sssd-ad-1.13.0-40.el7_2.9$>4os#(GT>;Fl?F\d   8 &:X^h    C Lh8ELE 5E   ( 8 z9z:Y\zG?(H?DI?`X?lY?|\?]?^@b@dAaeAffAilAktAuAvAwDxDyDaFXCsssd-ad1.13.040.el7_2.9The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.Wl1[worker1.bsys.centos.orgCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_640K%3A큤Wl1IWl1IWl1IWl1ZUӏWl1M>M2@MMzMx@Mj - 1.13.0-40.9Jakub Hrozek - 1.13.0-40.8Jakub Hrozek - 1.13.0-40.7Jakub Hrozek - 1.13.0-40.6Jakub Hrozek - 1.13.0-40.5Jakub Hrozek - 1.13.0-40.4Jakub Hrozek - 1.13.0-40.3Jakub Hrozek - 1.13.0-40.2Jakub Hrozek - 1.13.0-40.1Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1339509 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1339258 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1339207 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1337292 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336836 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1324442 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1324442 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1311569 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.13.0-40.el7_2.91.13.0-40.el7_2.9libsss_ad.solibsss_ad_common.sogpo_childsssd-ad-1.13.0COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ad-1.13.0//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=fdc14b49f2dbf6c0cf4a0eedbe169a92ea0edbe4, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3e55d81be00be98a82b3f80e2a866865f9005253, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=663e05e80f00a72178e4683a27e25a2cfa751ffe, strippeddirectoryPascal source, ASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)9J9PRR R;R8R%RRRRRRR2R(RRR'R)R4R5R"RR RRRR&RRRR9RR.R:R-R/R,R+RRR!R RR$R7R0R6R3RR RRR R1R RR@PRR;R8RRRRRRR'R:R7R)R RR@R#RR RRRRRR8R*R0R6R7R"R RRR&RR)R RR@?P7zXZ !PH6ል]"k%w+p}zK抯ütkULn#ta,MU{"y{!jNS_tcIknyE}!Uo2].]-4{ԣ5@JN͗S6Ƴ=qVk6sZEv*vk#J _ɛG\㚍cB%^SȟV1wVrGT,]S8ҢЅxƆNG[j| 2YEF#?G9 d 9eUL>ZP~zF! ' ':ᅑSաb238Dٝ3B#=MvnM_Ħ9Z͘Nj%# @ qB.QqnpC1f%CT/] }$(680#׻sf[û ֠ OT ZsoZQ<,fk\dA | KoYDbVZH0gΆjxu>e(jG\NhvS-AɱY3pIB"7bS5pWh{OM?IAvw.>E7x7a^[Jl"h(:) W8N>x!^ELx۪cd_ /s*Hkz+Xal`KUKb8/VIr/\ ./{[ ;V m% ! xI^1 I|Ҕ:B_77{_z0 #Pǚp:񼯇J4Q99JaDO9D>GM-͢ Dx ~h*ap@W,\Ym̪ 1MsΣC,S*֩L,uLSbcU3T[eV3{$BN6m1vQe`N Z9}]MMD*kǤ8VbDuEqϕʎ7Tyx):{P4+^ɖsU} sΗwz 7%wZS9eCJz2,e&"d`4 [&wWb٩cX Ibܓ.4!:DQ78f:81qN`Hvdz'P I=t[H͇7z^% yN|w n@?9UL[ɑ:Xw?R;x p&TE+R<'v0sfvby8i/X1"MoX˿P9cnKUp\ Q, C_7~d`SP/5هX}Ӗb47 O!R\E4 Weˣh <13 #ӒsW'gID㧜'O/+ӥQ`uKOK Ԏ!D5SZO(H,$)ڠx= xQpQV/ Jah ~S# 824>6y@扣4JF}ݢ "9ت"oWbs)`"DQ^̒7Ak\G]A/<\c|N` dCUJ4t#NrGȖ2H{`yxƻb'׫}w6#Xf||P a {r534sf^ I>k_Ԭ㔩 xi~ WSTUR׎ `@@ CTV` 3S/ E{M358kLf3Oa %)͋{8&a= ; I9,QU @Y7M)?\Mj?~LT.Jߨ~◙? ̛n`p/8<)~A=w*? "yėE߳uӬ `ɗf!𞔯SԢ(+u& Ů> LU!x0m)ȳMώhgeɞȸYS+ΐDCd/f?}Yq`1IPP1u5ܱsx/r361?zyE35ҏg&#`*bHc"6z"_Ew#C5Q0hqzzgm7ϯ GD~~~XɝDkg%_ Hɘˆbr^6e#ED^D(!XxTQٳ]@]X|'5<ɸ[k:|TQ\wEx6ǔmkef3\~hßeOa?6~Q0޳)%3)}d//%p3TR&@ST^O_k%{{12)Olް,ۮ_W Z9ɝU%+ęR,Xq۔3,TfHNɜܭ ux@gUL˓kfXnwNJմ-jqgh h0yH,rt,|eN=T$hRgPM)$xĽl;:9 @14,# q8>$l{D4C. .ln(D|MS jybzU=?vq3)f#yY+T`} VCI:#nN w&ŷU\u.`fv3Am~63$3֡/qw$xF8*C䀬*ـ2a;nWD!-Wyޒ#q@;bAY+j+s_\B]s>[E9:&#ygx@jU)j2=$r@.QHoϚ x֛ (r@(=k -R#/ l`0]2X#/JޑE5­٠Sl B2Kevtm;՝7tqtt􀘝SӻjFoN&_(Q__Ō5gO7 -)庾(Dʸ?x dEFҵaa%'tjQqe@|uOc"KD/~InU]RMϙpʴ++*DL&4^Ej,Y#`9g3Ns Ak S\l2XHgF^X0w5-#ti<0[E#!к]2ZkQk絺5Zm+tS ۤMsCe`#Hs܏p %>Fbir,#RM-Y8a8発l~G F{Gox*Ɲ1h)6x jS^d}ip7 h])kf &S%JaN*77!7As0 ՛=Tإ=K{WbYA: ZK#SL^:{Ѫ#a\ч22}S =qaO\ џNrW:ܗ+[lݠNfN7g2 Y 1t*FDr.ŁqY-C!Ǜ1WUREe S}~R;YN@CEgl:R5;+j JȁͮG~}[^qFn˒Ak{"` _( H)3a Ќad84FWIM0=`b.(H՜ nK# 4b$qS)80ݺݚɦ0$iٳ!NwGu֩]Ã(N|8U]׳S#MTJdT7AbAAMC yL~N9*Q >t8 J$~45GP]/b2f`&m;|tVNC`7S$Qj@)!%D_4ŔYrۛ"WCh)3b΢GL"6 ǔ$c2_d'LIdkLLd!>nz{dQOK~V}L^Tsڜ [kE!A{rOq%h\Ɏd~b)W BD4+*mw{w ੡>-_dWxG-m6\7j6u J.TS.aCK9>h4A)!\pp1,h-cČ'叼ߌmZzean 3Zd(_XqNŃ c E7a!XpY*s@#arǡߍyu \p}ٞ%P_1!XVmo`[<"],Ldr#N tWڎ3 ACT hX4.AUF%әorC֫1srdl'40x(Q|n6 L\Hz(F%Wv*VB|0gQU/_)Sŷ<4/Ʊ )1uvķg.4Ru@`+ U$=o!FԹF=aH>"[)N*.pVE|r@pKF:) pu9)?؞$aBFad|mxc3f,E"venNDlb1o(qޢ[yqY18;Z֐xWPWUt}˸.n$J@03Ȭzb`YUfC*%vu^Ua !DV@z;c"3:a%ܥ6[7Qx@B0Bx5KѷA!Ӂg#N,kֺ7!}9aTK)8Q'6q7 ^Cx5D& ˉH`:[Ҁ9׸9xas>ݯߪ~O–7nuV:컱ЏFeO!1y;9Ug 6L9Gle(yVx#,A{Lsr!v&{0,m$HTM*g~.wXI :Fද/LŜ8#Do0Hx:;z(י,iKE6X2J;=na'TbKoP71ync}»=_*'#ʎyhڬ3I3ekpNHX%"j5NL=1~,i&49ښ(C7lpFM4.{ ʒ*N'K+ b"78t6TVpFk MIxW-QQgjj̩ ҪY>cz\+* 9q]Ix†pD=oS\S` ?ktxQ /75zwC`Nt#as #6TX=l6<7UڞkzJ`>e}Y~?)_Lz3>T& W=!7B3{okAn!ŏڍ aXQy{~Wt.m\0WRPj>(/`y0Xہv[ F>YT)bͬwY%w@l}ӲI9Tf?&WE@W[DAc =NNūS<53۵3h) AXmo-H([R L!iML_=u|VƗ*TS\cnDvd,@=!eJ.4͖/)|{ɕ;ޚ,st|4 (aqBpShD?#wQ6' lSΔ*uw]N1O9`ƟOrl.n7$Km|v{eJ)Y$;c ҥ|NH<n".3K? n˺G;kpv\<5`/'!eGģ! !mq&^^5t.v_bL4kS5#a1Awetm&dze"#u~J{5o~7|Zց\&ş3`G|8FlHwoue4:l~"/*z"G&uȾjR{bKJ~ #P]6o 88T:9N%x#3Of;*=pKdH.3=6CK*',EUke n )rVR;zD%iVUBpiodt>PnA+0}t.:BwJ hPz͉碚mK;P)mxe')-v|]"&+UCY)oa pO{=twBiqL;m pl)7P|+V[̓fV? qzȼKL*GXgon^:'VGr{}D٦'2tǖ7 v:`3+ܸ+FvӴEbɘ,Ck}r2`o?aQi:ﻞ'uŗﮠW^<~W f1}ƯO[Gb5Ҏ}3]vY\Dˌ֋մWQM׌>K+a\13KNgReAEe:o[@LTV<`q»Lb PcR2|}"r55ѳj$1n3fKƄ_[>6/n,v'LfZРϠ~-n=4c!IkᎧz]*o?MjmWhQXjvlpXK|{aG%:U{.x7,\yAa>YٟD"¤SnҫEbpi v("f~HPeUdǫU+ai=ĹThU Q9zt'MB@|wp*3vZcR䴐e]u%7ѕc]ZU2}h\ݣOZ+@?[oZ([lX&T}J6dC̶>@.sS$3)AMvJhcO -~CPtp4q ܿdR7=\g8iq +c!Fthͱ6Sk2_;dx-H;$$C, ~6yn@FHI桊_n 1 Ex 觥/̴l#xp~<_L AhAhS/ YݸWhuIuǎ {͇!C5]i Z/bVvr9$*bMjQD%i]>~ۜ @vYy#L3*\t;Q7i*Q^O .#E*ĨAwT\h 3 f0քbp+m6 jvuEepॗdu.#͔P Za NRzh)|yo q4}?m/vzN1*H kd1};[|zߩE9L@I4 aT%Pfi Ж}g`[=j-٩/cS\:2"? 9KW{jdo|OEL+?B(߉2&u26gdmB/U.ǖE]J\{U*>QdFyڅ)f>P>WsjŲQ3 ,?RZq/1ǿ{L;ƕw(ԬD£Py:\AmH V/Qյ:3mo (o{J7C413kw-YPlG!˅7G,tYbs3.#P}x[.ϠcʅӦ iZ6(dX𾐀?C[' iSׇzXlӞ n1i.L8A l383v;bرӌZ$v&GaE|؀P˘7Eޒq9`Pou)V|JtFRS8QvpzhBVURYd0̘?&]φ42e6$xc =~Eob0EF,=5uFi"HZe=T0WQVQެI"NkR40(GZiG)&S{$+w`[#AJ=$ };=lh#G~Zr1|hCSX$Dzp=89sfرȒFI^PFʷ:Bܡ܁G?& 8\t'!9l8W?g+RřI$;1{A%ByU&ˎ%F1uF!.5tkd96eWWPxM;G5!VHˢ . VAPajy?O~bhI.ԕ~EiGeUԺTzhgoo|ȀvVRDvrEV;1}wHƶ;D>əs/&n{jtnG$H;U{P_R"8<} !.}QժٱpFr̛@Żl rAJRA_=J&a9ڨ9 ;]O*'hX>\YXgNn\oC֗Y\xcQIKfL h;g[UdaIkzΪuxqBa%"!Lh{]&>u&be׃i}Lu9ٝ`4u.)_0:!rxWJA#}q %޹ R¸)jNh&__Ñ`#I/{~nV9!wQeur؏/>a`.|IywՍ}ɔw<I|\\.gYGʿ:TxY}vZ@ jZzC̎,]K7v#<@>/q9IxfnD=p+MB[<*.G \߹xb[- th^> ee!TLxbVv۴SF)qBUB[Y2M11 \'e,t㼪)O1IZu`V"1&߅Q,)a,$qٴrP Uf%tܽ+Z-WZx }\ԬGiZf.t_3hQጃ{ Y?<--Ȗ%AMٔ+Og5杦FPqwʕ9׵Y_hH h.gz'kE9j&g3.n.M֐\Zlv#Q|c QmB?0a5ݜf4N{9sZI] >K"E_V'GfDh [Ծ̎ټ$? 9tH2ۑЩMabx<+)ee/ܟtD]H+[83hEm=HB"IӫV|N%k'1{ނmfYbyK>^k陃ɢ0L!biIH1d2hFN1}6^KIP6ONZB#.I~֗M@H^lBdT-K~vj K8jdhRZVjbguDJC!wxK7:C+kiXSx 187k8Onx۔Fcq,bj^1%hBFa:Tc~eT@ZTZ k,>Ha4\>>q$^r 9? fbOdg]QEZXe*Gyx:T3T$B&9nMVTYQkk0=7 歱i8JS,Th'7C ߀3h3hh"R.Ķl ZKOPSYg1 A c.W?U4rn)8B:w/YF+6'jڶq,SZ L48.ž6?6e5Q Yg)4+X֒#QhJ;*vA$N+]|8q:zqItNLF2 秖/pӔf&.z EIIWsf\@d1ЫB(W= .Fj쀀7Ku=QA}rH,(cdg#j=4L&yrP$ G9xML߅e kߝ) v.SD4SDKY\6d-d>6.-b9t$)#<,֠k<8=Ұ/$ةv/ޙ[5~ۋuYE#]يF ԼN_f¯6 9̺{PQ,a'َ_RNwyg h8sxU̦vD/7Ȯ%mm0O]$M{*~IKW|t"t͑0.xtw| {Zx\{d8۶M Kg'ҽGL`IViJLX{Tsն:K9FƤNj[-BJZgF˨gRqW)%]6+˭c)v'Wג.<ꍯM)}rSC,RzG%2nEHPǩO{ak7"hQ*RMA_AVD('C^|G1mW/HDgg(ci /wq3csD (mx̘8 }l }{b1|H>%nqGX,'K|sp[kVyC}Q(L\Й 0"A]Rń*>'\.6bԠj 敇 H|C]f~-,f>yUgTZb*,ydE`*D)&ʡ#Eᘑ͜\C=XE"eo ѤGKw7zfZ\ZwtUs6cm(=H][&s~ƆUW(<&N L|Z|} ieZT#RF`f#?\aWPs\%L>Y\gˇ %Evnh䏖ByviW p=WB :΁vd,57BiahY\Aj?2B1}aXףӤ@x̻H՝&x61aKDz!E3]de9o蓍9jQ8!j}7h?yqs\ðu,kGl3oqqJ9`WC m!U/ }cpRqo6C$}iE) g[̫hTJoNjh.b2{Xwv5n|u:QJ\!ɡג_)`ܞybwX cEO66">E(m짢ζTo 9f*/xH;U=?yp'e3#_t*Y? Cֶu4抆}8):$ H eWtG3;WKviKt!z94p1aC|REmq GzLMN+feHs{eٛ}bʔiVαx} &+~D (ֶpv|=f<6(9 z& H{/˓jYw9c,ᖤǀ6qA{Mys|7G@A)e5m>#=gw 1eB];K4.T>@rKU-jZ::r(Kaio+#Ky"%T]eY=]VqlbA̝db\aaV$jHQaWkq}à)OKQ" ] ,N |{UzƤLB^[VJ>ʷ5>X]fe-oq55,jhU1OZd6fFw`sjv%<Ua}GkbNUrgO:lw3qlQx=[m^7:Ak$j9Nty;6reQ6OK ,O+T6Q Qƀ($Wti[ (;u!xV6CDYlt֧.^Lp;m], Os(M_iJJYE [^ N˼1s1b i^Z}kn>k.#CtZ'eg:|H&ׄĜ9n" /_djY],=+ֿIU|&k!6w$#?O8:M ȏ0 ½JO6<b\-E QYׂPnF$G=`Q N@vU4zH,̆*/^F"ud,mLiE"oG!&͜0R z$LN5+رƬy~|Kw:^EUD.M{<ۥl4.!ySnV:ײ]zrfS~Rr/Ґ\%y2" $c@>Ղ>HPAXNKW{[dk˃mI78=oj<}RyL͒;34;얩ȧD9vm ׻$WA7B7M$zh|ՙsz >^UgWow@/Ŵ_ZU4.Q7=WėJ/ sUjqCҿ{"iR +KP44\*9 <墶z.FJy<{TyvAYM]YN@mx%OKtk?[."OpLиj:0獸KVh(9BE^}d:@߫| u]@Ȇ8C 5d)!QSgR䢙=#z_fXWO>r\9?GQ4 {7_ac|XVNCQY;Vlw-|n'Eŏyhۗ[NREr .[z*"(Ct^GܬnKz ST9XV=8t U?VA*MH+n$N+ޮ§m>4̫3|N47<4Չt|0skmN=fɠJzjhݓ#"  LF34yݜ?p*}m֣ͤ0[r|Ț~wxXPhl*EE$·̎P=QT_$',gF38զ@d+BhvW)}JHuwM&d':[{LytpJa'Mvޑ/a|+?ۑt4RQn_1gܜD\sD^ Z)_y/&]_u 4 74&1- ) 3B#m~2/,DftINB2R𳛊]GL3Q#gcn̙z,uh`_Ina;{3ޟ{Nl{l'$ )cs)MmZJ .x%D/=V#tQj#WW2CcY"$]8deڊlC Aw}5>Ƹ~glA1zS_JkȢKHLdipcZ zMq ^_?@vC=e7-kc$zT>37<Q 6PLe?Y+=9Z%i(ߎN|fHZ*=6G BIPVZ׸=OABzPĘ[>uf9tZ (1^%:fEXn͹cQe^|ݸ.bL^Qi3!FP1Ζnp (*jbI$g8BJ\_׿f;2{,dmMH~Ղ#p}(ۂ}ѱ#Α+7὇uXyUs)Kbn{2 5 WIR5)3['j |x:@Cz* ~vd]Z@gpׂ;rIPV p-k!|[iWAe˶ |?͒_o 1*.X%4!hYb j>ъ&3_`9PsA 8q fբ<뇳t6+jXucI\F w)}]G=M#eGX:/R 7h 63z%P)Q Ň`.l00H_i>uؑ"1u|ʡSo(lB :Z_UU lLq+5oCH3Y5{rn^%HܵXӐ5;\49Ztq]c>f#,ot+%;B0Y ((B~E[ yR.tһojH׮O:qΜVk'ٰi*?~5lذb폊a8z5$ԽF wr]W Fb^F#N(yϦ%WC,yT:Q#Bfs^[\f] [R_tgF]2(G]̅J}AC8ɂw8:Y6 (h#h#>| εD1O1.fqd=+?~MaV/R1m:=Z|ߧe\Ly}p-!T5OIG~Fco!7U]u߻ĪhGVc ͍HW0"d h;O~҈,`{E^WӶgYF!{a3z#Q?>u𻾘uݫ/r[M멡:޵IPR6ëV)5:W5j^c s0 [2Afwf!+o"H2`?'&Loi?Gzpsm0<pMoN<qkO`Lm<,̑NKF1gɢ~F@2bf{MٵQe|T&%x< ϟvt'Ӌ-`}a@ȜqS_A gHUNjaop揿4z'JD9³arD(ARiUf5(E -G.erK-v:!\ &7@4؅xc\d5|ؽ?ej KwBmVi$$-od$s9 O?fga?]~|$Wzc$%4+^[D tJnwSFc=z 1 vaeFC<=ˎY?:aZe-p' @zc͎$m]DD mMְ*# 77uLU!8z/^{ꮀ[)Ȼ?$%ceȘK:B"%I-Fnp jDYz]}L 2uYmP!Gspo;?!Z,xdG'@yzh>2}B,AJne@SCGj"czHخe!P*cœK8%^0*q4 KE!Ρݶjyf894N&.r/oviB w=VME,q9;hŲOtbrK^ !!3LMb(!KK- >jqÐ-U4T%ذ8zP\/Nw1Mb~:H<竁A*R V9ϟqDex)nF~m'X.G QR9%<51K}.s.삱w!_pqVȂ(NY PM$.63QƗYktbpQA,jw"Af'*syO1?#{s/_sڎDsEKLY9␻s*'8#g]\~75A12z(ۻkzq!6-UPmN h%2NܮG蘭)9At1W4.[nLz\֙ӀAztCrao AE`G6@acKM rry&s8x7GV@Xd^U08~oqVd6Nqad, 5)T9:,ײ:n)wdGVQƸ4ltW5!/|S'3>V;AԐ^f)&0.u8x7V.7yؗMtr൚xK9n2{AbiXonP%`ׂoz ŀGM7Їn2ه05f8 sgمRuH{S7R`c=9̤m^Cw+EoĢLD&{Laݩf2[R$?ĭ}K  sLHNgЅl!HAtsk`ޯġX`󂦍Ӧ|t4`as~5M82lH5viwo2MA/x^PN:Hl霁-*Vv1B1mG|>wt"3D\А9LEpbYp3FZ:1nRT#<W^;BS֊j߉+c}}jpX:V/wL^dA͹PNWU3D쬀o9iQkAbp}#\KPQrY[ Ϛzܜ6R3}K4NDlȕ@dT{ ޸02:V%67[&NtB?`Uf~l f 5k#UefAIͧēJy9 WF ZX#lՁp4#\wgPA.3TclŴj8CrD6WQa6 :2'i?L~+(Y-3m_RvWf~Om5RIM6~^yT,[&ao?BR}&rS-%?S lo[ċ6CFvŐAo"hi7ylYT&f(>T7z95U-T*dH9,Fe(>nw‘48ע+gfA  E9l8#t߹4 r 1AMlJ6VtPױ" K,W>s"~;:`s^l'>spgDthfZxdFSyg;7#CnLmJůpm+ɁI^CTb;-ֵ+۶@*>hRsı!#R)^)`]kL]{4?_*&Ƌh)D"'w$. 4vd6xށQ4&,Hܦ0 @I! 8APL}li̗ az 7?|WNwV+2}񧔺RuMq#(03>0&B(,X){nᓡt Tx[:_VZ Jkɤ|k 5korB 7 s^5;z5Mxsj/WI$üF!!Bݿ^>~oϐz3r=)Kl, z()M+=mW".M!&RJ [y~J 5"#-^z0S3)zm/B9u(D_T*L*" !m@2dNeev<JRL\> * =d49Z(S~p7buJ)䨂}Ͷ=Sџ<]k& Ah?T*-ܕ-ο#gl4Q-qTaNo&;95lzL.գ^"P0﷐w i=a!hd/ 2UIdmv,dPqF՘7dI#X: h>P)GH闀}C5+ɯSlH"|b"9:uh,bBњNQZ$%ѪA=?$lUI. 'Q[ ݬ)!C'K a־lE}>@M5iowiܳB; /̠[ 6,@ɓQd{=1-8G}`X YzZKFLD4nD@kLK&H`ě[%)E0?A|*t-dKb7(ws[٥3ȃ>ijfg|ut:9D+RrV,ҋ:י 6%oh䡗yxby+QrbE)z% >bxlv걛 DEɪ&b |gid Cͳ6+kdLn-S>GCn% M1*%cxhimVY_"7#,+–k&?03ΡApլqy s%7@)au/>EgM蜢 v: gPƠ7S1:O F<'%1&m"`FL+[=t'#tyhz2zk |GV /j(L"EK >.G@vG#}rlQOx׈SYhh81ݤ41 Q@~vLZ0BO fg2j8>I/"_ER΃4(V _ U5*OS74ѡ}6#e?Ir+gGP#c?vAn%6uoѝP)pաPݣW]:N.Q/HzU 䣟P)rz5Pz'@Zܽ{8=aHYdE>裛lj2#$3('m˥b9>xvׅ܁~5?qR2eBn8*3FH N\uK @֟HKOwORݨw !DG":?GaZ9QITJ;U#hl 4Xp<. 7BPt/ك T>?B*i=.|!'g[v_2僅mkKz-xcf-%S4l,`9;9cy@iD+?\ i-7Dܛymy Ԍ̀ϱ3+y7?`gĜ>2a&GNdz2l,_Aw֞MP_ow*ưmc?>I|s1!`**z"=CLCW qtFy>^rDLy6`tֽOOu#{9 10ϞNxzZS^f¦)H|ALF$I NU$K1L m Ot MUbm4c1d8٬>*\gI(䖒ngVq k%0-)<έ2,Y I'" -Xȥmh[6鐻vI= {%8?/ RcTjJŤzsOZ芼gW,JaѢ:*vٽl9[;J+?2|+C]ZiJT HDT` Ę'=c I=F,#xCWԮ7tw+qɔh92ܙŸ4Tk B7GHZ4@zGpg68-RDFJwqw-²#SPV\(6B6 "7;5kbNj&-DfQKB&(zO8MlAq;~ZpvdȼVZ}gVMV㳂0ax8k7n{+Q3'+M `pmSwTFGkg-2VG^, Ob/2q TSG៼t3~9FăƒGdNvZAZߞ ;`~ĿA:CĦFj.at[xRI<&nMtAR@ K2g4 /c"ez=/L& 7Kv` ?,o^OUډݢpB`&Y Z p[& A{I_]S |*cSbm@_m~dW= Whi=63YO#EK䶗=J, 2cEeF/&ݸ.lԥZOj?{X&}TvI x&MI)"OߙUp ,#:24ͽ$ Q dIN-2G6pgJR&T`V ZK'fuT>v9JODYmewc}a30ImNRgHbs7ĶС͔DUeh gw D8!'IQ+:]Ϣdδ5}-ȬLLXX>,K}c4 b@ ,w%Bb9а\.rG,b:a1a = }"\>KȶDO[ q."f 5Z<5T@tIn 5WXd%o Nx=<.gharUU>6$ vRuDV!D#c0"3:i3 "HV4]lB4#"*1݂.(WĤ"[wݮ .C5>N(DR!ǘ}8{.#^H]F@ԲmmUE ko";jeP,#b}VL9m%*Sp _p/ꭩ񈘲lQ~c$۝ۖX{ ,e_nw6R3)رDyjWbg.aMg>0 D fR&@ O<,T U:xI}V|p0 +@wx~ {› NBUp1FSV4{!P[$x⃨IU-p*VF[3aiK.]'IRϸ)S>-O,U'Lbx oy*͌t$]+bE"[t_ݯMl7pUFEEPW} t^TYOaiWbl('1rM3P(X;pw`NX1T$!< Ƭ&wʍ/B)wQW4j^]߂|6l(Qޑ 3q]xlPt$yT;aur#38BA;3^`ْbMY{L2cCC±sZ@{gul`}>9XARs^$6BL|HW ={b@v*N_C]l!ʚ]`bWqD8AԮ(бx8!zfWdwnTº1ǯZǟ=ͭodvbf:^"iqWB8}s X Q8$rJFp1բoHg>"G#ZiDFV9MV 88zc6+&I:aPkι7^͓0- hp+QT% VZjE'p9~ o+|=gNX;n`(Q: <[O`#YX-k%,pϭ4EErBjQ D$Vl#^/P秫YaSJwr)i&3|SG{-R"]) %ל?(uNP,e`Vnc2-YW&0YJ_ dfBT);ʹupH$;823 R*>cWApuV~>J0vA;0AM?}oICuwT`dd b.`̮Znk$AOŝ쮄CqZz"x.!,$ Q xgMwMcC0 ishoѮ6:?owxdU׈6lt5R44}pK^d_-9V:O\ UX,j%t1 r$ {ET(?*lx"p w-xBu.IAp+Oh].}܀kL!\G%)8װp8Vh Ѻ%QE!0W$Z`D;)et[]W!u' c|&P0T3)@bى;=ޓqhj w/kc˶+_'??Oꘂ:nպK"{vTT7|`/oǽm\ĞݶnqcnN=w,1lIˮ<(Jtz6 Sߓv{[=|;aL/\Pܡּ/'H7L͑WI)\|[9{;S)wc?_VHe6^6Jw: rFsw rއ>JUBP͢Ÿ /65r((Wk@ypF%Qcs-(?Leec3:ݞ'fEtģjt~< t-߈!Agɐ)̔كϯLZn?Rq 1R >P\)zH^ffw[oYtP7Nd9YL#Уq@tNqE膟k)qEHG#_ 6Ay &à4t)gBf81UU5AvQHvfW|Lf4,: șZ9_XNZf+zA}8Ϳ: &c%qݫz]$&AEhdH3#p[)ȁL'V*FƢR'+/Z"kfhƶ(񉦲c4 .NϬ׵00,s- ͘$kg:*)ViK3(3M-4 ^/?EE v> 2^.2 J([wV !d%W~!#x<p#?]C۩8l%Q{Z|S+J@doKVL`lڙj͜ŀӵօPd ?2~I!BK?c(])L;\\9鲮ڒ(2W4f6T:Xp22qg> < 7+&#@SBTAE.[6* H~ ȐT$٪9.>t\6?&((7|$Pi2$ucuw#WdbP7KCg2`Va8:67){{ Pc'X&*tO/4KgI6^H`eZGJ575 [P^/L/\Aa|Z(G_hM.n瓲_[ƨ Td|gQD[S%cyWU-0>l~bXA ;S>*yPnTo/!m,".h!L6H񮇾+$lƚ- :S&W#dMjش~Tάhn{2ґ'JF][ ͭjTSXUV1V_+B){|lJ1H*zQ$mZ5l0AHaGycI}֋J~)\<i7jdSQfqFIA礀6:pk\5;/!ZDh-,.!*AÉ;MnʼnCC_'zKČ%.`ҲyCv7DVJ]r&qloڣ/hi {XG E*ڻeU)9 I/PuWk6é'#*,Qg$`TarsoHg<@a Xl&qEݚt/ ϏkzYT@v;gd*U8Nq9q=I"*;rd<$9”H5 ar@/#lӁ7.'2.Fʅ1 ,օƾƃ]d4jB4gy]Ͽp c8XC&z^ZۈNAb{qRjs _2x@m&/9r6WԌ@܉v}`  6A3S>4nqYjm5j{1wVqaTɖruewIfK,9F)s証1`ت^M&QqRpP!ac-SDL&}F Fhv M.m/By7ؼx0¢9U=$8oGzbiTYÙp!w:)WZǢ.֪|s,zhW#vmi$v6^3} 6 lE *VĀt~xocZe[KؚzB5=$G̬/@>_Vɹd@zq;( OcA)Qbg3hg?onq^]bʋy鸅UH-GN5 I21V;57*rmeGE}'3tW:,t8Tp*KSZ `]4%栵\ء {S~]^iwW[>{lRhGFo'~ʼG䵜"5 ?`AecaR#7Y=0qzUj7NO$DV1VCT!{l+x]y@B ?c :qץfmi^Z9w*(OwR2K7bE)"1Y w Xɴ0bRbfdO:6 iAJHIQXeqLVBE!_BVVLPGfr{?y𫨺@Z]ȶuZ h>3*iu\HIDy r4b~u>Vkueu 6pmXPL2 pP *kbQ1m-)#vb]·Kş )[JM|d2. qgs,5~&gRWr6E1yAiڧf52F!OI*ɩiם5(Gp҃}cTTw|ҁ»YՋgiZНA]=,V&$;D\(^WBe>zvV]C#U-;'E%MC_#74` 50ѭiǎ|50]g WJwnuP-_6LO΅ogcCZA+\Lܟa75e.0w*f,Ô3VBTOxز[~<RO/ ~;rd &BJ  Xxv:@S1қ'_g"-]W\?;%$;Rt8_1,͹(~=¨mZaQfU/׎߉9x$A ,G۹m]A $Xu~-)l1L(GR=r\ BaZ-=Sb YH3 5 _ C h}%|): Sl pÿ{ItIŸxK7:h~%$T3Tqj6l5$m)^a˘dsU~&Y@JE>f#9VB_p[jW_̿ #3ݛs=D󂁖%3_c1# _(C̱/;KR7 m6_~݉b3ie.璭=W_g Ta{CbzzTYqy}s0Ȋdx . ~@[sJz0v&;&VԾR;h4ÑO'ZTx"s[QpU_~ɖK80?vs@}b,9ɿr`Mh)e\j-6Q*Yh#P~*tStMPWj8F+-0Tp[-?=}YI%}MoNvx .)|סs ypR{Ñ!S07燿<+-엸i6"|CQQlR*׮ Bt`eg@xs~؀Gmu?gK"3TiSHA&hFR w}Sݤnj?!úY"z.NqR2V* ni^rf;{z'ϴyPKaΦM-:ᯌP~ o  TM5UقWgӹ0a<؇Qˑz6oLZfi@3]VnJؒ2tnz D(mfq! ƕ{C/ ~1KF}bm {fZ-? a0ve~W /}K(f. x70@vr!?%ӗkn_OCi64c+SW{?qSlG|Q{?7th?5lwKQ(P{S[`<'0z@B,xlB;N`;{ѰlrIϥN=”V ! Qș\a%I$4Up's+NCQ:+!gB8z9k.'sqS̓W#oFo-?ǩbi^HܰI[OްT(@1S{(J֝7u-#h><$1/׶K 3޹(3EpPYspנծ1#8 ,E VHË+Ϲ he~('AS 5KuN:&<GRr ,p3ȣ7rUf6 }>%]\v!`RL kRWN QnϙBUYL{G`k hkZDy'AXb8r,2Q,UVڶAsnf~-Q5fU`' @gr&:V{= 8hbP'>DR\zUnۂ۸f>|4*8kUNgã-N4@:F+l {xسuEdr}]$PHšIalYPkkb]O,&P&5/tJ0E+`p͸Z`fEы;"~{(hjRD}?jW82ɕ o/U(m_9`ddލt `bBեٍSSn${(_(hˣ/aG3U [?=Pr;?6 仌.[|[Y删޸p?;AMepaZtfp0mٸ›AxNߧbhg={_kt:J˳'Lr=ש0EQ7i>8=Sd{C,2պ ɦOĂ@7F`!H2qB!ՙNL^iQsv)f҆O#g飯YASGS\~|JQPlg0JzןʆqjhF]f8E_%u`/= ZKԟǾH)=ď[(ș5cOXK ޾7bL!oC׮[/Re^~ۻՔ1x>|B;"lV+1Yhg~ {&MA y;5tjeL_8 vS7"# dKZCz EZ,^-Id3afwݼ?6VAxXI#=pM.̿-FώJ;Yҝڙd@2Ȋ1n׎xFGKy4 [v<⼾wd0?9?J jt|A\uK SS0"z7iWD7`R/\'PI1Z`n~c pw&^P{#ǜǖ]NVz+3tn7(Zi ]'/n M%[F@AZx~-Y d;OΠoCj2@3MMD.y,4-8=H\q|ksSVoZ2j8FR$1Aeb*g\&~Qll`ZP8 %/ZsPj@+XI+)';9bI{~G@@Wȧ yzd*@mANl!_YjmC(m@ (t2*4$nl( v:,iOYa)gzvSLJRCSq+}e=ՓdbH\8OT`OZP/5~9_-gNښ# ~P}잕uIh*NF!XwDD h}z1FO槒C");O2'B¯6"{DtY'O(79S2-[R,A -:mW3qۯ i FN hQNWM=-$.,Ol')?H=OyqC.";=k6zu*לi9И*M56sXSak?$}zye`nx4l_ D->OәFsآ&to9x^Q_ &_ Vk02E+SPiXMTTk'bpv!9'#G;AyIxAȥ/n Ǣ)B3:BTАmIn {T34NĸÙ݅"-E%6-ͭ~?^*#'U{rdWjchKf)ޱXCFK[["kr)@ $ne^浦t .Էi% F]j/N ^fpI^Gȁ A蒙A)E'Y^PYND F<.IF-` aQ4#>!?Re xh=)[/ݝeLԒ.ȜRa Z0?T_\/{FzvT dsrx̟R-D|_ѧզ@!g 1`GKH")䪡i\> :tsCpMEeE?1 r=[':šWHPp;$ )z2?DjM"zMv-zˉ$[?iT;ܥ&DY, m6 *UBra.?OXL;OltۧASC{ h[fiz*)8"Tݬ`'&ݘ|p|MNqfne1CѿΤ|ЏÿO_TZ LPnH8_ejr,*uy&eF*;cwa0 R!%i9>^Pt2H@`iN@/ٍdIdj(ֻf8>vp5.3O.}PP\}t7~h4ye|yǒˋ5)BrCߑX+R}L(jߪȾ]3 Anr$!#1B(^Ti\Qk,R]eh$X􀫁CG%;s%)9;y)=mKrwh٬bk>*V1 0ĊVeIE5Pd"-^Ck&򖣫m7E- mo-Ik o7x ;@Lظ J=Fa*ٿ:nx7EMSkǠ^Y29E][h)Ѐ[*dp禢_)!iYDAo5%PۢTv \>F,ʓEBi`8Bt2ߠu\H1@ݫv;t,XpKy=)J *Ԩ'df< F?$g"\p5S {Au*|`,0xpt 5"&a^S'=}==3۷|Y8 f/+P@6vz{շ{,t[Te4+b桀@MDlޔ(^R`^=ȸXH2 mc@zr@+&\ O*pE@y6i(ް5-llt8}(c4)x?y I+.ƭ&F u-v%md?P`Bd\R.'>!jbʶBjCo(K1s|?[ WsPqf~Xt V,ȕۼe~%8r ˫xoHIgןkQ H "2]]*&h},r M;YL}wp5^k5ydF:g@Q1" L 5L_'8P# ´ϋ}e v=6~(q_c;Hy L BT+A퉣l[^+3 `@)Z -w} Pk=pXBP#"#j>=>F<‘-x`PXnnP@sLаOJ[A _:#" #OK+`п #&NӍT\ ўR=Zp 2c#j9ˊ!#R#`,3~`-!o~цU Uwy^YO?h0P&[6aK 9kz,/CB̞O6~҂$b]F|ƒK&;@_BJ<Es6"7VRD<VpS`? ;&{H|I3P^OHKޓF%c2:VH/7}7-67$s?93@k"Tdzw3czY#36MB!Tr 7PKS11ݏjCK`V20opv$|ůO6lzM/76P+\t{7ʉM ql?WE7WMVK.k!Ҙ_cձEm,kCIw $i4,;2=d3ϭn>znIT@ ]\+)0̌ 5@3]S\yno!o,@ ]m͖Hy`}G7W#o{>qv*ρ*1,'~Eꅬ((vѰP[%˕x с-cu`5V@ɳSQ8k5)fQDho ]*V躺6;V@Z7!+N\cL7~ fw(ġ`c^o[{ MmT$ 9(Gv'.{yi#gq[_|~1b 1nT7dG!jBhvI<, [u?̱bTvȟG]S 9G @ik?U~P_Ț! A&#FҦ٦pxS-tF$HHd#y:-bZ ?NS8Uar*PHިc gGK>}ƜgPNt- #FXk{0 { <|ECEVV4fd*E+`x9?U%}5elDͅ\pǫj)>?UbZ^|neڀ/Ѣ7Y8@:wd+x(INb6K# j@U8`~MZU٘ MioT9QzG{Esj~!۽?TH[2OX 72dEJOj|X) l+{e6cBmsޠ! /ſk2W"{򡐢#yfd?Y'!06r!q?^<ȿ(4 L-"jA%7Ь(N5vWNF'©7;#Á'0{|rk¯d-Vo)BfmܢR5 'ao^=qT70 A'8;b;3g8m]DԬP8c?SRn~xnY $(dk=TdĞҺg ʨ`P L AaŸ<{nl@ل-"T:h]̥;/lfd`e@۔wI@|G_5tl֓Ur{BLixėM.; (9ટ`rڧ.Ivxa8exځxzn1яBopƒL[+Ō&t-m&-h a8Sj|'O|s&F1Yx܀BP&A"ahWNɿ1 ,~~w*Ʋ2 +1/E/L3!vo9ڭvFw*H3Jaީʝ3hG#h0ФcOCJ^".0 [:3PH_*lu^* #4l4CoQpڗf^uqr(VϬD" vεjs5k%!Qw2Hո;46!𺒂AS3N4AQJӈ5c@!!^m0NM+QR#qܰ¿Ɣϔ_7М ۘ,{QYPw`ql[.űtK4raQ.L]\1c:D OJѴj7ɭOr`\zyD2Jt4i+$_&x'1 |w0*ϲE$w7n-d ?{AjTvNsj**4wK^"5P2V ɒeNBdبmt/}d_ϣO&o DJG}Nd8P Ȫ'DØLH`x>ro2Niiq7`aF#b%@kC:C_bqOeDwqlSݲC)P*E:NGonWj//V'!/s L1GQghd5[ou8ݥÂT4r>e66 G6u- Ȑ#I3F(1lí@٭IALq63j>a˫q1/df {+.!E4wʹZ-USG-~>a2%)_qSQW-ϵa6'4Gd ZɅL|N *C!Tb#SJP .>`t\Lkj͇O xzFbC PXsw~w;.BVn\茐'4j\`=p5 #c[3`!ڗJX,;futͥ4HDQ* K9& $5$%0Vbm%ӷ-n+4oTb_ˇB^]%Xɭ |?+L%ښ'cT䰺³Ùf`<իPt'I5@Ң? ⶚OP=;Ġu>ɰC]4&Zk85'J~^4y^sz#܄]rЄ6>[\2rOԪ[P40>͡Z`ث?3-{I Xn3- x "&'ѣeBh2ėC?U+>=ك4R=$@ݯO ΀;9N'kϧ՘Eq[e%;=:/l<1ȓ5M(adم34E?,Ne 1o=GYTLU$7 B.I4ȪTݛΰ8>J#Du!Y|l1 ~5ص@'N7:g^/SS] j% ݖݣC2k&JqVضv0Ғ (ժxs9$`3nIp17ѕ#$0ݿhX754JDk,ŋ:_( l5 N6zeKB:JUO? /|!^2#65[9F@ﹼ&j 餓ح>U,y}O,xBww7¡ypQrbiYف0Yڮ iö`:**-`r֐\Uix GF ΐ 9 "2⠥VPwpMF`/ȶV'~ZQM9_K(g\ykx@SDɁ.P2L"tŔ1O9,c7s_0fzI٬ c)QG-{d,FkJ(u&wL];#fAP|-۫oЬCn#+Ѐ3^]vap׌if\v@z.59(pAm&ý穈"Fǜφ[8ĮZHY dB氩OtHE^_O'] F)/!"{olLip}# kCu.*,NՀyl3}CEzw{kG+fv'Fz؋6D:<>aۄI#{h c2"Yp`r_ pl67xrr{-w \Rkդ&xdfo`ʴ][ugDS~_@kC|j")x:RؽzQ5.|t(iA o S)q/uk[ۮhDwdz=[ZZ b]Z+K(O28( 9ہbE2;nZpn.S:OLÓ93?.d҅'L:Y$;9ps߃HuoTYx߂"b6&A L{1g+zW'/x)tuW?/kyOAh/I6>l >߲7#3^p~f.3xnսiH '2-n\ͯAà%,67y%Sc(//0da6\p{/vY[!̵V|+{աvOضzm[ݚK–֮;IԛU{W{RI@ :]F1;2p eCe0 2]P`aW@VP=ϖz3j[[{l kr\$/cR2l"ħ!n`Z1I|m#S_P'SJ]1*j5 6i|+}x}{B\!@ltVcuoǕ6Oag6 WK? f7_ Q~Z+!j o}[s,:ڸO fmHt6y|<6 ; p+aLT 'i:e;x6=ٸR;xicU 战x֎4.w?PSi!}I '={WØ}'TLu.+aRœeu1+=5X${[q]CݠY)~Y6Ipľ=zŠ׈lP7B6Cs+'9 y!ǧk ָ⳥3kf 9|3# ?96.w-߃(aw WL1jT> s|t;bTt W_~.VP3mߕD[̯m6`V5I B2dagՋ[3Ɣ&˳o ]@SV (aK_4y_x)DotS,Pչw|Zso`!Ve1lmH$!nl3[$ G~>A?vWVpM?hS@ijbC$ۢI撹O>XtjXhJ}=2& =Q蔴Dh g _a'L ~ӥbw=+0]|y(3bR$SE-ds5ՖlT=r h#6̙l;?m(eZnP-&8 ɤMc'V5f:Jn|/f̉D+-i9ey 1H^<ߚRrDS8kp_>ߵ:ҕʄu&d)0rKF5j89ՈKn0ShCN1 JWC) iIqɢAN!ķ_'Aũ2{Oΰ&:_jWU>M`qZz(#bWJlVdw19aǀ]g=kclP?ӔI(xguʇUV5;}0$@fBK*MHPXsbNRD!weh8!:ݔĸB>06m<8, @C͑H (ZO͑|H >DYʰ~SsŹ E:6!6lͥ#$deS?IW|h>3,-'LX@޴>UωPҹ=Ew]i(~ng3<\x1*Ґm9uU' YN~;ǯ.L[훇XGwTe0).irGs"b%BLk-L=~O #<#yn3XNfŋvcDMd2g)n|Q6y(eQ,_\rWםm&U++W`˔6L[ i6Vƀ-CU҃2LpXd|9qWv˜i_q*.jTlSirl7l%rsZ8]{{jI6"$cY6k2˦S8a JEKVdUa6}H8>nZUN,D %U~{l}< >TJv~=*cK1FFm]'" plcz-'-Qa@`%ͦ?b5AincUh0] 8}BK;0t۱ts`.`(Imx&l@w 6;tOY:SĎaV!j I3EX^9@U$yANA!qNjf>2b{`QIOp']x)Rbk] NEgyde].3d<9%Qz9N(r錞C,(3ɵCΖSz׋@[&'BkY9C ikw)?`]th'(ֿɪWDFr:`L`}W,/U Ǐъej-M^*{ nG-tG]˄ Gz8~՘̷uSmgG7 *]^ ^G'w?-P)ғ.l!?2kzQrGAIЈ)4k*oj Z]7|nͯ}ԗe7b4ʘ;`6? yRe@X}h-aJq}z8ÚKKi9Lq2طBOtuS{گ$|"5]7d.29l-kD|0&)HP5^.>ŌڜC$AqG::3gllzd>wE`ʭk#uv}=*%e!Q(h,F 0MSY$.`Ҕ7VUkw K_/eWMMl@k uN?ri R1ŴujW`PCI~n|xK*M3);d㐿F\>+Qo졒vk]?@y=3'S^閗OpɒM~P~v9O^\q4'ni~OY9xh5.^(2{X aزᤏ9V?#MSp\=Wnh}BF5}󶲖3Ǵٻ1B ?uakc|T S|x`Zt]cmaJ^ 7!lSzg\2.(e6h6!q6%6nbf9C(Ey0U]s\$Brm#Sp!fB ]rfpxx Hjgr:l: jt@SK -wEhG)=p[+͋wҮkv^ ҶWg݁-IIY(9AuDGȘݯM R[8b0& a!طf gמ1-|I Ҳ|BTE^ +*|-P1IЯDBqrϳKv-C[M#Fnsu!Rw)@L˕B62 ̟fC (F CZr`holq]=Ⱦ]EDbl4ź Z-tw+%ҕXjT咑~l<8u?m(X'Ǥ0|1Ѡh<={s!ʡ(%][!|`j ?^!{trXJ橛x҄>Z4]D`N X.U4]a9l`p53T{ 9Or]*+i pRۛm5pE %lSvj'''!lrzƮt^a5۬#FӲبAv^ rArc;h9ã2#0Ȃ>1Es! &HN[?RlbjEb'x, jJh%Ht- tvy ,PKgZMΤN^XeR2t{7Vaolz{dha$|O oU >Qe ?BA3u@ ]2OCζ:(|ɦiyZ ҿ[wnѤJ)8㲖0mi'\H5*=(GLx]64׿2n/g/*vO`plMA49{u_IhKN^0z:[_a$!܉HxJM0wB4ӨGw,k3sK :k*dIȏn@; U"F@V}Nn]'3# 0-I+tKyAaY2k p;O-V)70yms>jWY%:ۯDţ2m 3z:zTq uД] +ea9h`#a[]I{Jjۗ^⽅TL[a5܋#Y];;ap R(=@ R*c?)g)@L'j LAƌ) {9}{P`kER~m)9yUkPZF@˹j?i(&ʛ6/QZ \S`m@P*)HLcz%DיfUA]Mu՘[&s$@XĔb_㻠&|g<c{;o$ }~Gҕd7iDE>P[SֽԔ$$O ϻǣchqX?Cc N?2_( &;KgaY:)Z%'2Cro^bQ0uY=u+a `6Odj^TE|k՞vyeI2E7IK羧o 땆ڰj&"Đ 7)r0kf;#:9+"q(YfxOjK=SKj;QZY2vJoaƶru1~9^nȗgawEVɗ@TM.n辰:l7JpyQ)&uKMĪu#7H3MxK^iz vJY?-DކTPoHV?Ź1ܼ]TeHRG8G/K]G{q"B.Q~.o"N,;ۦ8kYwA,<1]cW.tp勱nZ|=Us6J&5[2vho7uz #{*916x>)VXw\}2jE>~;`L{RdgӱT<, !x6h!R.RȄ]噗WϘm)`l0ڭ1l7-6uBUe Dm%zfg%hwr8Ð[ؑ0g׀#Eء]\}ҜY-0Y؋ cޖ;u} Q VA,//MvIWNbl(& 'q'-mx,dD7DLo 逕yZw>JW\JxBb-t=Ca8xG޷ VV#'*f>ұCe*'uoxs Sob#~RadMaRw9-|ɑUɟv 2 GKSC^]9v$UiE-XSecm =| &]) \f@' 蚥Fö93Cf4e 7\'~q&Q-b3-sbł#4݂?ʓ)%?`DP5 .Is`٭z)t;tGI_̫ۮ0sKə(Rbwi?>+ik݈e ӏ,~fx_uc,, yݹpf̉8QFѧ9WXAZjLhsQ4A0m6!Byn>p^Y9 x*jրi Z-@6B%jB|:yA~j2* %h"X}ܭi`Kfe&ό=2?4M5AiҠì~TӀJ(&A DҺKջueʄ7zismF";r0Kl`z%V%h.n::E\*CLWoWĘ@PW#18/i(\v/3⹈9' BhK"]57q I"p&zF)\ 'JFذQ㌨ю sgjFٵ5\bPlО'5Ga"F*O ƿK$؟L̚ AfӣޒgopXty,~=~m "25ְ߳H!{@1q ;1yBƀ6-|#Фy$z+?G?XZA.؅b}Ǧ>|pvkZ6IKm#? F7R0Efk͗KϬF$Pܦ"qyyv7*\@nMxe~1yh5 sphG+]i_G$!iW uX[EURa@He]@OX,LŐaұ(WC;ԵZ]G7iM"Er6t@(U"g{0Hsh,n@k*垹] DG d>OIJCQXQ!6 bېƙy2|;܉ZxP!oFc @,*m8oљn5f?;P=#(YRz7IhRQMe/LOtSh=wVMDճ)! AQɗiA;ҧtъlw#W 6"X3,~KL)snfuҎ%V֌=u"N)_ . zfj iH%&v/ͳe;D ;l!)Tl^yd)#鵢f% {QW{I;eFh!޵#rgPPAx `X"<3Оs 'ػvw"˄(h.gW߯-aw~oy+vD\"i\CJk3Α3 ]ο !CX[jYkj~ &-BU:=F%>P^'gwWkXť*:HXK W-b2dzZ3 {(L^sA?bh,A\<'Ԅoz7D*_e>F$tI" ^KAfČ;o7nm!1[aΦoM$,SU"vƄ!GUjߍl@fh"$W`gtK}#ܒU :I̛ܹ c y]nI ׵ }:o)lBh51P߈U^Ӻ}}Qr!7)&RZ++02܎ ؕ oӳ ڌ&cĠLl 0I(3ĶQ.*1bx{%wARn"$'D, XmK,R)? uՙhoAFWX09*pBmh/ T"0甄@K079OJ b>vG# H,-_ $oo>_%d*ze=&s3ߡ.I?Iﳥ$jMsARtREFv7R?C܋k>'1u?GUg%_` K7EvDĢFx CKk-1 ļym%vGanf&Q>TeW6Z\|XzHw?dZH:di_+pǚ&?𽌀?ŭeyIT*66:X^䍽E4UB/0i0GQ:Cȴ)A2Yն$_@!{߲C^vn`T|bmnph"ەFU,Ʌ%zڞ_'F(P*" .=(Ix` gq>n?m]D̢D4mܷz >$ʘ:溡q7GұceOE&e/LnrjOɚsP[af\C#8.OGo0@ؑ1Ec_Z2#z,>nIGn$\-ibo<=k4tK:;O,'kJ8H`y)/hmdn&x0lKWDb'iv,j#[;D]^Bt_z=8\ݧu8:k"BҋCr]eu'i eR)zi\3y{ ʛ]}I!|]_N%r DD.d> ٪8,JB"8NezIƇ6p'/lF<yE)O0Ei.2 l2 -Ioo3'=%"j}2곧=a4\ e0Ъm*S;29N@+%S|V»}skf/ēdbr?-_,_$ʗ؈̌~M({Gq Uʨ62`` S| (i +j$߷A}wnbW*7:syqfҒQ's@EcVDDM$\9 $W0:[׊<.Ss{c`XȻ|'ZXpfK@D9=^ uԜ}R=S9YD"0 gu ]|4L *M %i*H$;J:Z(tF qF ׆sQc|VFU,E9E/D;~ مFmhO"^$x۔SB%*e9&yWqҊl <ݹg\י1lhN1$VM%l~\^RxT`gaW_c&?-w,`" /5C6FE չ"]#oW-3K"&lЪ6)H05VXulwG=HhܾEO\`hiҁdȳ**Lk,#|гg_3|96խj?Shrhzߌ jҍ7/BV4.R~@?DV;l9~Ei'c#vTGndG.>sTX<}lj 1*UŽi}56^×.So B @e3`*[ +(`-?hiә+] M ??s oRDDjU+6]ZkIfae$NTlj ا{ǡfXAxh1u`ޅg`ϭBR32n8LJ[vGG&1aB&!kŗV$3 {Dg@2+s*WNSe]7ׂ$yg#xZ z05 mkLR6p*,$ԡ_$q)'nH b :'N Ń| Ȓ1 vۣr'IC*XsmRn J0_ď9HG.lc'ڛӨSsS*Y= sC qJBrJ"MEq{6&zp*?ߥpo)3G(µ降)otH N!5"QPƕhau(Ԗ;ؼ٥)c(яS;Yw1ttCߨ/7pΰVB3#; w^6Ul4c6sQC$~W9نȍ(>?*$hӱ@ʛաw, _XX!﫟` NQ4e*dq IG(*);mH:5Z@ؙM [uf%9.9PTUd`ߜ+0!I U1D#n<FLZoEAXFL}s4!U3X 7igɩ`nO4DKè 4.Z^wj]pPkn;0  ,\iZa_Pލ<-Bp8郟.~炗ጤ fVSFJNQIpPMl a6hKܹHQhiV'h+{*l#f 1'{?2bPTj=Gw6smdcR?gCHzҦؽ Ak`m)- d:rbiyq9^UhOT[cI, ~M8a5:m"*-Rgl%XSbXoz27`=]k2'hSMgMOobĄ W!(1۽5%vw~gѬ!zaԌ{2H+Z|mGĪņ8Q71ka|ThW,A'-s6䫇嶺c݋tޥz %! ٽ7tO{ʼ`1 ~qɘ^"eBdN&\ \d=V3)i3l޹͗D֓zh'qM"{z,vgI$>@) 5:F_7P\%f .?j8e=8~eu 8aADU.WL_To3.<+Vo`;04Yp"j6G{qa/'|wB% Z|Hl]Iˊ`B}C!"1V!1yFɫ6ٿ߈fՋp *b'eXbwR҈qqЁĬ. Ntܙ=L~|C"ܙtu(7ng{6'dy׏F":Bmn-첝obz۷fk4%Ԃu(Ho;8u9ƓkhDzˑ9h8 h:}),F*ZDxaT[o@?LQ 0}3\v fOฑؤ^JlJ1 ypcYȑ$5!u{*ms^0TfA>hia6d(|p9]i3jY2>eI&8`jǭ@{wP䫧;Zl -V{ n" v-r?m& yUAoC=f0[f͔J=v4 9Mdi!~ Zw{I̅ǽ T$+nFYޒ%lj> w~af,t=l qb6 UtM@g̋4߆DdTVKt!u/X L9WmlP)Zc?M(G+X}(\|̎  %_x+F5.]HHRA^ cDAEաuPB [T BC67/ VGufpŇ[U? >0|=A:Ђh°E?-+Ѫ%)FaIɠ.I˺;K&t" qʏn>(~Enyu]0C8Ud]3n{Nt0zuSxo$|?IZe>R5 EVjr%I(w\œ97>J`]CNYnp 4y)0?I=21,Nf?뒤ױ j5 $Nk=qԄsۏKm%g_ϾI\bPu)f<)ɔ!*a<朒>T?0b,`灁zsd z˿O1ĉH>{#|#x Fz8d[jJ t$TFtTzݠ^8D)I Yah 2^Q.#I$ۂ->.4"-5:-TIVy׽H>_HTku.ƿġFM&6%-'T'CacB;FYSo oטDXn8JJ}=cۜ$"?Fh 'D,W@-za-x ޟxذdlbgJ2?D:.ҟ %FkҼ5E=DT?D xÀuZp {AfY$~Q+l`pW 0M#qb-[}0όJQEZf\mZ|sUbrk 1%Icb\( D_C߄2s7q}ejo~lp~1zҦss~elVҍ5nw~hQdB/zI5N4jfF; &ұV恪 )uq > Mr` 9b8|[RBz[$Hα9-  땀3F~_-O#&ĕc3 J$|Y0Fmq% %e8h#ΉN}jf)̠$T^ T J?hB6{ ejFos#$7=J\+G>`*aݕn:UߐhRMm;'3 i@Ln( Z :Dž3=Ra¥o(OTj:XtS_ IY}/}oE)RN2Lc]τ>w[ Xmi,^S]pS"rwE*EeφW޴0V\[Tv6. /AtHMK ލ5LNbXiݪBzݛ졾ѧgA)3oXm4xzmI(԰噄I 1N#`y>)k;,TOUCe)ibð}C@Oovޙd1 E~Zz cpxqZkֆNRIW]Qg /JbA1QPa:u:Y`WS.HUs=+ݟ{"ңmEqks+ z ";"4QwKiT.ihә#*mRR ʍMn@2B_ch#3Дul3!j${}3v_{= \ϬY׆EԶ=9uk g,{l"Qܙ1[\0.b m8?0"(-z Tbi?q@):>}0s*dnac3\((rI@󄳨#3ׂ:h.-T6_3Eo77b8L$E[f*ȉfAKY J)d2'[Kln1/H3L^d3MJepv0z*dtаb;-'gͶlF~]5ϗzaZx4Rt*+~Qԏkj &oћJUj>h0PrLtSi*Te{WhPeixa|+W#]Za[f<%+dy8IEZh5Ub\nF_ @ 07k]9;Ϋ:?4`Nwjs2Ψ7n54e +p Ct S:78| `4b򢴼z^MΙi6R)Gm! yfg0~TjA{JQLԝ@j u١]9z,L$Kg*H꧉n9bb%WO0.=mjVN?m."دT>kJW49=VoeTaă%ˏ.*F)# |qP`ר &?컒U,<^_v&|Ytq>^^Y(MvNdt>=oA7j4)(UCoܢ ne}r'~_95!_*R0R۩16u}D ifxC/&.I>1}򟊥4zQU$x"uѴ魾܋hf"!q$b`[=v׆, )c H_,{F$ymD Wo 717:QǗ:iۮ 2yyzfkhM=_[mGt#.]zp[ wAHtli:itAHex( ʹO'"ݾ>qZnԝ~P=z:(0Vkx068BAe9ִY5w^=dX)Qde`4ѯf78ן, Ai5M/ͰyX6]GQH@ˈA`U@UXQ|ش1uoSZRmOo *T2k*9q2Vnk燋|I% ՉWZq#u]F[p+n tThr²irԸ-xFnMBI8=MLuK#N[Uu[W>6~SuoZ #c mUo[%TRg>JPxUSV\wϕtP%Oz 58OAtY簍_E](S90Bg wt#ǦAn :[TT,,‘҅,P}=kbH y&n!yHX/^HJKᦎ^,7A˔C M6e5")o )B 261:|_$$a ͏y3IqRR 4P4p?¬u @ؾвgtABjd Q;6U|l \j.UjWJ>))&Ihf-Z|`{+#ƇHV(Wwq3̒zˉ%'t9L硚,-r,ɍ C2K=2>VIMsWv'68>4"~(Fvl W`Mؗ> c$-&{`g,"taNl/VJ.<}Hԗ =w_m' HzJ7ƥq,SdH\& l?-Uo]-atgq& V1_C P<-n䭯BJTQ~ WMb}_Rj2o_@46$kAuaX_B{O<˗(S"OUµ HM t]o÷/d,g` ͬmZ[ Wʊ;)ħwMumGNr&>d?g/¢]S 5./^yq98/279j Fl\h< ̹-Q^xtmwl,f[ Ŝ3}N\Szg Q)phJdoM/ZGrvNp.D2̸2S(Qw,yQ"!Sa v<|) (&{l9*5S.1 g$$xN{}-*,7bQؚD?Pq{e^:CpL~X ``>2TOK2e9&hBygsWpeN` juxQ"‚g>ΉAu*oӲ\\)9;ҿ6O8ͪ<ŀ0n5=Bjmܸ1\bY{-˜kzcߩ~V_ r* FWf% 2I Q؍`-SEĵuuPL`mlIf_k\gvYIURo- K:߼셦"gX 3'7ew{*C{fF¸.4p`GBG ڽb]v17@u d} f3 gNЎi2ɪ{ub!}d|Š;J*^ dHVZ!½~)ß@D%tyʙum{1 0FC}PWGN^2g|XS!HM$h5^)u+~OL3Ŏd>A8ڦV*!p{c2 -M2 ;£F٭z2y0أbijz[)>]F נo2G9m9 ܌ZWkنyR× G?cx RQY{=@c0S6rdvJ H,Pm%u4) 4%ѱ%D Z!P9kn}Uft@dcR綅L' %%8#1I̛r?QȄԐԸDo^@-#, DSkdOs[~HRC-h&{1VTjosIVs*v%<_ ` NsN*?f(iEiӼT!Ȼ'd\H =Ԯd6ȝwgCJ+/-D zsL!uZn1km#G }v[(?1U ^jC7N؆fY[ч47HC&<3_1a,B{!~dh#v5^`0wfZo|qD4b2npFg]ewic5+29HZ}DpS (f?3AJʣC )[kfGѩ mI^JX6{О?06<1= nVYVaor0\?ff,Fa7acB`m[u'{~4Љ^XZiF5=nMoRM'RNΊԆL485}fyAdg\I٥!KjΚh?:cCl6{Q ݾ]^*~ǵ*kBvL0I[X|0J<al l1?7D{Di_E)6k|-(xVyH#ֵLDA!= u(DuKբEmPc]e+ j3bW EY}X0Zy;ܛ[aE޷?,~e ξ~>hsRriڧOǦ_(t)v|5b1Oٚٯ.֢Y+&\512:{T/I&x-=pf!uK%wXş\',d"N?;5~@W4') kR K9 q8^PfʇOiDtwL%{{;چ[<͇*gSSS-p.[ADs;<V-MPm.fdϛ#M9̶ .tK$\qq0R/j~lʠCll&L-H\E1C.9b[*f<7s  ;%֣yoBB"G=E&ĕ{S.L+J ?FN:2 RE穵쌽ʱ܌d_qpe?PO@wHR>TdO h'q{ĉhw+j`z"'xYr@K;ҵt@@r-˝x]]:Jx#`ݜEhBq# X?;^%|ޓt 0ʁvoO"%Dpduen9PXB9t%~w5JemfV1 1yj>lƮVIS]tg@,R3H"uYzZ!w<, :|=5kV3Өv?uf}͚"=h{6ERw{+UkʍU1f88ݺWZJŀ>q,+ <7%ծL C cF AXl1j BSl%w`wT^r#. u@/)\Tg}յ H3wę>/{8H4qu_'(Mҧb1Lxc-P0ܚ7Cf*{K C*tdjHr tiW)*u$Y 3h0 vGvf9_=]Cr4M_m!m|r2ʢl=`0d7uG'ZR~FN2crL*N@pFᣫkZMJEf:ѢeA^LH6T 76'!$toX'EGb2;f )rܝ'5Z@ ^# ZdgYn GI OJ{ xǛ;:]p`v$z,"uA`!N4Zv{ \Oi]u{(emM —"S{ݎ5ezO^?=:M[ICFz,7hc[F#pW{kvT(3 VrѾ$^Z=KȐLn ,r.0!M4aS]`p] %^)W%8X^T1ʜVFYPFJh*AfHm`C\2d|Qx,ȤQ"oED/n/D O)Qz-M>[j=M*6Mp[o0C:uYJ !lIL<l^%HaCVqݝᜈ]qWkI"#o#6 wBu@iDvj莉V5/3e݋) k|xMfW6q(մi}(%x|)X*ETp(F:{!z?^@ t V t֎y4ZӞwqH3鋛ѣIZ<j\_u䮾;0 =J+9Hk, ?5t0z5Ɓa-Jaij=*_]XqX.iA0D[MuWLc>!5`¶q?pݻ6O4:X1̡ ՛x'o·bsS Nۺ Xlʱ#)ޝu*= \WaFwڲ*4vLdrWD)!Q.pM^ZC?vhY|]~GA=m /3» EeƷ'Q@_4@0l{r=xcV/KtFn=V ,bidE{j]4%>@~uy@߫"_F"/O:z0ILU_â}H=?]RyL>9r9>qy :gjlH;ɦY[am!~vTT$)anbJMIZv#R8VcT@Lf1[:;Tqk fX Pd&a -&m9?(&`>@ GU|]>e.:`ũI@S-Hsҩkv? =՟.[9k$♡qN,3_wDӻ]_8vʤZn  k(Ea;;K _vѣ( 9[YPcK̓0ACfYSάИ%"YZhM}:nkqtA|2ܫV7`eQ># "T\*Lo߮ } ;g&b*}b:`>Ĩ:Ƌs=a% pK0+c:3έY7"hwq yOBW;nbw |O KSV{;'25Yeܧ[bOw0!z]L4YW@䮜:wP\ */Ix9ye3{.!B@kߧlQ(*Nad{HrqՈ%t^+TʝW)հ""}9$NzeB2k@Zn)nMcȊ"\'Sl)uarZy llm.-Z ͓x ,Q),b+b/ M#@RexN9!"NȇqТpZf' !)]\)ȇfcS?t0;Ihu@~,o˖ "e)#?^zμ ϛ{XEy&薏;c6o<e'94}L.7oMSN#Z?Q8Vޘ tW{rƴJw)&*a&jȔ?(cڋBI`7] ШA-/"nW2n<0'IX>qPU! 6[5rAZSm^5 sJhӺNG=}n؀˩?~pǿ'W3V7@yTj1NT N]y[D[;o}mMT# @-,l{X~#JL*X2|ԔFf[+:$ J! kV0S^0%zȫ|t=PCj"x 5,݅m̎zWZ3 V|St +z&kiQ0Id|(,IIVY$CjQ!AFr*T((o\߆*N'Qi32c#6|7krلnh 3Y}"W\ުOd5}VX2B?<(ƺNp|\מ-F]vkH $c1;H_&Lnd W6aL?SuU=w06KKVC(%02c>EH>1~v¹w地:G|v˧И$u? j:do3D{5ɟ˻}ʈ P{oKSҩO%(JJ) 4鄪oՍY]V3Hӕã9u^n8i/YF5ujdV @/>>0A9-v36G\FfغAzTǢWמ&ۤc9EB:oPfcKd[ A}4@3:jl0`Xw4*%1;Z6.0/o[ꌴQpahO4imlNU$NT&з"הDDi _p($RfuzW^8R4cdngr&ur~̓ɡ!޸`u(4DTC04?JBɴʃXvv&o6a~ux:.=CZi4ehVPѨ*ʶn3GIgi _v5Ihٰ~i.Yxեg6a Sw)w3^m5%b G5!mIQסr(mh>goj҉!W{I@`f[.z1E(de " ACjɃ VtNt &AaނZW$y0AB)r}mCX^}~-=[w[aSL7Bmf4-V.#cC$^%}.*sQ nq"-r)ˁTD8^]uM~q2C ˌ=G!y Ot Ad.̠Jn㓾ZdzLyhe|>̐o񤅞 J^}y38qU},_.6\!O""s=7ɄϑM/p۟q`KM;\pT)ב&[)bX0`%n,{])LRA5j϶oĭAXlN|ഞGq -QIbc8qſt3 M}׷V9;@W3LS6y* _'Ƴ,l.b- &WZ|;a-#6hjt iVQ3E*Ʃ i 0LyUsAxۄ l=;R\בnPxa##{@~B˩0˅^tV5oA !젂;#U`7od2]WGe-۸]ƢviV||XP֣z4Bp^PŶ2sM}!LZ刣s_7YJJ˴5MR.B58>RgB؂4`i:mйΗ\e0v-jzZՊQ2 @47(w@/ǂ$ztFqL' 68.3.J^Sb)m=y_SV\uzH}1&9W]$%+ewM,h>*4 Rp"1&HR\=8h`2dcWNhܩjlU:cל?b:BВzo߂`).71|UFṮdQ1y)πZB`_9n˙V##ԼLuuԜV*nx\? e;Ly ]v՛<ՋK%'弖v0]KDL™(Iŋ1Ć^a&ܾk#\`{䑪j @7 FV<`#B 94-PtRXЈ蒡MiHN̘f;u{vC%8:P鈵 H{w+?8;K> .ZK'j :4aX8A<`LCq]%CPpQtp"3x<.%?S=[To؏_^VXlV3Fܦ.s Tp Y_n01W HEs.>$J3"~\Ȝ% [[EgO3C}Nƕ=3=|v* |U(,&̴3 ѷ/B*n}J:^2'hۍ!˺ ͲC+O^t M` CE\wSVcjпŒ6C2.g yVj5Nzp/,ZIE ðgK]?I!' rߪ*Fyr#ӹh,e$RG4Ͽ&Ofct!} 7RixM eF}4f$wo``Lб(gLmZJhXwVjo}ZL`W&0/VIrD3<9ۄ;Ye?K%JE+U 6bc! $=8G{(-nhSF(-Bt[ Bb>P~$cF>;(cy(:i Vac/i cCdz"yxusq< %֢m"P)\酛:f2s~NLMaY<5t5ds&RG!O ~(7abNHq JG @C}-C۝xR撚^8%o]_rt9󛜿P2й9*REʛ }<^JV{MmA"a/I嚽)elaDYj.HnMHysp4^Y R+{xtߤla\HEÁ{^fm{D@?GmZbSSc.W}ajҢYMU6V|. `+{ɀg1ؾJJ{n 0{,1s_-l`jXw]ȶR!bk'DcK2/3B>Н{גg !e#?*6eY&Y ˵&1v?yW$rыVItU%m)FxI_W;eŅzbBN/ūI[ԱyVg[aɐ3xcTgXTe`Hӽ.@[ȯP|XNm ߫- Gz56U" \?T2ĠfH~ޛdکFBϻ8㢫_s\yqr:Er" ^|D"zM߇m J{%]+j^ Z)|߽?m>!{^d ~ 4vYrhw (v~c<ˉ:ީjC{yzsMk7E2*﹗I rȴcz`de#a)iT%4> \ErwWa H]eNײuE$ j7bch65&h ۘs Ś)$ύLi8q~r)>ksR#0h[n]OW^X2+e'p[rmE<;E#2Wy2*/aajK켯%\dLt7ahk yx=k5=/q_5ЎOî*OfJ/)[,!3RZ|wc`?RlPo6yk@_?PAY(L%Y, .t@>:WgfmA 4C{9; zWr|z@`g(^iRθomZONzi\QjFg}R4ˆdbnr3}YTf&u>7>(a,oe6Z0fE>J @U\e͙TpMڃ|Պ.)Y?}◖wm{]lM+an6Ii(CMDǹ^vw8>]NH>_>!j*sÎ7! K8Qd{] II!∏?‡Ha]LP??y%Fd)˒6 '=\W4ë S{ 1xєH miUFۣUp]0pt8ʾS Gm`udCO^}F:&T8z_GghiS}OO_!D٘F"uEvTAgf_*{Gf2)Ny!kAd[TaɧBc QweceO=GE;P9`Ŭ23/Vp L[G91op  }.˒#08\@OLv%*&W[efY?ק6ә\m.3` 魪r' k/0rM16XOh̕h|?}[ُ&qS,ҬZ5?H>Z)QaDfű=JU H2.9'_Ou,Sij(Z ̢++aih╡|N<\.c=qAkI jr=Л^[pvg\s8Aκ͐-'0p+ڱxOX"B70y~zIe ̮_eH,Dؗ_j-Yq_n'JA $,/gglĪ.ޫoMc#/}#v4j%t<$> PWU${ 2S& wy#BiZ0#Lc!/OĸҦ%+Edmk;b $Y9!ION޽?l'!e` ^B/8} cl5uѨ6_;))MsrA^?lny<'CЌC~\Ae=fet_,_;&]0/TjR 'ӔHؓG}6<| ` ϊ-P=KN1T|HY/Q% 8ƒЬ]7ꉎ腚*꽡^:{ ԑv`v:Iؠkg2qTtQ;wqᕭظڟ<"Mdc߭*/C_|Lu ɖeF3yb:MvE`p:{V=rħ6{ @߭9B]I\䬹ڥ3-x4rDa`DBv#zQrգ'\55R7`B÷K RPsBDקH0͎)#{&j]OMELaTDpBAU+r'ZhS!FDpĜ|N))7߰Rea@iKHD+Z7՝) $&Q7Vr(vu {c¯ QW^˽3h?K4UcU C`c/t2IY&D5756gY'_(QFL;0z2_y_ϥ0fdI!c]#p]?jeMۧn#jE?}ab޵b_unXw˫|htz9j'8aH8GÑ*CM8hҹ wQ"B(ˤ`\Edx4aF3Wtm0|@]%R4lzNUʘ\ܻ4n.+ckm!c;jjNkaLz1|(O쿲N`V 7qT< n5 QN(Z WNj1~caJ\/DGH~mu˿<| %\m%'|3BH`4Ps3-TB_)wlRYւt<\DŽa,0Q|ZA7Ac:xX*~ywihtڰ,aྦྷ ;MDIen*2-Dm~Fj xy߂"Պ*v‘Jhh OCx1Ɯ9>栧Ÿ*kkn@}jᑔ{ъqp>Q\,+Dn) `"QڂXx1L |ZOM)0{Ŷ $EU [N s*4SM?[\yRHːMUR; &V9把ZQ0w*Nj)ۅD$r}m,)}mzz@k%aK`Έ`33Ҷ nO7 SvbQX|voJ/]AC\%^0ᛀ-dDR.IUEҐ/ݦL L+JPv,IJȏ+~B'[^5ua>r ?4\T ѹB_^#'Ս Ӑ`T+MW+,!J#]manjVݶʒ 1=|B5*7Dz22FtQ?Jo26+zdI\x8\o Au8b]59ۡlk<3.Lu6<IȁVpV2y=_@ՠDI}D_V0,׶JWblj5 4i4l 1k^7&U  x^'{>O'TRbݩh+q])O‰YE+}B;_sdB%*rSںVrIKgI@]1:a8dE-Ӿز<Ò=ǮY ,˼4Pl>Ц?[ue--gPd9nϞv1?~FeTҀB67Vv|s`&C9p~Dx9ky겷B_!msf-C LAtYh'ߊ>–Zuq_{K0*s12uK-6.1ncT'80De 4DF'.&sfD إ|dco^A)/As XU'Rb(OXVXiN AS)myzFqE6tp IZÆ?@*a-88Sݐx{U"bjm@ :>r;É74&؄e+1 y{σ6ʒ[H\ͻi<[gb3o>aIUdDy;*n8I1LMeݗH#eEX%HF)Rٌ&ABЧ י oiK;4#~Y{7>0]>tP#o}uQ2 lF}ATS+`PQ2w׋yJɰ'yxm>ReaI~'HA0_׎0O!|и 3V 8SC-AG+q1rυ+BƷݸا cbh+V~%"M J 8S#rJ"U3D觘 #`*X˩Vfl6yp`!4֚CW>Mg^XF\^/A0+֩pw0煨՛>cku-m&J.`ra.>#o7>OlqG]T6So7ʽ(wC%kH T~~Y+QV:!pr5.RO}/Y[Dah\'"H$Y:H%VwU1A?Y~!b0pd:tv94&%)*y#=i[BօWU;L+7rH(@K06fcO};U)݄ylhA!5aq4?BY3aEA," *V/ vu$~ztVb h[fro1W$KqFԪ31u~Pc !h~e w4i{P͖p!"Nu /L`[vBnݿhTqCn `}S_d㠈:|Gߦz:*9-9zэ9⯰msh}ơ6fӪ$?A{B,؂A/vUPsiPgl½kg{4>PW̫_zzlzo!8\gQ.B (w7˯\?Icgn;~!{t. !Kt0ÂZywEj c;Ex+ ómaDa;,E C`,fBkA,R׽oH-U:~ಗ^n!_ɚ{7%3T6f7 0Rpk%-Y*gM$Be'LzRBO;'}4).?7Bp|,΂X)R~ʽksCTxهH)xYa }G5I$Z\5D?ݐx\^o1RjM}kU&]BWն\:0tJ*1S sQϴmȚg'zdHf8$fn_dRkA(8*@"p s̉GOU(dC漯 F6@q$9~";6=jAB+ވc#~:o^Blf!wHz$ա^`pzayh8=OP'vꯑ1aeʡhP7wd8SpcEGfşn* |׍W7FPCWo^rhJpVʮ6~2OkF)dMήv2ؖg xk_[wh;B؏"z?j,۠jMM+VHgIA1C@~,S͌I`[ c.o3(T}G/C"o=am$0o!PXF; Ms<%FWo5ZoZG/fs5Oxssי 9[@úˌbg! ^-uP$WVgJGذ Sk[WIR-P6*r 3)c(S?L2 Y>l/ Vl| YZ