sssd-dbus-1.16.5-10.el7>t  DH`p_$ƨ%k) r,:f[/~;G[)j#z1SSe24yM-QVHfھpSu{0^tیzboO SYz]s{{.3ꡮц :v >/=Q@mJn,ljQS^e/I4d4v_]xWseQ֛kfhUź|rhq wp4(MEyiҎopD!2@݀EU(ݕx^s_ 9`B i%f0Z4+J|Q`3BG0ӵDPc~cZwWX+~EyV:ݻ5n/Mĥc!s_}wG<9j`Q mf5{ \@־1%ќRRtaB Fv20M}7n~4Sѣ=6{ي OEYjߎᠹ{3a97a15e73778249b57ad3a93e51f9132b5ec38e_$ƨ*P]rk7qc/tκAtܗ'.AC +Ř3$oCYD\faݼ;7ܹuTup\-_t\gD"tznvdڑ/2B&!U16l9R0es {{?Ncm-,|A|CB18F9 z5{kUHGM:U<$5(aSx7s$c z>5p]9pс 91EBy,U1,%vVD0:6ȯ mʋNWbZ@L58hJ{S_VA}s8g5 kH*M8_Bi8>>P?@d   : &:W]dl         {     "@ l7d7 7( 8:9::r:>?$@,G4 H` I XY\ ] ^ bdeflt u vw( xT y/<Csssd-dbus1.16.510.el7The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus._%x86-02.bsys.centos.orgbCentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64 if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-ifp.service >/dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-ifp.service > /dev/null 2>&1 || : systemctl stop sssd-ifp.service > /dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service >/dev/null 2>&1 || : fieKP a큤A큤_ _ __ _$^p0_____4601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f1018b8062fec54f73a99b3e6621a491cfd79f1d5cf7a27860d6f3d349c32fb31d4af5c7a0ed43c1186a18430a4d2ca7df2d1d613963df2fc7d4f87b99e49381fa2631eb70e5cdc8392c97e19924dc9aca4ddcf4b38a44ada079dbfd5f3b5c8738ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903588b6d960d2e44b8aa4ddaa94936e666df2d72be72ec79ffeb6789fb447d9f619c44d2d55a97688b8e2347ab1502b0ec058bd935b902c40630036894254de20bd0d2b7d1b4d3b09c6fc02d2d6a470c961fce7ca88dae0eb45225f32d16039e315bfc39ca16463c971839acb52b655cfb3b9e6f42b6a616cc7a042fa52f379e0371a3fea80bf76c4a06f907bcc53a3be1885d841153ffd9e06efb76e75baf2fa7rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.16.5-10.el7.src.rpmsssd-dbussssd-dbus(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcrypto.so.10()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.16.5-10.el75.2-14.11.3^3^@^V@^m@^^@^>@^@^@^t@^r @^^@]]*]@]]]@]@]m]m]p]p]p]p]S\Q\Q\"\"\"\\\r@\r@\r@\\\\\\\\\\\|\+@[@[_[@[@[l,[b@[a[Y[Y[H@[E@[6@[0@[,[,[d@[[Z@Z@ZmZ@Z_@Z_@Z@ZyZhu@Z3@Z2gZ.s@Z*~Z'Z!D@ZZ@Z Z @Z7ZNYZ@Y@YYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj 1.16.5-10Alexey Tikhonov 1.16.5-9Alexey Tikhonov 1.16.5-8Alexey Tikhonov 1.16.5-7Alexey Tikhonov 1.16.5-6Alexey Tikhonov 1.16.5-5Alexey Tikhonov 1.16.5-4Alexey Tikhonov 1.16.5-3Alexey Tikhonov 1.16.5-2Alexey Tikhonov 1.16.5-1Michal Židek - 1.16.4-38Michal Židek - 1.16.4-37Michal Židek - 1.16.4-36Michal Židek - 1.16.4-35Michal Židek - 1.16.4-34Michal Židek - 1.16.4-33Michal Židek - 1.16.4-32Michal Židek - 1.16.4-31Michal Židek - 1.16.4-30Michal Židek - 1.16.4-29Michal Židek - 1.16.4-28Michal Židek - 1.16.4-27Michal Židek - 1.16.4-26Michal Židek - 1.16.4-25Michal Židek - 1.16.4-24Michal Židek - 1.16.4-23Michal Židek - 1.16.4-22Michal Židek - 1.16.4-21Michal Židek - 1.16.4-20Jakub Hrozek - 1.16.4-19Jakub Hrozek - 1.16.4-18Jakub Hrozek - 1.16.4-17Michal Židek - 1.16.4-16Jakub Hrozek - 1.16.4-15Michal Židek - 1.16.4-14Michal Židek - 1.16.4-12Michal Židek - 1.16.4-12Michal Židek - 1.16.4-11Michal Židek - 1.16.4-10Michal Židek - 1.16.4-9Michal Židek - 1.16.4-8Michal Židek - 1.16.4-7Michal Židek - 1.16.4-6Michal Židek - 1.16.4-5Michal Židek - 1.16.4-4Michal Židek - 1.16.4-3Michal Židek - 1.16.4-2Michal Židek - 1.16.4-1Jakub Hrozek - 1.16.2-17Michal Židek - 1.16.2-16Michal Židek - 1.16.2-15Michal Židek - 1.16.2-14Jakub Hrozek - 1.16.2-13Fabiano Fidêncio - 1.16.2-12Jakub Hrozek - 1.16.2-11Jakub Hrozek - 1.16.2-10Jakub Hrozek - 1.16.2-9Jakub Hrozek - 1.16.2-8Fabiano Fidêncio - 1.16.2-7Fabiano Fidêncio - 1.16.2-6Fabiano Fidêncio - 1.16.2-5Fabiano Fidêncio - 1.16.2-4Fabiano Fidêncio - 1.16.2-3Fabiano Fidêncio - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.0-25Fabiano Fidêncio - 1.16.0-24Fabiano Fidêncio - 1.16.0-23Fabiano Fidêncio - 1.16.0-22Jakub Hrozek - 1.16.0-21Fabiano Fidêncio - 1.16.0-20Fabiano Fidêncio - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1804005 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1773409 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1551077 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1507683 - GDM password prompt when cert mapped to multiple users and promptusername is False- Resolves: rhbz#1796873 - [sssd] RHEL 7.9 Tier 0 Localization- Resolves: rhbz#1553784 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1836910 - Rhel7.7 server have an issue regarding dyndns update for PTR-records which is done by sssd on active directory DNS servers. It is done in two steps (two different nsupdate messages).- Resolves: rhbz#1835813 - sssd boots offline if symlink for /etc/resolv.conf is broken/missing - Resolves: rhbz#1837545 - Users must be informed better when internal WATCHDOG terminates process.- Resolves: rhbz#1819013 - pam_sss reports PAM_CRED_ERR when providing wrong password for an existing IPA user, but this error's description is misleading - Resolves: rhbz#1800571 - Multiples Kerberos ticket on RHEL 7.7 after lock and unlock screen- Resolves: rhbz#1834266 - "off-by-one error" in watchdog implementation- Resolves: rhbz#1829806 - [Bug] Reduce logging about flat names - Resolves: rhbz#1800564 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package- Resolves: rhbz#1683946 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working setup- Resolves: rhbz#1513371 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_be[PROXY] killed by 6 - Resolves: rhbz#1568083 - subdomain lookup fails when certmaprule contains DN - Resolves: rhbz#1781539 - PKINIT with KCM does not work - Resolves: rhbz#1786341 - SSSD doesn't honour the customized ID view created in IPA - Resolves: rhbz#1709818 - override_gid did not work for subdomain. - Resolves: rhbz#1719718 - Validator warning issue : Attribute 'dns_resolver_op_timeout' is not allowed in section 'domain/REMOVED'. Check for typos - Resolves: rhbz#1787067 - sssd (sssd_be) is consuming 100 CPU, partially due to failing mem-cache - Resolves: rhbz#1822461 - background refresh task does not refresh updated netgroup entries - Added missing 'Requires' to resolves some of rpmdiff tool warnings- Resolves: rhbz#1796352 - Rebase SSSD for RHEL 7.9- Resolves: rhbz#1789349 - id command taking 1+ minute for returning user information - Also updates spec file to not replace /pam.d/sssd-shadowutils on update- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider - just bumping the version to fix generated dates in man pages- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider- Resolves: rhbz#1769755 - sssd failover leads to delayed and failed logins- Resolves: rhbz#1768404 - automount on RHEL7 gives the message 'lookup(sss): setautomntent: No such file or directory'- Resolves: rhbz#1734056 - [sssd] RHEL 7.8 Tier 0 Localization- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1746878 - Let IPA client read IPA objects via LDAP and not a extdom plugin when resolving trusted users and groups- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1713352 - Implicit files domain gets activated when no sssd.conf present and sssd is started- Resolves: rhbz#1206221 - sssd should not always read entire autofs map from ldap- Resolves: rhbz#1657978 - SSSD is not refreshing cached user data for the ipa sub-domain in a IPA/AD trust- Resolves: rhbz#1541172 - ad_enabled_domains does not disable old subdomain after a restart until a timer removes it- Resolves: rhbz#1738674 - Paging not enabled when fetching external groups, limits the number of external groups to 2000- Resolves: rhbz#1650018 - SSSD doesn't clear cache entries for IDs below min_id- Resolves: rhbz#1724088 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1422618 - sssd does not failover to another IPA server if just the KDC service fails - Just bumping the version to work around "build already exists"- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization- Resolves: rhbz#1707959 - sssd does not properly check GSS-SPNEGO- Resolves: rhbz#1710286 - The server error message is not returned if password change fails- Resolves: rhbz#1711832 - The files provider does not handle resetOffline properly- Resolves: rhbz#1707759 - Error accessing files on samba share randomly- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains /trusts- Resolves: rhbz#1684979 - The HBAC code requires dereference to be enabled and fails otherwise- Resolves: rhbz#1576524 - RHEL STIG pointing sssd Packaging issue - This was partially fixed by the rebase, but one spec file change was missing.- Resolves: rhbz#1524566 - FIPS mode breaks using pysss.so (sss_obfuscate)- Resolves: rhbz#1350012 - kinit / sssd kerberos fail over - Resolves: rhbz#720688 - [RFE] return multiple server addresses to the Kerberos locator plugin- Resolves: rhbz#1402056 - [RFE] Make 2FA prompting configurable- Resolves: rhbz#1666819 - SSSD can trigger a NSS lookup when parsing the filter_users/groups lists on startup, this can block the startup- Resolves: rhbz#1645461 - Slow ldb search causes blocking during startup which might cause the registration to time out- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains / trusts- Resolves: rhbz#1671138 - User is unable to perform sudo as a user on IPA Server, even though `sudo -l` shows permissions to do so- Resolves: rhbz#1657806 - [RFE]: Optionally disable generating auto private groups for subdomains of an AD provider- Resolves: rhbz#1641131 - [RFE] Need an option in SSSD so that it will skip GPOs that have groupPolicyContainers, unreadable by SSSD. - Resolves: rhbz#1660874 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions [rhel-7]- Resolves: rhbz#1631656 - KCM: kinit: Matching credential not found while getting default ccache- Resolves: rhbz#1406678 - sssd service is starting before network service - Resolves: rhbz#1616853 - SSSD always boots in Offline mode- Resolves: rhbz#1658994 - Rebase SSSD to 1.16.x- Resolves: rhbz#1603311 - Enable generating user private groups only for users with uid == gid where gid does not correspond to a real LDAP group- Resolves: rhbz#1602172 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1622109 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1619706 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1593756 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: rhbz#1610667 - sssd_ssh leaks file descriptors when more than one certificate is converted into an SSH key - Resolves: rhbz#1583360 - The IPA selinux provider can return an error if SELinux is completely disabled- Resolves: rhbz#1602781 - Local users failed to login with same password- Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped- Resolves: rhbz#1522928 - sssd doesn't allow user with expired password- Resolves: rhbz#1607313 - When sssd is running as non-root user, the sudo pipe is created as sssd:sssd but then the private pipe ownership fails- Resolves: rhbz#1600822 - SSSD bails out saving desktop profiles in case an invalid profile is found- Resolves: rhbz#1582975 - The search filter for detecting POSIX attributes in global catalog is too broad and can cause a high load on the servers- Resolves: rhbz#1583725 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries - Resolves: rhbz#1416528 - sssd in cross realm trust configuration should be able to use AD KDCs from a client site defined in sssd.conf or a snippet - Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd- Resolves: rhbz#1590603 - EMBARGOED CVE-2018-10852 sssd: information leak from the sssd-sudo responder [rhel-7] - Resolves: rhbz#1450778 - Full information regarding priority of lookup of principal in keytab not in man page- Resolves: rhbz#1494690 - kdcinfo files are not created for subdomains of a directly joined AD client - Resolves: rhbz#1583343 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 - Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully - Resolves: rhbz#1509691 - Document how to change the regular expression for SSSD so that group names with an @-sign can be parsed- Related: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch- Resolves: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch - Resolves: rhbz#1523019 - Reset password with two factor authentication fails - Resolves: rhbz#1534749 - Requesting an AD user's private group and then the user itself returns an emty homedir - Resolves: rhbz#1537272 - SSH public key authentication keeps working after keys are removed from ID view - Resolves: rhbz#1537279 - Certificate is not removed from cache when it's removed from the override - Resolves: rhbz#1562025 - externalUser sudo attribute must be fully-qualified - Resolves: rhbz#1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily - Resolves: rhbz#1508530 - How should sudo behave without sudoHost attribute? - Resolves: rhbz#1546754 - The man page of sss_ssh_authorizedkeys can be enhanced to better explain how the keys are retrieved and how X.509 certificates can be used - Resolves: rhbz#1572790 - getgrgid/getpwuid fails in setups with multiple domains if the first domain uses mid_id/max_id - Resolves: rhbz#1561562 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal - Resolves: rhbz#1583251 - home dir disappear in sssd cache on the IPA master for AD users - Resolves: rhbz#1514061 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set - Resolves: rhbz#1571466 - Utilizing domain_resolution_order in sssd.conf breaks SELinux user map - Resolves: rhbz#1571526 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.- Resolves: rhbz#1547782 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process- Related: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1516266 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1503802 - Smartcard authentication fails if SSSD is offline and 'krb5_store_password_if_offline = True' - Resolves: rhbz#1385665 - Incorrect error code returned from krb5_child (updated) - Resolves: rhbz#1547234 - SSSD's GPO code ignores ad_site option - Resolves: rhbz#1459348 - extend sss-certmap man page regarding priority processing - Resolves: rhbz#1220767 - Group renaming issue when "id_provider = ldap" is set - Resolves: rhbz#1538555 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000]- Resolves: rhbz#1565774 - After updating to RHEL 7.5 failing to clear the sssd cache- Resolves: rhbz#1566782 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh cadesvuk1.16.5-10.el71.16.5-10.el7 org.freedesktop.sssd.infopipe.confsssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.16.5COPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/licenses//usr/share/licenses/sssd-dbus-1.16.5//usr/share/man/ca/man5//usr/share/man/de/man5//usr/share/man/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericcpioxz2x86_64-redhat-linux-gnuXML 1.0 document, ASCII textASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=6cb360aef9712deab177a3fcb4c90037f20b949c, strippeddirectorytroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)/R.R*RRR RR0RRRR R,RR(RRRR R R-RRRRRRR#R&R'R%R R/R R)R$R+R"R!RRRRRRRRR4? 7zXZ !#,:] b2u Q{Km(kjQ,9e;)̸}T/݇wGqJ^-KdP7!?5?T! ?K"ԚbAc3n3[؇Ze*vq Z([C`?,IUSP5κSSH3a^͔UWI";)C ՞,/wmOsqxa ʶB ݲD/1fDZ*s2cvP^oaNv\@5u%L3t4yɹP 3Sͻ6T, ux5txmf2' ڍ5bY6KJINMl9|Vd3~ey;i/ȥyY>/fS'ԦB4|OwU|C&pe"AP,a,9KLb0%`y^Dav1z1M u/`F0dcq?El[r+<%7oC@HHy>P \6&38ʢ:(d8:ߧD9Ŗ-\%zrȗ';WL|ve}rwҷz }2?l0Y`Dj+y-Dw*i}wK^W?h)rwcOt kb:P}䅴U?|6XjՐo9d~\qIP9 x-heWAT:~ $9'SAqmT]fݒpMLRhoqJ]MD뚾Dp )i2\m!U35*iy7/j>ü}ɀEsZ憐ܾ"4F@f閫>e{9|JML$|=3ebSImIIsi7sjܶ'MӿrK١4]Q,iTi$F(&2H]2ӥ 0C| < 1kGOSAc9c 8u-PA˲󔻮O7vfLUWw.Wۧl#)B8j%$hٶH TOQWJ r(b₢_֖e/2uFSK1k r.Cj*E[?GYViƹx{ަTә6acEF/R0x½{`PWt߽G:@pEQN@K9Uh+.Ę4Q, 9Nwࣜ(E2ͦF\}-qν1S*[{5:qJd[{AecR.#&U/iH oRܝA(.Ӟf Tñ?^ Lg=J S[$﫾Z4$(шuIZAgI%q5GQⲍ柍hͽ*v]aNa[KEJ?3e\>@ԭ$:ɳSrG ɪ&H"&[] Fy؜%Q@@x+9s,*3t[bmq}fqSL,k&.ׇf">c/Z5KHwMZpP6)%#8bnҦ#rAc Ҝ>S]v+Jwq=]ʻG0>tЕ=%^ŸaDŽ1~T{ZE).0 ^cc`(Ph-sXU,Q(`7 4 PRb# 0"t=N"TA63xO;gQLOxqB?}o1Wo;XdbvZ0^."" .Ws#ܡjBxp:3H?x%՝2$J66X-n'1Fpua{'~r;k9S{X&Vi vx]vF嚣đ1aARƥLwU.NSL1Tĸm4nT%ӑs컧G&zM5fe:ųPSa]h<9lώQ+o1⅁ܹwTtn,Ͻ`*xM'~JY64 EwSp1 FF;qGMF+pI5񂺫0?(2%Oĝ[W51K{t}bNo{yDZ,u9 f\Ү;~$Q"-VS&j&T|\u+ Xn@ hi+~(0*sImo^^>$ p*},1!4A 7T(c겏ܾf!ҨzS*G 1%zMnE}hxl!{Pp/Wn!~#J'{\i" ),+ Rv"E3<@iU>ti4[3TDg,:(-im|1hj˄c铛d5+ MpDb̹'' =00~(Ra+˯|},<',$E Riwk+햽? ΃"B㋂0fԢ[|T~n'V(^/. J-O={1/'J W/*| @ >ܲXQ25G^F8#Bs!b"!|gr$cz>+$֜[r-:Wš"'K)\nFn-'Y!O W1zu2刺ߚ- '!n)*8 mu9 Nj" Ir0TCm@ٛr(Z/q;cXVՓ_HJ-Eg8Iϔ{Uۼm֏\l \oL"aG7M@9BUU{=InY9݉-* K(V잡U B=鷮2  \^)\m FH8nCpPkogBk|c-:^_I[+O ԰ϤVA,c'l|;'=AĚ1\KƔO5aL4w#ib2w .[z:kpٰ.tvO xznj#qT0f"'pnWulGMO%t|d(dpƪ*:x @{.MZ,wSwC Oyò?&Eiks}*1:yI֗sJNI[‘}nb8JG{zO22!i/ ʒn.?T!U$Q'$ 3(ZZ"Wz I'MzI \5{oٗTGȱۻd#wǦ/: bwLښuV8S@P-elp$)>0};°qB*puXOd[oirߠS.s澓D* J%j("q N;|ffS 9`=Mz+HԊJJDCKjldJX3/TheSjv Ob6Ɲ=of JC U;m\?f+DA %]ZadRm9i+_˛}ú86}] l5^н}bJpHąޒ/@\[ )c0W3bwƒUA t 4Nx8 7` .O%zxeӴ`q! e`̔"$' /Ρiؔ7:yj@"#yvhc( 7h"E4\֭-&@wh5=_֠ h}[<}B*a-UG J'- =Yjʒhvv=13-x20T kh9\NoN95&T5g}a薞rO1+2)- l4#UIbrk_Ba:a{_&=̍/>hخN?y8Nч9'00 v=i|QDWf)5s\|UP IID9lJWeYFWQ)f&8{L櫭[v; h]\rhfw2ZTBCq[$?-cD9 ^/ Y"QψpK4|m }eIfv'>Gq`%"!iBX~VLuK-bq6oIY9z i]6;\z]\V0_m's]^8)5^WQ[r|t#_^bU0{abSOA5쵴* 5Wjdb]N9/L |fr_&H ږkqeA%dUoQ{F2)rYKALe"bp_ʚJeVɿWw0sqBM" $dEP_\k4xVnY|"(#Xr4bkRFقx9nF9< m^ 3ɟhn5r)h@fό[jr3>-aBQqf"qſ`tK=mXPE#%` &( 0 }fl0o~ͳar#$cޑɁY˅NW#kIS+'C(mQ g]ޗŤv3mjx.AZ *!5,8:kw qAxKL{v^OCbBeBQ&3̖Gd DB&(eR8MG"3y?2^)޺8|K;?&}NZ3 c{16 d%ĨjpSjXFpO%VI}VdY! Ȍ yy^"&-vaԍ'sEX=uJEO+I u'-Ź˴s!/pH~C/#H4X4;B ?ͷuozH#Yd?M:!LL Yt-VqUZN/h |"Ҵy gR"Nm\&~Jrd4DJ' / u|Ƶ7J[efIrcQF-;  rtT1Jht5:6_7ظ/QyK6s,BGd%Eρ+XQX'>F \ VLQG#jtҞ-'1{\V@ j"I!_E/ؔP{ÁV3H_d!uk,m-cR.iF!;KgDG jQ7a־ڄ;QO׎|fA{1GXRX=pfJ{F`@'G:k?,P[[̓XuϨetpr:a>M(?!NPʸ7r.čۯuX=l lcа=,q$v{9˕t .]OU!0McYDAoH^ eM{m䪩q(묍ŀ$HV2Qi*\Q3 ps}8["U՝s'# Ίg.DvNuW`QHVˆ%m ss+bI4w lh;Jh,Ĥ5A g]Ļɐ@WN^(C̗MYPnN6|,F1>x@M *jb+!prϘeȣ*KolxCZH"QF]P]^ t{#8·/>`+ *U|ՠԞ]7z9R硵2Gt)uSxgovJ;Wj!.д@A#NZ⁁ <}z)][]y$4.XD)B9ųGwӶm3O޳(p!Ƈ>%C ғL 8Y?g^ dn edX[ Tl#N0M'Ң$zcl0IL(QcI Lh#> )ͯ8#|t*j g?c- kIJh(*Py ':%1stÐc7 ej?{{ Bs`ZvhZe)P#^5C1i}jsG$nMdaV֩[?vkIHH"5qYKf َ<<t$uy73#{ʐ9Ei t(N ؏KrOqv\Ǻ$T斖o%%UdHؗpׁc-xބi"؏xiK]t? .ҋ +3ll|/$P1 .z@@Bz+֭j59ܱo<*onms,=zR&jS# op&][TѿatTǺJX#rŋZID]=A61;@ut08l`s&# H @Y}!jC R:y95 R ev?=K$ĿZ>Ʒ`y 3Uü({i5slH6Q0Y|B$'q?yHlD< n)cxw[{ZX^Y|hIH{6'lo(7yvnÏ!xˆneboߍt@;xF3BR\/h1䦷5& &)mZd<e*E.Bnȶ-7vcH~q4Zh|}WYKF.*1sIjpm*9+[>İDK:xL- lͲ⮍Fjh>fl!DA Sr2p%NO 9+I)/q_cZ5}9e 1FbzKBb% @|M)@$gB0]8}Vֻ\?>a\UgbŽ^c[-?a9ݪJ[sZѷ#VO0~t{rސr/t ZMϦJWăQ6#k9 |eqf @"&wlwַ*Y{xGU~ÏrYu؂Ap [}GtLC=¦ *oE rUBBUm6X2b`N4$== TB@ZBVS_ ~ ^&V2mG ?;Ăj=nv36zA:'26w弔":B$ՑM yd`LRk* (+T(PӍR\UX̱7}2L=) d֓* O.SO|T@Wa%][dd7ΓL"P}D]6KH}]_)<^ FL}ѾӀ`bf8eAao=(vz *Nywh}^ S.Sλ[.Uy;n?/3&'KZ^/h6&2j$Rq #8'8hȸ*˫3Kl-@ܱjx:iBqZmr+g-^[FHTaǘ<!L `Amc`ڔǗijp-REw@Εxڅ7Kgi6*?6ov$D]T4&Yo ·K#ؖ>%P\.L큪cԓzq7~%LMZ<]H[fBM`vxkHh-z/Dh2 Bcd>`~I}Ta;:1k*5c!`,!ʭ?!_mt% vW.^45 㣻N` v4JuK .unvKy<Ɯ E;)n2ׂ~fl*k4tYk";U2SVZf!nl-HT,d"v /?3Lh=VVqUfuzh[ે\Xg%;V9<,>|45|0.+u8i P@ JP_@&V}+6f*qDN;ἃo'7]4p/wF)a\2,0[rZ1HAV(l Gcpx^f3 Cs7LUSMrwA;LRz2o(OU" KȧQXh* *%pF0?MҰg!NXdylf*db>Jjd^prA8dH i [bDr#M/ Eڗ_&+SDmzJfJm̢HĖaiā[vћ~GE?/bR=Dj懇;& a>+}zW%Tyzp:PXԓ-zdy!ZzݤDvoqGOAa{;{>a {8%ݥ'1~f@»᪏+GwY{ei88* #U*"@AOȘ<6ݏq*oGkhO kN(1s 1(C1#ٗȍY^~'v.=Lsi,\` t UYq^*S UT*'=Y~p=/m3jHx]bșcW l%e,yUi~: t9PC=jc%-sH$: s],(:bMyZ#Y}fd 튃ê,p[޸3}fHY\ʡb[ "!"$0%[?xlU@ آ\Vh7uA;bhRz;`k@]*=!@9$ѧLߡcUGUR,*Fe;$'A8ȒYm:hXȽC049iSUs׳]14N%:yI]zQO&kG&92J$J$iK&=m];Z~JkQW/e9HS"Ee 5y 23OG/X >g\CŽF q[㴕B@3 5#'mYv@v@H5{&¥.r|$ʚ]58:(,O> 쩺1|Yi<TAy {&Uic ś*Bte@ b9 b^'\2iԣ|"^b ZJ Ŵtv1\f^ZucK݄?i?-#qf9#J|k.K!A i'x/:@(*Jhr9J]ݏim={'ޡC|l#F e!/%# 1O,թn {}]XHQAț&7.O)(&yA' U{3l1F6W?/chC*9۱{1sxR\HTDQS]&!sgCC[Iomv%F(Բγ[HK_(mݯi]h6Oo5p$GC|ߐG誾P& q,V rZvѶ80hc%#[{Bc2_Д /|"&R4\5qvEM `R}d,۩q#Ćs2oo i 2cZw]j)'*҉m 0=gikCd?ZN _f5z؉0Y+ JJDlG{/B W;h\­f06}P튃XIu'\4=VLsnξFir.}  E]WܝIZL\ ƼP/=6bʨSyX*gK nw.yJPnztސ$ JZ _:!☠A0?K7'L1r* @%2)jS3A dlK˙cLf}v"77 `ɡ=UmbIӰVq?.,=+4Bi[CLep2uFkU~#LS` PgВxE@219iy SgnpκFsOM[)Eu&-pP1&]p\' P1SsSEw07H%@|!6A61D NB%1=tZ%H[@0plݹ?a.Cnxxb;Z T-ʺ?W#+%Vm\z^ͻLNnT:p}ʘoӯƻ/hϱW X:1(rgch6)48oF@*Sx 0ʤR@_[s#Ĕ'ٰ0k}ɯ.-P^O)[vƦG|%jD|x++Qzي+I8 RU౪DF<ЇA[$R$ ܲ^ZҜ: 0?&{`97LZddk!ZXBȎqkZ MSP̬w@ح< /SC !uGԋ`9⌸8O@D9q rpU J޼az.;KޑvgIFsgg7[kjW`Ґ =|P zMk>ѕnun9@J{pVXsiKTBSP9p L\Ɠe߯P80{d#5Ap/`:|LNeU>["e!#+gfRsjC)YBV R/V{YML`u2nԔ|(;Lp2#cCViU;kZ+ȈC|Vg\_ r4s?GXLs>iRP媜(4L½y356uk *I'8\Ќ@Gu5)|#y{2yFڒL<Xz-:/!rNu 3 K@Z?!]06g[]h䁽7 I=B :5p0He>]01QVM84犡zfEa5{k~o#ѨJ%}N?ټv̶Yy 8tM $Uε+^8R:%A'Ԝ# $~1<^$ n!ر߱KLUu(Sʛ|(C:8lw;;zTv;_:Q@YfjSV`xc|Ts20WCqovk―v"彘A?ʼnA@PpД)z9Բgݎx߰PԦG#LJʹݥhDhhsrr'ISXoԑl >M148'ݫ] U9AݿdfJ4L/<7)DEWvKD^|{b0 pWNw0V^q/0\@; ÛW*8 #㇈Gccg}<*gW ̷ԍBAg 1am6n̵蓊JJ,@ʻUJfjr[:46#(t_ (#4ľ1h` V^%v}&:8;@,"cSU:d( 38G:#fk,  F?RWIta̶ѭM@G+'1ЀʌD ˲WF%<{ ql)UsVO޵}ɕŰ"5⥫]%+xq> N(xは!%4_@Q zg\({xM M_U6`ڠWbE\hw+-Fg}v)ƒ\n2g/5~RPiHN< : -^_yX1< VITQ HX*Y[bJVXa/vK8x+=uIUAˀ<v9턙E R8$9rM:A'?yF7Q#@sF Z$K%K,2T>;S.(!XlxIR#eTzR[c &,;?=n;'`AϫBnQtAI㞀w˽ndAT@R׺PJnhza6|03F/ _He?7ϯ$b}/dHSPR]vy`,qZ~4Fc @ٴ*2⬮+t}kWc+ֽ-*}mE,YU >n;p!te׍Mժx#ڡWjc ᝾SXHE Y@1-6]h rEc"9RZ`+_CGk\'6m1UvwU]dr^2DC>Zu-Ѿ4{MÚX A+Lhhmf8J_jW l'疙RM Nnq?]~EUNG{ Edk}U9nN+Y<^9v\E6Ex!e+@pR+뽒 4\LU%u-s?ֿ,$#^E_zA)y6oxv݇ ݱ=b뿽%uS j1iGEU /xdUICZ?1?4R}eܬ&0U#Qkip5@?lbeJY &E#Be0f"#ӛ_ĄÁlfft %9~?x=p@2SUz (gsĄkX!#H( ;=eM6f^.u*Hp~otN *\I@co'()ަsq.6F/_čuW3Mmv!/+%- tDFb3azVa}scK5 B.0]G5rFj$_P~##>$ )x ^58e#w4!t0E"(.:x @zr)n(V-L],uIX#aJ+=}Oan7,64n 8;r .ёU/qn|H5#R!maa0y_X:"yޑkݻrGf]E5-Cb gN=;)|l*ۂ}tӥ`uh &_p1Ak8 eiYM$S(rr,Tj7Pc" /Y;6Mghf8%G&?+ic+eBba2L" ˍ^+JGR&]e +!= ѡTĶGxFn(c?g$9d !LL.Y~ha8-Bw;Yɱ}vE7iwMK3M4 _e[ng@^t FA(lu< :B>ŀl`EP&] SB4(+(SFOX[>$QMt8Fd+5 7+>TrɟM2}Lx ۡQ]+$[ǵ|7%߻ >Wl{eu(: p]=1[B)Y??ye3m=HZԘ;+ >RN 8XN X7.GZ;5t j?r ^x^yaMf k>B1!My_t\+dEHjpP_=jsAw̧y2J{NVE%uf%O qE 8hxjY77j>)㷁9a+hoZ.#9{5&V+ +`薴|snn<H}NM-͇tBv/y=uS4:2O79) w]\9O.c֐gP6jq+ቂ66\Mx]WMMZ;D(f">9evJOty_~9ue7;kWV-OC_|ZG<Gֵbp~M?-@'`\ ~ I1^Ti9orm6*"Fl:b*O%^TLo'UX$ZE\m 'Vb&y%rP9A93ExAPL_C.] x0h=VF NyWj݄=4-/(`KkR[I#gv9Xk*n};.ԧ>toek"71aأ V^ELf ith!ο qAA' \>Ov{uK" cj  bdN'6'{$ϗu3#u~< n:=a@k*e_P@+SI* A%A m4)qX2ǼwDpR[?o jZoL߮Q&vI MYtJ8<(~R6 MA=jɒdC r5fV +U b$Vrpj8kPD+ƚ)ڠR%Enjhl`dВG22(d~z V.iܙ 7Wg7^R?%bRGsz8\~){)0˴n[=Oϟ8?A0:~D@7}u)q$'1'_o`Ȋ";%v?SĞ &5r8͖۹-UvIE$kq5^X%#v"WHGBzɳ*4Vo7U=kkSG翗;5QpIerT~v1^J~bCl+:OR@Z)hsUZ}SDž(1) ? S,)?g\:&ZS>ע@/y߻xAEkꌔ͔{\xٵ&/^UO27קSoΰZwZQ , ]^GY _30,&U%H *X3 ffzK>8m{B xDjcll W *[t-VSn2.67P㉺Yxw ɧt=c|n__qt^|#RbC;V%GY?o7Dv,Q=b#Bؑ$Zv6tۑ  }^{?HQv sD7O"^w 7E8FwdE}-\"c1'-1Hrs98s3;rO~"%C;Th#L#6WIаrxˣx~WHz9A?!^b[fW6xD=% \iOl<'.aˣޑBkВ=_IWPX!f*{&Oa' }s/ %Ud&R.oζ.ݳCwaY3/ YCաZo˨1y+g]5;\kLHQ*#/WdHFjS0u Z@ FVb֗PΓ}ۤmL)Nuу;.bˉi" ٭R/vQϷp_`KX/흑aMdY%*hzeeƴpxB'q!IbVjJndm[hpA6F\@_sc7**`\,dNͽT|'H=_dbQ<#[1@Vm.Bq_Igi*;/V `m}zkސV${cgNRI_Z/;/On5P՘Sayn1`{"JϾ==+$0d뼯BΟSV!\\|dFe"!)V%*--@sa]dr+;L1@RT"¦R6]Yt7ϟsIjNA-\v46/nzryH 8O@D? p8@@ qK 1·PD"VlL!j o>\"7>[.hڒ&&S 8_3D:+G tN\~=C-Seq2oG{wL}W3Q(t $(|Ԭ] OQ0bbeG5~DBlQ&c_GSs:IT3HphSD̓OVIS^5AhKd9"a 7 j'lS,aiZS$o|IՆe Pu$1k).F5PW]nJC/X+Ww,R#4 A5{j}&zf]8^|R.:|o].B^-œшbNYݙB* 2 }L gJĤ%<8TUx2}abGoP|Y3Z

TKV5dKE-#[ܤd`:.d\Уi>Nj j"_l285` (\c0G{eeC!+&&k\.@˥ ze*)(,€̈[^_ч -)wLK@iy8L m9;,39 O *F&4At9S2W/%`ʇ[37 ôx%A :eŰQ5ROnְYqBfV!hIl3Lf()~?#]aط[7cJ)V.1V I`l7!B %J~ d|^|dlPJ7yۅR*X_stUV:HVh(f[ XQc-8 ~s N4r,XŘ gW_(8"NYhss3zbԗ̬K.|uґd]ibܪmDsYfB͝Pg:a  םw(`LVVLw\љC1S=缤=rArĎimt"O-ޔS=;X ǰ»aUDjlu5Ay8 ڇP:y݆e$Gfa&P 3I А&Gf"'~eLV3nkڤ!eG'ؒFr 5|DZ!wf6>'sC Dd&)5\c: K1"h)]U'&-#̛H*w8 >qEBNDA,gXv%r[ kZ- 2A/wAqD:عmvX`?$3<";aL9:Oۤ^q*rG̓Z+)s4;5R{q4r`Od-Osb(G 7'`&`dK:f ^ZnG|HŲf_ʯj.W0tSC0?}qlc!a[p2[@Um<PPZ円{FdODĔG~F  v-%Z[G") -"FYKH48>oC Q,T|V>\ttGG%:B^Tstn>fͷVsy #_Ѿ4/8[JDigC}DMmbriNs`gH?u옹PZڛqu%U l;Ja/_K^ As+8jN6/O@NVOJH~rbb:c+Ȟl`gƳ][O#MCމwb^Wj^d!L+CvBk9dZ z:rKDC/-OT eb^rߝukcIv_~_zB :'ىI(owJhTl`1yXzR|˜t?:q"j^=8|RKkN23E|B&*>6~b oJ2Upt%M 1 7|DZm|\4>iKqK]V;䯐Ե}Mj}6!HĕmL1tιߋdO<6fbqqkOF:9y -`EٖY";}}mY= 0Ժږx0-V8ɔ 6N?;z0o'_lGl9~{ .b4$C$41WYtW24C]2!^˰W(HeM6p:%"?֥ EH/*|B9B!c"BYof^RJ? 3g^QB@QH<aDj&7 sg(4FSVT©w4x"Չ~K-CQFf=swKkH,5bB:3K.Ѵ"A*+R=̟m79]GK.EsIYp=+g95v) it8p̹FKs}˼?(4\޷Kx{$ ∡rHy w{.1Ng`nYOPܳ 66 q 80[Z;voDAK{op͔4"e|4.y8:MƬ 3^!W瘳8:Yԅg"M!{2|YW Me[03IՒ`z6Dy?z?W>|P뾒n)4ƶ\Q;j_m|nNv*'s0I h ٗNtyuȰ_T.t /H9"v9(Vn5,@PKifVHgE-ᙪ$ Yn׀2soehE>FO ,v3 8B͛.v7BDZ5W?W{?fߞ´8>X4su)T$‰(W K|$H`MXt k<e׋qF:Ծ@B028.H6leUy+,#U;<@+ \ZL6YLR-(' (C5ܕW2GIWG%QS}KNȆYM^9rm"jQr1O'^&g<]`%C k!r~Y Cȳ36%]");A@z@G$Bx@qC.<$ߕ 5^Dh5 í}GCit9 n೬. m覌ۨt^[5(fE=ZYM1?_@gv][ʶ)l ~P518}MRe)wcℽ̒oamAT.|n>1j}?QHGtIԱCgf 2煮D 9Zm?G 5ɀﶀJc(h$nU g&Caz㘁w2|;BO͍l79PBgqüU$!v o`A0Fm?C) {Xi(]پA4&2$B`ї6PU0gd<BBh2 iG.AfvKC*9b,c**5u@-YExaoQ;vJH`6 ^n|4mEԄcID%ҳ]OtOC+HrN|Kn`/ׅߪ> ROqG Dȓ+qa#PM@֚418"oeHIeDx:3f F9ag!*VY0<޵~Cu֗-E)Fz؃բmqx,lKEe2)bdjGJC^A >!"쫔Č+ ?۷^z$}Шn l$"wHYH<"-XNZ[-C?Hɸ8KUݿJgMp`goe%cF~b8)K">}x"a#5WS nѣnt~nZ1󶪦}$?>z}+.pp+$zsnfj˃bL ՘GIdڃl8W դ=hMKY Qo:u&ZsFe)kXT$Qa%аssv닫"*pNE7aG;2edj9$rh/K~ [ 0 TqK^p.Kz!ѺـEݭ +xԐc%e lko!چvF٧ʔVΓX[lX(@2uJe1Z;OJtO`b<T0Pغ[uY¿Qp%r'CpӻDLfAӬeE;b|N**at'M!Mf#+O'#Qd[ (Jb_.[# rQImFr?bnX%Gr4&$͜MYyhN}W<07| 3Lp5upk1&eBJlgqƱIjBɚTPߊk@Hn9YmBYrşo W xgك&'d19nİ1)j+1>Ͽ2!%,>$W5`)%1L;L}oJ>H1`+(s|o:R=Ho>Hvn=4.̩ ըH"7Ree2Fݫ/H3N0L:?_פ{ 9F^]t3zfTސ4댕lY}Q #?<&wBNxvAh LM鄵Yދ|nCl]MTA+D=kXd,'yԸb~}4X efq2aq|]19"PWT0 j C!u?*jkP0 }V:)/06{=v] \˜i\9L̘$fB( Hz3z04cnbFxYn .Eg4Ԑ7m[vfGӜ74OwMMZ[wW&g[[ a8eBiUM="bڿ5@&$Y]J8 yKo8̒Yy~  r Xs1V+p} yu'*@jD+J D$b~gl8{-5x`G#~qåt>e)@I4q!kU?䍗^Yor ]$uRB_ ւj2- ]E.1rQv!3QLjsֈ@Hj*$DڰLdIB]Fb!-@R;I `2pGaX2zaVܽ¹'iR$qgJ0޷Ah3'T2,99q &*H+,2^C W-[xe*E51P៝&D۟Rj4#IѦJLQADIIc,8f)( fQP2Kkb,w24mZMT&+d(nͱ^ YN{CvSJSm\GCGB$[ M4u DX>OgL܍:mz!Yj Zp63I06J~٩(F{\ue;\uY] Ii%x5mi}S!х°yEr'Ww[ъK0K.%z(y#B 3^3 MX\a?'v@uZx^JlkWqW&&׵ 7x+tdz"fM[02P#yUe}W(M6CPN9riS8SbGg^/>b֙RoUW;u5_1ާNw4aBgNNb:REFӍm~ ;sgЭ'k"rtX*c]0<%m(_sxWuur&0$[-/yo Мj`FGV١d4$J EAaŒzZdQӀ@eBi#4ߌ"_:kJ̴]*k&hZRǚ1^.?MHf4u3|n=& OXv,7_Lm:Op&9\ a _%TFR,Bg7Uٱ9[ IO(i)Ղ:&Pk䯀%[T-c5@/!|$xbW0vXA /$+HLĵO*]*  ć35p|C'vJ7`#JqLYpSe -Ay8qBm?HU|$uO53D.6NbKCǥWWR5b7,yCC "_hAP>k1냁^^.5#vqg{uȫGF\9ee(S9'e:\ Z~D ~$2)\m*#\DGt=N4=qKfTN?x8!H[ 0q?1 tՕ:h" qvFO߈ 9c!$ud86J)uynj4 HHrI| }, i"99䋊$2KJ nҶKZBYlpewy ]" okIț%sң^^,@fć_\%Z"l`awUnȕz$}5OzR-h"ay~y?U]\~k$s'L6wW PwZoMB1u^3;rR"p+3Ol6'o}&J@^/ostUޝ?Bd6g} ]} J>i?˴>zF*~9=NnQZNqM~΅Bcc٪96:>tBa|zٳHՊ+jWI0Lp|d Rom+[ZQTnAAk ՚# 9V0CUSzJ E80/@BRTY:ڝgj`ۂtn|@{k~0J5eYPU .I]髵R>JyCz9JEbߩR4ՠR~4 44f4жo\kE|hoO?8"zKTOB6vƪ˕wpbU1# JGc-7sP^f{.L/]K9{0*bu 0D)#xW'RH8> {XP;T]LutIԞdFm4Iw~%l3i6R3 8g<6Dk!;l\f_py_;S8LtE Q0ǴJH'HA^KV"~~z\$jVj4y2e81P`GUX*h ٍc1/YLY66 ? чR1WCNƁGT6}Gdȓ%LKS?H?uS7ߌYA8;{,tcڦ֎.Lrj0G@V:@_s.VB[Cl! ȲZ~b)ghJ,ixtR5nrgwo(x1|vfm[E[H Wy9[ml%-$HFC⡩"fuhI՚Q0@ E'A"YdLtKS;!BX^p(=.xTixL4i2% [ܘW|mn+i7aGS`_^a77L]r]Fedf]CG(D"#z}{8 h"wޚHJnWC "Z+Fkpe#r#ֈFG6NQp P%c i5j͆1OelIr=jgıq*t|}0|ɡ0jյ\vѡOD|a4i۲ac| U+C|"e.dI^^j]2 l&'rc'XgM$Ɉ-:)Lt>e&/Bx,l5RtҰc뎔0JR"i w٪f?֛EhHMQv/ 21-է{OEDz8טG:{%ɶ{&d%zUV8o['S5g[)UXn\ziEq-(Tc(dV~tP Z y!B7(-^HrȈ7Q:k OqljKTE$= zzeja> >Yf1p[h_Q)SSk+`UqXiTX"_o$ z?]t7 oGGpZ;N+`YRIRT`zpL| ߌÁfR+ur{RR\вSMv GK"_{dZW)'NF SgO#Z&Yitu\i]˺ae8l! HD ?qH))E)A\ʇHjKdRMh9lC Qy\Tٞ{v̯jȽf}3v0BAp )<޲`z8lio-U6-/Ch^9=͏&Gkmk EW-T * ;[#ջ0$(6C]HUbĮPϢ~gB6z:D_k fv^r"/zVx zԡY0ؑ.^V \aja, G}0'*u^$\'?bH¼-jUt<~TUڄx_?*L9qF3e}j PJr})饆嬦m"|F:t48ȸf yWF(u9Պl1XrgN gp PG={ 7ߣj>4G pt#-?$fIM 0>ǧ9{Me6u'?o_pe=LIȍ @djk̜GSbm=9\0!C/:>_/PsgҬg]Mhowڐeг-v-YUSM(&Q h2;h Ȧ9= ŖuICXpISyӒq?Zjo-FR}o;_ީbULx=$4Jb^kse6] ZMPA;it\j} _~d<"qv4UUr=VdyD,FNB%69:]O+~%PX۳$tfdj7հ[>nC? "NQͳб ϝ9ۀ#[%,)Kn&H;}IG1B2*#b&?m,=7Ąrnj-EФ~KOo?}u2r) hIaްj{?.MBb Ch !w76WX'ݰ΢>B4nH OwX7OHC>mվj32D|FsS %1}Noo] u/Z%8mA[;$6@cG\D3"B6R )>U&'8LkkoriG}7pU2M輪OB!| kMK ʕI4{V| gvm'&V"a1pG+9d$HM_bm_ʤ;`/#ӻ.ɔ`CӃ8:H_w0@KSָl߱q䂸X]KkR#BӀeWEu S-GMw5>ov2-u |m#0΢tEǝ#Vu*D6z A"Ϟy$C})U܈vq'S+hB^P#uEf(/JˌC7oi Vcr|D(0#/JR5*Ӈd,lphk`>W6a۶]zV@4 w-WdPU"q(PJ3iQ`qZڟc)DwVS@B׀BMZA"JsBele0łF>"jޘS E` 7kITF+֟_/-2YÅ[o_sQnyI_%4S?u,ˬ16\Pl=wYSUN@葈P&>Pa@~d^_Jz̚Ή*_MuC۳.>۫!n'Xx*>[TH*9[PD1ENdv18'ݎC=4t0U.6(Xeh?bԽ rd(f<=jׂ,n968Mg -Rc(|K~I!Y>bz0-j**ۡve~dǼ)f-"|;>"_=|,F=r|`:!޺"&8CamLNfnJleYCe~K[ϨHV@&G(0؇>@J9r[XF?`J!K\ 9' s9@oOSB)\wcjm(ݵ>4ʲ^(G`=p&5sW{Quy#JeeLY]Ĉϸ5;!%#k\W((uzVQǵ stM'>]w ktC]T(/J;ce-޻z@43@ʠB^T@^YRq#nȝd wf()X1p U{ "%~pEA9犵;LBuZL q_Xyʂ/#pU@nAb#pzaԴ7"oʝ!/OM5yh>5a^tee $$? ~ڬELϽèjyz`?e\ ſbEe5#ʁ=mpxY;FX}4o,|IjgB1"Ƭou[0}*ї{44*Da>܂A_PB0G[Eo9L@e 恿#/(-Ni;heٰ_Ae!qq#7Зr6rIv.Kqڵ}&.~reJNld -:]wD9so*[rDS&c\`*F :C6w㬮]]tfކګc\mxl\^/["q^0m}̅%sko.,y]o1K@܋@dԹOTK嶧"pD zV_+[D#ddG͓T)iEIQlp|i]]1~p̫{ow),וtM{<?ڗTdZFd$O(,a5>> %ϧ7o_ ar]DL0g4g1#R*NEFZvx!| `,]`V.Ow7!;+1ы89;eZ\1@a҇\9&֩МN  \z=f[q]2oԈڃG}4?iJ =ia=K `,(Gf:Ym2]YM4#C!ϵa"<,"ZEJ[ SKw0phb-XﳳBh?kְlF<񨌳\eЎ n\Q8#^hJpٸ69]ӼzjTQ)&gom=\a-JUYv0,A9*LI*IT1\pe"FI]&3ڏ"HV4'#'U33s3f4o=2; 7>A[3*) æp#{ڌO)}T$͵č[1*Y^{:V!Hwmn $\:?E?ض*f̜Xcd H=Q,\ElH` ط{{jN/f#|ҸD9*ńeZRxۓ>܈lyBP Ze90Vu msi0Ǔ;]F.y ,c>t%]7(X'+L.lHv$}4vNgcgFA\VaA'ZDDĥJTĪ{ҘxA7=w>8a7UȽ_ٚ$>)0Anp6ƀQ: Ur}x."GRR+6YK$ ^7dM.B. ˢ1v %$\P9*֚koez#OR QCxa/@aKged'*?҉[0!AY*Sty0Js&ci CWE Vigݙ 8P=8'y$k=T5#`DԩyK?yTYb= DM*0g5HB葉NjQ'jk} %3d,-)u9Ze6ғ=.B^^sb1kfCs.Fq t&0N:3(D<̔E~PM@S6f79;͆x(H# Bb*g kMD`/k{)E`,j>vDCҊst>e9LkuyaMBk ;8ŖM>F]-rU;dE̘ެ`;w+NE(9v9dpQP`PNA~NӾJɐb.z{^z"ai 2Dʔ8%rZ1>XP\ 3K]6hK.FNwٹ h*9;˷hEEi(9Ĩ+R 4I`ȧw>^P^;xW$q1\=!siLNlRFyڕ ~?F6 _.3&hLa=诅 /,O+8 hMl۷0sӘH|P@BTXKJ/t9`s,ߏ<$( C&&bSR HcH^#(457jb+XTU;92#..7&odSsyǵC_9{]^-B(h7{jn3NI[K&Wǰ K#cDQҁ(G Py5^C[̱olOrϒ3]yw2zVrX!_2*`zjO=k;?/L^6CZ,}5jLZˤP|Ebzȼ>e q kh9|SKԢI&ƿJIOND\cO/)8Prl#ZxKAκ >>9NlF"wPXE€&É땙Nΐ`b;rϭ)׿&wHϲ&tyÕmYVMr|Ve!z"_Lj^'P aTj&PH3p义N2z,̰E=}! D"A$o@0k̙oȌδ㢹JIo"Ա͑LPD uBhXu,AHEE 1AOSA.Gp.c%@; ΝclX<(tjϽ0SKПߧ0 l;`L)?z/|<SnTp8533h0Q؜w~fuie׌1 LJ΢'sz=8I2ku325h뱝oYr[:5֝#6IBc+)7D"P5܃uuC"-mXp=%7)!i}T e7ʰGq1B̏FӜM/ J}K·hy^=k3X]u~m6ڬyEd.}u9wOڂӵ6/v*Viרdtt TyÄJao-UPtAM x{sXT ZˊJ *4x {ShfO9O.y{K\Ioix!|[׻G/O[V=^u^ϣu餏HtM J|sbBDO{ߺ D3]22HxyI)*EG)ߘ1,koY*Ms"StpaFzV&OpuJw9I͈8(FKP#eڳ8PItOPenșm.ȧE: _cȡrIVKt`g<$(TέW٧/˘Ny/R pSS_AvF.& ,o4&O+nuE2N1![@ʷ9jn(Cxn>E{, P UwV_Ѽu0)̵';GW!ɷvNz |k+ tY7yҦiaږdx`kT*Hg;Q. 4Uw-a㲮!&UU҂%_VQF,\؎8ҫU=NJ` |3B8o;iDUMPtĠz̅1;o qdޡVj|d^ kQdrGs0{+bȜ5rf:tW Ϩ6p.GR0RnpBU΄Q rE~4,`Z7JV<)fn)`JANaO!*#ooh2V[e,,D'gH~^tG 2|g*Vj̙so W͒eD먖/|oоV"!I3D֦X7q'bs{Dq5F4i/^&DL4HʰVFE{\oQ(C@'J=cRfƿq+r 'A_RǔlE 4`}R@EcCƶ@cIwrRt8;3nZ_My(E1MJɫ,} OrsN̮`.Q vJ,kڔmBN׿xW{vX3NKrc4aCS:y(̨gqS'X迣C3FcKވxmf2džs-`Z|*CliڴuE푾 @&ǤNČG~ث{"%:#o7@ !,RK4]Z6J"NP#3_]+'4/V.E GToe nin>޲˧-I ?¤۫ߑ5zsh(y9ViMhPFQM84ZƎކx+b-> ?58w̮6|)1)|"(T{hDֹ8fV"&D_fTuZ |ּG{-țZ@GѮ#(*UZ?9fW8\O?r;k6vuѲMD5gJ󟂓?;n>KntmҾjSmpSg{ 4wUCQ=A+5];b)]JoپBKv!թ*@mVc+,f)+k3[Behp™ݢ)cE5S$\䰢*K*k gpVSʑn uBwc Ղ3k۰mQ^ .SXtEnmu|C^A]Pb?qeJ,87,hMLe.޺ԡaxL5 b]H1r|23q 9D)EFfL/ D@rjj^ǰ 26V#S{rFy@ gDTtL2[}&H[u!_@V4+UHɮpBsf & (6f s'v)E.Hr`f9L jH[75R_j1ωƔŅmCo9 Z||taɱx 9'%xFg#z26aH40vZA?IHKz(5%.hz sK%\口[7\اMvupsV -gǜ=ΐ(wIv.&䉝}'rVp]Ӡ2BX^e[(J..w(t>K--=7'e1:%PQ&ZShزq$Ny8JlLZ{y)]yRr A(rQ. 05l|K:G8>>UlTy(\v{;C `Z`'/ݣ'1L_&wBŒ$&&Wssnc kXarL\OCw;uͭwqkGyeva52TSq c/QҜˌ CO5:$l" jV:0'h*Hy:N}*n[bhH:_$;s(\۠<8h15mVg"A&N-(w=T1vEφ(u>g&s&8)bVzpgsQ =be0Cntb5Ҫ˕GHzş^wv:N@ z\xpb |.h8<-a}SLD,bX| ,^)/\~j.ZBϨg`{Ŋv>ksI& e /DDJ A%4䌘vP|!H\Q htEYEB;=Ax_NPCɫp#pHlqXM,DN}hB%iR6E]z`r~ B/F[c4q9u5Zy2)RIWM6i|ԕ3C 뗄Qt ty{U}$YupVǹ @8I\ X81Ry"b_P/qG)4ۣA;5C!<%z'08juƘߕp4O2Jm׵۝]qX A#ܵU@qXx/IѮێ{BNC=5Al,P= ٩ FMW-|v8KB >ɧp+Kxs\$LwyO6=#TƧPӲFj P`^7"/#H.x@T4JАs_V\σު E4Ix߳lTŊt%vKx }E={?/G1F3D.E7kLy>po&;SbNB0(1VYȃncmZN:՝[zQ輦1O!- &[#P%@6"HyK  !Kiys&̂ןT\ՅߚXR!sqI vT}^SN+WxVB0a0C~ c?S;hw8;9=JGDACPadJ8!|MjQ?$ޔJGUxưVUikqh{?Pꡇ@H'EL‘Ni;^oc=E]vMf`jBCR6&4H&.]˲B&8EV݆mbﮌEJ]"Lgr" &&/s;4քG$Ą'|c2j Ք5Hl :/zV/4Uyag Ý6jH{<{CZЧ#[]KKgzw6P K,7b eVQdwp$"S!R;8R \<~1ؤ-2^~Ɩ!b-@x&+=¾=rZCX;qWRk9 ]ňLjbmy9^4 yM, 80HU1QT2y^ؙ$CdsҠ%A٭L Ѭz)(s;2\h1;dQOm#w ػ$j(=9x]hl!b_K)R[_bGoe N0Wik}J8~"k{5A2vƋφdƕ;kPkƛmML~8=j7T ծűlK5l1,Ԛp^qGڱ@v,pb%IhU}%[X kSLaI<ڱ!CEr5?6kB\ؚv[hc6niD1Wh8*[i~%n0d?(x=_PM] oӨZM|^CU WRdC-8"l( S׮A.wIX?8RZ{PgAнHΌ ¥^blKșYF09c"ֿwXzGSYvw.p>Ũ lD/-TM=Fxׅ:PܵEwYk@o4`!}QW]<{L9r3؏UaDNrfN"UrJϘt\)$Xr+Lz[:sĵ‹ p)~72X\䜅^#?V@]]HpNezMD _S!(M{g8*B[2BM-7I~?,ϏS5Cc XXŇЋ0u9[8%icpWBM]cpihPQF2 S>ya>OS@Zaw7& a;pܝȓ Sg[%9Zgys 5.m/A=m9n9N~u/欃@gꈌ'uiP]wOY)6DK8q^U 0QK͓ AI@"-#1'Cwb jx^Fsp 5rC' i,?Yp7S@K htE-0a^"M9],hY>a/oɩq|;):zێc Qs[-Fn?;9Vz\`L;4*ť,0C%}CRv߭mM'sq.JHe ]h!N ht==s^ ~ q+jaAMa Jxφڵu큛WϠ6 LZ$ڋK; yHl {KU4+ FY [vjrMy&EN ?`Dd]QOeRj.~\A$.SF|]+>#mRI9.0dǮKg64{|*qcI̘.|ی¢1I9P,qas4 dTkS!?e^23k^#˴pk\؁osƘ0AZXdBvsz.n=:te)"6U{MXN@C<])\ }4*' c%' ۲gy%#,ɬPv_M}IG=lx\pȨ0~TAl2qNsgnedKor{ @y8zvĂ'8 pCk7C㫹.ґ34j>vJzj{}'`z7BVL=+EZE77& !i]V pb}g̵5Cm 7nuCgAR]tQ3f"1xv>5!Wq!`@dk!˥M$DFNGߙRS{[>v l@C-ˡϟT~bzWSf*0# q꾭A'Ns%BW vG\I6!+Lb^MKtm>ʋ$9m%ĀCV˾ٷ~m#j~Xktj:ƕ:Kǵس΢QFAãT"mG!:\ ])(2 Xx1R}Yt*1RDܫ /}!tcb =" zu,xH Itʶq;c9"'mӇA>8Ck}DX 5YkQ!ˆ,qJ-%횠o/Y̜t*Ο :t+^ZNQO VJS㣁/AdnDd?1 y"{_O+_OCKUpvg v˗{SuѤe~<@Eu䶹mH91qi lx ֵ?B2Y0jFp=0+ٗDzj'o݇w{@` C:liQGLWt-z%Q%lMh[Ks6/iLq!+a@h%# ,~ů|#)g2Lc`ZC'n5NfQ{ɴG{ΖR7rφioZEu':(}#j&rOU>Hbp K4Q,,Y-n»bsBh<&++?ҷMe L6ymfD-Dc8dmncgiWZf+ kB$J2kOXnc_XEǹE;U!!z^U&a0}rr"1S}Q93/v12Vn+shȓwjXEsj;d{1u3πY3y`N·j;44o+_zDnanys>Ѭ! e=N+hH5={.N<|r/EƯ+(MyK R͹Ąiƻz:LS@(q1$~=,)@ y 8<A~M^@{SP 61THb2B5ΘJok"r*xBc7]/2nͰ8V#Cޯc PDӮ>0<[`: lƒN4YЪfbߦ:߫v48)lh+5p9$MYoK],?+T߽p ueShۏ QB,=ffcō`Sh3e~ҙ!'yܥhcv4}QrvFQ0d!դ@8a@O\25 _'MZJ:z?sCh[A~.rqZn垜h@htՈ?-|r?q.oXNxEuWTHxE3Db^5Z5)k^*fW ̼b y{y d|~H:kT(a3Rt4~*f3~"lQQ7b;fQ*A/ċ -$3b&@YYQ)p}pHSz$w[&ebU44DmKA|muw>7!'n&qUtdĽo"ߤ5rLǐVZ<L5Pf>)WTgߦ! hl rs]lRiMB.tǤ+E!{!]Rag>l _1(ҋVn$e'nya#i7ICssq{/C1pNKY \c`I^= ߡq\ Vv/=h[e˞{z(Jk!"0rV5JK}cdĹꡚP6TRbͯ@ >Rh5-!c M_d\j)FhF⫚Agm2yBXu}̩G>Қoɶש5&@4A2'ֽF="˽|>;wc DY^4x D-Uʹݺ4Ţ0 10@|7olit?ɪUC)";I5\^E!VxQ~Od7)(/y}mq-'-i5bxw7?MTHG0 f''v X7N ؅ޠpaq'D`{ g:A3#iPi-hp::+`ol@'ʅ6a:[`r;lD{bg-Xp6CmSy0к( )&QIB Q)w8[3Elj^L cA6#[n \R}hvGB_k~q|t5̸")8}TSDGgK s&FL;,b$(Cig3X$ k@ufN@;o&${FM &IjNfZc'Unȟ۔80_T{`._bMž /H{ V[/ T Zɝ+YsL,ETRؖrCŀ]+u8 t^@U} :q[C'QemTFc%)^MOtPezh~k# T tguHVPٷ-^:-*(q]=eC>pV,$N|- >͙gJ.q6Ӭ{NPht齼Y* &TAjgzKu}n]ggԯ ฦV9$p--bVi5Ql\4D JH䧜pZƿVӜЁ/~9F8ʸ/^9fNW>u%Y{S%ڋkF2kn_42;wz> qiHI\'<6BcL,xbб"]0yxߚz\X۫9[d?:!=׈}dӢJl'0a컜~lYtd-E`5 }o#xUb:k{tzӿX°Ǽb(des[ jObl17Wy3[3Ȼ(Mxq9m-зan/Lk׈-}r5C4q>-_6Oܶ{qC{ oAdǃO{؂|uN3yGXJH%.C_Qtݬa8 cDG&rV_%k|'9-kp}#>*tX8i#D.p7^|!0`/9 H~餢%+iR!x^x(/<؋im2<6j^:lB6H6;N*[."~c╃@SRk ]/Rߑh,a3Ggl HY ~<4K`((hO a$4EgDDi`RF+œ$bb$_yB0%g˔bz2\ !jC>vtYVʠjdŎm'pn\&4DKqn'WRA2rL">7J Uc9޶Iڑ{Fyy=*x1Cyb0c=FgE#Q5N3q z QEX %y.UK%c^,1VN_G&G6ͼWfk&LFAT7}LUGcHIq/0 cs n|A{ۣz_wl#,)[͟\BA͊6߮ACW{!'1jDi ``Ս # )ͪ I["3|CNu*ǒ }ԢCho۠bw458Qt]|}Ltv s%MZ'Cg4#a k ąTs⿃%W ix 0`itkTPtoSqE7r-P~/x(BR]p(_]*r;)d`}ZkZ[ψ֋zc)9b&n~Z\gU|> Na;"̛ZQ=f?:Q5OP\YAeDxw8>_V>hLS[?5KT2l rZ8h)P3ptb._\ߝ3wadݴH6kJ|2QnkcR6M1| ә[ueV:^+YF @TP%#Wqa R1l q` L~ *v8R|PpZJXYRBtd7SI ~cց"r*Z H񘑾eڻAo>WgqԚmńj4p) #&`K}qH4[(=5rtl;(:[3i)BVk0zf,7P1eTxeC13ߕMV+k[7"5 ۊSuMDduˬ 6rϺƮF#K`Gnq""WY?zUTO;B % SFBt,-:dg]0MwE粁ufzΉ-܈y\ɐ%mi~Ĥri&/ob71xۀߒK̅#]6 xyd.{RZu20”W pV?U Dw&AKs{ߖYR]`j1_k~YTM-lƥrdh7-yV / ^<r\Usz 'IeGcq_5:qpe\dRE0i_Qc 2a[@s{켘} :Lq描XW[nnr K^;K&ը)v#aa?-5UeNjZx j ;'=)10.b=`&.oXO׿yu_*UN LHmF,!;%Z;c}<_-* hl|$$GTHR\Sdeaucx8K֜Vա SC1%Ȁ#ثTUiMG/ Vu"an`+@t]C{5(S: D)f:z"xeۜZşl?1C;ߧzc0j-'Y#IO,XBs]Lug*z&_gGJ؛C8/\Uuyq,m|"7)nBtG8G<9&_)*z aYesNg9 C2>vVxMclhC;q Pot"H](5dݘA&4I;o;jJ/~~nSz'gHu.>?|& ҡG G2.Rp,D>!mٚRnJ, .gh| wRJBv˲e`y$ jw̥nB`vK':~,iT+ҹn _9`xX\M; ƙBeOR o,7ssEStt ˆfPp 8"uX [:u[Bzъ6bGa0܀:lrd(ӏ(yR( oE~xKNm<#~15gk~?$32o{s5+d'&዆~'@ z)+֩3OGH?kHe*p22fWy|erzә-(WjE4&^[)d9c~ n^;`:6<`$,ō iDf<*my&u0uBS22M t7iy|<^zp׾+קP}n[Oz0*4؍. }nD]U|qyQ Hd)b.``VNKWd+8U$fggl24li@_?uTaЂUZSy%:XNQԓԊЅ|/r3`hOPW4–8*LU\)`Q$xD"ܾcx Hᛉ"F](;Ruu{Bb-͌S@@197PHGXQhm./`A 6͎3Ti19GDH q=C-Rnv׷cq'&kB߈+ yM62 _[d xq2Sja]clk$7!P¬BJR>ۙY`VZz%m_PK"}u}sqóΉYflW7z 8%"C%U3ix;vfD 'eNVv-XL`BK>N d`=[B\I!P tj)OIjvBSFf^DXN@5!yBk4gD =}9qQHH?$ CdL!Ơ> Qv}^'EfN3x4L#bplQ̶)5f8adm:DCOS\n2sx4P\fej)δ6`a.ʕa]bԅݬz(xv<||RYH Pem2;fIs\Jcxtݍ†>hKtyyxiU2,Iz06 (QHEX(?CF{oޖ30_~shy 언@NNjHnв=m#'Oz8)?qgN͟E O]+v2ոFc@ M>\$w_|>> ZG}9QpFrPVAizp9(>ԟN{bzf>h}/T~hPFvVB e{nt6Xe\~\Ƞcwj.T +|t`(oa2 ] nQ#8  jց R}>JS*'à#Pǃ5@1Є%QE(/Jy <sp>-.B$mVd~fl&Vz.YRٍ[[-u%9 KX;G![*{%ym).$ijG^a5y {|+BLm} 7]SDZ4Іm/WKr{y0>heَJs9Ҍ"1 ]1YF) ӬAG•Ywй넟MvA}Xy0 ˢϋgߔjBKV㥑=Ƒwaj>M]UDq{^U֚Ct.;0qgx 0K1,bGz5ÆY/~҅oEEQ9&cT[eW!JP2f;uᵔ+jùa'KO% xȚdt4Em*%҅@a)z (w1ћ Ж4ݡ<Ē Onx=\,L/p:[{|6|yHf?Zhs}svS ѐSo}Qh6y6u ,@M7H{+9(]%0 g*>oO݀7pۿpW9,:}8 \Ҏ*K}@J'+C޳*]{Q郍Jy1TNRM' ģ^# b )߱W&KCEH[ dVV&BL);xu3|mlxTZܞ.gL!*Z!0SHt12BL)34CچZג;v¦H0VU l^c Tox '-2Ҝp͆xL( Ἧu h ݋]ZP&eh]X˩3ҿ59T2=<ߎWmW(1 O{S\;0E >@W<˄X w%Ff~B8i|~U"1&^Ѷ;O_~2LޒYγIF| W_@ewlqIrmL CJ!5OHkJpa @jG{Q9hgL{ ꮑ½@䵘S \:4A/ةkR%;@!VޫҐ}o)FQ~`1ȋ6@J*pwkvBq62 R9k9R 7V 4jCl%T_>5u'Iӝ_MZ4Q\ss`4x/^&t2s@1C&O'ȊeӘnwK=%xuwk`U(nl|Z\duE"Z<4K:{8dTT&nU!#])n ]9\mٽ\sLZ0xmG )K ~1eI5:⧤8@+;b S+gb S\U5iq',IY]P0WfqAӒ)ڷDPd&Z/j\TۓtByGN&ininV G7S_V#g/6xuu' $/uwE1)lgUcJt%.]O%i!bRryR#wrN-V~%"W쩻/1D| K5ӹ1@9/ 'b/FpEE4Uj1Ĕ# viXqNbu6Rw$&1p}8(_|A\jT7)!0a'`!gHZ@}$׬I/}/㱛ge>"Vډ:`N&JW(5+8̦ xv;q[I tڹ7 O-y;rƁ=rWYA`d!J_Dq89eEF]J[@?ƴ%`TVHǺ a' M|D>m]ez xQI(|adDKpTCDD7R4m4"ܗ v$p1A߅m04fx^ZW`}-8"!eYc4n\gcbG; 0ޫe)| ۭ?޼:;pD:V%*7%  E|L2S gP9Mh0VA,Ep$ XRs'kxQ螺&icN&\&S^kT&-A GZo}Hϰ t .|aB5jY\ȇ8|?9#ɤ J&[Ġ,WLt8-\ >Mɦh6s ;G^ڣ. YUjK{aIkίb<ڏmO_I!zO}51 XӴT '["'=8>lD].| %*RY,Rbp{;^ud`6,rMf Σ``LƧ ^&4y%Rɇ +54 W-uęv*86* m!>%&割P~WRSHTR:n,RIsXNz?Ǫ׵@I3WY`;fHSpL(g蟊Ӹ{ k}0/M qxAHqd fŮ.!q1L9 Y*e5|goc3RBWdq\§fQKqijOc  [9c@ Gs˲? 01#X 1wnƴF Ø-4% k8P[h `8,`"^@.z`CCv2;Ϟ yˈؿ\ÀIȐiD&06d*Ef.?J3*>˙>Er1=ϰq9JߧӍ-Q08]ҍ(yhCUSjE)8!;paLq !r pvbJlK[)֣-rcéw4-P?qNa h6*xc.H~US"`ϒw_ݨ^&~\EQ9T6j靼r2 h1P1 wuYRm D8"-'uHPe^䰔akLKɢ|@vAyMۖ~J+rhZeƨDډ.T$MP3 2mÜ}?$vm@Q{ XiPŎ!y/̞MUN zݔ*67v㞞ضzٛR~}{Y8P-QK[{`UwKE F3@Ԛ2HdC1nP.cymXAzBKH#Z!8)nJZq43/%Z`da0t0hL[P/a`T Y~΁Z]\C"\l `Uָj]H՗E@(7{Cq #R~.:3.Nz.O\ SgoA/r;2BVS ,cKWA89zdѽ}~г(R\B /Νò&F`hkbXㅬx+Pxr%]Hj&ʼF++ 0-EB쌿 &br3wt3c3GR?P~ |;+GhV))^Yd SKQj?hp‡C>j+|x%F.ӄ P̝ T9+Gqy 3wU$s\LBj]rn6pjbe v,T]=D.U¡2}-L]4^}eIZa+ ͡khnaD3rhwX OJq6QwBk{PH%*B~:_k1#V%k'sjriфHq&?c۬Ӿ. ްmjs&s|TU2vZG1uOtx|PN!eE-e#>BɁY΄dx]t$-ҏj .n>F5G:hB*cߒgs['ꝿ6gᵸ>#F&oIi-;5Xѭ TM/mq$4i_ )G[ m.kqC'YȶpU/V* xf㯠~OÉ=QJ? cux/9ayQ]=6^M2&eNP\.qRTqOc8YyIVl~=4Gr:qL23ߚ&$?"*7f}m!oTAm#%CqhYwk^BŎt= K۴rxNACյc=+;.>m_!ۥ/1c+б}}; OFDhgcBR.t Vkɕ߶xpΑc=??N`rWz.YhaɾZ d8yEXbl'? Tom˦c/J54F`͢iD?lRz9TԙfFXިJ%DUBwhK\%Ua6/'0ER7$ֲy3cGY'"NTЦzxk`Dޘ^6OZѲ4?.~w: ymT6sj;"] N_hR?6iJ",?1A t ($E;fم ֤-Kb*+/[ۨSL2$u[tdጋA6PIUrc .V qDi9J6 n,QTu_J5)yrydY\[K$dZb",yKpaJa͙0,_v%)f$Q._8k3 ?D i[dL{Vխĸ(+N #0iY>\Q_9jP2|UHS 4? B}!v յLф mAfµv4xȤ J_*sڳΚя [Zr`C-P2;qY3Fk2&K$SAᵾ-/|aCW#jޚe oLhREQP.t?;֗&~HJBN^{dE_75yY ؿTH6NTxdN$4 7{ =Bo4fow`MSXxP5zc,˜n W/2<NB)~]s~VkwQ7CO\=΍ ą9K[ 5K )kX`.-51"^zzywLϱpxNwq9*Āv>iʏ  }dO5cꞨcNj\Z`"T 6y9:[y M}3qs Tٳ+u̒` XnΓ؅+'zkÕ?8a k HKQN.zBRtFdq[ 6Ug*sG/_#\"8)ScA}N $_>|8"d[y_xt0ؚy]ED0:e\sD#slx_1‡&7t&A+,\XߋLcv8+m_mTbWu6H~WLr=t*pe]h[ , C}FDgߨ)9G b蚋0e)j^eݏ}: Z] 0A~@?$@Tt>9,mB3AL >h26R ^Wf}z3O}EQQ톱2e~UzF8NۣYXڸmbs\tOAN.}VĂgǏ0S S=-ŀ;լˋ'$v?пKY6Q! )=Όm䆋x˦!ϝ}gr84qY S{%\%UZm|*9W9=,Uj]2/5=ǯ5}~ RJ#"߲_Z43)sEиx<_Qp11\0q'sKurYyo&d7Tz!Y:u toW-5=w+%4G#п?kt;Dd[9o7ߗgw"^W'B.Hꖊ@T%x6QDqnEl|q [Sr؇GMsMΛ`d?ά&4B':AHLs۴r*O}[-QsJb`Vu'!SГlLH<4idl^G5!7~31` ׂc[[i746ϞKƠD\mljOn)1!6iH("X ްQH\`f_dvx(}#eSt7w8z 1_Á>(*Cg`)kd4 &IcDsUm8# {^}yj^Z³E.o&ldmlh_osDB Reoa@҆fnV 2m/Obei沽t)Fָ3+Dp֤چ27Kz `Q5ɥHh3Q<^CS=@Ne2VkRC  t{Ke+K%"y#p]#[µcڛZv(EDˁ1#[w${΂#t{D89b-YgGj7ka[uݪPkUv]Gf`4CEijۗC>b0Fg9u8Y6I?Bf9 b+9čo[\xOBRW 5(%d"XK -TrF OhsDU/鍙4LFcgߟ-6\诈puRM9w]͇@:9wsʳ^d9c{G/eX4ܰ6pԱ۫PaX{Tm ~h7Z_xέ];56/(yT1㧆K*_eb"#g:~rqa{L#"\讄}€7J;_9rل 4ΜťTڀ>Hܭ3dH|#;x|::c-/p&jyTjܙ(~U@M  w6xKdp,5wً)+I3hc,sAp- v/pQ F=1Oj^G _IcdTG5s%aC&4]rǛ̻D|DxtM!/P 7 m/]˶;D *'3{MU2w8 tĵrɓ*A| 訿Rʼ'FB.CE }nc~*t{۔t&i5`_֗A_]h/N7xǙ>'~o$@FE/@E\Bד; >YCF1Fo#->c~ s-n+Lү L=\a6f|BXbF/纣U1m-tܤBoޝ.]#0=_O%\3dRbFfg1mQGllDub<)Xc֨%b61)C~]z45A#=׋kiN+>ʯn&yD=4{X)󿃳&\!g}!$0+jOQ.^θL@,Tnr ؈CUz-Rg!/M]nb,k2!2gavF%'9.e_e&kJ7tɥ(D褽'=? I*AAtVƪ7~nM`~\#߼+e:l[mx##QJPފAЋ{ȉ5NumO?r6D˰w4*A$u@R#!N0t*)U*SiЍCHt[''I%ޡa^BWVErVS(OAw nWq^BpEl|vJS_ۗ: Lh8E%26 ռ:748GIܯvn_P~KRK{/Nd Sh+ \5ML=UI.^@eʎ. b. MJ1NwϩwZJ,8l)CBC6l[oeoD uv%MM-i.ͭ}G,I$j鈩7d6Ȥ[bܗ'?| #gsv^!A< 5Uyfk~^LV4A.~pځ;b(\L]вn^}!˅\)++xWnZs.녰2ѭwd"Uk8!yp.fOOJu}? 4mTXٙGt73_N =.}=Agr2Ցk@73 Θ8Ȋh^6B7Ì2mmM);z0^HS>_ĖWׇCtWN<A2wXþڪ2;-p~c A۩Rb`l))TmHKau5ra6eHh_JQ R!=(au>]r] Z^S0z/ح #IɷIrm/7qAȗ `#]doޙH励luXҘ5IkJ;j]0cd!:sH e[lIdą2VS4e ad[#]tV'?.ް v},\ê&8hߵؐdkzE1BJt-"}8{&J6z 1O/*;m^/TSڣMXTF:+m;Nc8l݌ň.7,8!%A5BPSKWXl<¯*,*:.5 K>XDF~Yn$l G=YSQLq-ڐo;+yYc|23˛yd9W@+L̘xnagTD2>mxP~b8SІߌL&jz~LȅmIO8I[c'9xIgV6< A_Ao=ϚS'ں|snc6(ƒ gsMOc"˜mDwnV>¶caI3Wǝ#SmZZ~)h4Lm.,A }30w| qt=W7YzjD_btS ,cc99O\*`C=g3WY] NA{2Pl{ S`ְ9]7hWlb0!^2_0[>~7NptΝ*<#|bIUH4p$jEװVr5^C([T޷$ͷMx.DZ+$I糹0_1;IxbmLșݠƝw)Zӑ dI$<<@9VM(XMZ7zmt†m,<(&W68mu{qY37B5l,UR&򘇛aUEݻE_zDYl"J58ke*xRbw6]\m+eɳa 3?/HA'c @MD%#AA'fge" ۭPARsLoK?4qB-MSwAcޣk~#,Ƽ8VEUKg6pJO2YhLcgIFOg9NBě7d<5rIkvܩ֕R((ҝ~Qp\Yi ;/^1 '7c*W<'(el@ =d6dyBF*!\e#,CvX f/G64 L ;7~ŭXeǶ5VY2UTcWfgM@Ӫ(]x5g/d1`V(Kn$#UfJ(-8Rrd8Yd ?kXpd"؍=&}$~E23)dw6iXM&jD'y ޞFD ̢֤BѐKfӇ B4g\OXN`bgL29hZё!XC$`k\V0 9:'v`:Ih#H$KY]\9]]v. O|D?~$NU  7Mo<Ȉ_}~~$qfC'*:Jsf͍_vM.(iŎxZ_{%}or%& B^uNaRj ڈ20ϚUmpF`)o~g&Z/赁 Τv@ށYg5A.c4rmMH $<-f^ ER ix,1|".yb_PHLuy^blKr JqRg:f~:2h>&$^^J5e 8CsԶӻ=&PG->vm6ǷN̯W۸0 f}kGg~%Ej d[K/H^cp.h .ןBIGsru(&B'Kns(Mf$^z@"%(%1I޵ }J"cHT *m1H]/8}}TY?+c _IYr j#~A1/~SK!jsDZVRsV/<6ey Oy.ʤa}Hc.`n0b/]9>=-r'Y :e15fJrCbDyhQ Wly 45olsZ!w (#ۙҢjhn٧u/_kav!EO>D^3&~+1$2U@Fi%=:JHg*%ɇK"c8+;'bŖltɗsjdWJ`t_PN蚨6coǎ7D!d16ݼ9f [#OS߹ sE(m"j@ղn cɍAKsrqdG'܉ED}0Nu~FjlM^Qn|3l(Y\jd1SvV瀶? ,?7Z!ȒCѼ[I_guxt __ X /XH`Tq-yY WOD;IIF 5Rxڍ^vROɫ'\20{8B^6ܖGfP͓eNi3'Nԏ=K h3B} 귞nPK-(ȓ߇.I9B`zi.&ȧ +N/hLt`_Y_5Se &.bd>تC`%¿r=AÏFzQ(n&7EhH$uZDQ$PUgW>q]"Z%,qW ;j'OZ,o9=jrجɌ\"IdKDžTsE#\GYwKTݷZc;`pT,%po}crc7( `Wpu[$ȣOӪ?4uN΅|'t;cHv @}9. D|&poqaib;2Gd$6Dz)sB9ۤx,|`UKH4£ KE{UľlRvRz&_~:/v#2? 9cJ@ӬůdbCx\"e9zc&Vj T)(0谒ǼjZ'5:ީ37sxa,Vo^؏KB4nd$RA*Á#փF@e+R;Qк6jտg%i 1h!|-bmYWGu2`DF~_b HKC57;Gu[7Q]:{'.R©go`&'/[MRSzrqCv7a tU:,"Ppкr|D+4I;rn\AU:JMfo%A=TΏ%rw);#L+)+^4?eRMe.0L,~Ә)}'m1Vz Y7P]D}{YFal1yd^ 嚘 MUTd8?8w^Ҵ6}&r-&8E1K:Kp!d. ܈Qg[ w|+XeqRG@@W4hl}ˮYQ!${N<CZTV j*:x+Oϔop(/ G{47!]{)[ZɡJlT:Q#j͹*YF;XQ˷|,߄a7Z@G-*dt8E8ragy3("h3n4'FnNYHDM \.8 q0X UOhտ%lifH eO;B"៩2.^5aXsPV3$l (⨚'OBG$G) HjIvdYVWN7et8{Y|hH' ] TR]j4\ Q(Ю!!]lAK@mAq$nr)z[}9fVw+CQPq-:0 RgKr؏–HO@lL6%9{+R$F7 !1i)<ťvyB-\wZi?ǠFF 鎍Yҭ;=9/K_&( g=za-A6GyB0_d/ֻT!z̔I<ЇG(sg_/y=B0e#o\Ah1=,5ܓ] u +9Кsp LJWK-yCΊ0]K(dl^x[N}VqX $L"F} Rc{D$?wsDzGr9ˮf.cb! dJj.?kļ(AN$\/=57}Ɩ@޲ƞQ= TKHrgM cC+G(if% m2s xIX`E"y <[ l]=#z Jí8.wO_L@ բ)IwJaI}0v"=ԭ_)ĥF$#n:Gk[Wo`5W34,)CwRӫ nK[1WY##rXuLs֣ۗG3rQ-,J ݖqh^Y^c!45U\}|* UZ^+v%UyYbf,uC5 A;Øp8 r p_eahxZk T/m}Ig-T܉:!nS MMx c{0̚Wkݧ 4#>dDŽ6}rǎlƺ֐,W3`K!΢KXd`qoftGîUN8Cu#EUםoL|MHCvʇ@fɤq VtqB#c`\In'8l4n27b/z[ оBnDm!e{%R.NI,ۉ-#^KWnzCJN:y#iw6Vi%V=&Բo;5DRdOnaPQ [눖;:,:w4W Afmʌe'=IO(o^: ^z?Dr i2k pȢ`lv_S.؅HN>S->C n^do xҚuO<1΅s\ja=A`ty<,={&ܜ Ά΃=RJ9Xp靯$«@:K8_%7\LɱtJXyj+o+z /$KiMs \ ;BKG15W &Z6naD$5d>B Nl>^(OEFWq'K s37TQ e_=G *=ԍF͆;}%(.+z$1#r))y 0^+Mrk/\2ȋ!fH800G,CJRqG[rsBa2k;/0; հl$Za9p+gZoڨZm܄jB낈Gh::8,s5Y"$6g~_gv>9W;pߺaZZ9Ps plhvK[hb]ũ\F(Sց;cedJ!=5F@JC7ڎ'H٘i*YOQ΃Xt=N?s ϡBR{/i)? "DoZ>F}ֱz`b<s(G]t^1rxW"!le,F{"7}"Ap`qg*1B=$'Hb "1Rir*4.pffC QCu͢waVDcT G$A%Tm'd0m<@4Oޜ, !=D;}k<4\Si'q[1OE[P=p,Іgn͵vg7tߐKPijAlK*r9PY>Whd\Oq43C-F阗XT\x(Q%l0R8hUx@g?H^q}&u)Վtg7x1NSB㵝=IQFQB'e$7*lR|; B91JՖj*W)[[#I+;Yo :VJY3~4K5Jotf-(E8yntƁlwoa^O|5'H+ ~dJȚ!0%J>~?TP )>g"ǟ_$T؍IL^%ʬ8J:=#dK\P~P&}4_eM:? Qo_%||{+>)lmލ&7k$$)6߽Ds/q_y(%"ɏ2yly 1}wf>3"g~v syIa9CyjN0N4wpDO|Jb:Fד-3SUӜ=` 3> Hv.J̏1WCdWMnK?~HsRڐ.Xˁ=|:L_w'Ȕs]=YIW)_ZЁ8MM38Y${q)lmJZ!N&lwL,a` tFH4xah<Y8n|opzjU9Dإ&u-P+-CAQ `w5fs-W5<L*ԜPS`S"} -\n$Є] ivsg`Px[Q"Nrؚ cYZ:H]b_' [!75A^I ibiBXr yMrUߏFIu"3jqLUv.~3UgC,M ⋒^\mM{O" 0б%D͡~ހpʍqN=7@Xy~U@Q'D1pҚ"ϛdO_ !jsbdXWWƄ^Tj,nKj$>FdF{,Z,q,&xAɮVa8\<)Ym^;(\ PFL8]H* E CVG=F :& DG>9_Zk=J&GRl =Ѷ n/g I^ B/)߷%?]'ڝ e3Ү\pY tW=_* 'sk//%@5&{G'v^Hփ睻ۓu ERNc6]xLr^V9|`qjauWHCCq3wPKHEe5n5IƉ<zMoIŠk{ ;cUsz[V`&h zN F8ikU=Q^'rt2{7O($i^.6ttW~TpTX3IkCR0TC/+AdD &wtK\iϯ1ѷֱ9: >C3Ú|S6镑;[Mk7o(_Ь!gS=qI/ׯp*gW5hH4^n}5m72<]*|LfuMduҀlyl/>-xsvBtu:{zP܃'1#ϗ5q&5g } <MG`4V>:|*A:s!$pO hm#*e-.:Qխ1INijzNF9RSuy,Ticݹ*DxP=jͯ xBE2 ^a(`?'{6 r`^ߊZzdvyyF&(/+٫}F8((Q>j[T~Fj?|R %@Κ:.1{Z3JǼֶ5WK>NːOE-4څg6lK(6s5+IqHfOahEPgN:r痽)v8JW.T&Vk8i/(yG;e7R5|qr)IY]%K0 NXZ[-ã|2S ۯ+d%D]2*R䨻Wg=So]Ҙn l8830:v1{D bufÒE~qaʽD[ad,} @Aae#\SHJidwF9S2ad;Yo(j-pIN'Hε[ל؆AGM.tck/h:1A%-[ǖ5i@[ J$\EǼI'O#$6Ң/!(h]_x/z51;;t*+ 2J;> kA-]G[ӀU;l޻S0P|mBAUgpd:~T>XY2op1{^Cn @zX e(2.*)KLYy8JCq;kc& ͻզ^Ѭ^-؇A4{xAOn@6j "v7Tdb0W߀1F(+DA]@&x4Ӊ$u{[![YKx,+ʷw"+ѿ _Hc\5=8FK.o6{`Țf6+7l9ŰqÄj~WlC!2{2 J'uO;l ua:D DG/|_nkΝ͚5 gn7wKh^buGQչ_4YNv'vYW8X1 k+P!t]lحWH:xA%Bc ݓZIqԍ| AuT0 :{9 2.](X@ŠӤb0ŕ>F#&2xXOiU|IwvHmJt GucvrY>Tw\)x; M=4胴k )udzѡɞ~#!mLk9d70Ǧ<8[챍Ҟ!D}v4Znsbx|V߼>Rl]2pW&l{SȈc@ęi2b\z#ָg+Jd9/;JRL?+ T.KC,8 0GoaݧcUީ'w0#B7zpx'K>4b[Z*kyP"`҃4~ ]X"TW ˳ mʄ aܕI@eM=ߪlz18ҦN-߫eJ v᳑L'U6`^旉r91U^U26/gSw=dK?` (ە";yv9_ocX}5⥥;g?+e"yju( ش ɧ"8`f6qtI pJvM眱AVHNpA4/%Uv(VStфιr|*EljFW];1;a>Q ?O:kY4?mp>@Mc<0Dbj.۔X͈]CCvWUGׅ'Le$gߨJk_Ld cAq)Pmb7O;)j3&) 5=+*vk^5TTcv)2?eY:&e Ԩg-snu|u"6b[CMnvۈ#~D>fIB2Ů;z@/7J/]gfDu[@|4Fh3y}'0LyoNM?EwKwp(o$@4 ވVW拁!xq܄!1~&Rҋ>BՅe|"o՜a )/1!.E v߄q'rP4[ȄԼY@E*,R,`Sw 2N4炠 m`9E'8 *Tog] dAyy395FRE1qφkOvW`[ =0?#}+D5Χc&K1.a L4TgeNc,KHFڬdOh6O\x5ǀV\L_Ifv;R'<4;H}zaZ?oOZRg79Y$ZY?:{IO}_k%|t̄TMos88 _o EY %V' OwDJ&U+se%cP;{- aZ}^]W<.;-wKd E"d?d:BvI8}w_x3&`&m?*E㤀sʾ4/kiR>T>SAoz9z\q(-8L}Z6{`TY]bV9YO{7ۭwt>V*G}.Q.K]6,[nx>u=O;d(帼 k T?4^bC?4DŽ}7) _Hgqt}'uW8_pbiP><5 +Vhe$Z,pgu ^C^bu8zCDAq(|,bG,j\*P% я L`ϛף*9W%8{+)MNl:&Gc~0Aqq@N׎_o/;hĥ'O=VbP>:oubpzXC\/2crD^.c,e 0rla@t!v"}e, p#`h!@>4-6A qrūD2Oz#9ILz MVYoG肭5-CJYJ?qlBI&:d9x^a|.3F$Vp`jOL0Ze: n|Ɔ*&3MaP,XbBT#HaZ(TH5h§JIb!1=jʍ3;t)r.6OuH?$8!\Fw޷&[p$. &T$.JfW)p֖/%%\@?,F٩-*&l`7#,. PE~C7΅h3W\o海=kdyŁLac.yD岔8]~жE(L;Gkbg\t[]C;z=/f4پlN*O-K8!iMC2E"Sʁg]Z^`6͜"EtzCXX0|&te1LQ& FKOk BF,f'~(bXA}{\NCcQvR"L qX{i1Xm#@k'H1@vBs@`疯 nȣfX*'F:cEU&<98ԕ8 e FbÍ[ hRM7nKnyޒ̖ 8fZtHkXƻ(C#o?E(]s#pf`sKȞ\Jأ89'DQ hsqM iڳ:,B_cԦ] "o0c8d8/L$ԯIOd1Ʈ̓"ᕑ'<bH i0&Sz(q,#MҜFޓ5v,ᄂ[<'[ =7}Awu`rɘ{^2j"K^_3@bҀdl=ӊ箌eQ ~ޙ88o b$Omb"=su۵c`Ro- Ϻw}n~Oϡ%"~\.ˏ_ swrNFJB;'+ k`d #6 uݲ!>! y3s?GN}/g]ncHEC7^|ګc6t[0=pB۔\NhZ>8m2i‡0ZύŒC`SL ~jz X VMT_Z<ȕCmQ)忔;e|q嵛+gq&1 #Otuyj܁<)8`}G9c7(e9rZd v $(}Whq 'oʘ2*fxz&ʞ&# ĽB`'e[J)Pv&3^_ǣ|PF7±s^UXu@u)wcM  f֞ٶ @5Ydx)ALċͥפ T7$uԪCܛ+-p% ‡njw/;m@*0k*a(ѵxpyM ʬ.wN̓k6hv'#'Bb !>AL;|nA0GH͉LE|⤁d\NI툎Aqs!΂8gJ^؂boU>|ι#JVfM_Z[.ص/=$}_4hPj)/MsO7!Z3kONeeNX< C܎zZFH36WO9'A}(dA6 nDy;±I fO&8̄rnS*h}"ՕXY! 3=tԎ.]Y`7(x2]8S:ͩˑ(jE`4 |_L샟hXl'!=mmH"zno!օKRـ30ѰOR[}{B>] bJ=pPnz\K pKfAЯOG{u:tK(@t5j.c>`%NsXf{,n]jj!0pp\x^cIIJxo[ydsl N"90x.n*PuJEN"XxX=Pu+k.~GM!׵^жU1<"hcS\1x/PmHH!Ǻӑ8%kܞvS>O ZsOĤ͙:[hά(fYm ȔIw2l'ݿoRCCon&#.#G L_BɍxmJU? dz[B֎4/AS#ǥ7 j('"  NQjg3/~ \3MQ;JR8zdiez;d~[zIfRr\/Nmo䠝L>2=(?' 5n V!u  &B`D-h{|zd"έs[L Ifdg}Zq8qQTH&$)bC6F(_s_Y+¦5R0O8B2uwc U(SIBEV+CӇ<v<#ZV`V*ІQ1錓֛A*l]INȵ͕xC[R6XdiXa밅 )ySti'ơڕ.!zGc'٣|Q$#w(Jk]7bCPĖͳHI=Z#: n`ݛ&cLΆ Z]WmIqJ)A@%Te\oFShpA,yFyA.ަ+;V:C] k#xষd& 4S$[&?%#m|41& CQ)RocEGSo0,An;}<gRMug̏T]qTJ}yrW({6r'/^hZo*Z~ꌵ ~YZ}qT~(o{&H?V#7oy>d/& mQDa֭bjؕ8wp@5h|7UElæ3GG-]b!)@- XH>" h1پ/⒝ 3%O1ۊ *&ԉ q_SڕBBMS&XF\%=i:աxxڅ|ǛK JϿ(E3Ҫقْ!Zav^)d-FǽJR8,q90 ..N 99[\jNIj>P8 BgٱÃa:놅:,Q#.!s}k5PH+Z8Ôw>&^,VMk^Cg74Of߯v©>Ja`ڑ>)س%>~iwx5nDaR{z.JPnW?XL`h_?9y$q(-\ DDXx>Rk0; -YSpTNGL ? GƞR#w+%*qQJE`ruIW en5GծN̈45 +.zb;F%/2PڮOx+JjX'ֺʼk7V W&@12{swPh( j<uL(⵿*F}[}׮}ɝz\m蘔)j)ڰV/S:kwl;p<ihH^h;Wpr%HF97G/cD W(;b(&dg>J8t%)`6"*RMrt{m'CHGUEb+t/&4ݹ`2>3+͡|+ONyޖ'Qw}}otFAknu^ jxm P E6WDrFNZ RR Xq=s`ӞVQ"47oL:BV?V֜nU*?yT!Yΰ̞/97aʼL+7x5/2{扳 haqq G&v_p`l}6z#ЎmNj!vw@y{/8W E3PT_yiZO(NY0tz{)C60 j^ʼZWB wpTUq|j"˂WI= ڕy6m5,âU!0ϑ4%w|a-YE(H wٯcjP!_:PY}tf0w[^ }< R$ړ=yTbb)Zn\F](ǤEn >P >[#yC)@ޑsisiఙ/mykuf$- : 9n~ wT}-& ;򋌊-ߘSo:QmA-6*O@=P({jEOa_x5EE09VQ#' 3Amբ4硔>%T8ҏ8?%kK?z#KR¤Zؠ[ k #>'Q;] *qypQB.CK]qyTuet0NW>tTدEUR/-d9*w ~̎M?Ӟv}3.u~DCMkI] W< } bcDQ *T@Z8NvyŒ|NR?l4zydzSm]×m_;̡RŅ'Dlv?+B, 'PRTN?aYQ\ H[K  0R),0AjI7؁.0mB2_ܵ9x9}ZkQL.pCV>o<4g6>*/!f;݂K*̵24~e.nPV[ j;'H`~Q#(}|Rғ?t/MɤyQ! U5Phn!֤AmWQU[F} hmXHP04/VJh` 0+cE poOnll3hۧ$#^=%lP4#$:@^< vu+rQ#"Dy& ЧеI5c\$H@Dw~D學]^|AK/~^[}CǓGTF͹JU|j'^5^s x!U=ƃVVP%8όѠ^`}vkeVU T#&N$ƯKbu[`aaXEǗ\Ypvl=xue`F0ٯE mdOiR٨fVu+x\yEY8}RYv棞Fl/˩@kE`?璙yֶӔie Q $w¢(w '%&I~~@y zįN+DG^0RҶ2l> cnn۫YغS6nЄRXԳxՊt|d\Y,ZG3|^j $BvJlo.Ops(.)s|v3}n%19mrpwa?Vc,Nb(y}(YD.L zh\Hp 9$5kXS(.;bgW-r|=)T3wLN`C«EL8]F=ߟBinu;Z.4Z;@]W<]^^k y~0D ]5D)^q(<QcPe`Ё^ExL9Wۣ$/˛ƏSFДn/Zz] xHW z jиuR{3LLհQX4upeȍ =9IyX tXVH~>1?(!Q@B<G}*Nuc2 sZ[*sx DkmuH:QdL`X[s_#) x+'V|䃄Kۄ 꽯6 /8fCS€x9eƹ#Qu&}f tk cdUcaBy :w]j[qA7 Z 1 !QӀY<~gO=mu,zVV|qJ&JpHO{=TyݧF2+@ =?b" 0Uc8zo1I+yvn=\{RUFl+)f'9+f*e90Zb"u#5yS]B?SsA:&{4NǐisVi޵,s8܈g;|lu0^sĨ.ÈkU@mo@-aa`7M1^dyZ |1LXz̿;h.?vKͷO4;񛽊ha.|:Id+Q9K? ^Af᝷.v!^Kj/'҆I@J4ZA&A<,l3GςV0Ja36=#%ǚNɢt|^ )P|:qiN:J8H _q_AmlhY'Q&?QZTT9,Ҁ2"k#b@n@A_)6BdOh1e;Z6Y8UF5笁q>j^N$~btUXSe\ h ߯Zв a~y230 {ꉷR0 X+>}udq~wv5ӲX~\"W6Qw3\\mi`Bz9èL ]zz$[=;}ADmxy /['%ubV:< Mч<| tR4g>ÎŀH lݚ&A)W9e+J!-0Zb5ثSY18 Y`֦5Z`_|gnuָRPo|Of^SО}𜕊P5V:(kt=Ny"5sA$8񠯚@ي ')H˧Y+~ 2{2\'A,Ԫ!%㍆@ډ*"c&/e-k 0- cDcƷ([n1FNV;EKd#.E0`[ *-p* ެF4n5gb7*lPOPO{%\w!D=<g@U@V_1&3!Ygɸ}8A[Oى tn#܀;>"+P]`5K0^+8q> N 4_놬zLKi (uL_%mDq"WHt V +t֧ 'b\v+nB[CMæh) CXbuA3FeW5zM`λ7.G^:7Qd)DYl.] r|,f20*?rryYG>-9 ZIn2h [3m’mf'+O<Ȣ%07]fo"В*F*2\Z75c]wTG3J Y)EYtXI,~g#,C|_?` >u&i gR[P*'R(x~oZ pguc(~3,H8؍HآGթ 횗OHVq^k=~~c=xl~č9 gP;>(`(e^/dsXZ['}.F,xkYcńQATlՐgMx{:LtBit*wXM]n d#2؍rCnǘxH蓍v{+#qlh G2Tٹ66:緷N7L\MQW|~O?[|2 ӓ4{|FUB*D`9lb\G5y7PfLJ)y~|XR!X]OooKe9HbaO ؞(*K=~x"(ĎaĎ{#eg^v #_1ۃˏG)+%(BӼ18V'Ƥw0 SBd7 "@dLaxd@P#U(/RegWbtZ obtc?ҙwl=7eC͒K( ieG!54o+=kh!Um589>})c]zS_.?9x29@{Ytse Q~ a:XXL#lted(A~N8o(!9BccJtq;ը8!': G[30~\"&D+, %Գ;?)-0| 1y;bc߫g+ @hQoOڪN[ӭi׫'puNe@hKtJ4zOJn}Ψ}eϸD[RWUY>&6qZ, PxY}jD5oD[9Pqtc/WU1xNq*I':O8܉?4&,JL"hdw^"ɨܬ'm%C"lxd=2Άdz:0ެ:v 80"  %7YZen#ӂǑ ] DTɁKB+ ջQQWp64mm(*`' s>!`Rg;b#{Q~|:AO"dAE"`v0ٯњV5o_3 Vv擥WzeeR^mJի#X;=(`Dz,*hOޑo#L1K  A+ZJDM~DPPw\1d\y%8EgcЋ2e=\pLQT~off:MgGQ(q^> w Zgź?'O,J5o/,M<=@_Pv>ʋ/|p_RaKc9K9'&ZO P2!($"ՏSZf[vdB?ڑARD*ӦU%knhWbb5Q Ƽ -90@D"oيgiaH? \eL?}ão itK[$\MGގn8~W D ,˅hGAL/v>m{ 6\gtamokV)"?#mAN {Κ}Vos.~SS;y}ߦJf=#zJgvus@,cqƟePh uTJX NR.F1 i?=szozi֖J7^)-H:Btim GUm ] Hl3e?YUb`qz']ʼ#z:@;}ă'l]668kKn}Ϊdnmm~ ԈPC઻d ѢF6ݏƙ9x 5 oES`BG |h(* 8/\O(ZJO8db4]p,XnY]2Ư4~ Q/E׸[opbm@r|%2+9ή\Ka N_aӑj,K-iMi, 'Yjܘϓߎ':vصp> 8Uߝ\vG/"!pG 1q[t=;=һ3T#xD)T^$zLXE ؋XSqΐT*Xhգ3Wօ0X*F5pp$]9*#$6<ʈ|z~VKP5A!*@#i\r'ߘ^V00X|5ю}cq0+*.Nq~N'=A@>嚖29!YOi|ZΓd)vFv@czSakr"E7\j!"ٺ`Vpit +Q/03WExXD |˅EZs[&[KޔE Eof%Ta[/A4]ljѬpo3bĖ+g?ܞBԼN}hIGJ/9abDFkP2ў=uH }gֶm,EJnwN`}(I{6U[)7őI#T] "%}` ReU7lWg~0Pn0P\ľ GtZ&4}D|ϼ727oIV%s[x)rZ\wgckZ3OY~l%wS^ho'ÖsqHt{viZ<ϲ(=n_.B_Te\~bִalM\ Tpi/s'ܴ*W8VF%N(}l 2i IL8tPuRV P ×j5'x ??m#w+oMNMډl#qEۭ* z U%RIb#mpLIT`o?%%`<{%Ѹ}}[2Н$ʌ[E a!l 0@-%>b`M2J+]+Dn{VScKK-8-[8${֦o+~U9udo 9=hFGjYTcSU{3nl_Ć;hNEuhNE1O ' +@'Wh^5fjcII.0pu\0 BE,[9ܨ׬|htDcY@4$ړoײz0ng(V?\A[|* c2|$kλ \.nYjbSkhc$*u%AvѠwH*)nW(>_ᲷB)GQpxH'ؒ'(]Vd5K=- f9E!rFC9S*#HEmaHm+i\_6얕JL9YlT#:8}'e/aA!j%'M?vp7Pu\(ayfu֮z"y DPsr8u#0{bx.nyhKJ4mObtEpv״Pe'0ȼ=?bH Xj 71 <4MQ|H@*< S2MO {t'Q{O5~m"I>hE~}o sW0*xr!.CZe}MSeejaБ9K90IV)#W&feϚ)ʓ6!hڅ;4aKf`}kq\*qyC,N2"UR#ڒJABƅwQ1QSs޵!. b4(в,8 *Re*Ё'9j0QNM&7|;3&be֢G+MƐ]`M= iX.Vvޙ&޺qcN嗔d傌1kΧ>m~kbIIV9"+ /fIWےsxvp2ӕ@yOx[Zs*zy. /," $8pۆ4h޹pE"a!R6ۿO!nSW1&Q[@ h,4FO^tNC<i8d˧jliw 6۴fR+>ط }`3d;S$iKY,cGqnFȨ?`w\9W:g_+ZdnZ>ABLb\kg'A(I彛;q W8]rct,#_W-]^k_"klᘚun,y+ 8jr':| ŭaK~c7UG:)ذYPuBqG90°}4\hfN}˂C:Rjwܑ!d#di"G& ؈o.=P"-r=lWֽ^^>p)J\W5Yx-v7Ʈ賓ԍ[>"h;&qt S/AA;o.{Q0ݽEϳ &VT5FD힚) u3册[cm|dI[J󋲙0ѩolROcs5/%'Q" ,My=%Az6 zT%Ku'm朴9"V91tE#Rs"cOT+Ӻ4&.K1HV8gbi >»D2#Z,6c5Md[@ʒ(7?}H |i w/iQwҪ$>q#/.[#uHg 5#>J如&PD͔IYMk[tW,>nMJ͗Z 86PQͶpKxrڭ/? Gш>6B<|(_3d CQAD]";.t yM=F^1}y #bT*n"zխY"\@a|W8]bw q /O|qxr,6uWK6ܼg7A>nn}G{Y"^it&[1dv[bƳveύmpkBpa3K\[Rڐ DJ'~rg8ZC)"J:suf̤,vcWi S얚VlMdu7?]P {I?m#]>HeB(8lSZ'XjbCB>-j%Z9/ +_r|>HKfZ&>VuO5 Z2Qȣs P̲NmTkFlR7oéhNYP=;anĆFBTni(3Զe.3ɊajYlv{#ύ%37 : %/8il> m_>ԥ3Ԣ$!|8G9Df#ǀYe&yMu2C--K1[ -EOOn:/CNFQrk6*0Zl2.(A췧.Kݣ-,40ߜrPxTqĺ1whzTa`mD:RR)3Ï'8)z#Q "XOvl?1BoE}{kzXN VxN8d_&n&k'qe/[yRpqa ? i(e8`'K¤M>AYǦlTܬ $@0vp9;RU(GUZ uy2\\Ua7wZyo7 Ga=/|x GeSFY39e^y acwmfd[oz9# F$_/RF?wD nRSRζo$jAz,s%ei5_[eMQRR&bb`p$O W:edAUv R AOKlkst*E64Mx$.\p?cتA0.\{Gm6 u{Pas}边q!ѝ/Vr NLGʖNGM4OA06GICΆ4>t԰.y75(%_ 1ʡHjC2 #-|υy oJH1@2G╛E{BϢ`Ẋ6'W z_]rCA9a?Yj,#q0fB'us"4?D6-8%w.W !Ƚ]523y(iNH~YgĦ!=C;?73=NK>08"})( S̏'S| Qbe+CӘ}Wn$4l8BQ uzBc)sSQ]85 B&UtaQkR_=Q]Z 6~Q{26/6%{&|6WYxqo:k; a=hYgJU(J2hM%PYsơFbd$g|iYN@C~t9ᒅ;h4mtZKV07y5!#Ac:hizԨJ p/\@d/_]43Ú)f`f2 MZ:=EY!B1S⯏G/2bN!Ĝc'3r6՗U"Z)i9׶+t ˤFߌBϭwȠeYPdUa^ؐ-j!06jcq̒H>^ ,V/բ倫'^EbՓ{?4Ά)qSuX)RBU8J kĖy%B}o/$[HϨ~ɜ/>{Ԯ[0Q!S~HٵS"mCYB^xn$gy¤4w)[^((:fؙ" ɦ1fC ўdWϜh+4 ^-Ntg{攥vڏ[߈~+;--YmQ-oX}W[F" VVifq2մIKpUm,"X.ٶ~N|Z}Ǘ%4,4< x$}䮑s„lVOl_o݄TB$ۦ]h-^ Kl曘3[`4~%zK0OϹQgx!h[WIaidTiXhØad`SAXצо^J31` AAW Yz6}l@!M? UʼnQ'FQaݵ}blݏz(&]} Pgvd񻨁~ R~XaO] spq˘i!v£1w(q9u5Hgb>/-kTPs?ĎDv..·P9O[(+rY+ Lr 9d%QS[N KxL!mw?)) >fmG(9C/Y9ڝ]Ftp۝YW" qeHkh1Nlas2׫ v^HcGhmV"|M~"P]פ*y 4;J|#mz5"Vz{[<˓fWI| -(ePoKgfw ymngI`9Å{2gR56H)>(9Itטv*RcR'?u;c31+f.6\nѓ n =2!lc tSuцxoHٽ~M$UXQpꇊD_ :ΖIHs@.ZKwIKF`#9&Et\MnE2 " ɜWC+d#h([?ZV%ߜgmSPԯ+ ;,i,A.Ax 죻 ԵYXe,lC$8y R?\5Mu"h/LT[E7:Ǔ^"[1.;PTpQu7 pSάOd0{~pjvHêk9kG(JV}_$i!EEB0@scw'5)b|eطw* Бvey}_/a/M}K?VojF!}L L1RT|^.GvVzOa⼬-)NⶉRb VYq[TJ%i71bh%!%hN'w8cL'5{-WwZȋ(qcdщ16ncɉ0>1jX,CcVw$H-,?`mr=֣TuC3SA/_Dd-ԇ` X=dZXZ5c'E8J█b|Mwn#NŤ$LgGaD06$7VJ+ eCD7"j%w mq׈@>e _T:4:,<˖A1a8ɼZKӘ Ќ.Vg1,yc( ^b5w`vΝ̺'U2JCLK*p5ХlU|]Ng(I"8z]:Qg RnkI?> y*k-\ 7ŀ]!:OBO0WQT+ Pq2St` fqضhA+#V0HQz؟ڹHpqk8 pW<O 9%āIޚw[,3Ӽ'^ ,ܩ)JYEDJmoS#FK٤=!6 0]D4Ĝ p BʊՇ رg/ÈI\? f"lM$6bKKJl#OE`[+DQ%tANaƤ?m>@%6ǡ^ 歯t;ۗms";`6k_w8Y,MV64H^//&9L܆~=F}bl :ۀ |$Ik߈h5Z6LETk'iB패5r^!c~Yr9qX 90F4ȓ%N[z{p"{t?ģoMQ*4 KYLR0ak|G#']:K;>M$p/sZ:eA p$,['qkg %8’}DhD-_)p3gkm^ yzAa|Z\փB&=c gQWZL,q1!m6&^&,8;*}u)-U4) պXeI"g&l-*h.gߓ/La[-M>L덞`i`md`G# USj|m3JwݣfkU@"SaH$6ͭ|pLKDnA36JB=h6*s Eۃ*s/j!uʃ #b9Ou m "2y.o!mՒq +}uWGyeP+hp5Ptvb6&8]/inɐom`[XLLaXa& *4mGV3F(P:\i au$gn9GJ1:GcD]D ڂd9ױefId| MyJ`Z\BhnHnȃPZWܥ$v+L r֩x 0a X"^pZG~ky@B^WR0N lBF x2,_TXlSHbGD0_<7/7VXc_2.뮾,M_\RշUg啘RXO\%-Puߖ[/r~M+ރ%6(h) ѹ{?AjVg&S"aKsy'!xQdgpMmQ*(c:'׽OLi(sًfѭnixN0]A3u^_ xۏiOثNԧXQxu1yʗ y S^_u7/U60[O)9 xn19acuD7Ծ j#C; C 76uWaY25 R3¼`$MApU //1 +#o e#VQ 0w 8`̏[ygШ|9 k g2&fM}6 i oFʙoYzPR0lqvzX|d̘fE MV+D(\G ŵo%^+R;R@rvQB)9;m-jaŁv$>N"o|-g~q*V%H=jT|xp/\ rLߜ8'`?<]9]04d-o E 30Ѳٖ+\1xr 7+c7rw#$ %6zaI檇3*fڍ,r"!~QsMCH_Oj,NϭN73[G8]--9KivQ,оKoy `u@,њ-Vi}-l+ʸX(v{1 '/޷ tv&==d+N<ĸ\υEOt_#֖4$ ylNWS봾E>ubXMZQ\(>t} w1lspY'!Rnxt"#{ bb+-1`xV6rw;lV2Y.=Eݘ9dq\=bUuu*{V.13ԀB/0 Ҿ!apuFt*cIugݚXq9ܺͪ*i^py t@YVaJٗ>>hwM.쎩 Al\qRdĻX2ezvn%Ğ"*5lwL?Cg˕A6{HQ/v.(a;NB/}9~_"Yx0)e~¸z0֏w%^=AsFP9n}A'DO%Nc'PּdZkUVNKh'MmçMi_%V w+4 cȁ*iTՅ3&eL;/+, kb"IсfI¥~{ 6֎]Xcu%\tk|)<yǓ(4j~CmAżj߶ YZ