong password for an existing IPA user, but this error's description is misleading - Resolves: rhbz#1800571 - Multiples Kerberos ticket on RHEL 7.7 after lock and unlock screen- Resolves: rhbz#1834266 - "off-by-one error" in watchdog implementation- Resolves: rhbz#1829806 - [Bug] Reduce logging about flat names - Resolves: rhbz#1800564 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package- Resolves: rhbz#1683946 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working setup- Resolves: rhbz#1513371 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_be[PROXY] killed by 6 - Resolves: rhbz#1568083 - subdomain lookup fails when certmaprule contains DN - Resolves: rhbz#1781539 - PKINIT with KCM does not work - Resolves: rhbz#1786341 - SSSD doesn't honour the customized ID view created in IPA - Resolves: rhbz#1709818 - override_gid did not work for subdomain. - Resolves: rhbz#1719718 - Validator warning issue : Attribute 'dns_resolver_op_timeout' is not allowed in section 'domain/REMOVED'. Check for typos - Resolves: rhbz#1787067 - sssd (sssd_be) is consuming 100 CPU, partially due to failing mem-cache - Resolves: rhbz#1822461 - background refresh task does not refresh updated netgroup entries - Added missing 'Requires' to resolves some of rpmdiff tool warnings- Resolves: rhbz#1796352 - Rebase SSSD for RHEL 7.9- Resolves: rhbz#1789349 - id command taking 1+ minute for returning user information - Also updates spec file to not replace /pam.d/sssd-shadowutils on update- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider - just bumping the version to fix generated dates in man pages- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider- Resolves: rhbz#1769755 - sssd failover leads to delayed and failed logins- Resolves: rhbz#1768404 - automount on RHEL7 gives the message 'lookup(sss): setautomntent: No such file or directory'- Resolves: rhbz#1734056 - [sssd] RHEL 7.8 Tier 0 Localization- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1746878 - Let IPA client read IPA objects via LDAP and not a extdom plugin when resolving trusted users and groups- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1713352 - Implicit files domain gets activated when no sssd.conf present and sssd is started- Resolves: rhbz#1206221 - sssd should not always read entire autofs map from ldap- Resolves: rhbz#1657978 - SSSD is not refreshing cached user data for the ipa sub-domain in a IPA/AD trust- Resolves: rhbz#1541172 - ad_enabled_domains does not disable old subdomain after a restart until a timer removes it- Resolves: rhbz#1738674 - Paging not enabled when fetching external groups, limits the number of external groups to 2000- Resolves: rhbz#1650018 - SSSD doesn't clear cache entries for IDs below min_id- Resolves: rhbz#1724088 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1422618 - sssd does not failover to another IPA server if just the KDC service fails - Just bumping the version to work around "build already exists"- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization- Resolves: rhbz#1707959 - sssd does not properly check GSS-SPNEGO- Resolves: rhbz#1710286 - The server error message is not returned if password change fails- Resolves: rhbz#1711832 - The files provider does not handle resetOffline properly- Resolves: rhbz#1707759 - Error accessing files on samba share randomly- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains /trusts- Resolves: rhbz#1684979 - The HBAC code requires dereference to be enabled and fails otherwise- Resolves: rhbz#1576524 - RHEL STIG pointing sssd Packaging issue - This was partially fixed by the rebase, but one spec file change was missing.- Resolves: rhbz#1524566 - FIPS mode breaks using pysss.so (sss_obfuscate)- Resolves: rhbz#1350012 - kinit / sssd kerberos fail over - Resolves: rhbz#720688 - [RFE] return multiple server addresses to the Kerberos locator plugin- Resolves: rhbz#1402056 - [RFE] Make 2FA prompting configurable- Resolves: rhbz#1666819 - SSSD can trigger a NSS lookup when parsing the filter_users/groups lists on startup, this can block the startup- Resolves: rhbz#1645461 - Slow ldb search causes blocking during startup which might cause the registration to time out- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains / trusts- Resolves: rhbz#1671138 - User is unable to perform sudo as a user on IPA Server, even though `sudo -l` shows permissions to do so- Resolves: rhbz#1657806 - [RFE]: Optionally disable generating auto private groups for subdomains of an AD provider- Resolves: rhbz#1641131 - [RFE] Need an option in SSSD so that it will skip GPOs that have groupPolicyContainers, unreadable by SSSD. - Resolves: rhbz#1660874 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions [rhel-7]- Resolves: rhbz#1631656 - KCM: kinit: Matching credential not found while getting default ccache- Resolves: rhbz#1406678 - sssd service is starting before network service - Resolves: rhbz#1616853 - SSSD always boots in Offline mode- Resolves: rhbz#1658994 - Rebase SSSD to 1.16.x- Resolves: rhbz#1603311 - Enable generating user private groups only for users with uid == gid where gid does not correspond to a real LDAP group- Resolves: rhbz#1602172 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1622109 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1619706 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1593756 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: rhbz#1610667 - sssd_ssh leaks file descriptors when more than one certificate is converted into an SSH key - Resolves: rhbz#1583360 - The IPA selinux provider can return an error if SELinux is completely disabled- Resolves: rhbz#1602781 - Local users failed to login with same password- Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped- Resolves: rhbz#1522928 - sssd doesn't allow user with expired password- Resolves: rhbz#1607313 - When sssd is running as non-root user, the sudo pipe is created as sssd:sssd but then the private pipe ownership fails- Resolves: rhbz#1600822 - SSSD bails out saving desktop profiles in case an invalid profile is found- Resolves: rhbz#1582975 - The search filter for detecting POSIX attributes in global catalog is too broad and can cause a high load on the servers- Resolves: rhbz#1583725 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries - Resolves: rhbz#1416528 - sssd in cross realm trust configuration should be able to use AD KDCs from a client site defined in sssd.conf or a snippet - Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd- Resolves: rhbz#1590603 - EMBARGOED CVE-2018-10852 sssd: information leak from the sssd-sudo responder [rhel-7] - Resolves: rhbz#1450778 - Full information regarding priority of lookup of principal in keytab not in man page- Resolves: rhbz#1494690 - kdcinfo files are not created for subdomains of a directly joined AD client - Resolves: rhbz#1583343 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 - Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully - Resolves: rhbz#1509691 - Document how to change the regular expression for SSSD so that group names with an @-sign can be parsed- Related: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch- Resolves: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch - Resolves: rhbz#1523019 - Reset password with two factor authentication fails - Resolves: rhbz#1534749 - Requesting an AD user's private group and then the user itself returns an emty homedir - Resolves: rhbz#1537272 - SSH public key authentication keeps working after keys are removed from ID view - Resolves: rhbz#1537279 - Certificate is not removed from cache when it's removed from the override - Resolves: rhbz#1562025 - externalUser sudo attribute must be fully-qualified - Resolves: rhbz#1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily - Resolves: rhbz#1508530 - How should sudo behave without sudoHost attribute? - Resolves: rhbz#1546754 - The man page of sss_ssh_authorizedkeys can be enhanced to better explain how the keys are retrieved and how X.509 certificates can be used - Resolves: rhbz#1572790 - getgrgid/getpwuid fails in setups with multiple domains if the first domain uses mid_id/max_id - Resolves: rhbz#1561562 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal - Resolves: rhbz#1583251 - home dir disappear in sssd cache on the IPA master for AD users - Resolves: rhbz#1514061 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set - Resolves: rhbz#1571466 - Utilizing domain_resolution_order in sssd.conf breaks SELinux user map - Resolves: rhbz#1571526 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.- Resolves: rhbz#1547782 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process- Related: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1516266 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1503802 - Smartcard authentication fails if SSSD is offline and 'krb5_store_password_if_offline = True' - Resolves: rhbz#1385665 - Incorrect error code returned from krb5_child (updated) - Resolves: rhbz#1547234 - SSSD's GPO code ignores ad_site option - Resolves: rhbz#1459348 - extend sss-certmap man page regarding priority processing - Resolves: rhbz#1220767 - Group renaming issue when "id_provider = ldap" is set - Resolves: rhbz#1538555 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000]- Resolves: rhbz#1565774 - After updating to RHEL 7.5 failing to clear the sssd cache- Resolves: rhbz#1566782 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/shsvuk1.16.5-10.el7_9.101.16.5-10.el7_9.10libsss_ipa.soselinux_childsssd-ipa-1.16.5COPYINGsssd-ipa.5.gzsssd-ipa.5.gzsssd-ipa.5.gzkeytabs/usr/lib64/sssd//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-ipa-1.16.5//usr/share/man/man5//usr/share/man/sv/man5//usr/share/man/uk/man5//var/lib/sss/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericcpioxz9x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=015d5450dd89bfcce6cf75622d25529216a9e59a, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=e6eb76c037a33a556d990783c1c8f8f5fb18a8ec, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)FFPR"RRR R%RRRIRRFR/R RRRRRR?R!RR#R$R2RARRR@RRRR RCR1R,RR R3RGR)RRR0R R8R9R;R7R6R'R(R+R*R&R.R R:RHRRRR>RBRER0Ia}ac<,,1L{n*s5@mc,/]Xsnς~h4w8%IvZR#̼$P ?K$ɝ";Ǘ lQ{QU# f"W?{V{ Q*`T/%vmVl? $M}'lGP҈zp֑! H0:7PI4F.E<~w*KL?JA#Gcw=M {n.Rtq'? )_G6HTx B]d X8c``׸cOR2!&Xq>g@C6-7Ph:V^ iGzCWe;FRyIA0qJ %V PE8AZl?2 ƪB42d, '9>$*5韅eLmXk+>4 r"tY6o:!IKNuHٙd~y|B0)[$S=#f ڶ7j5ÒeǻJm(9HDYq, 7EL/sb8G6k".̃Jp5քieJeRϋPF5kEXCC "یk Td`LZ CF5q!GZ$̹)Sb +kla&MrjmgP|. 4Zx5)/Xf3L \,Vky*oڥ|0. jx3 Tk^}aoh-=Suxn˽} |ڝ&*ԬB|]DmKΓ/ Yk䘏*K ؐ9\X1cQ:W1|5"R?eEw|妉G}5Ų>GuC3<6ɈEoUDJL'&]̺G%%ʅ ׆+؟m"lU'7CDc#uS*,]<(aq ぇHqjqG0v,Y{ |Is,yT2ȧNEm} WA\Og_s Wq+;Iyh|<ްz,Kz3&e_.\hJZ D~RˍK%xIi+$ z!z¶Q}&VLNasbyPwlYPaPGWȄS*@'UB;߭xQIG)IFsO? j1d?_0&)p90L*-=% [OvD[H :b[ ĻZ>}7}SB- MF b]DY-7߫@0We0ŅYS!-KŀBq%^6a9U# f. MuڳXr"|Tjzܯk.Jy(#N0$c,+g6qe]5t_ڏJ0}EDl}FTܿ@:e-\C uKXEA|~]eމ{HG 4L}rec=^>5˰8iOo&WSeX -5ףssT(18cxW XcMgA\YD?qVU_pcYo>"ilRC]}q\>W!Mn[?x~tCl4X!o T9(!vؕ-FcVkA,H5R}=PP68=UL ;y u5b3Gve%.RعuM6N`{ !N+2`L*:W7舊:21ۃќ6ޚC_3@5h0=AL } ,A8&|ࢂ{32ٺ%E,ZL9UhE_13@ #\'[K+y搶n^n*7 gTqq;6bd[-b N儢Pvp4tGUByC"9W!=Y]M(ctZhU4#b(_Dh0c/<-L\Lb3Y;# [hԩ-G8`|S;mDXXAX;I!:d}]b1rX`)ɴ K a޲z[~&*wb"n?v(>$ j=#1 ãIφ" 1(x!pM4vu%-88x'K.\P HZʧD53:ny drGl݂ 3+w~|5<P-oja! :\"ˁ[xr$p%mk[pQMKH̤ġVL9b>`tuU|@[A| X8V=/붷WyHqպnb{ioGD\ͨ㏈ B[h,|mabƏ kdجmeA`Kq8YGE3 pqǽʿ=aހT80EK4+i rq;0ih'b ۸̧.Th[hF7LbpCx.akYA|Xr!grkg>o'w m (_@FH^>D|Q}ʼ7*p]ϸ~ObO ]G +kH=}iV̺ek:xѪ©ќVmYSs<,v!YDUr* Q^ڗc\Bx4v9[W`mMu>#jWm*<8 6c=!'խs?xJZ&PԨprWU *GIVն=H$OBe|Cg(hIVx\1ٸ wgyq@A8򯹺2U16+KOh0x-$6\1YNY wsD'ɴ}R?.:ҶT90L4Y.bȣ8Jya$M0LC#pZ(*jh E!j͈ʮa$9iĔO==,FBVBkM>EnGʵd%ی4AȌ{ ٮƪo-f[ _!HduP_,pO ^lܛRTSiU.G&]ߨ]-ॿek1J-g#DCMÒ|*+9ńnC%gTuܙRXvGq&Gn>рd@g+uT:1x0LBhr&qAh9]gKoT/-HF{CҼUP+۩3&\'ҩ`tڧho _$;U Mt/F[Ne)m'SF(I뗰xXdqZPO'VBÑ`os {9Y?d!/~nϯa})xX̸,=JRK76^)Z0;t9J3b6\^wy{/wMl-Ѳ\ EzH~ۄScUR2Z#6JY| =G(; .8$"D#\_l5o ,r*zZ&?L#񶗰.)zsFK/cǷg ޟ[ B-|6uks%9T1|Exrem%T$<r9IXAxc]'=QG7XIFcܬͱGK0ȧN 8Ce0B z)ܨXm@O<'t `cc W;K5ڦ>J.aڝ/jM=eiՠcPlZ67*Ǚ^8:独jjŲG=i\nbv+6O,q N_ r/2Gmy0c΀gcO6ty/ysj+MbE-@&lQ7Z9 ju+V'G21C%4xS?\~jjcv@'<ĉ kAKX1|4_ ٧ǀW?E>wp^]P ݟ|_4fa@B'[S흏ήC=_6٥O",C2GhIkLJ+ TW*wJԍR;TQ+x3T"Ӂt5.9!9/ۇoj@g}]jL]dZO=ܭi2r\܈KJr4$^HI3"?\9iDJH :d{= MEM<̂PKjcƨ+~C`eKc/3Ӆ=7%z&zESOaB?_ApOr펐E6G]EfyG:=fq::ڤFpRƩC깬8b-7h4&[ɶ{IyoIlMܿdhnb,iD3}sn2F^c-Z ct8v,_mP\ 1I?c<<Xq&H=3$r <kn:W}X8T,]kT\5ŴR7 dz$}1ܮcw v zMsR}h))yi^nL]uE475xy .Fh/mRRAmM<ԯ#woX .EoUߌ dpҟ Űe3eEoFkz~liFMn??}!5y5{Z;|`[C Qjj@dVCbεP>T6;I {sdL=*[x;ݣԏ5z~a.7J["75PN7N|$n:lKFS޾aV 6i⬑TL>J4}ٕ5WVd$O=Ш̚15<{ߚ_6 z_i_&n-uu0m|6s }{4U"@Mbtnh\R{{٠; 8u? bwKb)}8I?zx'sWRһ[KnHoʾ@Gӭ&v(>cҶ#ZJ@;E+n"efZ(Sl;m V$#ftWseVy^(uq/ pf>e$PE>#ѳ|aĦ=~ufYȵ mkEgCj)6Ajb~.>/D^;KC-= pHiU /0f ;%jNxH-A3\ǝ`DIE'*:OY[ᗱKqu#b&[pm|=&c_%ՌIbItPv% ;"ZԮz C"?4ëKߐ]="2V섿I4V#hC=ٌr&tԃDpdqif$]v?TH4"w6uT* PCk8sݶ H~sM6ugvYq%Er&`}bN wTE?Ϗ⠄a -U&J`[UkFfNCkC0?dQ &__iz">_(Ms;%T:e#[8 x_qOڿ3ƒO =qa_@eC·I%۲k[8bRb`,>CqIU=2` d~E:+,&*^Pyd'ksqUN,jׇ-AFSQ,LVq,v 6^*,2n; [ܫ8+_l+}ḭS1.Y^O&ɧ%WrJMg<߭3!j/߹!(aha\P_ӏ ~Ybr;p<-rmG4bbgzEJ"CI=8VWy:3ai>l‰20h x')~^˫_F@z EU!T=zLc4 |B/U,z[ ,~Ua $gnjAũ@|!m%#u(o-M\^ڲx6mpo@2>,:Y:OҊpβ-J%jZ|Mw1pVٖtka)QEE~- pa ښ!X{u7+6F>hsZ$MV(|9ROr?̋iVt Gw^VB_ ӔRJ%G]7tuōہ'Q !y/;/u2"WLt׽SJ"<"ֲK#%Vw'8 n U lɍ">M5+q/a[4`V&%ޕKL' >&bLap%N>/$i4̐. E!,cKRh[ ?P8K`u̝gΣ8 BjGPuPT c M_пx\8ED .x.:?\93ǖ]7p^g0t+Qy[ ;Sn7B85brt֕Dpuvq%xuFtp큫T(tsRrHm mLasF7+4H_Wpv% ï wuF`L&F]v'%! RyF nۓF[!LG3.I>i::5ot0k■쩻n+zdU.c =kcIg}_jDt>QLB4W,4eCIB*rF_qwһ'Õ/!Hmݵܩ12rYޫIm7ÒqC;;w]/[EYV,aEӒE GLJXL^1ߋȸ~,p `U.vIJX.Spn>7T [Q+X'ꪛ2 @ yG;pƏ2UA1P|k[)w*Om4|;CrS"-9%u+8fϑk;"PPpk텒FH9'tɖڅ\+҆:0)V^\,gz8Kn 5G r>?`e7"`>.,ᅑfX‡-cYv^MiV_zh_];d]X@<'lcLx}j3F 2~DXMWjOe+5Yb`1F҇۩r;LrtuUb/etZ_iQlMNZ 6o{x3n19fm$Üz6p5/ b9JƓ<38Wkv\`P֬“(=^Sp-˖W33yl߫xw crф~:`wKY'n~YM:Xzi7&0C1IAUˌU"c=YyK? |c@θcJY Lbl@k2er0aWB'Pp=±/^DdzhC0}Z,'+Rx6ܵy30}zr\@{{r,h$ɜq(/UVU²d*pЈTl.qOC!q`hY.lvE'wZ곖*LZS< 3Cdg۩NWij=6[*kTaPkB$ fw2YΗ 7i۟`=| dyN5_}U:hLڞMȿ( jc5҄ ~ҝJ61UM@rObB]x*W#qTP=pBd[,K Y5dTw Lּϐ684GJs h@-#W 0ص4ԁ0i WLYwC?Vn: HAazei)[Er7墕& tpr+.sL7 L>8%z2ǧVnVNn6w. Hue.IiA`"3fה)"J򉜂eRyuzB!5X,kaW4TXIv?X@cca>>opJo]O6FW-ӉO#$5N8l@Ĵw;'jm$آ_`1 r@C-_Wąˋ:]# dK=؋訮KD k:*K*[^zx by"SM1T`̐%ލ׽Nٯ.'O8GCI|F 187'-\c/s^Qq e bXFQG:{^q=U< '5y`Qv8C(ZU˲pr$[./r1T\y ş yW5x/g(fV &mpV.{Rf].S!9rw% kdw4+-(3}VB!X<52e kIQ̵Cҷ`dlwRD2=e+viL,"W)߰!Zgj/cIs`i KGB EQ 5g &()r[SKM$+X %&|% RƜsA7S!P3eMqz:%ѡJBQN*ءZe|p!yQa.Q=1l++ݤd?{M(N52B[ePY*PNnR凪B^EvmuP|[0Li4sVs͗ 'Hߣx ųjB$OE>wp%: ;+Q5ed3n$(B~"g(j"kD(HStg鉼ʭO`ΈLTcO=:g(kÌ+u*yFM7n^TS!bLBVQ%OY9X dv^;P]JP\NKӵoڡ*~V4^-PX5խ׵csS|-X쭔z]3i'Tc.1r.!ڧ፫>7"; aR jC:|DpewHQQV:~ ?'@v\l,WRVWCɃK|Gmgg,71HGAI_Z螶n-֢A8>*ϲ+HںyQA9SDw;xA h&|qWh*kMd(QhDpDzQ>Z.0'TOE,n@:xpJwwnhؾqOP{~Q \&B[>1@*tqXONT n7梅`OO jh\:}ɤRf~Lj[;ɡ0 @`HمkG޻jr(ZzO6XuɰQGgf?.T揼xG܍zx@Za[`l͙}9,TV')A>2#p2XTvC|^h>Fs=2mGR"9a.wI"j;ȉ9\\ͻ蜤dԜ2U4d]^c: 9""uE;k $J2ĕDMz띏jog;kê֐Dщ}fp7DϿrlw*:<ߪ US3 W%>}mڼz (WɥM0; CA$q(Cef T?X$W5xMu=P?NDŵQ\EMv6}4(M> 켓ur(v ܼ0֙gk&:i%B<ԍM[BfB 7hX'Rc!Djjd楫Ӭ%a8y7ǣUĞUy螸BY[s5DY>}>9a}k'G`/B C.sD]fNY<%~(՞l7L_+WXC V2:'˄~ڧ>J[ЛkWb ) J'4BI{CI~k,!e8!׸r_>P;R@Wz%`)5e9AyxpG _CR1iGI]9bF@T1 HVTz dT"V`^m2QzYXe<.Y}.X?^0\+Q摀«$[&9SKOB_@ivJ`Nki6MGwo5(`+Kdnn#Ф/um,SM>⧄@l,[:/h'^J`y 2YXEK{")n~WiG掷4#u\`\7(k]Lm@\Xy \Cli V~&mk_ZiI5C&V)yL/ DNQoE2%!{vAܿJ$_`X.|Nk*Ǝ=M [`M? z2sE\fJ3H0rm@B?d`sEԺދT{På߰ Ng gM^6o3L*G }D ltfH*& mtjq"Fy50t ]2b5 |WźDH-T`@,L i~v[+JxYmQyʨzQlG&rS2/BIAھzcBT" *׉!c ߧaysyÝ95{#l[6=EQi[ Æ)bT5~j/G%/UV.VpyŤ48^#\Rl^-婽 3xisZML0~YDx\Zn{bP) C%jmF STɇs"V۶>!dL$_a>!Yv&m3[R=k UDș5R/|Y/.\I/Μ7ȭ1Dx#TV 55Cq E0XU -k=K;ӤoV(oF] ΓMCQuIWnhP?QP8L%m65}ݓ7HtrFөX>Al차%#+;|Βp0ëgXЛS0֏37sHص;3 Eo mTˈ-4«Vl05KyKh+Z#SU# qVk Ӓ@~ WK1sêChrM@ cYhv='v(=ŀJXH5Kپ4ņ!.žm~!EߐխA2ǟeruS%xjlJV'/wAⲧ/_C*mCk|<sz$$}ђhREb,;[Kǂ9yn^`6hoЃi!,A/aJ\-p42,u85(~=8$~?H ocO[GU#{s6y~2mxtu5l:_[:>Q%e:BuMcfPku۫-qd=\- #Rڤ;mvFJՅJ>bɦN{IW5Xs&]G Jcڻ9tG d|6q+v OmMNF[H?""H3ۨ[>_[> $oAm p߸ 3%^"a4pIQOD>ewGC*5 Ji5Sԗ3eQ{" 4@GBzظsX:Pv-|X22 xYAc pwOI1oЎ4O Q$4VE-r@IbC,Q,7Ntgcu!'־0%?d}gVoOLG=F@o$56JGFׅ6|Q*4JQNJ*Q٫݅^WßvF(w(o|7 _ګlkzwMgDJ@%<ƞ@due=z\^HwZaz e I}+~ߵ歧 $~#{pw>͡O]1]ߤ. (5k%0`(`K"f-SC5 x\G]9/yZbW}eИPU5[/2t(ds oxQzGzhg@=XBj";\`v}"5*{p_]&WREˋOμQ̝Ίҧ)3k/l:lLg._kv8d[m΋|WGfr㫆KaGFXqJB%hR.)={9غ''N:Eʐ+{\Le2+̶X=4<>ͼʣYR()$.ƂX[HV|:`;ݼAuPh9\ϙ秠AzvRg>B߶ ;[ S r9gd D9D|Ϫ\0kTu2Thy{U>;Ɜ.n8I dɃRAC8j+dB[Qg A i}¾[7sw֣?EiJAcD&/.=}"R 0߬׆K `[=#1oV=ؖe.QQf_VP; Ep|+P!SĞj \QZ{A3G5v7*IN~+\{gr6/C:g5VP77 #d_Hz5&Aȁh*gl3ID Ju&$l-: kOz-i:[i>2s}0 YƣZs3E=>l"Z^ŷNo@q];;du-¸D +oO1~ss\Zx7IT~X82p.J+1N( $XjJO B8-[gСaQK@YC Mza'hY 3zur{|mfW=|g`\Q?b> ZϰNѽ+k`B0!NҚPn}2ꪊdeUs9-zvbc$QluCK~HpqmVB9nmA.9yוmLSnڜ+xLY7pyA`Xa XA"R[/o=aH;Ix^p+I~ :%}S^N!F%+De*ikN9f>Gz |l;! 61?$^1mhK>&J`¼)M,_}6opaM(N)~FdBMS$ Ülcl҈_PuY' 5v# YB{hI &g >dU_Cl^'xAO:dV6ot 9-0<6hwR*P|C7֕BY<0.=A$l+I\Np;[j;TBjmLc6 *@=WBm]" č 7,D)D;84GqGr+qZ?$_ndՔ!Ǝ =S5 GjQ|\Zk9,/Տ?dM5;έI'j%} 8qaYݡ%0T,f3|4v:n0jV՚NJ1%nt = oqL(k:lraDkavdr1RZʆak4} \#jSʫ[Y c~ՠӷ @e>ƟVNe] A1HַʒN: 0 bjuL;S8L]ٱƼY9gbv?ZғXa+ A\B{͠ ྏ[i d͹M=k LL}*F:9iB*YPp܏V @dj'^YB)-}C}WoxÀLClI,@%1-e9fJF0ҿNOwPkqu$|s4 {tܷ_V \+ׇ&,vO(dm/N;tIXF)Dy~ˑhywDzT3n/;A))R:tP' U0g ji5Jj*]>d7<46mV#ت-/KꔭHuKᐭ~@q[FZ )XsoI)g^Ox5]SW]JtUKeG۱“_t 4ONG^bt-<[ Eڲo>sy^rRgAW'N+#Y^lj#3783gʱsܚ#:-{J؀7Jk_˳A(È^1 RŎЇMp 3GYbm0FzW#B)9c_@wwV\Q:K=<)j Z:ًߢڵ4Ve|5$^^g?R,6<<{Wrx*Y1& 9.Cʏ @g:Z7Q/&c&¢Kf o d'=,-Z*&6WE fbB1 3@nL\#V~y9\OV+^,%Qj㨇O-ړ)9>ĚUgd緌;uk{<AgIA@KS׭`Tv&e]5Ⱥfdd A%YؒJxsPY '#"#>WAΗ5L^xt+VmI)"}AX]Oo+;YxS j^T$۰ ˌfTJHG$*xtxڟU:Ԝ֖WJsnZd׫87p^ѲŠtF"tb $W?[h(0虧 #oyP]!"KGs4y.Y.T,ʾ92/=D:F7 44~2VX-|Xcgi!E?V\&Ƨ\U%Yi1˚ ]db5v˖&=mlw)E߄O1O<ȗ/c~.D*wlLjoۛedNI5] EG'߯Ѓl>TFɰ #u PT߷K7#nl4"Kx[ɩWf${|-|ۡ H}ve`7c̱k*\mm=ža=Ru8ʎXpvEy-贾2伝"ɛ('_$!e|ob%-zӅ^37v5jUEj @e/4"[Q&Ghi^ ETTrG1SBN7kȂ[ {Caf Jy~y՛9F + Ȥ0]N|'uDtk3G<;5bI[zL>UO͕Q!ZכDio(|!`2a1ci&,4X9s-~ :9]eLYh2\p4*PZ?̦zK D-kixeñʨM S hfm5Pv 6"g&#n.xGO/8>!xCEg'#[_dc4cxj3cCSi㻏N9i,jۺ3*6 lئCĦPQy#9"GDTbTUwdonNJrӊ8svջI%{P j.Q, 9BII7in"dmܲ"#Ylok}J_ MWd=BӋ3~iƚ+%D]}pskh5_{"dxHFjL١ٓk*鯫/[;*4+6}*䧊hddN検ʋDnATP$ū[sn[|ǪG{ŷ(܈ [U0,o+fY.(r3 l!),xY9]^{'㊂m,bb^ oXPQ1õl}i~ߎ1x&szV ]һE~6F]ja| y\+^J- L&tI A1`I ўTɿwP=rl@86& V=ƃp GddݯUVʲ_yL r+TuUmuN,BXwu&5Q!|Jǵp;>rabDL܇ʠ"F+m UD-aH Rv,)8Ovt?R 8w_d+HChU:~u#`FY }ٶ4gÁ7]􁥕P_y4qjvV4}yi ˅p:1HEY8ѐb0}J|jF'o`cWO~STxܜ$0LlGlT;>x> Ŋ^|J/hcBJ_6^̓qy(|+0n_m8T6s0SRq6U^mRģz$A`|퇓h!{d$!8N&s,V9!N5~c]oTڿ514.}UG3bhU j)qk{28 3+n`?~Ln0'H}ΐ3/ 6[8=2S6 [n,x]y5ڂ4׬0y62̪J=J62C b\a@'\\D+v8wܸWk[ wnzG_0=z\5POgvlRIlvRS0XT,Ezę0R2x?7b1]IC%kc,"3RFAC 4P{cƹs2]oxi3lCk)tLDp?-w1]GofQ3syz$8Ốm7ງ+j'Opn2%O*D} pmT kxyv72-I)O){{9B$56 H>~ys- }dqaF.2e=*Щ**Fx>(ƨő$jh8}M+^X636cr) ԑK^Mu90fm}`qӋ./Y&qo|VasրQ+q(4p&h jyϞ#]>Zq2w3݇*$&Sg\gn+Cɴ"Zi8G) cI-zj ߑz&*փZC/&vxUsvkN5&IEzO8o%ˊK (Ԛ57);5.NQ2hrnKQ.tG<Yq(h`D?6E΢&a7#-*"Yi.>!a0W%[.aW7R`Zic,uXqjgk}]CS0^^3{'nD9O49r(yW|z(Ma`+Uf5ʹlXgM84tm-RWE#k~3LQX4"ҟqCs(sE^ۇxB Jolcu,Ye㤡Ê߮8z; jL9k{bfbJjP?cLMFHK>X /\x,&F_&z#^〫5"ubtxQ=TDjBFT}A9AKQcŵѮ@ qHH;7X^,Lئupѿհ%d^뉍!ް{kXQ/~QkHYYbE&/yC?ϱ`c3'Ȅ{7eX:8WcIE D'@?"H?x 2eC HI tB\kzA 3%YzXyF}}r{M3S4k,kTN'kS%FyeRNclkS*>+d '|B`QNJJG9K%M 3@*4WCE~j_־wSdޤW]4ypH}őjM}}'Ndי3` l 'A̖^4%#6kCM?>Fg6k]noܔ &3b${N]x>^W2$3*@?[*q+n DvG%K|́.*PP8b(frkr;3b}Xs0g Ck6g>4#;K`K JSPB$1:D6ioo82#F eL9t]|9?r(! ͛X٘Vl}W\7wPjL8$$I)n$.SAQiJИ1JPڥ93*ƒ-*ü?Tє`qJw?柗Rڗmrzd }:R{"bcyϨXbʨB.pR|ieT)n)7Ggw?!$~Lna!I9.Zkf2# wTjb?ݪ]xjF:@=I͌|#\p4ܗTnCUD?0 &5_϶>}M!Q#]!eR}Gս i2,VN?#zäR}φV_L? Ո{חU5}Nu=,YsH<~[.t"ɱZFbi']ѕblP!=k& ~TO/'A[ w:BXr|UZJTQoH:&L4K;ehu Uy6vx{Z؋8^z- w љh/NiTy~N!6RUYR܇U5l]\c \EҢXشq"T|kY܅mɛ61YQ˶]L<4$҆AX㰠+V6ɈzSmG%Lw2swhH:ZS?BvGV:MaA &q# =[@(W\iqy,<7 0ǣj:,@M[^FMQh:M.}KP-s}`ppӺlbQgdʗVc  ߜRvhGM\@ˎ^2]J)xHLD go^%-htL'|f~<uzAУo.a.C:9gֵEs%+G[)a0"$O.-Ky$KVD<dL}xqj : :4:dp9 l|:/y uk(l8%vs68y <,S0buz6my K).0s 6k ,Mpz5IbXLh&"4 &M |˔+#g9&?%CWx8|; 1B!zaj,lFNJG 6){ }IU_J^|K wjT~\)ATJϫDM' w/V2WeuiʞaFg]#-LMw{ZdDh0d; qKwCkL'%T|I_dBvOKLRwIwQ28;_M?{_= l#~f4Wlٳ9xwI:af~7q?].r t1yyٛRl6Pn^u-Uh!ۦ-q<@Mpsv>>S\,R^l#{~hQ/^Mdz˟.h~%.3kOtk[vVc7Z&@R%??0!MfI_3^MB?o_NfƸj1(x9v+biXxRŽg&N [ݬ-;{Xs"VXN܈QZvf~F fPGvp2zL`m{i5%[*|13j?^6l~2qvj,$7(, 8+K $/a蚧շMd<?T&QػC50Rm@jLei',%Xv0U&/Wadȑʶ!$Etݽ\Q;jlr˸]2TTZǟFlةyhH; WJ,j/o}ûS;QRo%pGqLq䌏qoWϢNg[دWM?T;gTvUFIЙ2JϹ[.˖*Enj֭K% N bBe:$Czqms?JY3ֶ p)ִcl0ڕwQ [^e:KzC񒃵mx,ߴx `ycCS^>V6O9 P2w`HUy@ģCiBT] yډ)BeRP` W2ZAR ÉEcpEJg4[j!Z[=Sw`wK$+{[0B\8`gYi؂3|h.XZ4礣ΉO,uHj~4j0vJPS5ޣ&DzmE+s"0\l;}?<*Z03 'b!U Koo)O٫{Xl .}kɟ°MŮKLy9"HˣJd~%^i{e{~vjt?jvI{s|DG]>5uOuuO!A 9Q^H+*W&N'Sxe6cr5Mtbnp]c[R7K$ g e'pГn)k]uϋYKhvnS!=s)$КX @ t8~u¦<Է 5wp3Ţqro D!4%Gxk[ODn/4xÏ緔rwI0Z`=;x8p cy$Ka"sє8\"T? ۭK_<#Z-I-P~IL@h%[H/D&@xwޜ']q_ ~`ӔUQd2_zKJ?#VvѻO}77T]//\ 3Zf9ބ ME3^_cU9e$`phiTAlfu1'ޛ0nJVM+rю@Z$bxu,kb_= fArj^XWG]IJ[~{Y0eI {: [OGl&.vੂdu_6s̙MB '|w_XDcd8n=lSxلL?*| _7k%N%€e-M TfN-if}UXCV9(8{mͥ~~v\ ~p.c2L~cPF翨/=T=+mx.."`+F@%<17XPeny_|^Ϫ96)lIj5_]{۱ɱ<~.Ʋq~afa;TA}Q8XM \.*Zf. so4sT`|!Efw5B.C:gw#d걟ai3@\9YnRbv }'ס'ea;ɵ=0;OES~ zo3[Cú/ІӨ25a;%Kay>)WkGp'~Dw^Gx>޹qDw͢Tҧ+/udOd#+;4> ?f4b`#' \8Q}3=Ln4baeNԂS D,2P vFo~kstIK{,}yKdA3t}' O >]=h?x`Z:zNd`cՄZSb%:,l}{5|[e[?rP' :辖{1dm3ܤ܏NkjC~n!-`~Oo*k M"cӵ*Aׄ3hU` @΅,f괰=Й P1 c.xYL߶OMX­c5n.oS`( )~jC}5[Iլm^Ñe~c!<\N3NH=\ T {A'7bqd+0wL!_<aoϻ6b*1Вgn![֞JԟY傩.9|'J!8Q}5PU_Ċ_˖y%`6|х.dh/_) LEj2?$s'Ew1['_4-G0«X gWJ_QeK3'|.甎,{)@b=䫜–uR̞0 ໸i{:w_ W-TWY=.%!I "ﺹGw9U]mM b)mvHZ{w,nGOFha$wL"^LyF =s`ܖ!^/zO RlQcv{xT2Im|qtiN+O]7"oB"SNM;Pf*;cHBX$ 60vuT9h?IXQ?y6wv8 }tN\?u a`ķӴJd~d5+ǪL*i7[p%󠭢up3湠]PS[r`:4y}掦rH#ZF9u ]]Wv'gA,T]ف뎃q qTx:d>>,0 Uz.T;3E$4qlbq1?RJ2_|UXd ,lEP-uB/';Ӷ3Z$xru55!V?' ѩQRunB|E7z; \U[fm=+@U$@ZqgE㦟,VDv K!/Ҟl:EroRaF>Qz3ڝ- ?6q3CR|'|dk:_&d]eȣN5SVLs!()拀Wv6j{V\(P h*mhS1JmU$O" x-f.^SŬ}zY@f9{72QXK+H~2^1?sNr#8\X d xuRjnNRIΛtV ;C5Ca=|w {=gh3L>=3z 鬠bec#0cIDvڑoa,qWiN6"xÐ t&ó T`W!{L8|"7kIP ~Y1¾d:ҌC劚qNe/:rj0"]&壔 w9DJ/G:]O`rW yƀU]׼ŖSZ;h݇i̺c'A,(N#ċFk 6$!fRR*7z/mDU7=iq EE1vMo((˯_)`h-=֓)((G$]qEyOk +vͬ2񉌖!zBd)i-?2<"iZR9>3^T/grfꚕRgI ش"V$qɰ3l:iYTo\Q3Y<:oYot^o+;Zm.5`4U~N[<~9^-^g {~~-{&6C5T{̈́..*C@z2ϼ.:w7Ks\" Ԅ!;P}NdO.edG/o Q~om!<\ ܥxcrÌdiIA)*fq,7B3R_|*hx륩x~+1E'aV`\oE?v}!܌H(^NJ=%%6Wbrb[$9/sFg21R.oyQ34AZq(M 5휍#Y-MhOmy* 'jz62io0vi{׵9)F3 nYfLrfA*0ek8r"T 62ll7=NG谭ȼ?~~{bBff=ACT Mսv=* `'2{h|R?բqQ Xt}EQL~^QJGLd|RU{6E5 ݾuZ7gsWfND*(9G)l& }Q.m- ȿ~n? N`kHґUBB$3=Cς+ w-&x1%[y gRRwn\Tϛ ʔ?B§CZ#4ҏep^Jx*J=_ jȲ9VHiEٛD8/q(+*V&.[e?'݇J-hzvmY^cK?sV5#ƻ:vyWǴ6d䀞׳`N%&h U!gTRY-F^Ft0 }W= `VDVc n+_?ŒgHnoo7ܡI92áh@ +_A8⮡%r*U0RX<1Pa9D* Q9|+L*Dp@7)W-" _ ioG-h+HGJmKzMǸjf- DMoV:_t} G2Ă`|adyf&KCur  U}@0N;w?8#HL1A:! o~-sJW @.ĴdP# MRKpa C2RWURQƵ dO|i ^+oZu @Kw9_౞m}[ϴ7rCf7oH6@ T#d.U J:NY@?CTe視 v::  ~5YuwZ2dĸjb7nQ'W x@ bpzY㣵(UNp-Wo?—Օ * ؄rs:(TU{8O+S,1{Aہ=>qS1u]1ąm[Yh>jQYkpd,-гjy#¹F˷rnWg갗l5 WE|o-\B[g 9%~Uǹbjg/ 7DVR %Ԧ+4q(Ӗ쩑* 50mi$0 f A)QlC/U*esCi;8n*vnv}E G6Gu> .=Z{PLwZPkEzTsU+RnDwMv+?&[6?&9Tô"Li 'u\VЬd.UJ'O>O-7r) U^X8=TdtEJ)/(x,(L6!^ ?#P[>vn(LE'i-Ca+'쎍2$S6DHr1Bim^+;6Yr߾ECdXE^,ڳog#V!7L8D IOe8.m'θHE,p9Se*8S868#z0\,4!ϒnkQ9H|p<=. qQ;#Ys.Nx+zgfhkm`8zS 0$VENH&*q /~P|,pc=Rg6r zS錜M(GBn ߵy: <~CD0nb"p^G3!@"f_.<&'TU zx\G&Y0tWCyͰOƈѦ XR_ S8 y,W"+V|&;ԯz2 -g_)j^"po /e,*Uϗ ~T3bXrU6F>MV.Qe'P~fY!H{| H%+zY(.vߚ~EӔOGO9[Akw9oCPMLz#5x2tv.,޹CK{r9S*GzZ ktrN UYf7_iJ`K`j.C uΞG;LFj{Iʟ LhJ#@rƒ;JyA-̴ 2GA`f x{s_p^w!{%EAδ'Q3 Bۢ]4ݘ-|d`NuLyU"7m'{8~,5ˌ}K{3Kmff ]YXBG L,Cy"fׅ#nG)!;&Yz1tlj!VQ~ܘn;X<܈"W84CYj$)r?/%rb$.wC(mI.{>{߽Y2${˛^=c8F:pKWZ= ~V Δ<4MnħӅ(&8CdisR)OYZǟ4q뙀K۹'Tqڍ1ϼUg^D9f~o4FJD.B q3.*f!i-.sRFf B8Tn8C;eGT UG5aXuA&dxz\9߱-[qƩRl8b'<$|k* ji{|%k .աQ4A O/Hu)d%m^vL|3M>60Țer#S#/w3?%N$姚ͼ d>%7|lay8t- 4 O$hN"NUw;C,\li{rhZ\5'>/1|}~ٿcS+5}|i\a@Z`U!6]T.F5j)ɅQ8E9ReI6EMaB ulw07 N1Tc9+qq36IQD + }0 ǕnUک <$N$B߃ى :wڿ7|sxG TR8U PW HkByewP";W|ˋO7,B#~2Ėl No,$ʃ-F m2>7ط{Kh]L WNgNaW ԬB=Xs`\b5= |yq\ lmZQjeUթ?b jpHڿA/Q;μ!Tbtqmi)ź3‘ '+F12!J==Q&TrwDFrS rZQ$jf6P%Fhoٮ~wo!`MU|3K?̶B2O1&cPg, xmsf/ j @s G~̽Xz{F'ۣ@1o=4svx/)?vU$EavhH0k5*&^ Ĝ(@-ZBMP&CRP`Mq-22`Rt{o)KUf7 72ޖJ!] (7zv.kv9PD^l Mk+wd7hJvظ!q|Sk฻.cA^ȟ#oHWC?gL{ sia@1gd9d?Gc&xmgH 3j 6b /+#iG5oqWm#1Hf%Qn)WR X&‘r7Os,Oj %rԚ]bEm`KdH1=ċ#$ߛDGG:DVxQn 0FXPmιNKRtH9k?ݸda,˧omo"݌3~~RN GD{fZםvpN7LV[,aV+@x8gDFMN[uG`åӫi-de#wkr= !w8)3 '(fIւ˷\;Yl˟w0j7`[Wq,O_W8 }3*?M6dx|<@>g U7zLp|BмG*_>.oGtH$t}~,a{tleQWa}dkNXây{sŒٖPx +;]iN*~c2bXyvS*Q>̗g{^2 Yz'c-= ~P+,uմT4)-lrOY;8?(7F9o)%9!&Is2n(5O$5}lζć/Ů(ٝߧ+ntˬS*ҨPλn8?5Yy?/;_j>JP, Z8h7.%:| ` s h e%NNfB%-L_fc ԧl/"}ҍ?=78IiTXXuE.%6BE~A6APwR-0zO}wn +cGevL,_ws>\QV&ڛau[^/W ^㊰ [k| Q'q b1Ortө!y8C'mo#-Ϳǃ2o"g*@އLłI1jYȘFB櫰sVnyxkJΰ5`#T8]L.!XliYw?9v:@e߁^t˿MftTcN:/s{Nk qpt3I?,dG) ZXQ$ ߃aW1+&ەo`IȰkb!1B.̔_}e͡b߇CČine.Fnd#^Salspً_zߌI>?T:+ĉNNxbB"5HjּW g]kB~0v*) *+y[79U)g6~4bFY((_heg?[VHJؑzʇd9: MPo)Vw}thkb㑚.~a] 6r1Д7i;r.Y_%i?<ȹNM"Xk(=ׯ.Sk4 z>\#e+-5hJU™M|xq8e0O7Fkeq JC5oi68nv +ړetlQ#9huV)e &{m"k2)yM} tr-)&zF7p6K Ac `Tr=cJH5I!4Z^Wp`NHH$G1qS b"~z6FwˣhY Op:@wnҜn# x4)`5h]L]l >/㜦@K/$ - gNaN[]t"{uRg#?'~ޅmW'D@TS ; U}ӎ{ʢb@FNrJty2-חlQe*R7J`Oh׶%*ӘzˢH%y)8U,h>׻Z6kWo+W/$fjʝ5Sł`aԱ }?>'UAY:\-WpE{7D!Rpis~§#W[UM}e Z&[7I 8b&)ޱpy;qmż n-V? :)m)Y>`܎:ԋzpǖ+O@D<>zkW x-=E:Vr\?WJ~Fخ9 E$f]&82V 18gAVw黫uƨpI"3.K9k0:^3w^IDf0."Lt.(K4I~{GTo&c)of%libl8P@HxxE8ggYW@ h\+ P݉\>\c/>oM=B̃cjZѺutm0uT1i*1߷XQbQDf~Q˛7ztdPrȪi\HEZn0pAۺ]()q=b8xĽ\}6KPKÎ}s^;z7(u,n꒺s 5/rEUە3a,F:HJ=>9.K&3SP9mB~t=6Tӂ1r'&H+9~{l h1ZBE)(?N۫Hz}oc)E^hb?@}_z6/+v,@N /xmt :N0!uNZf`Ӽ0~60Z3@mV9 -kR0e!Y ԁMauƢ̭1AB^GD:#h‡>KXEcF[T@(KK<{xE=DµL>=n XsEpv9Ѿg-I*-oA8)uXe*w ˸}o1(w;+ (h\+ ?Darɡ++3S" M+~ײ[ @v-b>Oѿ?Yq)ҘպtB>2RH5\?aŀ]]o-[@!%Ï8`};4Ƕ[vb20Oxm[fd.џ Bk?֩j/q*)S̰]ӽzc\& fﰱ[/$8爓p')_]ܧfK+ fPc  Z0xWff\oD(T粡 ]E"U.dA"7.f7ϝDmk̵}p~A>n;z|_4>‘_u7^%zeN\o.,T.l԰UlU{鍛ld~IixP 49qXW-ie; Vw"b:)/doP늇ҼڨEI O(wCu 'oVE|WS북Nn#^+\V"$,9성d'91[3KKy0$$ai~}jjEj/H^ ,݉R-#% ڢ2^$ 'q넥qq\ŕ=r>ȹFX"݊1M`)E@9?sBR^ Ő[o0I x潞ql^뛭6:$j;$eɱdܱ6Yg>$2nbC͐-׸.^1r;hUUR#tS2&=e-/Hm^RjLg!"):r.F\TAui/ 9ƬvtN[ dڝUWD(M?VQW}ؽ+`>)5FMH_nKmۧ)fLmyM /âéuS<& e5dYl1kڞk4իeoe)ǃI~k ̞}khbFyxǾVGetTZwAt,Q^HG[H~gwRBh؋gBTr* ( 'ky^dZ;?C!$4|IC iL" 6tG뇎3}ߔ5;Us _ tV+b{n+/ y4-D6N\ટ4XIȪرW@%whQ2xK=}T*Y;/wYBԈr84d:3رrQUJ0#Tـw >k2xxŕȌD* e  ?#:gj?6J {zdQ_Ũ%Isaz([ȹGPǹz\.8J=@I)z4O.NFjQiZ~ W1ANt7D޺Hw.LqkF:/oqa2WNPA@WO(1t:`ElGL)M8/zsUAKA4t`ExG 6/r4wf{8],H()⩯YO◷<4/D TY$;CMLX"- 0veItK)'6뼍.:P5)||cD_Vrլ7B!0e2!S.rqI`FXz?+0F|t,s d9wP%匷ƕrDWeSymЅ1CZ1 x,)0aL EET}z $9`F)zŕuDM3f1@tJ+'j[-6 1\Ma4q>Oۗ A  (4+RY#.f_dDkŽ?𼲖@ % l;3I6N S+$P[ 2ƴ`(U#oQ#(3ܣ\nَ'1XzXC -_M"9zl"cjI};}uH. .a t<Ĝ Cq[Z⸕ѫ2kNŸ{*) ug}}#Ӝ~ȇfySe(hYor)r;pL󥾅ZI976| 剑#O/N1P9*0t=T1'gX` @b~b/ ܺa\-ElL8lWk@'~;R*AtP Ѓg.yb- n$mně[k6+$b"8/AS-5M /8x'H#6kF=c>kuBcjLFOJ14|h.SP6I=/Y`w0:QMylO 0fK?#On]9r kHRYBeFv"|}^E/!Ͻ,^n,' @=b` RV'%;z|* %5?*9FpPZ!$UMfSgPʜnO7ܨ3mq[<3M Ǩ'u__vڦ`#VkOct3ف/FrdH8dOAS016+ J0w4Qo2⨥I I}}gvUE3Nb*fv,>$?,'!/ϭZ\֍w> ?w>:3Xn'Ցc:L "͢ H=_ʕuH* қ0 %wk"> Yu$1&s݆QďLNӂ-vhø|>ⵉR?Fz> thQT[.0 {ˋ-@<%gwאQ~G'řH{@#nO'4_*?@wQ\$#:A\7ևյv ͘L]h  M"~G*Yy?^+tn?Tl\_볦GrV b0 IbfE,t:a^3 Y[$޿s) T~}?\$KuwثL04vGBwT!jƤ .cxj0J]SVH[tORm(аx>SF1M4oݷt"WL:b#+MdǞf\zw%!7R@F1bڻBG0o ¼.,b8L{mg?MdA 4}@bkf}z@BNY^/n0^XSKn48_ס;!Gێl!Ɉw%v։m; $O]*/gΏ3g+!>iu2R;,9OE^՜$`mGo~m"?A_ ԫ9rQyfiG) OަyY d"75'別Ⱦ eصb>a]]Rk_3J縒߾GV p%sUe$?;1gS:%qΈKIyaRL= f6(rtzrcEW:Q3EuC"ձor@[eCeHr@"g_%b/&˺/w^zoӇdz')KU07)iŀT fYꜞL%TW̻~a0svPRprеUxItD]ozX "43" /!#!5/{(^xY_7{eӰ8iW xH?`D5m)%3h-]c=D+ta=nB|: ,uIY_SlsT$W_7Q' mR}4A UMN]APEVJnQ\xHqJ& VtLFߏ6.*6BԎRCo7cN!y^@>ւ1ΔDm sb9a4Λ9N`HiYDIs[k5Zpw}d9]kn4N#/|*EM\mξؿ?2]2ɪнdrG_vovnS^sɓ,Tks93\`tkJ^lԏhh ؅M&˚oF揸*\ZW |$iK$iMs UHcpTClqW٠3vJCcVn#$~QyXC'j "MY/l-rm$fݥd<("jMS(Bz:u v́f8Və'݋◵] 7A /XUhK[蹬b-Ni߾/[3#vC0z Y.mMmZi՚_n7uR?Tsb;ruLć*j@Siv?pⷉ^͈kh#N>봂>!o%}竫rY`2IGa%ւĒw`)/tYqW$=!ZXq a\8*ߞ ?U?/Z>3[u<ژxdx4(؎v`a5Jm6Fz#(j>ga*P;~NYd=j3fXW?:tx't]YGj"7A 5Rue0!"qEm? +dE) /Z-K.&rs NgG~ACuuc a8Nxra<4~N/@cޓ^-yDQEv%eOl=*{p2Fp jQ 1!x8Xɍ/pi $WmBr ;;M׼A4i Dz,렰Ѯu om:X81T| S.Ȣi(ELm0ݔNW"*Bu Hۮuz*_}Yv ~"׷X7z *l_%/ңh嶽:._ D. ,)}LؙƂHj?~"ץNZJ<6xHWџqg`jހbf)g7$Wxw(kU-q+D_6\u{E0I: X*G_Vml*xC#YC;]Yd'&Bӧu刕Uul XyK7Jܐ"`SVOOP#J7HG"#[{ iݑ8@*wF?FF[AH-+; xǠ|6O[g;֢X E Qw%Y:fA"m ׃EGQ :Q| CKR&: U؎MNdήՊU޲doD ɿ~m0x)tq6dUJIO vY9w22c<Dz f!*e|DT/AkN{`6ls|m75>+z0GM좑S`/kja8h\%&\`0B}qhEo~hEBz%D!J&V'{!UزcZ6wd`e(cqq=+vIjU lZML0Vps/Ml@ A}E\Ҍjrf2IM'Fi(;& ϋiFQmb6U3s+/ڟJ@剚Cqa, &2,څ!-9qf1`P20 cFrORaeIuaoaAKGh_8;plfN9pe1^< B~X GMG>KBn*Y5NnAoyjXсssԯAy]-=S&)}2n"]A#D7w4.Ւ:BHv" ˰QG9 %6,hL;X* gjqЊ78T `3rL|G(kCꥴD˕M1=xZa7wyjTl USkYr4,U>{Љ`q,4a \eU@n&Z5Q,浗1/ﲴ{:S ŬG4$X5a㶋rWӏ3 0&OzsOYdr< k*o]qzyyk=و/ k\ >tsCa7 OÀ4>@~̒M˴W LݡE K*Re)XN]g0'WzefSմA?k CK@2JHwpo7O 5^PdLyϺNtwQk2C/3j%?d/ Z܏j{ZM>wVw!=PeLխXD5-a}{bqWZ0'#cL_օdRiN!JG$尭G51JvH[݄ *ՠH4վP/90:aNr`ڝp@ӎJU u,=3=(2-{I#- xlt?%բ63:4%*m]|9sl)1n +Z8 s9M:n`?,jpl7ZJs r#Q+e39$KoxEHe]/j%CawI*$gkucqyy(>;}&{ Ћ$9$O z R G.^`8FCۈAv;0ϥ$ 1+Ou([ʴ7'K+=E">MC@~lp/Gμ|,ZN6vvO,4I% uNnݢf%w,n߄@bf. y'ֹo+D֓=4 i+H&aK}7쉍璧̂86eA\weO񩗰$->CSο2΀. Funw3TJ>սթv/s8<-мz%OR%_S/C׫q e?fcx @} ӍxCPy-&?qo;Nv>ޒ LTZ.FL,A+Y_uq-Pi]n7H0 3~)[,ֻ,a&Wl\t,f*pΖ<3+EzA ߙ~оQ-bJKN­@A(BcTA7g 7-`,XTH,OkLfݫ *鰰8m NKsqZ! Scʛ7xQ:GP4E~kU qYg%1xu51uZ/5Ї,5u-Rg9(s]DyDVFD_Ġ=&v;$o0+k|Qa{ ' %,T屷·rTD@ bV@bge[-H"6xYA#xڭQ?GGHM4vYWs,4 UXc$J-{7xрUE@%NcD~%͕j oN{\sThהY.RQ;eb bm`=!5|Nr>䅇&d/R +$,δy7ϰ}ci _•S=o g^TL`fKáZfʴ@npط 2NeqxfǗ&|dgtbCJ5?Ύp H;mf,U+N}ҍt+ҳOήzJvvYP⻹QͮwUV~yLd!Ob9Ƥ埦^1Q؜7(As V} uՕyX{n uYy軪ΉЫDnM.,k`C{]mSljܿ$G Xe<`K͕^gv+- |x=zVc:ǯPHk-?fɥNIhCyM/5&V$Llz38-ZMѣUң'H?Ңe Wl2Q-dd~` Un&u1R@1 y"0)loԤI/ёR=>jv(KRa'֍;1-L, ;\;ױӭ|:/0ŘPOoé=TMu$!<ɐkO߾\gلit&&^̘-^}*6Pý=Z|-stĜ<020ri,Gц2= x$ G:n/-q&7E'hB/~wv](`񌻿| %I BmVj?O,;d;#,(L<^>ᛝPRe!SK¯?7r]GRJfƓƀrξRVY'qg{(l?+`XAy*v,Z"WY͗ T%%kѐ?jP{( 0{,VXP(A@~%1v1A'M8|w*_>Jk&F/Jw\,wU݌5 KuJ>'۰Y5D/dw k 知<8C IE[KZ |Zk NmD\M`3׾ v?2x=輋Ԩo&j\WG6V"3WJK`nKP3ՓudxY Wܻ8Yۼ+pelA$EO 񓆈 Z!:,`J4:,-[^3 2_:<{ b:`iw>EĚrs1d&N _m/ |%JW$p/RƎb "x@ Fdh\WjbAz9O7hz>AwKS3.A',Kϲ-%wUM҂г.r2_8%PW6c@?VEV.LN|=LH'&=A*;iS~xxABM9gP$NtHh&iCcm^):BQ1-sQ̥7H֚ˆ[-Tq(۷%1"kIDMJ5-$ !Mc5_5:GbJQ P){P+RsrS c~lީݨVP_(1`s:hw^4%M17JIGatz9 #>ۖd ޡu !I)̏h  DX0Z2ӷ$ڝoXSdۓ<uf:q:;/Op. -za8^U*#q((5|Yթ 5}[O9DsFDIp/M FMs}K{8BK^_ gQopC4(d2[L!GxHJ†{ED@qP3PSI1VbCH58@;GfaBpA;Lkv ͨmɏjd|Yf<,T"=1LR:9}h2z at2U9Iݱ7/)ԵȭlӥC|RȼE GsĆ⃘r4S,Ӫ7  =axc 0-X6aUz*jy%4{%C u),z[de8P8+ Qiů)9rax߾uB&)"˘ӟf%cNJWCA8sy  )*[WžQ?W 4>,[d$7rt:sSxZxCN Vb?զ'xQL`7԰?X4ȅcۈ>`P'yI^J\|lE F&' 0TR" %yΛ{A={h˵͹??)4˩'Nѻ\Os >šb\c>pGoZm/C̦@T-z^| egL<m ̻ҙ?_mHԜijTc*e [JŗifvXfJ{EN츜zg%,;ח]CAc}Yh3VЇ˽b rTB!yȅNJ["`K=UNHqEak+)D,laa0)D76~e-P26E`Yv%۪5KkqE ˎ&5_`7><'1HaNuz뚠$4Sh0cM*烘 9Z0;$VJ`Q`_bAtzfjsߥ־C\\<1[K3e%1z<\2|'`p !L3A͕?$ac&%"D`-Vd}U~z[m˯cGkTYH:$o^R?%_O.L6u%%.N|?:܅p^nn2:(xכ ??A;E8ca3@lKyq!+??e;F"taY¥@f92ʋsA.Wfvj#5̜*0C8͞- w-j6xkjQ(%4jWd@Vy)4"e-rCݚ&^)Lu3 k0}bM)5$@i<\CU:SɁ>H-?yֳre`\bÜ;9%uKX\S`c2HǬE͗HKS'vj1IcV=SD%O<Sb"p[x:XxTYdd3ꃦe3QKMඒ 8]n(s_m;@[Or2[i7P]ZeɯyLMݹo };h-b(&_B) *"  [KSո'(88a BŽ+y[Hr^?k_^D^Sfn/9T Sdq-πs[ ŏ2!oNk-?dP*ݥO>~~ooc27zQ%ON Sm{ǼLLeEtA-Ӽl)IZ]r*Մg+Ħs΂2&QrA-/;\j 򯨪^  xWqU v8\a$IH0W:n#*0PB?c=I).vQfW Z۟)]`ilLp,8T!\i诈OA [QvL~1 >>U 88YJԲ dO J+ 胏~;Tl6fUv9? @E"KI]$zq)>'`sX"A5@+L)~%=)ԘMF`W)ØT~}Cz?KP,hbA5j0`nt%m.3d`WQ%}*Q9S^>_HcgEPhly(] )s^jԡl>]= yV5ѩLUYIu” 늾l . Yuwa- T .ELBa|=pCMKbtd,#D,{V8mzؕغ,ˈ]3ztOGYDic_V,ȣ>*8eYyߚTHwq\s?z'B_01ԄND%#{q)0Or:ͺJg>b}I4=ZFVJba6Tguyapۭn/ ^G= rʍfW+9%!{,zB3[[ EMwRm )p%ZbZ֘jO߀+ 3jKܙ9H ? ÿ8zu/>]3zO6T!*gUFw|#XM?\Ug钙xJ *mZf>@r7ZәԏBD%p]2v W/˚>ʌ+&Pԁw#qxUt Wf%Oe˜ʤ4i;"ӳ_B.C?,JU<=(1 Ա!)EIku%~@1WR^!ˢPGπe\`!^Nㅕa0BL3!Sm haǙ-Nk8hY^mG1ac;XHg0ݝ`]B R.  KRC*8.PcCipDE&g3NL Z)nw{ЃuO`3ӮNN 4n6_ُ2Eߋ- :Q bjnB,X.jY ?-q˅rY.Hh:=e`  o0'ف<'v7px<@1V=NֺvC!s4J Sc8tI 'ì7gB.XB@7; N+]UrYR`C  3BV['F\ԟ|(FPx~Y:,w;c0C'?y5'Hx6(.AI!{5 q:Gm\V+⯟~],SVu+-P/ZHscOW5}ktU  D mqEt hHk:1YD|V XJM_UB2MN-.ܥҲBbwOmL< $w|^eh?M{_0emΒǯߍæSҫVƫ:׵%!ؿJ բMRmAS0}..T-pkc3Rm*xPi綾j?nQcrKE` p=r١::l%rVz+ܹ]3W;s- gj_$ܷ+l "fjE]3/[^3kÚ`v\z"!e@TZID-ɜSQ UGæPj 2e`W#K/(_Bz]J˜Dz`>6 Pι;Ca睜KDd'L&{\h&_xcȵ>X`w ߣ i#{D[ ZKN" ؕ=7)ۨ j.db%oK.]!&lŇjrxY݉ E3 L6]]>ȏ'XE&NXH&؜w38!ni94\V[huG蟮"YmOya;oI XBBbRÁd2sJ6 4۞t./>7VVR@NOkOy0lfd_TXJpaLTjpFfg @rCfԤ ,Aiys(wT4Έy9c !MJn4~X%V,ϐt/bscClDoI8f+ {; od+]Ԗ|Y]LN qdꕻMiORSE1e V\EA}ʘcmCK0dx?Nh'#<[(03+9[;'O75NFv1݊/2b4K:AL[8_[0g-~MOu t0ƺ;|# 7w'#/o38mgX(j6  %BX$yF`'Ӭ;ױvk'¤E<{yz2./*E,4`+%xNkPӚ+/@Z]8+=;Ba@9<\Gi*gml   7K(T vٍnE; l25G5@Ov6X?RKے"P0q1F86sex=`mPRs7ˬBc 7xfIƇb"ÿ4A S uqp71.2R&(mP"(H'w\h(tcZ*V}k*z0dLNe<[]'w2;p5lED5}~z=*o{@'~!+RI-gL!k;Z$/la9Pl2u}]PjD)*^G V?U*ΘF mO&D= SwݜчDmDOƏtGԏ!O:jV{thw6 6Zo%7@wݫi-ָkP]7a) g`  |rqZ[8!p6;xPNr['5P?h'P~k)ɰof8e_Jjmb~]T;Rp j܏{ԥ㱑mn?h>hEz/'67 ~|P;/%˜Oj W /clgR$KICZbDK7XY̔˽qZ~1ҋƌ.>3!&q`GMM69U.{ARRFvBaQ U.&(֤ƚ2z)4#'lRJo>H^xaE H EyoxrFKETƥ'N[ ~Iظj'\yKځޗP%&",!X۽ "M^=?ZQW.ju&k,^įqϧEov\> =Y1;ZnV+gFM)Jfٓ+_v i.ĭlSn4A%8WkRiJ4@֣vuY_d%9%dA"&(ע>GŒDoJżOC&FL) D|(;NTtrYIv&ΐٻ"CpZl-|%0(gT.8sp9& <)4ɼlGȜٳĺͿZXcɶVs?˾XcQ; `8wqlI@H0*B6ʄ &Pp;][^`'qgJPmd Q]a Ϟ:Il[Av/lNǾsUD skKd.?|!Ϝ]G <4:/AwRfɹIU8]2L7M|Cp ~{ܸ-n[.eJLc"*SUy}y0CePr0p({`R?^^h<]O[<=vDS~ h| m,T̞4߸v+PKJzMH*I#r^rkxXZfzuSrX(G!F.Xb[Q45# Bm4%9yR~QTTmI)q9$ %\*rN9ZHơ>OP?xrdatY *zLG%|Ě:ԱW0kL8=?X P j}úM#ԁ+rG7B>|?[釴<{K idqLo_;t[:Zhm= `7xxtPs"|8+} ;E,IP$hX S)\H]nl8/R$u0x#RǶDەtU<5B/&4爁 kݔO G u 2q$XMJw0$F;1@1GrE dK&dvf;|c@#ۭh>p>CF5[`[7KD1I}4QT3m?ܘBL: JwX>xWڅ :n ҎUTTy;OwTh.G;S̟~aL3í(k 9)TL]xzTAR28 mEY~ p^߶<DOxV ]譿O,,GQgG/~og葺dWc8 NV$%K4t2r`~ӊӾ& Q*=D(WvZ;udzI,7~HULu="dfPL^!e$C/\1q*dVAXxqCD=lxoe==g*u~0h Yں+86Β -)E3ۀ^ITFCK! 2෿l)Z0܇j Mgf~DfPѹ |17"-LgA?;/j4Z]_?ô$Şq21 ]esۻ.4&DS`5|dU  *@>o]r33aq1gN%3plWG^~L_RѴvMl\#:vBo A2 Xŭe 4,@;xmsqr~'k8Uɵ(p*«o'NAD. hشFZ{in."H;wr+FJlVC^ڸ˲Q6}Sz0 ŝ`M 0֕ѡ{NOH8WL6ְ2q~]s劄$Ѥg$bsVzz>(w'fKFznheU8 =5ВGwmZ]HEOǰV,D"Ųf]>nBVwK$K`z(w/:zј1tEҴHI9p~oP_ͽ[BYXc>nWx^JՈ}5Ti IBo;̈́Fh! P|G|xt.4Is{{o\K$ϰў#n^cT zbMAEͮs@/:6]rWZz60۴! u+o9@L"sS@2ֿ*q_<"#N1Ry5d?Aq 0CmKDևQbMrOH-.#գ 5Ij/}J& >Y/me_SYO3~޽KR"U{0n(bQqmm@M!6>OI Yczs-F,үk?g)ُZ7%i]Jk ,[|ǴD,m/FL9q]' 5!Zbz-O4N^z$dRp/+a̲5f~U2\'.c[RpUQqh?>ýOtzgG| A~0neODJba$Ȧ,qm[zjsVs͊[6PI )Jz$#9 xw|Aө3~y(\Ϗe m,x *G-'ZX\Gx N=[Gp>_hu7~EVV|ɜ%h[D{uWCfŮ =V "@f|ny3SuR(IA`kCagy ߖMzzL-9Ew ޗEaWjjs 4M!rRđw2>+WMLN@IdB c4b ?O? 7)Lg=/3So8VpڙGĝ'VD!e,#Gtgv0{qСմ ֪z_. ]u~u+$5yA}f*I_gU7M4ZS Vk\UvM$nH+ I ѓov=D\[:90hQKTTQZR80~+\t17IpYoN.rPG/vTJkIޗ{cz'W|뢦'ξ7F)̄GLRV®l'>1䄯)N0A|2 {G!,Zg ϯu>!=m mOBP>K`b)h>Q jIrtM~#V-~m?Kxź6K׬aq숹K2-#/6 <(1{ᢤ?A35M4W?77U"z^2SCd*eoԭ 3*N0)uY06ײܓ^Ғca?U(-_*R>d$Ư#f7k6^] 9n_b v^U$ Rৠ~@8DyA/u/Xdle><1 e-S(e˅{%{6F]${Ce]g^`rF3/EdMɋ(߽}#~$WB8d^cgDR0? N.QotlomIddʡ@5)]Ҝad ^.sЂ Ad".*}8N5 1\RP.ԔC1X\b7ZZ4^Isxz5ƱR %53ae/Pr5s/ Hףd1|M㙠x &Ux~q:NjիMAhY P0>nzmāGGH'QZrXTƬ\ kEԷ.5J/mM&htJ%43Y8Vb>@cFTa}n4Ъ v?M{lzY}񃡩UR@|)IʚG 6_JU@_YqԯsTE 9N#P%A"HT+dϠX"7yʧWhjCq* $5ݪpӵO-z R`Og7/24/ܷ@gs牕!p = [̏VקLxJdWQ4[N* tu3mCꎱ4-')@q.L?Zzt[Q_[׋5MlGP6)BQW«Ɓgv7_!d|ŽyF9Ozv Ŷ7"1Gr(,usFN'y{=w)tJVᲲmGs-Zv }*eлջ}>_zkIr [VL#fh`Ll6.Ui0:{z?jz9RqE~.F=,/xC&gkSo- j]_Xhi mrs`8kUC'P忼0[ {EQRwcZ A-X) i<~*X{6lpQh 9 4TWbZ>%CRK۩*,GPYWnT)ܮ̑C~~b4ltJ32"Z_rA}FL2K୘LeFXQ3yaqo,}k:z82To,ԱB2ԞM bAVAӺCG&c#nFA1ZR2TdejAH@dQ8x;Y^&ӂ2gߚu@ e~զ.6q`:=S\̦*`qĂ6]%7bcF9=xy<&XǬ+Iaz,cVşeU o>d2k,AW:k_VN{xE WJZ O?6BhA*ptZ^eXe2s(BRS&x ,ҷKcitCT ěgAA66AwId] x"{8%4bzį2=~kQ~k잗I`M?![vts-m02!UDh$G°+1&w,EV4x})qA7"UmcV(a q]o=w`f>Xv~^?_?\{Q!k+Y7I7v :mO~x%*>o~CM|D[ Pc:=%s.8† E!/)zjXj}W醒tS2iG-E\Ű)b Tz:s㕭EDJܮӰ%>b&f</=co'fq\ >4la7IfEn$VOG7z/ !Y %V =oS6LgsCWR{Syi.5,vz{+O0џRm EJic:L˭%ykHeEb FcO"5DGAVυ ]?>dˏ^C՚uy3 q py۟ۄU^-:D+-39 EIKCeEaTeQ)_,+V#ty/SxTOޕW\wqށu^HuiF mUQM%̻L"ad?Qq1[T%![ٯ@!40oƉ`Qb)^$DgʾA?]J1$TpcG}}b ,INm.\p:>{V-lq-ӥPoFLi:syweX|[hhR F#f%pAS˅l9EҦh.v (۽/8ʾm3٢f~TbUͅђ55: )+#XƪeL((~nbyw }qR`*g4^D7y pEhɂ#^tCni!b|W@-Ee3}W|cZ ʞQOᩄȧom$xRR `*<x;3up9Hai۴קFZYGXxlA\`e:Զ;z dv~kH>ȱaO9Ketw.<[ܶ6rD_oyC[<.j{Ņ_aZ#= `k b;9ՒdVȧ1b=z z _ ׉'qAқ*bVn v:(9i/ShTuK-@-V+t;Ats2OE2Iy|̀ܐ*K1qKAҊ)䒕D_uO$A,; tdkYc|2ǠKbk|#Vѥ[l᧔=KqKY-d@"$(XO255?zWXjON>_BhJ=혨2P_]y@%i򮸢ϵ$Cd:[*~HQc$ /W VkEmVMSL ZZ-U4~uBA0q~4afq+Cn#1Uأ&^+$!lR|1%F% ;Ȏ%yw2'`PiKFnq!>^H}ļVNvD #-ٽNcA$Fm@tk;/F.'^3G=Yu)sΨ%_o[~@ <zsw )3ZY@貲%1 |/۸dOzӳnVgt".A}ҠbE,,k-5SĂʔoQ^!?)QGv[il8#JwX(8xhMc+TkssizdGZffo݈,xf[gC ל VoOYu{Y2͓+8xuKXdhe?)U,0iG E8(&"# iHX̵Y1&\v -ë3,|)=\@+"{F 3q읤Ieb:~e9A4ң[Dˣg-p#ՒIj@;w奬|8e@AhE"ÒǠd\vRU@X!- ØYM+EZY/Uq 5`)Ϭbg~^ {c]D6wQq65WQp )~lz粠|y1Rc *tDz2^S~ۏȾ4k0Ni8`z{5H@.V8ۤ/ē.~8QAAY,, R+϶\.cy.߆5]ĄTmC#}TǾ_}nt\HC7{LX*VV{i؍!;#_ yxG6h`nyLX?d4{c/=ٓsSvmYbfYi+AAH,$IؙOK|t0R1[~p&&i DO"kB|6αQZR k,UОqECC@n[xW6a1X5WVj\!:C=VI a r.1kQ-HjM3+"D0*|h7/Ӯ4/vc"g9b]T ,7eYYFmyVp.#{ˆH.k;o#_ik8(w)?ZD[FjʐE9%mx8BW g{eF$`DsQn͵EJ3ij*\>\TC9\@:n!€;܎jz[qP͡_;E/ },OCveF 06o4wPWQDL\:u\D#{7\kv%o;a9S2-I4D :F'*QLTSP*RSlJu]`Ze83o78?ʑ#h剺AzJ ^y $~Ujȟ2 N_Ҭ _n̤].!mIy@6b۶2N񘹖#'4/gQLXHu'@tkQѹTMj^wH*@Z|%RCXS*V~rY 9<_'|4iĎug`s0Wǘdh:9Zr,8ڤz1zG|ζ}Tg(h/vȦ.p V< vI5Q6?!#}ŒUB2PMNVSfl:]uVCF}E:\^}CzkLl?0 _*k#x/ |0ËIv#55TW1E9i q ڨ#8>=({pHzWzC@شR㋗^pKmD uAW_or g4:s7Ns)lP03의٢A+S}bsOǿT Pss=>?xض X vOu}' >5N=H߀$j,k Y3ż<)>&^5/DF'졄~גb7;k?W@CqJozJO=Z$Tklj).K+먩}9xr?o`n$l;cЖq PZ/XViq~qOLsB=MBfʝ&u492H3X&|y\jSkP) 'BzdFPtdnKa}mJN(IxLl|CJ,"!]Dup٢lri7NLN@A}b3mx>qKM{:u;cz5e]-uʑ]mƣVkI4i-3o~(5+^fvMDn @Zly1Y=f ~ք}G3{0g.TI|OǝFa؀֟ƐpPڡ~n ?;;qڌReeMg5 vO[ k2GPsTA՝=ʃ'䅹WK ÐC.l`f*!d`K!1"~hgvsذ!Uf@=V:vR ^0'GȲ/Hm%C\HδV:jn !f%{} dԫ[aa?rc?&G3Ѝx,0B&rNJl \\=n3^7 uZ:ڭoNr}ѩ "xAC0e2<ȎӒ*_`*uv^DI 2~[hb!Bݕ(*Ԙq hjaN_>v>iO܊B *|3! 4 ImɐLSoq@lC+rֹ/P IrZ#oȸߢC).H^uML9!2}DZœ8EjPQ uī*dt'FK{\qcOpYah -sh]'QyK<.߰مthŸ^EGH},֫$QcV94m<[f|T_"Wk}>R9 y +Hs\jbCv| aM_q(}h促wK4 G{]2c)->`.1 `vRtMֱ|n!l(a!Kv ZGS]qv"PhcΘ~JH._%?θ ⥯M2@V:RU$1`YghZ #2'`BwX$BM~R1%24J偞0vM;H (=≅/{wVx|J|;fRQvј!pւϖ: Xp !dz 6Q­ɜ WF<pL՜c.\jB&yD'i▽i:(j蓦G̰(Z!Bh#s\/ۢ`g' M^MvIB$8Uv9ox%Dqҹ{|Jؑ3ew?wa?$̍YQQvc0Lh eK4jK/tkuNk\b2@c:faU^2ξ+C0{@W^55z@}WVbz!N;}n cgV3:pR dAt? w-zwx VJPi \hH yrR_o&>ڈH\oqWZ+ ѪOp\ۄE2|&Sx0*FDEzRӚ;LXC[6}_ nW+dG^'nUdeT hQ}l81X6CQMŋq-LC 򳗃W7Mq@rSPTy&h댠j{I;m-e#PB~w>Ƅ,ϭ *a& d6Cʤ`.; |n8(ml BTHk8> lH/_,R7 W!8pϣ9DPCe~ YO$_hG _m}05EK3};#]T{hj^x*')'q z[uT^@m._?e^[-Չho<^d |6U4/>_BD\*7ʡn/:\v} @6i+#g†F  an7T#l"fZ ՛m>%B# e%"zb'[$Rx/)I40:!f (\S`nui#,5(zj~|\SȒ(. YG d[)Z'Rt<.? ҋ3/ZUWA6EPW4 DZCYa/ @F`t,0v)݄ɣGdRˀ' 3˱NvƂ0b'XE*t?fs =n[M `ڲP3V4C]mƐDa0=c_o@=}]7s[咙ޒ#K̓\7v?u"sl,'''^a Er[ U F6t(2( v`Q{~$gerÈG,ɇȧJ-pDämi Hu9^؞+fI=ԉ6R= cnSA;bؔ^h 174X! ͞)%~ZVTYW˹胠9-1LD5Hy. p`kW$gKip/pG}" U/ b 0ЯBYj'XH7#Xype Z+rU})nqړYDts?O6.1`^yd"-LJ]%4fpfTԺt*F)p7ӳ!>f\H( מ%ڌ(`,zkw}籲XXcIժBy~L3.XIInB5aFn6$1nt dX:֓mgF!ӃG c6iY};W8|ע亠gh)ъ_X"A$;6cϺSGgs t!8ju8["{we瑫`1UW6@ ^ ~W2ztx'o'x99 19] [vS*∵hB?Qay}z:7Nぎ %"v|v?T־y(<_dyFMl]571]QSEq ]:%2\n$T|Xt)s%KW Àwo̮5KނYs$E;IvXJ5yBt1ة^aTḱ߸PGoʏ #;d[&  !\ ՗eKև[^8ܝ*j*S2}};PoAT$Uuhݘ`ϫDҟX ޔh%5)?iK3/k(FsjB r,x/1ktxiߚPF/{6~Hq u3셀 PꈙO% mY.2=;0z b[\ݎw8LA?ݓ {7v_N/wfrS|x-z|,05ь3Լ4o14Ųݪ$S'4u+c!eO2#CE}`в1CD_i=aٳCUNRl hx֪ܰQJ^;rY9&qw@P̈#/bD<濩d z5tS7ֽd[=ݗƥIq <֍V|U&UtmIjfsff«W\W]wi k߻gr'$0*ա1"I) rcۅcm(=ntln3k,ZxmKmkǕ؈}8R%3B Q3pO4oG}zI~&s0i[ `%b9Dz;RL> Ba5 V{myzeÎ86N0z9c6SWEIOw#,iɅѮ> j6r${2f$2k3#ДE"Ty9PG6:ohZbP(ffa#?/\g<Z &UP#x1-S[7Zo)a`ܤQ|&V^ ])>RY.񟚪}JG̓dmNC3MUVLN -=Wk) YDӞ,3'"0/e.BMrhnF0w괰>ĞqMlv .=IgI&*jli N0Rp1yf3(YA,& 3pBkQ,FW:ܮe#X}r7aL2,+@3Y=D0-.5(;ͩv/C^YJ!(qT=k÷Yș1/x/+ŘqO/W.)31ԝ>JXRtN3S|eVvTXNTSӗDgnxzC|U-qPVrϱTVv#8/N. xoo`>Y+,&E=p$u\qQ9Tpd&);?Ax8T1ό@ror%NӳʍZqC{mI0S.#(OL~Cq&4U;R7?Y@vJCǯd^_8eqpbjn} Pƍo)tQЙ\e\ﯛf+ !^J{۳k_8wnb?#GTA ]McGm׼>v*R 9]Ȳ@2-Ь¿eCS$ѡV{Bj] R!3,_IcYdZ0uXFxpA֢<^ڹ_y1_ȊDw왬l)4Uzqjmh0 ]}d.՟1Av"~V2?4=U0ImHM"\*bGMCqϿ0/KG Q:2;q82W뉅SחFլN,( "Q O AYCHb slZQ%:QY=툼% ir9\Y.ykȇ}C$ۖ (wk[PdžKpN_uO=f݌BKSӦ5f۲Z#luC`.;UnnPҏUD%l*'k#~SgWu`ͻet}tƁ*ыkepY'':S`MRuחX'|smGI}Jv"[-?dx/Xk wUfA '7F@_(iwmghD#F&shHS[r8k]Qc~"!lCb2[y;sw+mJN4TQt$ o+ǡ7 7 =Iej 8(rL%,6? I&;*ˤ1 K(֣0]wEU# ?B\֐/K4*uxTpFJFZxU̮/5:y!&T&P=KI4y *&=2%|;ElõGY] z<{ƶru S[pHG98F?ɖ"S]MY5nyk<J=2t9_,#Lhe\PzVV?HT\ugB*1@\HSBE϶kgu dQŠPtX%MrX77/=pDP&CXbTu 1bD UcqܢHiKwVZ7F(lD2y<*!#eycK%lD 6__1ƤׂWu i(Q%GА$/_"/';'EBIW ixx(|,~]AuI-5 .ǿh_f5#fŔLo4vyΑ{FPII;?%Aw!>uV~5v*_ocsպg;q)<_ 1fF fdNey˖}N4ʶNunL[<< :ϰZMbUB'Q5t3jM}kz[g>rix/U[N M}etɅT) @/qEL hØJyFm[naM $ ʏ8b((΅:Rqc+ >=X>F:9ze6 lѸ]idqJ/" ے|[x'6Hp(Χ?ϩc3(-um@C/Q/6qqRI\SE{]ƜQ75D26U#naZAQݯO u;aՖxK8wL恧}팵 If{;.4O'`cq򝐕 ѨW2s\K3*`7TR(Hpl -_KKG&H3H=3\?*2ʨx~Qwֈ]0d bC h=۟sL9O&Ҿt ?ZG2 I?[U:_nr:3Vmnx-2 "lJY+"R'>c%^8;-+2:fSa7MJю.%[zB]5c'+ xC>L_XpycSjC"Ẅ́T8ⶐ<\_: mJ6`wo]*W༐2Mf|Lm_yzZD\o#ۚIUe/`1h]Y^~xޤBbU-cU1we^_Р"58 12QϜ9](ĺҖ4ꛉ f g۟P^ҥCųEZ$HymU{xR#wSw0>_IAh%@]7")qF8 PH^} X$kdW#*T>nOLrhnYȄS·**7ҚV)--hٙJ^YQDl_+*Qa)ð:&QqV׾X RCoϋfҎ&(/^M[HY 8uM1/Q 7YPG5􄃯pV(KY>~s^b-:qRǴnbDzxƟ&t*/]Qxɠ7*UPAsڞ r 8%r6L$(orwF]M OC9B3s.[~|)f*JtijKOOt0< /ص@ӝ!!={ @W\Qߑ44`\i@YaY"݌OwWJdŷޞ;dWuB?*P8_?gh"=aLVjc7b]s[ߓsY< qRKLFoaaܟmYaUސxV _d,B$6WcrUڔ[B2y/ OV~?+G\nj] xE/TXCG~n U_cm9&S5|guX$]eBޘjD{%O4a5R2Z,:[&W}l/`:z]H_j p:@f~\mZ\ʭ 2ǻYŪ6TGCto{0bD2ԯ{݊2M_3Z>ʃ;1ԚiH=z~ !E1>`!5W]5)|}lM3>"yN <@d}@~+Qlb(:_\:T=5N8"e&v{I+tdˆG5[/&twX BM|DCs{(ݐ Ak'sZ=\z+/,=ew~68Mv8RJNb̋f"4ݛSf]g˶ 6=a< ω3 B; 6@Lu 89+Qrqyu:$ˣj %_6%[g4:YB:)_zZK!tU>=D8*ax>f )=Az޳  遥CqL=p%)!0R򖥣!54I ,סF[}8sq iCAEi13 884\fT`;ٲTQgؑ@q +hߧþεmAD+US,\H $ D=𷄝k~Nd e( 1w9*4 jB K³7|/dRM?Var?%v.=O_*/e"Q;K2)Zi38ВJՕS<`mm/N~y|1܆#<=: *B+HiGce4م p`)P@P##;DA {t/>reJEW_ -J~SxB]~{6q JR9-MphBqL6iVî ti|dhuɧ}+'"ې=><|>q"H<͓b h/Nq 7TؖjF<4ڬVuǂvv <_jƄm6jjI!d.\:4T˔ķ8ֽd{1|531i(ξIWIFwm&gb!$d6+A|`_g)'Q;pl$0:*tWg,Yc\ᮦxAX=jt8>yC{P!Z67YR>s6ْg^Ra$-Zu+n 77w]:[ {""ac]qFՠ,KsD_\}nW>H]% aF&[nQX784e#{s fo~dؿ hD7.von-w3O>Q1qN-iOX=d6[ఽz< . Uc]Qd%Ql^Of10)5[߀>S򕑫bxrMmfƅX(ɴ9ǒ ]ٖ_W_.״޷ɞO7.xK-1xv/N-|"Tjt[Pk^:ѧe楨Uc(htty; x p;K>W YƉZ@Ynbv=k<Q"p7~s] ٫E(:IOc[Ʋgv6J`dllp'[lDwR*@igr*5W8; GJcp^[ s7)PM^7%2+R(.K~ CC[\э9S^.>Jt˒-[yU(ЫW&Löb턋}:# L>ٕfyxE׉͑<"ܞ!MY2ZUL]{p%Tq_(U*dyE$4.c?)l)y^dC*Op8y"H TjcΤMn6|* 8͝aC8=j&Wgkz4,OWDjd֗HP".I^,0Nu(iwU <(\>^*hS_VGSeg0 #MuVX??raK$aV2V|>Ħ}ߒUBi\j௖Nky^1y*tmk}g9? jm)יqѭ ~}B[Jn=']4Oee݋e6Im.ިlI|֣^ u X8c'!F̗B:_ϰj>=<B"&$V\τȫKgd2Ů,G48vbϠ땘%\ Ν,rAK #DZS +PךOY1/_$Oީ,o#Icʼn̲I<[Ԫҗp=o,XX$rdl'K5]L ip :3_62sGpC$v*{Ҿ&5ܯnBS\uj~xA1ӊe[pdOkUuNqHCo>%$ vV\[w.14\W 7;dӺkH@Jo$Cl Q Q=Xb/& i1W0lk- Pdd}8؋6r# 0 P-CDR@@^ m`DW‘5a*=RU9&;:<3e'׿&#ٮS̕ ebY@.CuؚYqٟh{͎ e-2DqlKAAbI;$:Η'7utwfvN[᭖ vM"$w#S~jKMaq>hDخ'Tm:)Ȁ#Szm{{A$%8N|щecT%u+B<'JUPpί1VrH,3d}Jd*r3f>*6{,n#Ftw&ߡg!s)Ĩ〡cpM_`Gr *N*ۮL5PJX˖wy|@ le;5$9G:-%9 9K)4rV 07_ȯ A;>_D0 DV.4`h,Ȇ@tz?nҞ _শ=[Ӓ|w4tAXygKwe'$%%c;|#q?Û>.Zop'}Co &rWvM[SlR)ӁF@r ?B׫s&7rx~DJ*x.bzgUc: f5ŊhWNhB &]kޮV`e.[ҡyX&pݹ' ,, ­q k!!䳾F"QfoZ"QH::HV8˹u~`I,P1>t7 b}ޟ_mvJ2! |`=,n{cLMF8;&Av<$xՈpպH"PLJvEI+Gv`C6j|2SW/uQ=E jE4j~6O31g4#QA"Zu<3u/=zPM **x>TF9xk<26j-yY ƗZ[FE;djHL8@~Ac HEd1$G5Z< nI#_D;T u!1ef&% ˰+Mn)șOwƪS1Ë2l)nIMAWm8E\A_4cI׾ 0c,cPpJ!4<ԍ־9HmRR͚]u}3e\al4Έ&kb|h۾GAhr Om**3~d~Z-a-r#F'xH?c"@q;}T1Q.MUTjLrt1ЧB7fVw[i6/26թE|Y$zNUXq5Ë#c<=Auu6u %ؖI%Ш%)laQ`8 ^[+Ej`hUa*B{qcF$#gF۝3R=]7-E1l `jX gLё_ 3U]uO(S烍 es-"C! v>NtgՆfQ)2s`N\[<'?~g*j($-z fzfXA6#,ʝ'M75;NVB2\lnL܅!_܈I᭛~s3 {Jߌ#wFEk_x wjOg0HU =N.)`+bdٝKtNBXqWH= }jQ@淰GqGQuZ9C|d.V q\ D!V4f*] teBf<WtdLQi?jf"ZGWS܈H g4Qh Wi4R (%,>k~l "P{dH<ΞS LHRs5F"bvG|PKa4'Xو"MVg* 5dD M1F}&Nxah1dZƛ&3=[IK89-U{'m`18َ|V)h^.z-o22V2$}5SKk#^9<=ȵեfQs3;"\JwLFF]-i!]4'fm4%&7q@66~ '!Mmm#a%0 }h<UPk?Xa=+X[n_C\ʚ˟JjUUħ'ǝΑS#cj&>j*9ˁK^`rCa?ewų{fvT Puz;%\š`ɟ?_jDL+XǨad5#aח ʵG3G4|}wThjT<~8n5jbH?6tX_xȤT{#q(eIM}$,?vi|F#3fZΔLqׄ`"Kn-;9$ހqsY/Լ.LVg+ۧĤ _Ce̘޳~z\g%ⰷ"^j?E(y%d[*,RGSJ%!GTP f2/˙!5u<*\cũ&aV֧a=<ћP:ۺ!A"?TJZk$Fq[ypI&kӸj o+Kp"`14 чa ?f0 ћ?izF]pb"$_!LNq_-d?2z,5.s31&(QʢB*@}0oツ`ђ,5#9nu;:SZ )w-|_6`M#m% HB-\< Iz?ZIw0f_b(xeRm|V4UeT:0ܔG(ETxq.͔_%ܪ=R UE  R*NK_rridw"B8ͷwm z{h{NaKsMaCbpy-\>@ EFm*7(@A98+yY]Z)']]:N ܒ{+ -#__PdFYaAk*3)Q6r#^N ;Ɔg̾ gpTF~ zAv$@xߝ[8l{|u0 3p󢇠+3o8aB<ׂ_c9ıRbYŜixv4F=[}~]6{T5ݵ+(_䡅ǎ`|lC]z0r#Ơ1D(Aqi-L\kB.pDŽOE:Q%YS$=#C/D7m=/G}L .ށ DH0vޢ7awxÀFcBF y/Q㞐 3FkQ^A{Zj? wŰf\5'Qş%ő"q'4w*=ȏ;n71u$xo:@.$ 9Tgd~S;}ɶtq -_ݍiV`V ZjڴMR9y lCY䭊1Iî>릊H.WhkRG{&E =ķ8l|paFnpdTW%/[;)nw&*nL:æ?V {PԖ]@ rת,ʘ޳H> S! :[COmPސUWt1{on㩉׽`T!QẉSL:w@]7GNƈ~wo6v۸:˿|Gj\Ѩ"pޢ]`cHfLqH)DYK]XX ~E bmvw2/r~4N8e2J<0:2o㽽Eɓ_ٰ)eWiW6t9k5͗뼂}Zlx〱?~m*(cvb;1lnEߍ5n?ls2NIK_Ҁ.2$GPMR|X(~Z6'X/[+,cuE+rs{ZAe:~]U|KR)W|Q{΁!Jk2$][DAaDy_wGp=Q)y#A̾J@}գ}@}պSlHyd#woF %C%A!::|_M:떟U\v*sB:v71Lg:4 Q1yVmGt:/̚Xדe+kMlu cÑL)-b,4I|:;(i䕴ҶG%`D\R/?N zh1!@Cߨ7:0} $vh6*>hd~.?Y7S".S,j˪ˉzHQ.QBUIf9Mo%[{ar;y}F0ÚZ!V%APfDpӫ*w Σ^^K \ ",°JѣDъ $wȭӓuyP ӭ_plքnkFv}۪ȭw¥бA}7f 36vt$3Ӑk8r* ?r:iv ӓnFv;cݠKUmc2& E6SXIYM\|*ǁM{['K`Ѷ23 wL^#Yҕ<%z:Ku/;N*\\}AhE#7xZHy 2F?{\&%4{ D8\r#KE)Ţc⣮*-rY#~V<{u eۡ|uZrOMEUZ~73rsMoBom-E=9OWCNw_OUf_1+dPp#QI0:owpI+| M2O#$F^dWU 2# ;,u }!KƟYjNk TZEZ: /k 2HC6}xif3<ᠷ;e^ȼbFG;  ~/;YLȶlTdzމFœ1r6*-`'IȯkѼ"WFjbvs LK89-ik2g鮧j ̪v1opt-멾0PHjTПS7ĢQWWId_s˖_ȧ-ZcDž\#g4풬X 2/1?y+bJ ˒1s7MeZ}\1GcECGG Yw~Hx3[iG1=Dp8$9}w>b$X&kJ~86Uۗ-IySWمB_9'C@$s:</59f~)_ON;0tC/hfDλm89J9DhsO¢#I\3ԡK۳تUZKNe]L2K]Uv7K!{{;? /YKˉuQ ʕfAOp3ܓk#VAބlJ>O˝ ʹ,r꟠w}?~]"h+f AvTbc$j$7[&@˙/9~QS=~<J|5}⡉?合;pfѬl:TP;Ü ՇK-I>{(9롞hEGCqvo" Ӎ^BMuDLj\oJe4l3O kKҿM#1ɒ;Ii M})ӫvBc4B3ׇH:F:a1:}Dsȫ-b#hg,ɛܡmQAt'+Y|[ 1C6t—D$Rg|kه뷏^C">$P (@Cj:j!( #}b<(q\p)n$”x=2np4_.v6FUr4ϷSd|@݋MJ&-%Džwq޺mb9f GBW g*ncqGF$ "~AE5]Y2&.f(a1fKH!8&W2=ңliYvg!ܑa{ U{q/ǃ6MqJrDȣy?7n?w=^֫hsh^u Y,ь3A&"⤈)rk߮ =AYśB` F+Gfc5*FE҆Wr>**='/F\ ݙ'RzF2akx8[-3z&AlA}Svu~} 7P K\1F: k0NDt&W7IU* ]+<7uB3s_"|kSm?cxn! E5_O3IBD*~rBL/BWT2tAY</%B豖#A.jCkm*] jW#Nr2))u_o#.oq' Uڠ9`Qj?Tw2 =顃ޣ> rAsOM3 ?Ùj}ᤞv6FNĢ#'ng"}iϤ3>6qeHW˪.#>rԗ)\U2bXٛcXNntDdUF8* \>LoיI@'M R(h46[ //e SUZdfX7J3ɛLj.ߗÕst6|N<-ԕنSǐfDs!!+vaR o;*T5#yyeB2pNWn5:4 2")8E2K|l2B->I1 j2e!E5s}bJNZ>c"`f0 VFEK=xFi8'y#A5tto}DlG kbP".-j- ׷ U| 5Na_(ףYSC$J?T-ϧR#ZŐkN_6z R`s(>P6^>gB1d@e5!)J^|Fsbe.3䀒@-%™kgOwsKMwTva:'юrGi[å,dǔuv_*ދ2Xe.%;tz>pAh;KG%Y E)1RRz ˬJTdgExzZk.DfR85-X/:;N02>_ \r R^rB|HR%UDK qȗdIuv堨R0Փq.2FV/o6??ϑ.VD<㦢<<eKWó+a:]rY8G=e!.lrE iK2ˋ@iC[麐t9< H/|Z-C?Ra}6{F:,+O5Zneְ;! y+lcZ|# (+>-֪Ve^.f#D3"߼h"*f?yǛmr2U{y/.tOmʟ[8es0Z𦒥]j- EK[o?[&k]4L(W,^WA" d FV߫#s?R'\W}B qґ-E0eaP +`y6㙁W{-{ǨS@,ߩjS浺ڢZ FR6㪁QO{3R$ | I#8lʒ/菱q;< YdTuW!p893xnъWG3]0j)|;êo c+%9xdQx*vh-;ⳓml+[s[l/ ߊj ۔)ju2$UttUd{ quJ8P/uN'f;׺o̘? mYݍ4?QiXGNG5$/~E:@58v0Q}Q7F~_ 4DS|Z2}xb+LXNg(rgJS|p=?`ŜXtzQF? B FzRTOHW\׺N;f.2gKGPB{|mz3R/ӛkd^"j [4{V9)`mXTI^r%ݘa* [.0B'^# R%oHE ׌>sfڰf3 >`ʗF*ղ~sڨ\C:Hl珞2U CH=sc$1br~#dʡ:`1oYzX+'HLPG{6 "o >eNLZ8ܐC)<>H=MbA_^2 N{d64%}>AaQ6)9 %Nd&| їކ;IQm>MlDYpQXߡeĥeC\'e !(t^C0Xs#R 2(b_z{\8u'[DFK;6ͤ3v6tv ~B= x xuQM˵z= E%28~NJ$qAD ýƍ ôGM:0w^n, u?~ަ^4)({߭"C }JND]i߿z;ԃ0gXiWm.4iJ\3ש{4Q\8'v8D#i6Aő)lʴVK8LL'ʊlwpT'-hGc?o(WC`?i L Y9WN l7aNBZtNF!웆t0Iq9䟤. )gf^sT2À]#]Ei9kd$_SOECrB>^+ꠡ@@HDde&Nn#cC -Ƃ^?Ȓw aDZ\zW. d=H .Zxi/ %rx޴,0 w:vn 6˼YT8?mj(c5 L Doil[^D<࿳2=mG˃JzOdOJ$1D/,'Ӝbk^r9irr !T [*sUw!? pvߧぷ1p\|bVӿV0<_(0%=A Y8UtxR({hAx >rs 14; LoK̏FХ36E** PF}&[3>(#]M_ZA&+,$Z&x0#Cf,Fr꒩2!!3{PJl%/|cMڂ2^M#rZ6"!M# GP'{N,W_hiG_A~6oac sj4 X)l߻i[ zR+@BVIU;F˻+ )QÞoNhdf=C>5Tx\6\ ˀ֡ːji#^Bڵt/<䤄IG  Z!˫SfnaY=Z _V`-5r !Q홪d4U*+ư KBXiZrC,[{+Ŀ.A镩selBCб}l9cոG S6ބ,i~zUՊƵaon: )+>$M%  =KdGw\FUL}̝ L>C0'kjbIS*#U#Em={.j.Av=\  6 ׀uqh \<_VXvtOPs>*ح-㤦40|v@{oi1r ʹo*NͶSssl-b=_JoGF%_lFM88vP>f7'qSBb/ـ5nˌ5(\RdZ UBOFl73I>U|x a>*wr-(\smx^1 z: )rC|ȶE" 5b5l=MmƖm#xM8ՔF33i{uP:=-c"/|=;<σ,o5h\߅[a* JL@x꥛^[?eE8;P^rHVY7$^?FطԴtX9'KzYw`->Jt$.J8[rm3Rȡ]]WEmyH~ L܆-EU$.Å_Vn+TPÞhW e<)̼{jN%(QX{a2:xm + cZ28;]S,9)3fT d,_ņ]WD)e|0'>'(\FSteq{jq}np9 vd+cG3>±>lkҚv(\4t=_A35X^zÆF3*D{rwch[R{ЁdɆ?C+efɱݸ<8Y|G"a_(3K!g([ W9`E8|2szG?+@پ*Eȿ X.l! nlut@|?%s'wX3O1Ыl>[D3\:ŢyU[R!xC@)㤑X'ӱq+.IbtщmR)=EEEbܔ! d ^ⓧҬֽaV[NEP7=d2i.HN5šScsZ6qq 4Y7[c<"ԗqHcX?o@mFg3Ѥm&t0*Wz:h19*=DA)c]j79 ʘ-fpZۼ0)f2pVg2s!ov3;䴑SI)RԂA >*c~m FҨ8fT1I7AmXr֣]$ u(4n5 P{P/7}72/`+LMDFAF{;x!LJȹNVx'jRc;Յke|6M$pz[\)QXV@m'$dH\ u~Z°Mi%'(A9[wg+{.EVlgT+  -OsOJw>).TWe< SQiE ӗ"\ƈO%͋s2@ϭ[- XJǜ3Um9c%t Iڙ\@1! S *iwk$+bvp^̨ghB<~=)q.?v @WSƬCr{]CWdjk ]Z4pW,gkpQg;ՆI YM\faP~,BtД|dm/+ߎ[cRya#a# {S 린YWuu%_,-H^FUnW͇B]e S.dnp+u(DVlazN K NJ/#{PygA s.[t@y3ϋTڂOUw AR .m?r|CsC^'yqhPQ+ P$ep8c_!|āc.Z`%7Gjb}L #ON^AkP:o諛fJN1^-۩SRavX6w#W>"kQɃ+Yߒamn.lֲQzDZ{~j~q>j  \if9nE@4s.‰*T 8{q#MA/3辬3EVYhx5 OJpW?c`aM[ IpƸA;M7俻NCeQܽCwE4̞FFH%=Jp-p>9oki2@ukF1qgaVKV:!*\1!w-Nێ1&cZ[j8"|ŽS޲92FCl+l2O3\օZ"C 6/@IttqVyQak_~}6Z jB͡b8^3&+^ED֚Mz+am#{V;1|%:o( COT9QFJ?Km%59\K0hܜzRǽG'1ײѰhQf| :󊛩}}^t$:\b2s(*^*x9Cv}0X0]p8e?o U*-)5h:ahckٺ>;RǬQ[in"zEE^üxϊGUE@,T ,5jVa4vT[ޥ`_`WaQdLU]k}(sp-bJ/p9f09>N%!m",gɇ8˹x;:~1{- X@x@ˬ3̽m*0s, ~iq^ (l ׷͖dcyzA ۷EFƐu=R i'v5U%]M}SkwnG:R^ޫ8//4/AxRޣm;>bjT.eBH4~dtQA"lSϠK\-ܒ;2I1,#n*l:E)>D!o0as&A|DRl]%i:n;HZ>YR.WA !XAH>t5ԢE+ RXE[ ?IVI&iCJ`82W' ZPvmb@YF+fKEEr\ߪ ch u&ywQX5sJ~SSZql"jñE'~~S*&ohYhsTo-w4 ]?_9H|qs>XK9kdGڭ0 ǗIQ YIոP?҇ `SCT%DαWNJ,QJ #4G}}}9iX؊~̸(9_&84Ի؝j$H$k53zV\+=i6<y+QȔ QLD=D(zd$SzW(\)v;/,/ qE-jtb#H$56߄Ա5w:P^odhLW$izQwamġRMνCjE?ro,jpD Z9|W[kYH <Μ5aaF ) "{۪V4w#)kj*(sRKD\Ц ԌCc=Ww@8vW'ѥ{i<\6 8@xK,me" ϡP!WN[3S<}fbH1 JOƒ* z븇rֻ:jyXƸoF,1Ƙq$C^p8hQ5k+ʙpvLuqA_|#&3>C+dNJh/H*cU"&]<\QZс۽N!'b7Ržh3,ۼSdv .V$Z`|-\w9Y{!=!=Q$ Z:SJ4'7u1 COIDkHV{K F"Op{Mdnlu]W5~I_ &o44= n[P5q'#`Y!?N=g2X&'{ो9ՂضKI!si'Z.)Jɴ?[XWDj-]+COcg j ̱"Ff4$W+Tc@ZМ3VL&ܤWD>!x7Qe۾,K4@%C: vy{&t>Y(&UC'f'n=Gpn֑y)"?M+fmXcBIc BHU,:.mM.!h@_:m(+ K`'a^:AC:ͮ?wAVwl@}Jt B!) ֹՆVW ha+uOz9h֧;~:~G/?? ?,)nbsaI}`/ry_`(훡|KӰB˳^wGC,JS982plƻv,*m2S(7e } R{d;IO:K%BEFee#7;qoA- @t]&^.)Dԗ<623&Wޜ@!3/j<k".$pdp dz9>\4t:ـq7PEyN8"擳|&rnF]ΨaDNJUDS@x,r$ٰ\30-* c\vyW?eNuAM,HF[%TG¦A{ N5?h3zO8FxH-c3,D``w (Zox#GHBqgke-t.SxX9KEO"핪rT Q,6G\2'жlT^z}ej{lSZl;L~;rTߵV o-bQ{;B_ /weMrN#jBZ#Mh)*B!O͔XՑWO[,\:`mJѫ2 J; n ŵgٓN}S9X0׵S1bz%%T(,h2|a,A[>w[+vDJ-܍ieI;n^BGljJ򋘂7[P̍d*P}`)Ut{~Q=YLH)ȯO!OK068xLp+n!1aH?荵QxbFHxgݻb NH ^3d~FH9K+cOA a YեNa`Xh[U1}P>pc ORSfF!c^8 @)1kLbLG]^65׎Y@$E]@ A\@JrI#r\|*t̵\J3#411|?GȔ!Dj"FIoER(sP~~Mj*iA>Yn Wm:!xlx6KsͨkȦ\lE 2/ ~IevQjr6dX۷ނ~RnZ=yA7/`"oWQY(+}&}mHUBOKc_GOJls% uQxpN[k‰^ǮKYVQjZ/D ݰ)]vE菁MϹ{nd%*')O'*U!֗w2q.;¼?a̜FGI%J.k{Dmb_gJ2Ӹ}-@ľ'Qz j>Pꎯ3+Mms.EJer*:?P/ɎlǸZc(j:߮ ʗMQ-x$Ԩ?&;7)b&gFF|;@8.hwb(;bL/# _e& R 7a K_Zs]ﲻS1-)D]*Bс%%y{9wDGOjJXht9"$ hfi ţv<mM$=H6Ov-:a;[R-*bR%f,~ >Z䮋@6%,3,z#^ hȳgst&aWxMOw@JNΚ9p+ Ԃ_Pr$gH٧ 52&ЍNIca|%w<4ǁ\F'Y@WU#JkC<$gaw~rL:YB}½mslG6l}szC?0ϹHo%s}mIvoKMV`Qhjm$R 8u;>Kcvy0VJ=l#bR&ǖ oƾ4Ùd^]5d5t`f)ٓQCw:ɞ7YGNv~۳];gNٚC1Rn|C QLOLm9r(nL]ﱺ (I~5(^rN 3dznm)y`t &# *sAAf+T$x+jk>ՈzŀdLw/iHo-.VdK^y]".ڲ [Khj7p *o>q39vM{U.2Pl>{b O}K$ؒVK{/O?u)Aą ̦ H"L}z?x޺$ռUDhɄ.u&1aC:4 quh$ӒURW`A_sklCVԅyiya*Q~%PtF`[b\pp[]ؕPT?f->I-aO^z?5 Þ-K|[qIKfktcIfbN+_ƺiM_/.}'q +72r 0U(ޮ4U?TYU@j&Tc+ bҐU~oK28wgR}¶*ue= 踅.NQ}&&%%R& (I8CMMP8߹+D,*5 ? 2i6 Ay>(=[,*M$9E#Bщ_/:9FM[pM)/`+В (KI@&d~Hh PBQg_ txfDD7DuVDuW6nS͇1ց$7kEdBJswuGFJq"R7I}ɻ9}wZ KVnI/Т8ڽMB,2z B~Y`Jgll4zдח'i,{2mh279 [uJ jc19uGmލq>V:x|w#8w髎:o#(Ir3>ʖc ~M&z/`ד vݖe?҆]kPQwR_~HSj?`27gX<<_E ',؁Fm""eFV:2v+mFذ&Id[0ͱSW=U:DD'Z5v h?HN'޽J"9%uR!h3o=#DbOy"Alx+,QnW&DXn)ҳVP~BXh~2(Yhq{'}&c Un1KM"y2}&vjܥE `+P3dOjj^OzΥzos5n;0D@!>c#"l{9XdFaQE)2Ɏa23* )2\Ѿ?1ʚ>UWL%G dL-B0U Okx4 sٲvqMj pd #.J~AW)b+2[poW+L[o Ryl*w|`aKpuIQz0, ke&3΅N(UR͙4tE%mZ)38|ƶ/e zǏU58GɅ"ja&T"f㬻t t| H -SQ'{ƀM&Aђ 3>rlyd5 ~G}CQۈ,*g6AĂO[\4u֞"m'8#Al >Gau&=NeJ>fW3t\-UDs7}bc=fONecRB7a /o& %d5ѻfX"KeZH|qB/4nߚ;+ʧg $Ӛd&U?O_P#Mſ+uHV!A<2PB] V5.zYD>_N }sLZ(BvaZ~d4tj x>58C~M/$]m(/#҃81,Vt^:rŻ7|XӉ'#r߲%^Ԭ}N.!yvBctu(ل1s1m㘏Cqb]k++5~43ݴR6N{`u& N'¹67e=W, ?^CP Hp3pqh3l 3v]XK9j_ދ@Uԙ}J慽u:W7枞Ǐ[S`tqeK=ЈjP8[k c70(dOou\yMμcٝ50` {hʶ}mpC`x|$!iq$}v;>lBۨJ԰gnyt|n}s:PZJ5L/7h)Xy3~ #}Bh떬!CӃ| RvH~^{ f w6ÕfB]TmHF:=o)g@ x-Ω24lVzb"LmNpSgxZ %ԣXw Z Q?1VSV+"QG괮ŦOVh>㑽$.qveBɢe3mܐw3=L$㗅hI*VQ@, oj _K?JpH0oH^@>"?~>_`) aOFn;MyX>4<,H{$}pw^HզOs|C}8B&:G5w }=<"}V|&8(6_eanϐ߽ZӕxXt)g;s_~?B8σXrk?,?0oHgIG k* 3),*xQ_S@`7\ ۅqUbm @ٚ6(GF7HoގPdu ׸bQsjQy59^H.,Pv@iO K$ν?'-.c AA5 ڟi$?bJ~R !4k\nF G~(KDNIZP6+E٬tYc_&Jڈ8I=D!N g h}3J2Qfpi Wd n2T`o96F31Ғc=Uǭ2ge.yᕷ+<['?:Qc,ɆKT}+Wt[MxAk!rK*$z7NwS{ ͋lr91FM-gy.- Uc{:)0,ɡnh䏗X-C xC'2 'S5es; $ DapVhbt mnrP7 59Z&sDPi2bVRibzUH Έ>ſ u^lw[WcCӇQ\PFVEG͚ p3)ڵ'tB5PY +{ׁ~ Y܁nnÞWNJ[p HВXk R,V%;-[ b_Unk^(;# GI cn]j,a*(:*;d[5ת9`E5Gߠ@VhL1'rWtt3LՎ><&%*L<]v}L9!XG2-)3\8HBYou2.s/MGI ,2 05rA4l-vq`Mc/@p&0i$f$DyBZx3J ކ= Agc& `[Zפ*؏ṑb S1α$R#uun\H#+3A.gɤC&AQ0&oH.T6$Vv@1F]h}Fe{ִ̉`alA,Z\%$,548\nZ6mJ9~˚7'0?n>s֣Ex5OVk[pjOElb' p9v1'J0 Kφ:q>&WHctM>2 !w01kX.<2|$T-y(^i%Z\_Cođ&cO0A \rR|铈Lb_iZvB_ ]razfjQ*j0a{(yo\n++6pul'㩚 koi3yJ- opkUEٽ-`sl\oFcW 4{/=M'B㫴PƴeH!BVgu-=4q8!Qr z9G2>P$>q1i. u׌0Hҕ)}\y/@b\<2i-LU7!fK"+vTI+]!s(pWOvH}6L6-KUoYeIscAR-P Yi]WxEQM}D$Ri;XdMw-K% IJ)KܡB4>˞LZRs֚f 8n@5,ӝE.QIƢGK& (4c,SO供? N]#sJV Zd-Rc?"9R#x8\-ZZ!Pכ*kSZA%a]>!GSfGjE#%ՊIr)uB֧*cyn&F:?LU2kr qɽ'4؁MAI,f( }7aGLH\Aee) / XXڦ %fwx4A#WI B;s5SD޲ޏV:{C%/o z}E~ i}f^G&\ԧjK2gHGq}5T*5T's <1&vn@[q5Hg)@U &"MZGe [i3|Xv}a @Q7 nJj?:{{R[y3`v88U]hJۨlz4riGq0^ͮ֞dE84fMZdGTq$9=5rر 0XA2~gCVBZt}X4#~og e.D&:5}"gjxo,3f\PE4Tpjb4vY/dR珔 7Ħ;j_ eaTj A-^:9ʆYeS[XEcQlC&\J($s3.vV$|-MtHb[BA[) _-bAE{A9Io|]?ұ-\S.Râ5RN;C hR2󁏏hBv̺THe b&, %󶖿MI`U TYӭل d:@F\WeUkD˸xN9{6^a&4KS`Zmj x͛^5an?J&HpӜ<Ա'$Le4t BVGW*w09)}d`23Dǂ` f\{ ރڶ# W'ZV3%$${[MQvCEF ռG4$Aת1ꮤj(a jD_xZpei:P~<\O1ΨЪY U^4pA6^?b44RE_kd %n}4)jlGYX;:4bBs8qCe37]l)g}&KP[$!y# [?k|ww(C~z|EȰtL~>tI귑"ޛUR2:/q>L6nmsǘ<*:Bߝ,Ԣ:rj;؝Ƭ65o~N/hGr1ꀼ? <(OEq>Dµf Q4fȡ`Vuq5 Ko.s$.A$y"JL]Y2Y-ڵ"Jj*Y^J6Ӯ- %3{ꒃE5!nUsx4lv ?Y?TxȈ鈽9.:iPQs٥7; "Fļ}Ζ VaTvHVV@EQ`oAqv@%{@Œ򏌶 >dqQ#s??pE[%|G1 ?clsvt"md~ W}}TO܏,?j{$ i^-F N >m\(2xiFOLY,nFZd)4I'wo 둏:z+ulx#lkHzyvg4iͱ  EucvEe+(ĎհHɲX6dD>u3P0&ȧNLBP5EQ~~$ZpvvY̛Nt<%Vh'cZƱ]r9O%=qv#DZnosdBv9Bq3E3ΘǨɋGIe9]uvM:->NDGȖ:g0J6 O6\Zdte'$o.x6DN=  _[yB/>n3:GI;@v)? ib | K7H/b)E!ֶq{tk̫R_Qr!:L c_IRj*y ϭ!+wHrxB S8I"Q,GcWP 1b8T8FS+s7LkGeh.$zG™pYt HRg6 &#*^o/*}á b'~^a{BDCu_xjYu(/m?^lD|A={$?Ւrs~Qw%W.L|pF86rJ[Vint$&KdpW(:6+ 9'쇶hfVμ U W ω*"2O$Έq>JچةV,yu}=Ԑ~%s;GZ r"AHC`0XE:h0xn}!8lj%_=Y 0~_CW8*~0?i0_+$ǀPSiiAOf DfC^9ۼw?K0S@ 8bHo} G\#f_38'Bgcp4hGIqljP7@WW[yЍ|( f4N >3n$<֡9m9J=6 }< _n"%gvR8ӋbL2̤nyV+!!S67ּ.}1e!ؑ6#tӆN'w=Gu -;kl奚2`A (4Y~C^Ot0&10qg8$LAui Qr)m&C)`HeS Qѓ;x#dqb!Pwfe(A0&#!>74s?߈W&u$ -/fKp`{[Id* \;f6(R8l\-b+GiaUM^!usRg&G8vnU׮˫+t fU奓ZsQ+iF#Zp*цW#Zq v?Ys#!?6&TpMk$ST[KaDn\5ٝ *uu9R<24#S5=Rc5,NbTy{m[z;.v([TwOd`q|H3өB*>aj,cu[éLptvm ;]OL.3 5OUvJXV7f TJi!/رuPkZBBiĨpJ:Ra/?b-'eB<I93C40j-1Ijs ,2\`JV_.Eᚥsb_sBYǵcH);}Wueښ%^DYaJT] ϣ'^"+q9me𦦮s՗F ìw!z^>iҔGCjE%:֬:hjݩJaeb ǥ^$%,eT <bxj›JOgvW/GY6r%#/!W~?+)e4aˋJpo2vHBK ;t#Agi:\@mzg>ڦ [͈ƴꯈPxplg]a䴋YQ ~]Gc*&3+N<:?Qvc2TTxWJ,>_8$E2p̃r.X>n<|6Y>~ǀ%YR)-sRKE,#hcívbpJ}+D]NC$8رN#jv{L3 c:{O)FUMhSF w48<qbE Yr\L7="L2U$ F9_;}Sh:R% ]cVatK¦v,qP,U$\);N+r<%HWukbhGAO+TPM}_/uء !8=Fۢuw²zX<2لAVMzK<$>d Q43?_w+zލb3AhHG!f]Rj.6 <[_܅჊ᙄgMVH1`@&(_L=Si 8MZ$E׷WL]f%'c)JX)E:H,1,u|h]bvυx* kVKU-}L,o*LK)-EZ|EiK d޼ol=/-@\<[QþGJu*قB凹obMLSujɱ'⣹\.h =Uun4=\,ڬ$8Te[ Bd!ÈjAVbr#Y>hDaARfIE8fPG:e`wt($7Yˡod(90>uKbOٲɤ; 925…lÇXQ ʮܕC?.zu|G^2 ~/| eӣeIR |I"eAc ~pʛBi[vE8ȯ̐ E-))e%.lYT JSg lh/]c.Z$WX,NVFdԜT?/D%ﹷ|w$w k7?7ۦFƒ7E,hnjﮮXQS*Ɍr;V#3= _KDb9걳_5Z(j9ÍH[Ŀ'Oކ̊o5mRbZF5 "om$k2:1kl Z&˼F?~cYP]\ w2t`Օ^ldwU+<<~e&,9Tk$ʟa%(a,;Ka?hН 7.qBС(hvCX~ D7dИ0MݪP?̽ЩnfGq3Vii +(JG|[GmGΎNE$hG4>xMd%F3Ǧrv+|ɓƌ^Hemp4p(*FtFU22]9OΩRX3Fقo#T8m%/xw׋}K(,.HQ Hl~[mH~I踅wz%{f(f8 Un(|XibϼA1g# {`F֪]l> o1a_xB+ Zt4J}Sf  X T;pۿMbRwPGxcm{`CuLϙK((3V7Ƨtw m@]djEX_HRV7Plw}TZbjU/#+/)SopJ ͸p.MZ1aJj`A_2^CjBq/FMe~89%p}c]flVz6!tB=/y>7RI:Nݗ, p(^TT4"IX_N1Kia{ *z'N Y-bF*!zoe0;.)9f- M͸7c՛UJާ"p_ՕWΠw!'A=ߜp]?R])xA+cXWy Ctd紺Hu{UB``۪Cr {ai`CE!I7]<ыuM=q'|+YᲶe0vox}Ϙ/ψc}\^ɖ.JvD4b˴>_gxBZ~$Q ۂX|mb 7\,i=\fgâyF0*9}[DCO4I:xVcF$#a9`3ewG mB#+I0=ifn&٬+$xELm@yDݛ@/gX%|῿ѧk)ϬamɖkkBcH!T}2R5Pϰ%1>0*8}3'N-[{@>xD.~ss5i#bpqy! Rߦ$jAI/ixYMzr厜c"ZbrJX1a"SJ @%dBA?MUTr Ӻݛ'HJ"_$側o>:鉗|B37rh$IF==k[Ē=|0xd0m;R^(SIi]g$wkَMu`&IKCsqϱfcqkq{8OP| Z8 >1"dn~&dCm[gdhi\^H%̓vtg02JQ|:޽ۓhY>-p= " t:bNe0X<HRS .uЁfIpS?YJ*و,^Hh8Ta/KK̸J%7;[1X̒|1Dr1Dy?KN׋tWk*s$K2Q_HڭF9M sjGHk#SJ_|BCsΓFޮՇnv>3W<EW;>dG@mOq\^lt+t8@1F!RyS;uVZZբC#o" .DI:GZ"՝@ɽA] X6qO8#J3V/B`hCFHM'f./qےIes^ /ii)JSUflzs_iہSJBbͧ*b@f_gy 4.}`j~vdEKLR[=_%ͫw4 &I>+6*W~ DP<'W#`{/O赸Pͱ$R2AtHMhTfǮ*lyr#Bj.s%}=M^D?7eaSd$'[ldsT* _.1΢K~QH=j@86zw(݄[~geYS[؆tCwK>_IGT(}{80GGƗjIp J/tmLDvcnm+N?Q@ R{<C Zjo:,ޒۊ4'$57o k4%~ d@\T56C)5M\y!/_kI@lͣZ!򵮾ZJ!`+™(1;槒ssw v l+$g 4Ulæh8tEV麗 p격9D.s. y1(rⷎ(IsD`UiZ =zP$@,F0p0EБU 2!ɚd%}{qHoPkG#|OvF Os}~$n+. {@V`g[J(W 4f+PyL9, CyZ]WpGp qd"gAG{8ڭKP&2)chz>?( @rԳ2%%%jhLguxފ\$pGD ]ڄi?aG݇f 3Y‹~EfH*cos..]^FI&a>v2RvFM{=B'`` /I-BQؒ>V)țn\h^Vh뉳Mzp7y3oEQQ桝XG*uw) ^wZxs c&OE"#,!hv[W as{0}`c:{$#2%-/bny>&v Ӏ_nM;JǢqd'2=P;ѵ$՗]P(XMy*"EuxTޝ#U=x`W]:̈́2)~_j{5ywԽ.'<NԹmdž/ntg -Bt\ ^++iY!Zb`Ԅ퉻_RqJy -xg ^",P cэ"9l;md)3.P<]Cؼ*P龟F(+Rҋ ifѯY%Y>柇ZzM&;])pep-ppIzoxMûI,*9|)-αgN8Y.AלK69ދѾ ΀*`;S$tkh>9|"3V ;"w=eNI$TQ oB,T=8'O$yz}Ph^e@7TFs5YmlzS(*c¿Bҁ%<{8$%U؀rE828m͡.̻j۹A^9} 9LYuLlՈ%Mx8hx*Q{AU+[V!2&if3S"^HyS7Ǽ3eI;UKrJZ&-޴3a}7xq#ھ- GeuXzht@Sñwz8Xw'j;K )D!}WƚJq$`iuθ7ͪp8E:W4 6aJأa͋ӂI+麐N&/x:ԋGeSL1Ҳ:1ր %4[FFJ8X1(k2CًodzMڱ EcRğC\~C7},'F/F1$C1?-# 1=i5ghs8*-n~C]7&٧uK = 2mo4❾38p%ELgBFxcdpơQcw%_c2XVbLKHWּQRWšcԼLfV, ;nZ5DG!I~wY̶\ U #0YP<' Frȵ.DY- 0^džQwK$ qd6]E~:0`Nfmd,N1]𙫷"ᗘӁU+|-k҆M>b>\dd{@}GH>{zObw//PWHeMB)t+͌5PZ9WP] A`2M[?G4Du vdWsLa-y JФ}pdʖomGxvu,e1H` k RɸzH(\KL!TL,} mnm:啐?0B0@d%6d&0#~~;YQG躐n?Q,H͇h;k~t^sʉ&?ӴOSZ0>tcvSP?V B z+Jne<@M֣Y,gj:,n!/ݏdU$֮o ݎSn(MNZ]h,#ߏ*q񋘏rOWG8Ղj3KEIL 7XpKxQ>yDΒ([f>_2N>^Fh=_Fo)5^D[FZm $x+aيىB^s1<#NSLiER,Cu=5f wM,  MߤǙo ȋ_-X32tgm MoMe3cc4`)r#kE60fLvHNVa"27<.}hPe=-w9 d8Ts v~Jr7PE)햣Ro.*M Uyv8ƍHLjht/fV䜸QβJT̋GI&2PYEɖq5GLrKo(9W[Wa&UXKL CrT  'X1㺁N?#~X:Ȍ4^Έ_5`@WBUcx>ӛD7m  dcgX=CПB~*!%mkb) yM.;ŽtpOvx<LJaT95`̏,dv{P|H'5;( –\ˬ|eKAYыFEj%~ϭ&d,T1PYj*Pe=8d X*j`V飫9.%#ѝ7ozB7mN&? :+l2Qkka )_HwC]FBzKЫB&M dg ~8Z.p a_PΙ{_ŶR~0 @J?! z# n]G3ccOu4Zw3a5HK-Xc⪇xx*eEs,fFz-R4y׭M^AK;)DPQ סN3># 1@xmk 16kigy3 2/Z+_f6A0SS dUF#D.^@D,j)OŹV&VmR !;i3h ' )epos;kOF ZHdv*V+Hޤ; oc|R -jgUK,I(0fyYTˠUEƻ3t{G~32k^إ`Jap8"sO=Tjc^[6)W is>q*^/,[Cڼ[~ > ۭ بV%b|w17+C05/EC^\C @`*$ja92q{iO@}PZR$A }Zc&eL9kT[ W;JLx3P'6_e"3<ƛ[Дa-)&,ڕ4+S=gBHE(aXa+ӦY T+9k_b2kWWRsUR0^[E+MKJsKm/!#/JOOr][{zr m߅e\q1d;tvox_͎ @Ի8#vefDj-^roV~Ȕ,ޕ\wclD 6 G@yn~BeF-߀a Ļ5^Ш(]W0Ntt_z,YsVX =ACyu Vw($Hݨ%K3gɩ0N}_c;v1S.⒞*Ynn<͢?i/ԔI0HطȰ;dpzI{L 8tڏUt-O7:AtN0MXy Yk3g&q;k!6tr9 R.#f #U:<}^? mx2șUhժGvw}j  Jgk8a YDͻkE@@6숍-MRC9CVVWke;eM vv*(¾@ a/J cS͜zu'~ 00DQ.a3RB)IJ\8b($KypSM!I}'c}+!Gu\6~.+@6peNZőC:z K3rƹƠS-xi]&2X'`ncbeH)*1TbzjǦ4RۉCfM̄:O2.ռxhrP}˓Q dsҵ㳩yG;>v, ߮)Qjg7i܈'3cǛp,Sͣ~S(ذb)ƐV-ƀ;#pavjhII QǔƠ (OD75n+\/uomBv2UH'}rJru3/@#q}B 8?Yi+F@C 2.]:C2~.$Ds]$ "*[P;hϫ=$;3 bVSϱn0tEJ` &¾EBUkYb¶茔EzPН񠭾Ԋpg[;}ZJZe Jp8^f$>jcxMo^[BVGtF5--QGQpugt}ԝ!#&;511cM @@l$53zj_BxԕIO1jt7OP}Wr5@3ST ^@UK9(Ԏq{ -Z_W*æjn% zq4!]-Z!?^D`.S`Hߍ2eD˱ƻɣmOjB=nhҪ6mqCh0ݰYhn8^`|2fLŅ 42ge)+%u U u?e/B.VU"rQu2.ՄFe|AR+WgYbS ډeG\ 0u=C?Ԁ߀d=2vӔhsrRHغ ]{BhN[EB]@eLxxI ^oܣ ]~#$Uc*߆V| Y"Wib:W`&9eV+gY~زuqu7ъ+ܝ1<7(VZDzI_ěl:D87̜}a*pY?7h8M4 Rk] DEɾ`KWjh%Guk#V!5O0LJF!.s`Q|ǣQl< M[cÛa' *t:z)-n7sUp}HG=)6<.6O̫<6#:JUU/Cuzw8;^aQ9verSo6f͎smUL؏g/Tۚ΍tNXC a1Z"U Od5'F !̑lqLr2,[TIr)ZZHK-`DoXl.'G;fNxPx`fixT!NcsuѦ6UD.$9|?J40bB (D6$ԢMI\CI7JI0)U}eg?YlĂL)Pa"4ZEpՆO`ɥ>IX~#9Daْql{Rߠ*&a03;mE i cұ[FUgVW38` $H3< O$x ḅ9f6zD5DV[yA#LP|ʛ$`>Pcz <@0okx) .I2o3prv7}"PB 3M t^%+xfMo"c|s#LVE `!ʢɏJkb7ld.Z5DV{.-lAVE%W?x(K}FD.NAlƫI1C:֘\304e!ә\%TUmsX}V$P%6cKy:𡆉A"f}Y"a-`,dV霆Eqj*}rχݢ-OF-5 aFA{ ;*"zNzpu&&ԟZ.ӛy1.;a1|cl)0 /DCwX$\03wmeHмVj["ޙozd~9ܞԑ۹" )FJYߣ#'%ȣiyEBN2r 5l k;|݂xY$}oQ4 ;f"&iL>QSKG$b&Dh`v%z"@? -+=1.᧺㦍Ԁu(Y!Sp;Q-~VHӐ \M n`55ʧ눫!쮱( A8}o"\sFxj/ ]If٢&3xځ΅=ɲBmci<*(P6lRЪ͸*TWrXii/]Up e57 $u $ ]b[{H.;"l4$6'JI"NLeXg 'E^vijrw3B %kU8`w*:X]?NC.&>o[Î9F5PkEo;*TJ{gkI>`iIN`%(Ԁuq*+"Godx3Rz1)JD6!xlf2[W̰G!SzD{&gNO;]_4Z$g=ͦpE -DEP8˖Wx>>6X鸚- T;B̘U,qzggi6ٝ=;ۖP,0>]Pu!70cCK&hc3Sc ; $ 2C$O߽P(Fl&~YX Ae.]I>"~ZlG;HĞ]Z8mL! j  ^EYtWdƮ߾NDϿ|bz M@@, .QsTνN)KGhj^<ο~U%8&,o1yv~XcY$a579 ^t69E&0}#Z(U 5SoOR4طD?}k@YdT tɬ.LZwxN5`H54BY}3&9#=sVUG8w2-}P2 hsġZ9SX A02|FIyͥ{.2.eu6"U\ h #Z:;(SFI5ٳAxd)sq9C1r$z[lLI7B̛@ ar Ryq&J+cJ01U;~Qms7jfI EyFV"iwdL_%s,+WJ4r:j/Ō_^Alå9WÉ< n%%)bn1dC| ~ì}'f؞XGiO(mlBܠ ??(w0i2,i8uO?@!uGk3=fhw0\#xP/{L;qȿْ?x^aJUvOVt4D񤑓fk8FF!Xa?0/~_aG:V:cfɒcBa`] ?צ 4Pxʛ3 <*cqJX ٝJٺ9DDd>70|ǚ %f5૭*lqoCm5aA@ow&,csìntt_xGs[䏺+,NȮ6S|zh`}a8X0ɞT[J+Oo9j&XM8]-^0a`81vndӒp {u #gfGeiW#]GA=15-քhb)rmA_tZwRcIU4V%˦t{$Mj~7(rr;"XÄ):IUxfoQ!NkmrǢ1XZb8ǣ,HzT{(tޭت0`NTCI0$c}Wg9|wp`#aNJI{+j N`,]=6.?(LIi 7Z~7F @R *՘nja146"@`m=}W/ReF|KM;]̜,"c#`iJ: ^(#+ݰ;:a`O:?u0RbۘUįp-Ѹ_g;vAEmRq/Ab6`LY[(*a(>jZ.^ 8jЏAVާ.7MC[*ÂKs6PGW<1~i mfY8^_-'wU)/S` ZY9Oq*t&L< Z KJe]ύ"(m1fr&_8vrƕlʩG[PLvZJ-a k,:($L}7E"STr3{ACĦ)h(VпǍ9QFjVvK#mļ 4- \gaK5 r) hji/pWᵜbuҏ[CYFsEr8k} V~ȴxQ+펚COJc?Mqahz$a+E4#1:y$!ϧwݤi+x"`/8V.PLeG $YY ZU*NdLjϪHT9!V \f^Z~֚:aL˪Q_/bkUfOӮl`hvjm }cO(jܕSNzZS"9D$/aQҜܔvAlj`TjsAZOջK=hqVX5l[ +U\7'b^]iA@ۍ~)Q Ob{f麬>TDF~샷qY6:ڜ6 5;q DPA|0P$W§H+ͨr4(P?QLBbx^eyn^,Y,<`9Z#MsNzT 1=鷸`#h'\ ocaLB $ j`Ai%"S TZHMg%x{f7"Ft9b2 رPz CTYx/Ι*7.lF#;e-=:'SA\Z0H 2HPK@6F$\Q~z^RMS##VlzmtmƥB%b:K6a~eI˺]+Q >7wN0[¸ -qawӗH7%Ic֚1&}|5"Z_UlR!=mvd2p=j YjDCW͐"9+jm9ddEKDf<9 Z//8}JRS\>{̴T3oCۗ"[bvռr]Ɋq E T|KGEQҤ`A:yQR"'1mGBȷHjۻFR{UˆS#P{n t,:s ;tVc>~Œ56ƚ#ܜN'gh kަ&Y*&K_l؅2_~+檧pPgP >-ಋ=V\6r3ъv&6GQnipؔKBMVCm"/Dk׫=WJ,kg+)H԰oe*UTsbO\̋䈹e! Yj8:Or0NKY{1ZxBe*ř6R]uԉcسl\<1seA*qi 7Z`̚Kh^ܵhȍaVnj ><}DXSAU}nU <ĥb@kb-r1;zxxNz\F4?֜;;)0y,x"zi@Zc%miL|j?U1dΔZ5/<41k{ō}O o]ڹq8O n)$&>WsN,we5ڃͅpm;kFJ a 9~ &CX9=(L B2\^6fZuY2s I*uP@)]]ө,D"EN±s^حw`9Ѻ{P% OtꎀhQZb@ Va>lsHZM[bR{Z#{U/ |]>B7!q9fR,g(VH2}lb՝]bzO9ѢW՚#rH)3\ȻZi*^ԦӤ`/k+&nΝ*f: )١4'|`̞e)g)OȄ Rx4gs~w%u9Lg0} _gS>9űPTQU9ݘiq7؛V.n?+Kb5֭lMFJ⒫1(LM(o*Xh\.4L(MnGaԾ>'bT)ݵp¬(Dz9.D.OBH7"Ě'TGZ~W&O56nj1*.1-ioo!%;nȨ+5;/t{hH\)w]QzJD dBNۙ}&mmak7TΐǩϬ<Ԣ( zugQVKC/Sayްk=n ( Hc 9\LNPr\{hS,қy3n}a|11NcvYO Jl^U.]jޏ~%@4J49҄< B\bK<`o5˂DTLDanӴ|ﱴg)șxY UcjSo3yW58 M7bM.t:?:`JƳ`h)jn1]2qVhALhVQdGUG]t3B4:'&a'YA;|%Uzkr78' Ⱥ3lV .rngqʋ4/NRɫNm?3:' }+ԓQ%`5=4$ 4s+5i9T.3LTA*kO>JkHQ|d~0úq8+i ;Lb8՗HhmSU6 D[qiDy}lI. Dю[) ? MmRNz/,8ס;P9TWwmCFVS Gv:fT]\(B )`UГrɟqFdV5)Z^yV>xu"H[-zL w?I|^BF84?Pxs5 M?Yk>L ?k$|_i3N a_w7pVo c^U“Ӽ~̙Û/W2?В`zy)H T!Û8Ѯb^]?)4kPW$[1϶F&1K׳mڭ@1As)Oq65 vDUܮs\N"ie Zޔ|Rˢixy4ysѲ${L8MrpDjоLb(4蜹|YAq B0J|db :I LwV=ks(< Oҿ#?.Ԗ4V0 j l6$AtgR<%Hwsbud*@&o'@BUNܦiYo#@^A+Si]VU͟,_;8d!:O@w GP2o#ևE/F}4+^+-ӡ}_4߸3 hG낪\Wyq[6a%1%7?*f6}mޥMg#&a@,T&L9WшA]G߿r+}aQ_:'bNl7U1I@Ǝc01sCv ܃m?zјLM#%XezeEsT1mM] -FGj!եU?%ܱ00UOwST'~8#ЦzdRʔưWhex9YQ'PA8";QEoҰ:{D nE=x834Al^QV{PbVeF=mG()Aş W`f=ͭ#XgDMmX]42%W XɄE K:ӻdK6Y\; 5+}ѩ@o8g_|D_|s&]mtUQ7RvCwK%݌ЩTޮ2)܆DM/sGRGzH5|NY,Ӷk$x혒:P¾)-V,.\Zqf!?Dj@B|RHWIn~3ENλj/Xk|U]**"%)y'n9ܫo; c'rlIs`Byi/p(-f΄&UD!lIHmaQRK>}k G.d]{˴]#QYho:tٿb/~1s$EuQKܾS1J C`{hq\{ HGG0dK7[h(v2|,N%H8w/eߩ\[尘3…KKR_Zd?Z=*6*9^sUp0x"Y3ЧV-(*!YS :HP@/ 5e0v1IK2BʰerWB+9P,U:Y,Y2 HmP%s#vEWᔬC#M%/aS/3jM֙/wb>gIҚεbQpHٸ=͚ͫ$4Vә 9=u;XF‽$8h&i ɫx`@.?26] Њ1ȸG5^qAe>vd}n×Azj ^M!v3@wZR_8:oe = nr]ej>] uXH\"}I;dS)l Ϥ]ez@9^=a|]֐\Mo$$~2) 4{T,H^JhZ]t$ܔѐH8KGsC;*=-yS/} 8B9wLW:^#ʖ ,ܲˢ!kb"lv+Z_־AznC-NOzm\O Q[uZKs}Ygڋ ٙ QqPkg[& v9tÃxQ. +CJ#&gЎkRuA&A pEN,A7[2".D= 8tbnsHj߽_b 9% $ن'[ &oNi3$ e{N"K~3yRQ SR4u99[JLbWQؾU+X\c1%[quU-a:Bpp nok9]TV>XQ ݑMv}~&*snZ:nҸYHu;my  ĺe9LM_/E@ ˑ j xY|>A2r% :G3ߝgr]yi> p4g}8枲. i MՄV wz/^8)e{/~:t&(jm {W'm9AAnl/4gۮύGƇXP8vFv5 R[L<*:Դ݃)&+)3X"rq2♂-rZQṢi҂ySE G#a@LkY%j({"zZ[@Qa]5iUj-hk*S ~9-4k0pq-J\?K^fYT͍s8*9m\ӭlw1 6W| ub%r-݀&B Mҙ6kA$?XKmvI\g|gp}dr +cPg8ЁdA$. i!>kt,#JG4j1 o$Ptw^ WK|\ },8OͼlGS5XE nTo>}XLx vyY s.Ŷ#Ǥ>*_0͆XЊSV\8SdS'D0Wih_7'60aÃ/;C6e{j/'5.^Yu⭼OVWE+l iq[|Y[N,B?x GkVc; UK7; z:C)&Y&Taa#K$:y%PNࡡH_\%yv56ÌY,g%&t6Vvd^]ՀaMEH9JI$c*ߊ=uIRޙLeIX?-rڦ0qE-]SF}R99b]vWTꚸo?^f=|Km`ӭeXD[uNQd1m0P> ɻ $m"׫`[Ե=rs88h Efy_H%$ ɃLvh!Ɩ"Э"#υcUKBӈda!`TqC oX\|OZ\.tꅉ!`ͭ4lq3?/ER AH3^}Y(;Cx7 =Mܷ~vK 71H/5pr zQЃUAt0ڋ3T71__f#Ti6bVwbf%BL}SEEʙ{qry?\2Ϥj],5z7}ݵy/3Q%X?Kid/fN䳣?5 χ*@Dڞ-GC\e;ˇ ]h: TH.Tº⋚!Y?PiHW!Eܓp|R(ɥIsz8+-b"o!^`ZxOnm蛻A4Eѡ?VrKWԎ`9M-4 p8;k/`HrX_̰JP-|l!ȳڧR>,ecbUqUj# T?dMф[8j1$2(326ۛ-ۓHFTH7;x؊!Vt.pQ|@n/ (B֍ؑ&7K:-I%NQi 4xq^|4'frX]K&_/=F*./ZA ShtU{V]56Bc!t8! xqKCi,O̪fK; U#NFS'_խTHVBsGR,Jo)lm%Es-lWdcgB)ؒ"iG态V7s=Ix10:ɰC bP׈8lmrČӗ*GX~8p$@#ڋ9FuHSlWđg) D3أUS"gг%L4 .D8_z6JAԑ>I9C9Ķ .Q2O-i^,0Y{JbzUڀb$nv^`ϘBnf/D1}Ef"?Epʨ1굱d!D0O 90rJbo͛jV体^EwA5*" 0_;!aDm52aa16d'B;?Y vΆ'jpb[1G K&8'\[mF?[`<~gu MkJʣ K-. eYͤQ«Y_Hh.Ɔ ܺ>b@[Է3>/5 F _Qb-.]+NDYyX0q;)j)(Y6u',=@JhV̉sBs;hv-DY(oBWOhMQc&ƹK'y{Hbv1,W&Ex>^Sٽdz9y7;1}LDA˰\851*8 E^ZO-<  .RCBZ6GH0kvɰ~ D^EQ^On 9&9QcIHϬiG07Ke糺 Ýק} +`#Kv`6o_H1d=&]4}PL<5%hʿZƵ5K6.+_fs`0l ֶJ@M,Xxgjb=s8*_QTbɤb}oNy$Ke.@d:Aq!8g c288vTr7@$Lbá:Pk0kel&` roilx*l&+ ct}d~6®d;m_ 241En4`At ѹ`$O C4' fVP4Ģa!Q e믳,'Yb 5i;Qp-CW޳\LTB';@NI}Ϥ>VeC^a<qG|\Qov6 ŖE.f}Xۇ/fEHVnΟe-۰u L:1Q="$ 쎘1JӸ6-@ԒZLsoMEطeik{ k^OV{BGlA⣠w%K&*pe:`ӕWYݼy` n(n,rm镪fϷp-@ +-kٳyh,ȡlg1F)ڴI!K=QT$lxbI?"XMM|ל'j !Io2B!7^Nt_5[dwn< IzJZ:w+L*ewhR9"RxJ۟[^Oqg?絬$A䦬f"-YG1m H2C)%WWZ9,:2MЄ \<ɒ7KK.RlVs.C*sHP9ST٦Kuف{I'Vacq=f:rY w40S*8xw |ɨExLyJ.c~eѯblzUQ0Fސ/˟yB,eFets$CtCbAʲCB&|xmۡT=Ć+d6v~OF r􁋖̜s qЯִ)| 0;aDDeG̺ݔc7fÈh|b+!ү|~㡬- 3Łv@ d³}U~Tvkѽ[TrlUEmb=[o>Tw O1YRA*#@Jy hD]XŬٶb=A(DF Qy$]a}SeY=9R'FOZ $7(鎖Y_se0T?2L+p _KvwjEoqgu?- 8g~?v/OWġ6ܤ V|Hӭ sLDZYI 1"ZH>W+`"c#՞ Kא ATP;SsʋM-)o:_ ]L~Z  \-Q"S]*Tϟp%>)5Imv%vfﳓg'vE ?j M'%3`;xI6J#4c9U],/9,,w{ČwOWA;z KLL)IVA-YLr+Mk.e%~ ti$Ԗp>Kup 14fª,6`i߈+Ӛ5˽ys\SZ瓳 Qo;}L:w"% Б{w.U*˛pL3+o]^ O:ɖ_`m4dS-*kajw*'^  |%:]GML?/Y , B8aTi[ˢag I9lx}.EqĻ*. 5f4_iNnP$ KQ*gמz~[T}w'i_/ ؞k iaHC*t'$>{~JNw+&6؞p(7yY_s,)n *'ss,!OPVKyMwwClD)Zwl6|c:yXI\:u2a%^SrG^-Юy#KI7TQs%R2c0dU Yt`TgZ9Yܡ?:B "P)Sd1|BMYY (>:WWrbwâ|C ҊmT,m3PʨH~Ct;/o]¾D p w2`z\z*6$:aj%fn hJvOCs 36~`?@ :U3R|wEKw%$%syrH_]UA5{9*YR[HݼIsfyGSp%7~AԊH1&}kQ%yZot:l ]=H$мG*IKS;Q`g"> e:mQuL_⨜{ جtxB\aG)]Qҗ&DKaV'3/c+LZYlEO9NU8gC*71_Hޝu'/ R`@/#+.O{nh'RBBsz mW Jq_x)JpЕv "6N#\4B:^ayJP"CO[sDݠ=jpE9תJCrIד'P ]([zJB"α*@PTz]Qxt,b_klcIi](H #/ظl D\Mnk;:EaL 3AdjQ`m?1KPh#3լVbQbZ8wmΰ"iB|!@ [ڳ+w5tmZ.-{Ѹjf+bN*ʰ黿Pʥ~'r%uvwAuX&kFxQx %>m١l?1FDyCavCDa5usl2 54y""Ԑb߬bMŠb<xsh&:yNgbl$gB(ḃrl'ww&xgQfm |ߏ4zN5ppVPCO2φeЋLFꤙ7YʫiJS9E,ӾDVdnxM|K9q /V5yJ Id[#]7=Nu4:SD=ٽbAj)Dhqwl=B?6rZlzIQGm;gG{Saue<6v*l9VwH7<]"y [ o18Z;kJ#W#ObpPI|<W?E /J㤹4"1l6E`ak 2O9H?v_ҡ@4\aB穩ei .0G;-$[H}A1P^$Hr_l235s3.Hk'xB4ʶ(MO%#4)0 aB k2e( o]:0TXVaqB}5햡օ]F"*^BfR8wd{,9 Bp6dGm3Èus+)JE \>"\skF ~ȸq%m:|#M!MH{I87ݤc a[SkkǛ 3~$s! /qm3'Io1YU;bU;^P^Q;)fm݂9IE_cLB7.cr>xj|&:p?[nV(FWm2VG-s L6|T6ke=U^`mxda̬ N']~d+C1swt aeZ~PE7?qCb7 `M- )X-p?ŗ4X_~{RٗޔVjmw_&ba.J6;E3 p1=͙<ۜ*~g/"4u48iy>(`gY@ڍ6*D%<%}>eăTi HNulTAL@.؏BrbFfR5\JFi8tXlc{>P&O@4{D=SzoMIYGmNa8ɴ JM~#'@dڇ¬ s?DҮ0 ּ ;u (2=vEC-ޓ @'K<8Yy<x˽J,5Nƭ2o>cw%zߠ6RlfxuIt-Kk[FY 2eR'p㠰](E#I['|C}]=K!'4Έ$n0ٙB#ZZVst|H|A_埍0oaUU!1CoO(l+0+V6M(ϋyjuKiȫ/2G9+j|T)[i+Y =2f %y1d.8FVS˵ЅQxqrfH.0d~Gs" y9-.EIrDc޼sBDŽ Ia0~gsqD 1CV?Cj=(KahKS>*np`7Z$4{3>PN?()_t Bb=&3`Eб!k +JNswʾ$Aape"@JKoy) Hg'QX$=4t4XI0?6i1v@D` wߌىH~NB162TOmMM8xt*ŸI|wo1$+{|-"]FS;ٹouvBYz'VM{ Hd@4В^yfr#%gߌXr4kgRr9x\läXg-I2jU2O#xg\Cy^ ;3,F-tM(kH[5 3+rI ~^2N5計m5`^UޱWW(A@Ĉ*{aD~AP&yᲬx9@a~ b1!ZV]؁ Y[Bw~^";PDZ ɞ@)`s ›ZIiI팘V)Ln#t1C̩ᱟ$,S%LS"L폭)r|{ tQ$X*#֔ʈhzdQ⴯-@d8([WFƢϐ5,,2!X.8fG'Ie +)~$;mr-)6#{[Q24Ǒ/?G=g6hN*ƖyDaT\(OUDTz:t% jj8A;.k˘vRV"nsޥBYaC}Bg5'MUa3%:U`wg*8=aykby9/l#6QȆh8M,-<:!T)RA_~L(ؾ.͚%'b 4;><$8h1#FqC'/^jweM lMH}i<eMFdmڵ,v),x[:~mALin24WߨoI7-ПhJq\X`\N(-.&)!.!8T/D2wҖى'xGԗeA|{VQ_27K2UG憍QJ$t&bIA >V%l {Ror$4b_ ZHWBGxbIsB?ƱCC Ɇ;(LTWб:,= 0C7y+VŬ@2DhCWE! \xxX҆2|iZ낵0o5x[eCmz w͟zVS/ u:?`Ph}!d 9Ѭ;HmyӬzxlu$?ytRء?*N !Y>I玱7A{>:0tmMi2Vloe173q]~M1H/&"PUy #.wԑF0D7<BtH0\;&NyA.0&ɿ uxs>A/]L=gpulţx~>zfg񣨶`lj͙W{HYAgΣ|AE q'X6k n Oy3NLecq}f2`؉{= ]vz%eoIydxhk V2ПeɊhxEVTmSڥ H N%.wxs |^R#Xo[ddѦ~SKx޲V\ccq*[[]*D3!; e q5lO`vUW,:*vʒ^m_]PYI-PkVre]) k^2>)z T|*e(dEXy6,Crqʱrl}~9?֦#^Z}ҜjD::nppmYY8xOp: |IԨxKB5=+%M8/"S戵 jr-UBvHH5/y-)-U'ۡ٬Ytk^h̘Va%;5O~jYEFFm}|(=Nab51n֢L㑘Pk^В˙!*Zkw= Q=6թdL6hD2GaQfPN\An2xԪ.0i3i[ȷf扸(Waj6J@5E}(J# =cjqZ  jǂD[(OUp,ɈyL6B>-X]<6Ix5emS;W|Q}u=;2>5_|tk_0/ԝr<' z?玫`UElB1]#g3ųt4a<6,J 2kKzV9@)Plߵ&9NωL),`TI;̙X0` 7d" >deM Y#$?t1k!O>Pb_K)'zѨQ %Vthjf鈉I ;tRLuJdt2zɥ/@/0nJ,a$ bWx*-`0WmQ4''_h.ƿ#0'LWUcZ_!g{(k~/cŋ$evG,cs8!uCuuBZh,щv=s+"R+JS氁̛>ȶ!^&=Q|TL! u$t쪶WI:c孡EAuﳒ=rF`-0BLsS0ɇ&}NTaepXvfk TAEA=1 OtP.PqEґm-H;2٫50,̔:~x_CDlO{~C8ӸF2 /\?/*S :P[ li*10. 2d8Wc|Y[jn05~8-k֥<0=I8z$PҐEp%b-vŖ)e2%90CUDUڴޞidJ4>giOoV:Wׯy0OZsRꌎ&e1hrw|QG cM>i(ʃ/5:.$%ɻ>drNCnmPp-oS>=c.ǰ}嘟^:2w巚eHzj*Xg_.[k.P!c-a(WʟbAHdE5{Izhj 7'V3<02"zbmasi(oa]6Z$t A;޺]])=+@ĀJp1M,CCh9|$+UTw5> 4-<K}1lFV!Ui_2eׇ+9$A,*ᅲYBސ1Ѷf {ܕ9~D#US`IK[, yvgi$1IĂRs&*V>կj©,Ψf<*l-c_F.]\$U&Um'P 1djI;5f>L')<.SimGsC% eT0Grceo޴L ( zh/_ DmYЃP񇐥W (&׈j:#*^0Inbk[>|3v3.a͠&ըlBJ-G2V5U<^O<.lvs'|/zǦ04olavv "!urNO}n+= eNCDu' ,"[# va|]a~^:&}U. {c'&U|0KE:nWi2μt%ZV$LgN|*ߨ/D-/Id#4N0%g_*޻-K.k4^ nD)$zf<gx>|]%w+`cvNTjkw4&'eDd76+1jл?pƂpw^@S]HsUտcܕr[v,JjUON|:!;Y@AhkNjӿAhbP%Yl-B}KX<}]=袏Z*E=`b]jwdE{ iTd!Lhv@QgSLMtʅܑͽ Vz`*D^V hVZPP|MZ" '*(H:R74ݠx;Nw87riB@iBkjo-?V f KA(gƁ.RTpxer1Q$0T̨$ m90`*ᢗϱ{ Ts,vX8sX ?1ڦQt- jنC/wQg8Ҏ78ۿAd6Hr&ۄwZRE9i\ML>G2 qKaDe {q9"CdF!rSZ"O #26=:) #2Dt(;`lho_m"4.Ls,mŎli.KN{ũR_>9A1m,,aCdvu_*˦6JkSu,8Pk E}N#JmkG^ Y֔SRcC0,/wj(-LvkXV~&4[=h RD4dBpi'DGLdA([ZbΠN6ݿJ{y\9OGuK)L{s+=;4$(w+/ѣ[~ 4!+oϮ҈\O_AyKvs$18(믱xv ADu<7@΀EUY9~W+J^iE.\VO+;ժPE0mb}Z}5bzԢQzLl&նpvH}>n~sŚ#*z}4|r\76l,`<,WIbݓ21x^Rz}W7^i?rzKtZTbt2d'h8WE ;#8"S|aٛnΏM&L>ϒEʍc,et&Iv MSZV[e2KVi+ 'j \G uE) c#=Z7/J:XEMjMP/&sq X3?0䛒: aD}J#@d2 ; #LbnpA'1{m!&6:0Թf&Vc ag pPgJ~SyPP `j*H5H]"^OxoT'IJ7d?6VMp>Iys==f%^l!əO(OEa,9<]88-Ud@5nx}BFGt+s}נK3 st %~e9?. ѺuPkyަsupEM6}8^yO"K :l r]tFA:WM4"j黚-L fLRQ3a1=KBl*6T32Q*5kGbm;=PO]hrCĤe@*| #y^%`&Mm_JA⠩91&(x2*g%&;tj)Vf*o Vg8_f_'UMW?ݾ<Ӿg]'t~'TM^5^a&a];fR%'D%FV x wݘWaxYLN}ȏN~ .&,u5}~R[;-@A;AGPpC1>r4 ,YXԔF9z3î)1|qJIqi-fe^_GYE9i4.724*il!}bG2mI"#\ M_$Նd_&{P2ׄLzK%T~vsmZ;$0T~sc5fcb,c?Nc_,\c08IOl؊$>Fr5`?jLi5m?Q8U;DlIİD~xŷEd}kX^OC(7p:O"2!NF&?lAGYDz-4ǖH⌑ xc+VsEB/$t?ԅVςi$$)PvҤVe9#Hjg-oTv70g %th,vP\C̭bhlݺk*Ljya_wD`W3zh xZzɈ/a8 mXDE-+KSkY:&X&G;4<9ۭ%Ӆ42eU@rB10YӪDtc ܷ{Ooim$ݣ#(e.o:KgV)i̒P(X(e1XQ2T۬D}=s``!X!*%X'xQK!ݧ=]u)&G6wv'Q`ϔ3M h_kNbv6&í胯j|D4q*U>Z2wi MH/IB^Ϡ(A 6Z({"6 .؎]5q KTwG1@l ܑI x3?f,d2JPUA摃cH핕g8>zM9L+}8'";6|hel[)ע֖q[f/ɛr6abfb%FȔ4{!M!=%mroSRe'!8E#B'd:8>9hW4xtL1F;7Ɋ15_zis@>kQp~%S-, 75=|I #xmZr NM섾sx۵lz%W#yJ"`ǰ=PEը4k&'3n5Q臯d<N n6|{2m7 (&G =IbDp6eϒ;+(?XON|ޜӾF b) x|0?+/ E[h>k gq V }AhEUQc`4R~ehP4$Hg 5r=V}5&i7aJ-P..Yh6 HҘ>D;BsF2X΁W2fC,ݎNîC֎53U}""57VI|4ܭzZ4IQ^+|MK^֙vߜWi%h2`j\`wRXױb!6.dev1XBb˽$9lN^Ckǽ@ VN"0]rk Q'%-Ǘ:Q5^yZ)v#N5nR}g'VGPٰPց-PKLcˉ ;\IT}X$jK5DS1X5C5:Z:(GMvG'9,hgy|X}~m <'ْ^dIiGL},ֵjݕ&e}|=h™#guLf.W:yixܨ=јj~"KfOKQ nͳ1uklIZ`?q@$'&[wRJ ;`LfcCDB0u$p y7abrZ`~JQ=RIi{QBީ69Q# |-%s(0 @=7!ʙ9 EQ]4+OI,#KRB"$+/,)p[z<,ͤSDODnqN,.d5ctyXϸ/9DھSk~m/6ٖ!fY$P2)zUk'/fמ{\aH7N$3Ls1JR0#|8 m` #ڳg_ω lXTEz}is]&[?M:x[ J=ydAjW?6%R\?Y/n B)sAVnJ[fᛜ^BfN \" <Z':%y<6Pt pu"]Neg 6Ě?y|H6fvS4Rv(n{^fWp!y-tZB Ț' ]2ǒUqn6P͔e Tu@ivmH-i|1rѡB<:l8Jynͯ^m@⭉J0\l2oPv 0r"9Z#&S Pu4*ӕFkVur))srbms ȠZ4VF3lM BkU6SB0Hmm̶NauOѨK ,? @449 ud&x&i2ɣbp{ E "CuiSYKH-1~^3PJ]\B%ƺ$)j(BrM- a+ׁYpu?K*Qz5v {nI~FWh6uQ(c$WP5maM+HЖ}6Q:' zM{ϢN3m!pYQ=q{!샾M<7%wx46D{Ok̹1KN)°(63^شolY';Kg=X8?7,,s= DqCik*j)fQك {t?#,=4}=w(N3 *W%<|2sأoL|G@&KPl ~DkY^Y׌=bR3Zqxw6QVplu=ev#%f`Ѹ:8Y| $9[O鷵$nF&o+*U([ s~ `9tiJj') BcakpV{^QF$\/#BwbT&&?d#OYP}|؀A@=sAGsa@1|k,`DsW1^?T7FML ]J$HĜ\aA 0G몠ˡ?| %MɋʛLmaUyQz7{]xbcw7 e99|CJ5R:u[bβk,Bo?'ބ6_X(?=*Cܣ7Vʽlli 0"ފ9p#=,Vbz͊c2]vu QG`H>l/EP˼qQX9j7v&3K_Abqw:l OXڞ֊m/oFڐ3^ޚHnt $0ʂ_h=ʐ}37Vs7 R"HJȒ_(QT̐S ͚$y&E][mF,!~jAC%IYoh&[ǺUtRE9q/jQijku= >!B\6VF1wS-Rx57DvmyY oYR.C>ljSi̎? (4(Z]lˡoorBɎ}0o$"Ɋɞ|{.͢W@#.# o U^ z.2H0[@ONdȿ lȡ8ey߆]jIό%H-΄-[]% 0u"SWEĂ`6GcOvÜ鍞KӅ24 <&:Y kHgEa@GgD3?3Z{_&z $ Iց-g;!T$hj4m\U6%- V?M0Ho'I@:tHw=D!s%c{r#9"iktO?įvg,m[Q9}MՆgO57\=0@qr2̀ncL OhlG *}Q #ASCeVFS[/~O,ZeSDNB.ц#>+ jAlǽ`N#G{\LrI~v=<IJfTo5}#O_~ tzNxYluaIXXsn{A_ck`3ޑ#4 ֟  R<7I'#Ho tspd)֊Js=$N!W vR"R>:wA/ $^`*As7lTbɼU3?l9[Cѻm;G'yZ+g6%Z'SML>ۻ GNmP8f+L<8M誅rfE(dv-r;9/AcZۓ;8&:I*Ũc^Փ+be"H/*$1KG3܄L]Z-P4;<V''lKzTy}VMAih?7-Н::..*\q|}3Qf&8]fK5c5'Ve>;䱒S؟+>mZnR,$ɣH[_U6%V>ՌW4Fbװ!Wf\#Hx`g[a`W G}f^PJƒA=3'I< 濎dcT'f&R.bI3]>za rAJ@J#fXyf^es 1\dv %+k0 %%XĨmMBY߀D+j1kz'?iQ!G,43Few%$]GN#wϾɅ~qojXCg 0rX#Vfa 03Au8upqE v';96i [*(QCʄga*jMZ.Mj a8?Aha;EI j. IKWG;+=Omf%.whogg8 &þy-5[1^Wc+%wߟl vۜj8A ւjKHOdGf|3}cl`y䉺a ̣q力bOes:WmEj`/BfA(E_:{=4߰'B}y:<+KoXDmQ\T,#̧6a"kw` C:e?ѨwpGq߾Ql"uY~UbCY,/q%~(aUdwU{' wyInZ^=޼c0O-"q~'E 5"xEQLtXÔm.MFzMEg7\=Y/*}9؟~c`Ha93ipg>ߙb R`wk3d?l^:)x.Zy9wwgVSK } FoP/ ]!D|>gyNe.,4] Zz[<՞ |GSwfW(|YNP es96SxE6WG NjdO}%0S`VK]0EV61\ 5ȡڀU7Pq 8P ّ}EgXc)=c"LVOhs]Tp 9MΟ{heYN b(ҢI2h EhG!_#Mb,wt29Ϯ&5mq-QpaBJe-,fo3؇P ɓoӛH#"Eyt#r8F9q- )57Hp~A |T&8ExXhǼd$Wbh%s&QJ ST~/Y*>=+[wbp ä KV_i6> aUR6}-{2~f<mM-!*nMHO-ʛ| ^-e.? nHp90Hs`ʂn/]THXXŸ1BdNYw[mh8p ɢ+MT{ɵ O .⬒NXDV騀tIx*2`IهX3b/ gypD5^cX#j8a=H?ψP ~p_vǜDW.7i`u(VH.%4?2h#B*7P[&2f:NH~ UU_`rӳD/3ɏa$t'?0a 9nzKUrr~UYjD{=Cgvԝ>Pbڋ^cZm2뛣βs`BIq2:ʠA u h\[kb Xp=3uj#g(|נN)Ӈµ`y8f[ !IAMƑLjS:GՄYQދYZTԑNΞi'jȍm"۹ Ik + sybx~8 /'\ mfitTVؖ5_V$ឭ;S}%Nl QHj9JU|tsL\Sxuc[@FCo64VY7;t)~T-׼$*梦j!frD$kk/SN͉9飂}{a5"1;cΫiȪu¶w ǹߖ1TMS Q4ό}=JjlNfB$%KA!?J6y7;$)L2^y:o $L.͋ڪ 8qyB>ǼvXOmpl9$/Sa1H, Z dfj(;(ҽ'x#:2i&ǖ#DK/>_իer9 aZ55nnu`k.5啾@8Lg:X%IDBKj+ Tt.w!hV¢e_v`ߠdmM:⹙om.W,p"ԟ*v t)hadtsgp5 74n~o/kͥ/& Z(TmhMVRP<׈~2 ͜ˉfj.%1ƽϺf)stsK[K u(+#$ Ƶc/;e&u\HNt"h^Jٙ/'E䴬q1PHyu Z;RtQk` 60D 'g`YG~-ɩva#,0]ѵi]M3Tb?*cO=USzD+ߐ*!fnu.kTr$=&IϸR*.}cfG_XIQ=\sqqdanHK*'ҷF]FF-oL47(VŎ}W#ZRa7Hn9VI n–ymx>$jP).L5!/wvsH_Z#)I i d$`_/ jYV oوէhVaD.`.a}0IRfWo~y&Gia% (xL,pCL#_W诣?U΁ŪF=)R|ݓi$:p ;Hxd_3$rܱ\ vzI̞Kl>4#)c$j/ʿqHn=^ZmIGccsFyڒVzed\9 /{b/==ˈҠQ6YSetm2SnNS0zϻ|J qPa[sG%{< 8:V@ UTp9d!c#9I|:< Jܿc1'2-bECk凎V5CɎݫ%`h>T" |zep 4&e ^b<ƷpV_H -HAǗg:JOof)M6Ҁ W5o4\q#Mz؉ [ .;-MXcȫAD,nwˎ1K>124Vn|Rf [}G^it4SCkc .᠌Xj"<}:Lo lOϞ\/F{74{!2SGxׄ Z]]:(s&\L.a&;"XSQu,ߒ7dIGhl A an/N" Si `X90.In 5E0gbpFHL}fŃ0 TWcبb4B)w%҄vt3wGey8M>]##x.Mb4 yֈbuKpp1`bƙaVykH-vH(Nx0X?`Tyw抐3aVv~1pl=cړڃ :d4n>{U'(+jo}=+Y9p?K 5:3Kdbu2RhyJMK zLhQB!o] mFc alHo_ .'쓨)v@\aG"\SEC3@\35dxTe9JmDmv(Ai/]g;Ic?f" 9p<@[0z=+JoМ._EaBY}yhuvDOhMqYB@pkxUd q^ Y9~0jk(/ngil;&:S#`-t7xNȽp,0{3IQ9jGC6Nr)+d;86a 7 \kXՐ ?Ȍl:Nk;ڡdvIYwl}`9OܔFGŷl=쀆jfq]a nI7f#`9]гI;*/V=;V4c¤טrDn {-‡'/o"1NdRa EP~FsV-mN .xueFYٲ6>|l4FSV`95`jH'F| f7hq)5 "JOWf&ro=`Cpk Ζ'ܕaxbNIG˗zcBb?7-L3ֽg'H?& E:형^pSz]7>@g؂d#!:S_ta7O 3^QETDE@x{!󮎻rΝtn+$AW{;i\k0E+ t0 !ra8fCerw@> |fsZ:5nȧɠ[@-M}BdFq(ѥ/VC;y2y#B*SRC U K=Q%Tĩ; 7a0Z*3?A_HH[5Gr*Li̗q o&xV+:~Xg.h86I+捋[IfyB z ԵK1:Q}PSOv=N!7ڑq`a\|aԿ=wɅsAQ5]ze#(#D>#% u!HͿ) w<;g"DDxHi \o.1l70s}1)ES}vG0ˉ [y>ʀ=t*$啌}gEV>E#d@|a)€u˸e++[xl>āzsr?pit4PCaRO?y޹qO:sA+Vy~nH-Lxx޸LSI!rԱ"b,au˰ێz(kl ctZB0{SkQz%&.S5H`~rW<J gyI"8cn;b`aT?$ds.ZiΙ{گ'˚xAܿ@%F)B՘TIiL3WdASa~ă܊W4_D+i=|\7rN.>8CtC@z]`ֶEDRk#fE:ٹ&JnRQN]ڴWHe+Kgo܏ɴgl1aPNpDzl$16 'EaG!4'R):>0N@ž65lrB@E0UK!a`o-YVN%'m53.tVS{` `Z<p+\,.s YwU 8?iz> 8֑r;,[FQtwdje*Thlc+CT߮ HL wKwڲ8et(2> K]J~wcCsL=b 5qƅTC֪ P=5p'-(>aUFwA'Oǽ 4C"=YlnPwc :6M&W1dM`]2c߿+lƚUj&w $^n<9fȿ9Z2ESp]f,)[9t}jlxxI1+-h^^j_u/)Uk\5kʏt-=.${TYSZSǢA TUQkVyvV^'^NXm8оǥ1Gg/|!+NGIpUsNIWKZԻHTzdP=iw JOUZdZPJ'6 (V} ^x%vq8$(0H1(w*Z!}[x٘4m<`DVsF[ʨðZv2NNY)ʧ6lk0;=Px)௖Į0TTlS2} =,4Q ?"u+uD[{췈YU%ڙp*P NǮ jpfm1vҿB)s(>x&iFs$c(-LLc6>.𖦶:|At#$y{4Gu/+EB ϟ3zFʛ/u1e^<scq!%'"xP(>tӹ1WL)+J!z|2zwcyQ섻ǶI#E"R˦.ExɀQRǑw;0}RQ?d~sιF#--na3, њpbjrqnlFm=Bg6[Ӽh MP[_'%%s%HH u6 -T>1/]A4bn֘V@!Ag|0j~rgV 7}@njkX8"Z-nƙtM;rRQcaF^ g, 2 _!59 }urw [qxFeY 1ͩ,' QZ b>֙ {՟d mwu'W( n8oLjZ<}!WJhAWJ7Hߎo5JeVo_p`"ChY)nf,ɇ6fzY`sj@5Zn]Z+ 'W9(XUAIW5"*sD1k5#(@].B:~,}^u7(^&Q@`(6:5qdYvN]v& Lfr>\kލj'ՇnbRPC1ϷC523|}QYŖTH*]oa*#%zjn֩ΤU&։#AE2՞k'8~8e= 0)uq0qv*+d9ł4k,KY{a28CL P9^|T&kqF]UBް<6 ؈~Ec} 1 F.u]\] ”<7Cx.uL=U=ӏZ"?,ћY\A-GD3p)⮒*qnE=AS:7B|ILt0& <+# ZzTd3,(m*)j.Q_lOZ^)XktUΦ@D(?SӇ?\m4`[|fVh+evtY9&+F9Gg3j :FUIK.tFށj@L52󺪮!I 8ɟOoh$M'bn!iSk6? ʜMxt0<PqW؏"a  ƻZ~rK,='C5)/#x"ިj\BrqGI VF'2&yrˏt顾bP5: 絈`@8 .b^rtQ ؈뮊2] rXl\Am0׃Ee1hfRNhND\ w09Br0 k+GCJ2kZ愗YS<^x8yQL8JYtBBPJxэ*#sSF2"cM !A;>%jʄuE{֠G;eAO;0D" 0 &>'M5!J]C((3bZRd:a dl^yCpvur,p!:LfRl~J}Qێx+g=%)~%GG֎LTfN#,*vlK:k%HLU zc\w+FY^ם T^ŽvFI;8Eжg_~s]y?u)bO?RX1ޣhnsYn˾ jfACwIW:owt+Nl^:1rӈОK&I} nIܽX~b0l\7ITKU 8e:,`W,yZ\u6> 5\Q;nbJ^xvH]]"vԥA`3CSM .1zq۷VFKj$bPffmݙ`)v{E NgfM?T6@! HknM$؊@-})*vVn}[`W^dxMC{Ɛ=1z @zlNQɡkgr/lS+ 3TYNmV>Ũ2IB?ؗɛu ]FH޺dk982M _ ihw)3ldQ%R:>|NK {֧zH3F1A- s&牅#tyv)~R0sA¿7jPKt4ٚ Ō Dn>5.ox-] lQO:$NyMum>J?ifUoh3ӝFTOq'B5ãKm#@nrÏŁ+¥K8Y4xXYi_ӝǎĊXmhg޶?r/ y?VFQK/tSq V(@"Dž׵i(g[`Eh_[Mj|dfC2wl)\/(m?-ɇblnoCN$jap[1ҐfOt#+ !TʶUV'îdF&|7< [quIoN l~/xc 3/Ё+SOUٞܳ}4 Q@"5 1?re iPi+ |MZڔG8x>Ōib8\Ξ/BAa Tvݭk^ o q|nkO&(m?AO2Л!eN}[ ~i}Q3[+bw2vQriNURou E+Ӂ89 sKR2h7M^.K2nR%@_\Y٣-3ܠp4iv(mUIqeE;< )'dN4EI)H5pgYm0L})9c1o D庡/R g?Dg>ϭϔ XMTsGju 3Hk:-E PoGx3]ZDO~2C~xX!K6}iz(eFc@wW}avwzi)w?u(i!p#th'Xq(3=fHy&n6j9qCwxNapYv u]q46;ٙf,#gl#%@6*4p.Xq>]Մ.Hjh2\#G)Hϥ3'q׍zekRc 4;=kI)(;i0b#ˇnA+!t{ߴAZ$_!٩+6͌-ҵpK@xX1YL{wvW9)[E$!q]x[z] Z{ӥڑ5W"~^cq67HCm3KT|F7+nq [+SŁH̼EEeUv vD#6:'R5,%'W`{x(ҒCqjD ! J`yt>軬oۭ(SR84A2g=jKk"ԣ=p8> aW>R.:u `0$XC2,+|활Q#; 놧n*/sfbԛFm gVY&ys~Y~a1IwxnBOʜPa-[ hXۭy4`*Vr8~7c_(E<}~? lhdbͬ !l%'$L";'ec\rP EƄ#p%`?|pzy GmI9D8`1x+9YU k'퓖u̿# iGǩ1pAل%na2UtC <"RՒc&h +  ef!&FbgO ^=z[&7_ectv/ùH .Lwc̠O.i@B"5YJB(fro`c껝Ҙ=±H1 'ar,[1(,>r s3~fh?U_.:RK:ӂ ¾Rfr*jj p,*3hpnֈiwv |L;7;ZOxĽVױ"X , ]Y-+UV/Hf.wLi(t3GtrܟZ;od<~_s 6?vMclQa黀gU7`)Kc#2]q:W0~Fz閨7u"Ztt5q Q5jDCFp&+`!>q|0ua-8BYt4@p}|@V^ݲEG;@EѷۚX9^y NG$0a-p9 JtQdm"x>^x6sfed>e nN`o4\͌ؗ ԲrR/c<(}6,2N@X'-u[sD& ֣+Sʳq+Uv\m 80~;S+$rQ2¾P%Mz{|OQ=[-sP3[05t/~pV3#{6,$ WecJ 0'Kü}̆φ&B>b oCth\hϾ`kYis*N]IHѩOXYqڂrs ujNq5á'Eq_jCG; (Gs$DyF)zx[-3@[E&6NHĆkztxۘ5$LC8a+xa`ٸr"uNcn}oŽԬF4pXL mN$>]yu!d1]To{0@FH\J~OTL䱜rU}*[S E;&pxi4weŢZ7f,,#D.KZ1H~qc3b>+Uj_TM˝ uؼm8~EiشKӐ\Wukq{~MfjEObػ eA"C\ ed[fa H"A9Yi!2 nCU,i/*cY~~+hQA'Wֹm.X_Km5Y_Ղ+G{Dkt;m_63pIzxj1jU[=0cvn嚽J2r<Ӧ/Zr܀Gt_^\#))HG³ه%)b3NJ*d~?8~Wgl,IWOuVnу v֫a1hh?D>QUϐB)SmE .3lsFeD}Ir>FG<2?9*甚=35Np$6!Ykel蒮ȿ9KN+oB=EbNc1*"Ю =bH&Sǰc#$ODkQTG)qYG/0^ZbWN8JfoyKbp{(ɾJ@zhtbZ^j*Hb0?桮ji0r:g3bfM d,YY1^G3WKMguhw+C,az z{] G׸UXpfOiz9ړ B:|r,ѫ d s v$4tCozhJPRC2R[i0zp1& p=Eu ,!Id2ጼkTpgAӋSߒ~m8y P\5)xM/z ANUQc$KXwZ/# ($zqC2J $#&HWƪe0<pKwوO)n3/Շ-YGR Za|_Lʩkyv:yʋODq^p~ }']F< h<)9y\za68"N$OZ|޴>8 GG+쫳˒+ijZXzߧ L (.pP?#9#cAאO&BXܳ`^2`2%cwyyt1:|By$-C b1#oB 0is־F7QFҨdChy/^tk7k7 ȒE@awG#'UE(?Pv=?fO1Q:H{~gB llvF< `AY*h*ڻ4U=q"hx-JY?BSaϋZ_R'2򸓖M%l>cW>u^c'.@3ZIf㈐|(.)a}i~1.~g<CWӻȗĐc}AeAhZ\Plk1>'4C%m dPRT~`Pt8x'~*{U8cϝя3M7:vF҉4sy*Z>oxϤM8ͲS2;ehs 6*|; ȔSK)h춮սW,&lU`}vp|SpyHIY'`~ũ`4_~Ӟ1ű"(MF`]+ ̵!u<N6%PsU+$H}:CZP/$k~Q^{].P^;AfA\s ͙޻vjؚXۃ!`Ĭ1& ;gKRDId!19wNBƚ=;)1Kk} o ԣUA1\۫)uK&|U=Ң7vw%ʛ Y";^H"_q egڤ{YmX:(5C1p4Ӵ (A^R3\| eB) CW˧Pr/ 2( GҼ:jgtFz 4OLhsdE=S7OhNTNf%y>p #H%. \qg?dbk$cgE/3a&SlR0%fVg)EYơػ36r2qBgC-yUւTC_CX1D`(㜯͞ei+Њ샃h27Ya r*b؍r4 u!K/P9tN!>!⣨`?;Q55!q YlnLŪzހj opR$洋WedzE,;\}[F *߱a4 A޿q.NKOfÑrr^gLsT JZed&+:g^ ";x7tj6?/,ÅO ~'Ҏ]>:5a/=$6?q޳AYxe9>($mP3|iMX- wQ]6JWn{4ؘ(tHnh酓 ƥ d@[Y6dv4uڟ.9H6 2&R>%UA;,*ZgZFQ$ٲ$L00bdQoR"7u;@IMA4Et6=3Gof҇X$gڥYeߴQzbكOHZH5hGS#4 Y@T޽,U .vu^s03TF!+{BE8vrTpPmbvl$/`#FE2[ [7W)RL).ӓBBޞg./M9] б*y|-y $bHs"Ƕ0Cj8υtfCJGZvRܺTh>IUt$Mm34d$(x1+6 Ԍa@aGщ T-u,9cve9nt=k˵;j ͓̓" )RfM ?heF3Nʘcw@~zѿLiҪ7;i aʳMisaSkD`!5qG:8z>n4Ɓeh>LxhtX;g>^P9]fa^^YK)2`U? I覾_|׭GI,ƋyaK=Q^. ?S*eJL87^7f3CMr9-, c ܞ %|y _C4>NcHl.UVfKCY0 'J#=%+& 5#?:7[K Sb%\[׫DtH?@jʃ*ƏnS#[G{H*#j6 `dJ9q.BM~#㮈 =T"Y W#YWIpx|Oͅ6saGYT|š?ޡW9<֗;9nNu>_LM69C[35oS7nv/*-d~tdi[ʳ{ a9|J]< "Q_]KN+7yd:4$%Vn+ck~Lmuhr̥{oEe>0NhYDbH2nRL>:_(^GU \#UOwP+q[JRtzh( Es|n1hų++/[7LwB^,w ֵFBű ~L/^̟+O!-~ Ykf\$Rm`4 =X|`׋{F?|],>rWlvD~rv ,ǁkM>>֐U:>pbœL"GDkѠ'72ejî.WNBGSXP#BRon/Nvx᪯8P]LQC8+Ir.6O&t[ _ԿʂDx*2Bm_+4ZCQ|Vb#MY7@MSߓ3>f\N4x>;,2øUɒM7HZ 馜jKs3YtbgM+bȃ%vXʓ!+њ,+T.bϖ޼! 柞~ ̰5rbab*k;B)c@o5 [oY!4J87Xi7۩u +v9W31'OMy2s؉<)>@̍o77=!1g% )]6Ewwf{8ΎpuCE>12rljOZG ][ h5Ɍ]`+EU)R;ӂjy^Mѫ[ 5XĕMd( @lʹU&F2.Ce%C8BFϏ&s=wۑ?<)K>Já|މPy ;9ʒ%AF1vUo.Fj70I~uZTl MhԐ@?v&2Tey~2Y'f5둳?Nfͼ jmRy~I NvV5jNb zc~:N֕ݱzz'rmԜOXsC*Gz'L6͂S(9]px]r/vc8-!,:N}9g );w AD!I^j^׍Llqy!kߗ ^a)&uH{;53H)ei2"S擛?'| 41 ({`᳈ݲIV s(:)dzߟ ):q)w: Rt b:Q 6}4fkoS fJEpw[9o ?Gf2DEg2NZEpP5hmdfEE4]B,smp_]B`i `-.^b ҆wQ$|VT&㷄Q7(@)Mh4P >^8exqF7ANwq=FT~på$@$u&~[`ɦLam8qWD8?fӘug%8𣼡!\Qa~':jv80brjTMH!cYjȶ&?5˚g!nt P/œJ Ƶ|ۉN_泰9vjQÝuvȻXk*]f螽IQ*XVW,9EUb$yyFS̫5[/~zfvW_ EvBEո1H6ߵ] dF^U2tOO=q›kzi#$\a4D%gɒ>1)jڠd{fXd65asq*/sTe$MݛcWRFng Z00q~EvJy(|T QlT/CqEB^`̆TZ`KP 23Ae9.E0 KAk5( A6@'v>&:ն` &7~k-5T9z1 !C!pd"Vjk6ꕪo P|`cgᛖjj&<(1s.)2ARk[>X_hٙ"ܸcZ >+&4.PڶoӼY?'w/V-N 5)]yZㇰP Mh5Ji/Pp(s`n3z‡ōY e7Mc*޺Cԧ!Ħ7LJ;o)^#ȜT'ٶfǶoa-O5S 7(bc,d:u@͌%#!( pVwgqe#}g.4rk<% L잒^!?ƨy K]gzT83HyPq\>ֹչnuTu4G0G1pzb"mƪ~9Fqg =RX+no &bO/}/W'NyX=&H>|:mOj~%$ z4MԾl_ 聁 &';r6pvMg yesZ1kӧY! p䠲ٗŸfN P\6 { n q.3ϫKgI+]lһkt=hZ}L C^̙x$m7B桯I%d|X됂f/%Z;8^,FAJ瓃ɥ3!3wyڐZ㑙AZӪ$|1M"voߚý쟺cc/|"Pt;ZR7#+%g"R뚍R3I=SGbcz?t\f4LbH+79뷷𽭫( P1Z͖_rCO6AwBު֭E P: ̃/~ \پ%;Q@CqدOL?aOMp"t"5pс%9`+5A I_ჩ9ptwe &+' uT[t Z6[7PDbb&=ܔZ%JaXNPp/M lPFl` N= N-6YfXhJ[b}*Yqp6 2 x?{xhٍuϣzt箜{*p9£oRO7˰ʙmπqSqljru*+Aic1` p|A*x?()*4}K#R,r`F_Q7~^zRmsms@8G%G6tO$h^AyQggؙd#9)+'ؾsh4fŤ2Xč!^Tu'=e"prXoKi(Zlaǖ%zv흻 ;x#Rm^3b}v/ ȷܲ߶{EC\̈́[.&F09}^ŭ`D#@fbwmptGWH5!,mBiX}V)|f6ޞ #\ xu+~ bsFC 4wԎ M8{PUj2H(NR%vbrl * 7Iײ?G6Y]4Mmjy5VEMkأ\(l7[~Eb-m$Ҧ]p2 Q; .R\ =dx":htU납=/(-(@=:PeT*q;K} 5^_Ƨl,*| 컾gy/3( >O ]E1o΋mkAhe%1EU7",UeThSB7P)2S^olyr=V8T]]k顎^,LnB0_8JRJS5YrRio}7 5/s[I>uŞOXrҗg*qXyH\d_[Sר&;Adzcցó:8HS"Vhy&O"$a|<']΋? ՋN>?^*PQʟn,!ϸnк9=Gpo"pvQ"˝s^1ܯ`|^A&@w 8;6n[7ߐ}S.3V=b1j1 9,=ԵXѕ.#(2;DdWkFגPO uЄBClk:RMU߃x:,粷 b(N~{"y\vIΩ]?̏]1[i%ҩ*xH.$3DEӊ#,Djoސ>l2h4t[ NX`1_2E/QPr$Όlt&^6 ) vR Zxj%vyZ/``wƏ:>X L|-ʧ-;`ՃlM2ݥY=ےG̵D8qJN/+>LafNznWJA`d l^bHOǠhB))["a5 ͰBR兌uVp;m#lە)Rc )ȉ_g&qUEdtTv^ @cڷ9Ci&}a0D $L܁ˆt}!g_b0[݁]u6e~-xӃ8LXkG"?[q50GzJ RxOXԌ6 <2nS11{=ݚ:CF8=,]ljz9G G6뽃TBZHvN#U!0ْ0ق&t`|t K_|=[K\I[H8AGrn7{΄(OHإtyZvPr)2+}hO%vμgͣl*l5Ak/OcgM18~E-+'汤[^rfQ l!%z"~ Ɏ-`~@-c=!Rឈm}y)FqCeTl&Lu9vNYQD? $\Wʵ!aNMkO{^#S)-6W|C^GdW 5C-Vv)6m}R-هَv чhP兘ģʩ5!c4k]l~zt'b * na_Z7?H?id`ױf}H[wd*J<7TPu:/m@ 1pi)ɗt2'Sy"O"&LN`7HLrM$q5]^1f;&W$|3뺌?% |ENAJ^:m3o/7Y0>5WAjd8!-3IeFx WDXqx5Z0i Eu6deGGr=*}1PEaBM"?ee@ -N٬&:Qcn}kWf`BqƜ!;-vJ[V۳F(vbE$i͠DvuN" /笞4Ͽ'-^_aR!\}!ubU2C\3zvM.X26|sStC/J\2 %tY:4A4tFF@#Q6"M]Ϭ"96\"-/^YvZsar@.O˵ I&fMNqz$Vc}~cabLJʠSqό\(_JW@0wƣPO" ()?rA aϡqXG]{BʶoC7ycKP;X(oW7QtI-y2|{]^Tb61K޼ L7Gu m{%S σmR;-k?şQ#qGY+~i@ 0 ;d Pv[1ݽqxWoP k=:в{_h¢ǀ`GV2q0SP3UbùLb]p֫7SzKO >%Ĺ^ekG|mA{Ex@xHuPZCo'Yx4C;Pbxbl//R쑤YԍkiRU26~ai4oK0tx1Y5暴$ڑ&#<6Pg 6-+ow9z>Rrj !e TOVZRtB e>?`34ζb5 -aҺDW[Dd9͏7wM~l3Z2RsYa%TXcǽM- zȅB".1֯=|CA<4cCWlɻ\Yo'9yoz5CAؔ{t/֖pR"x\Y?3| 谦T}|Q[@\7$;޴Y2%f#D홢ɣޛ!;k EE^V[L7N1{G( H/dLM~Ul#nj'Sd'լxQOD1 J]./x9fK+>(J?K`be ~nJvx4MwZ;wn ܙ o xoe\LP=ϑëL j}~O/|f>-5G#i6 Q ܿjI+ay*];g0¼jU-49zKV4'uA R2B,S/H~1S&} #Yw6fz*f4mV:ʛvI%ui ^aXA?߾B@T"Ev~ A 0^* (CmGd~OffM6AEeRdX0)mT&Fws| 78%׆d3bZc>uD|r⎊uz(!`rћ\Kbs̹P0>apIaTZ`J5YԔH>$8Cz ˢ4 *Hz"nR6bS]iqs\qB27)Z !SȕUp6Y;|뉚9ߕvʻHLvxN&H9{D](֠ʧwT+""-_>6%Wxl]!HO\5(IXfϴP8:'~)h 'r`4?(Vw@ixq^'zJI[΋eո(ܳľ |뚉8P'o aQO||^w9Pf9u],znP"mk:,3I",@]e'i_nz/sq :w`j➁B7)a%S<$bt7^g琅C*P>W\L 8ZL*?35sGDe&ak O;ZoՒS]eM0bQQV:t,?0C|!Z^R>Ş)k5[s6r!F=kn6Y4ቴA"As|H* r m-ol#B\T?{T'c*ߙcԆԹ5a@]a#qv{ ,Z ѽj7ɛ{h`GOQ@pڗ.db[ @y([gLNӅ-b(`VwKr1⫁U+SQ\>|?fK.9yi+U^oxqpY EA<94ڭ͖n;e8i,m<} .4fL3EAQ-hCsmad{^"(N}ŸcJџPvֆgw$)BoI cĭٽp,9R!nc֮HM%,7f&pKHPd.?pw+]z!i&iMOiH쳓Վ#g+8w$ th6|wpm1Z)>c)i9aNTDqԌ ƐGL_1 Y C;(Nqn@vQ˛C)38DV'KaLZ6遭i~z 5y0'b|Ĩ#5{0꛲]?s,e)$&siUffIǸxղLc]%ֳ#"gG:/;&'Zd~u_f~p=>1i=D Ʃ8PvY%@9CT+ jlw8rq8+8+!u6sZ]ˊvc$l?Ϧg-naɼŠXdθu`ԛ]ސ9O"z4DtMgTx뮲2jSKg;SL'Xٛۯ@c H(.|7}6{ M=xϒ۹] #-b.Qie)@)'\T)8odq[w8;o2ԁtD\~a:q reOG4C\3Qzg19'9l+g7jY3BFGRO6K 2]Bk얚?v?n`ID(!X= i:W m|F6a URcٴ(JK$Fw |>/(h(}7I԰j;jTU_=y?25ĖŪRJa[Z1 e֗2%=[ja4)+.ScSb|B}T  <"qCg6ժ29`@#.S{zs{f(PO>8_~÷z<$ypCڽ-\lx6.fOœsQG/'~lݶs]n}W+Kkh5huH& F$R,2D\aEj/$mǹ`1 xњC. nK8]ՎeGP,!>#9\LP@luڇ@)*Fh ^ /+e xXrJCUd'!\1SYB(K!0&5^h@}.[1:-M?W&0I?57" 9Q sg̖#[M hQ]&I0Q3X*Ҥ5>zYy&fcZ=,]ui s͍ˬQ)1B pU4,+]N=1ܴȘG@ X fĩ&gпǿsx4eZp$`UVL X5K~ # ?,j5]8ٮ}᭝[_; KN)AH! 0Ȱٓe%,.aQ>Xٯ3_Ч_Iy+&ގ2z#adm*X)>d*yJRGDŽ yUN kP&9wvDUB')K ƵiIZ}dZ_B?:f n$y)j{*an2+=PGfPJ@ p$]}W@kݑ&yAxtF[m[C.`DyP7y;7 ΀AG~2v8K«@fD .f^fH]CtfPQEC00̎5~%@U~`ߟo&7@+My bee@_AyvR8~'UHU% %y^hClo)ї<%'b`] *t>Di pr4 WFfQ*֞iK`^/ dƴ $h9½&7աk]e IE٢6#3y"#K4w7 {+qag&Cz2Edxp#˫b*B{)Z^e"v,qʲp6dgSO*' Uָ,2j0P48qwywy6YMXP hkTb|=cun\U_DL/bH i< !@FQ}KXLV`B^hiՉL?HB6)[Lױv"~wP!28w';WtIŚ;;-)0sC ߔ ȶ C0U%3J|kǬn˟|yJ1M6&4Pʊ#Un+V=,H/'!ĘCJzHQԛyc쟩 l h%_2 W(4{iF`)$L.ҫ*`>ؼR|@ &wdud2*2A ~}A֌>Hn2hyfC2_U5_ӵVx+4.`eA4~O5txsS@o Нoaj1tyˍ#®M6<2KK)ܥUyvKoU\zo״3^u[U9CbfM&I'Ʋ44D]'h o?s@K+B~%1dȎyqMxx]ZQ-jllp*ڵh+jhIf IPn@zY}l@FieTe\r IrQW%#du-(Gt( D آII̘QOuDҟG}s}Fy=bbLkWrcc.Q[v'&܊m Nʯ_3=AnFuRs]KW; R70V*k+nƀOb.ЊļHSזּO!+4CToՅ<ů?큸|is:7(kH KY;J(}Mѧ/[tdk/xD}O_7@lsܺ-jw"/O0J)-r]u:*wnxKE Qʸw`zYy)'啴Vhs[?+([r?K+p3;i &M 7T-8J6ecBAG.m0 ̕ޟݡ[R9yHF1?S}svÇR\o1_Db )LB~04SڰkyYVh:'<+O[ܺ6};خX Gaqy Me#CB7FMioػ^.鍘+H1?$`d,E"U)\F=ྺh)TH%U$,Ny3JхoAުD5y?H?@Eg[$?#{3z2Sݹvx 67:A{$yv1!(WQr|؃kR9a6׮o7{&?H 'K 9{d<!S P[8f›@,hyOEksTUT% cu)xkwfnz8ˁj{y*_Ѿ B>.G (doZX[]Q;b4ʸRW6 3؋5F*m㧆ĵin&Gr?>[ :(lWr@(X)[k _;+,[e̋Tyq~=i7 *M%WUw_MMa5rˬoFA_k3VP벏xH>L <#KbA:øx8!:r8`JN6ҐH*bx$}w]=j8fC\1.u` 0٩ -UK+ըϑv" T"z7IցLg~tUV+r]#s?():;zZ{KWz¶YȐe^F̉Gj}h#I4_#jޘO+Ev&?MXEV H]1!~-4x&F*7gL{\dU8}:iJ3HWdX5$1jGZ*)ū[[] 9K gYvl%44_'|x`b`.);C)怃`G*wȽ!3/̓P++aR]?֍vs#esFñ&iZВw4 C,f-ER++z^M*Z6DT)'I?-?ܾBDWm04gY*f/Z}{M}M4k٫\ 'JЫfl.wNxW"4t -K? 1 ?AD`AVy<b 9KBM[y=;ë5A}'Zuk%>!C]NǾ^0=ʖz_X&i@)@=x<~[vASn_6945͊HO3߫~W<֓f{ &5 'XԈuq f[)7+'+!% f~{Gٿ y>{`ej['VymO NrngCSSƨslN]LgS+L!/2I(R)K.J5EBsp]~y qH{i[\BTrq~Ezl6K7P15#TR8>H\'׷)Q!vc܉\`x`hC-_{.jgsg!93ى.HaC%Xy#W36"s\"VbAI/MRyjcVJ ]` :]\wSVNu5Pq\.18\-o4{$:tAfB3LM^ ":to.R'VT`bYKGz&kW!5"@؛ujNԬY68G2ME ٜ_*NuXz*%PV+Dn,> 1ѣRij%)1~ .xeVdrZ&ϢFMWtUC%gʭʆ<֝bW.<, ՀۈG)Ă)(QsN/':ȓ+B(pe|W5D-{ XK_8j옙" "wn*UADeN=x|TPe .̈xi$:_K}JAm|ښ4YwAU˛#e#e Ӑډ?u:꧞!F&ƤJ61+tG/^T1$ *;VwS", u ԗ8tjteܜKҚ(s)|R4ljPKhVBc='nfT8%IأZ=M| w nc#zɋETPAce_Q%O:yXr6H^Eo# $;-Z|5:"B5O#* hЀb=~U`Sx1je|)bTd8I+NtqECMV xB ,;ꄙ*2 {2~Hqh*lZ󩨃R/atS;!Aj􆚉E@o{ O W(ĘڹG;-"Ll@!Bne#/yIW 7ښoM`.ogUeFq@t}ʮy\1t}k2WuY ؔà Oj h.$w`^[:^FlI6zwS{LQY:2ۼ~Ƈ>ۛ%~-W"UEXHK,.OA{͵nΪMonZWsߪQl[[`߾ bPOC+nѡkQߌBZ-ipd7|cc Z\^5>XAc_"L"d+yfJM(hŏ^ugW[oNSDTيq޾R~ʾ>e4f ۲~М~!7t@^N k+V!.D7^՞ =BF ;GLkO蘫'[ΑܣG7=O.AZ u3r ~aÝiTGbəW+;=maH[fT8|BWL22s`R&(H0W46QH`!EpAvBCV''^N$ 'f6@tOo%mGKWLpOY2w-\Poqr^sc?yJ]& 1`yJor::CJ fZtnO23w`(`*aGHG dayS/W;nt+ר:Diu,іQ&q+uL0K/BOG9f#y )ⅬCKݑt乽>\YeX3[5ȋ09A{c'*kYD5\Z?]8.4ќBNH qo :U)Nh?e|)I0ͫ*辎"M㏁VQsQ;w7 EHL_5RD˂+1pᤧA uc;QU`ca(ZbJ⻜MzA6\ I:}S;9'TFTs0K;>hQl$ uls?8KC).Ir5% @Я#iO Sy-NG@ODQL| ɒ=k)zWzaƆcEt1({Mdn1.2~L0 !NBek T)Ŗ& &}Kp "Q)!a0G 9"\1ayGm*U/G&j#ݥES]phM25_tBa~ 0TUf1/UTQ@![5`֩7F 4,66,&xhR~]2Ɓ*Č[9%˛IT݁{ *_GĢXQ͋>O92o_&ev.WGN<.r:)j; l P-vm&<86ؘUĶ!mOVo8B:]d۠cr al %J;*R;ew/Ym X9< [8*ƼM8{>G( RQ`@aUQڳ):buӾkL]Xڦ~G;]ӍbA셈@+݉Fyݬ$]28)x&1";)e8r:R=>-}BELz\J010Jsl3lh7~&4Ci+eLu?|>f計imf,b>|EaF.ZgZw!5;)7Ix 6kNAsSF61 kݜ*AI@ZO+2q ?"j2D|)˼M\%;hhnγ-n5I}0BW :En<~g7 tk3Ά!@T7lkJ&DxkjyG G ^#W+Î;BTf:UiQ\tyʁ,ٴ !+*Fx *[820Yvd!:z`P v jW/a-x{:'6%I`=4zp1js*_kF GXy)W%??i$9XG7>X8cb:s R%>W+gՖ4L4F)'XEYy.Х;F$0H^٠DKv~^LO(NN/ġ{N4hCXMZ1u=dHPttch/O9gܶ(6% [鞗g}i4R&}-̢9ԎY $!4SBv}O0$i6M I%4=g9Cm,FepF_-jk=f >"R+Ԩv_"=7*Ź;2GBd z:M޻GQy`Zs wVY};2?Idxʂ" qu-=UXUK4N_¬^э'{oF)g6dA X3 =Acꕽ)su}9;Kp؀TӋˑ[sIhn>2F8~&iY;zf)Y,Cc!ض YZ