sssd-dbus-1.15.2-50.el7_4.11$>>G@lI2ߞ>>?d   ? *>[ahp         2  < d   ,66 )6( 8 98:p>?@ G H< Id XtY|\ ] ^ b}dBeGfJlLtd u vw x y$.Csssd-dbus1.15.250.el7_4.11The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.Zx86-01.bsys.centos.orgApplications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64 if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-ifp.service >/dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-ifp.service > /dev/null 2>&1 || : systemctl stop sssd-ifp.service > /dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service >/dev/null 2>&1 || : fi7K5 큤A큤ZZZZZXqZZZZ4601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8fc0c5275ab2d9448f19885ecc6dd6f7d3652ded2a89a16bacd8d9645efbe8cff722cc8665771c5abfe71c03dc172a1eacc136de1a938a0595031b02615bab0d0eff7df7df7aa3e6ee8d8341c0516b09a22a60410d4266f1547242fbf604068f028ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90318e72cad19664582f901cd2e3ace1c5f99297c39d3ad964c570d48cbac4cde334d8713dac505bf2de1a05eac6dc839019305700835d2a4b14fc424c21e8b10b04c8abf29b40b2b23a472e9e892b8e3c447cd5d572ca095c40dbc7c07c362ee145a075bff2198dcf62ab38b414494ce43259ca3ba768e79f581f250eecf8dd91drootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.15.2-50.el7_4.11.src.rpmsssd-dbussssd-dbus(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.15.2-50.el7_4.115.2-14.11.3Z@ZR ZOhYZ@YY˒YéYzYYYYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.15.2-50-11Fabiano Fidêncio - 1.15.2-50-10Fabiano Fidêncio - 1.15.2-50.9Fabiano Fidêncio - 1.15.2-50.8Fabiano Fidêncio - 1.15.2-50.7Fabiano Fidêncio - 1.15.2-50.6Fabiano Fidêncio - 1.15.2-50.5Jakub Hrozek - 1.15.2-50.4Fabiano Fidêncio - 1.15.2-50.3Jakub Hrozek - 1.15.2-50.2Jakub Hrozek - 1.15.2-50.1Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1516700 - SELINUX: Use getseuserbyname to get IPA seuser [rhel-7.4.z]- Resolves: rhbz#1530975 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules [rhel-7.4.z]- Resolves: rhbz#1525110 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend [rhel-7.4.z]- Resolves: rhbz#1508972 - Accessing IdM kerberos ticket fails while id mapping is applied [rhel-7.4.z] - Resolves: rhbz#1509177 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss [rhel-7.4.z]- Resolves: rhbz#1506142 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) [rhel-7.4.z] - Resolves: rhbz#1506682 - sssd_client: add mutex protected call to the PAC responder [rhel-7.4.z] - Resolves: rhbz#1499658 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.4.z]- Add a patch that was missed in 1.15.2-50.4 - Related: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1493916 - Issues with certificate mapping rules [rhel-7.4.z]- Resolves: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1482927 - sssd_be is utilizing more CPU during sudoi rules refresh [rhel-7.4.z]- Resolves: rhbz#1478252 - Querying the AD domain for external domain's ID can mark the AD domain offline [rhel-7.4.z]- Resolves: rhbz#1478250 - Idle nss file descriptors should be closed [rhel-7.4.z]- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh cadeuk1.15.2-50.el7_4.111.15.2-50.el7_4.11 org.freedesktop.sssd.infopipe.confsssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.15.2COPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/licenses//usr/share/licenses/sssd-dbus-1.15.2//usr/share/man/ca/man5//usr/share/man/de/man5//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuXML 1.0 document, ASCII textASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=75678c2d001ce40cd8e1444d060858c43761853c, strippeddirectorytroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression).R RR)R+R-RRRRRR/R'RRRR RRRRRRRRR,R R$R"R%R&R.R R(R#R*R!R RRRRRRR RR3? 7zXZ !#,t]"k%}{&-򝍧N4ߠ6ޗnq2SKQxc s&$vB(Ww;pOY<AnV_9s%Ų Ƨ/} ij/G/? fY@ҥ3,v To~BR `2z/HFdˡHu+#:IiؽrWq-B,p.7I12<&C\"swM SW2@>jʯϒ4P*Jiκ:BZ׆Gvߐؔn<[F7WD!ꭄ=W.5[cv^ uV@;Ls5fOcI%\sdգ)Op +,^hPX~*Y>RPmvm ?my53~Hl3UΛ9Ev+(PA /W6pu( rX˩<ɵcԣ %{smiޮ #WTNcMyTRӘ)s[l"&?2xP H _V&}|v:9CX/_͕4lKD7f[Eb!hw#uU$wi<~n%4؇8ت.J",7k,=%`{G;!P#~5Bql"NWMu=^puoJqLQEd .nᥓ[piY1L\~ËU)Elu&s G7@ߖHþNx.4UTvzT`ў.JyvC8 yV\[|d 83E=b9'e,ikѪ]Yk8'kz1Iyʞ +bD&zycU._'ž{0͑JE$j֥gziZq /@`pjYkVbvv'צ^bL0烹=r dfGE\ Gƅ om slOAphk2*+҅I#TӅau^QC>gKyx~byhdZ'2(t4^mc *f.3M ǣzXEE)3R5* CA ac~Nq_4~JĭĄ4D~ZGq  P%"Z/ #5qH[ "emneay˅Kza` A P(yҘ 瀎 "de~cuY# V78 i S9~[Hw//w)Ky:k:3{+>&ejk1c.k5L,c`*fI7X?pXH{4F|fpFբOHq$@CAɐ/P'*.e3c EYEiN汛TK*F:!<&R4 Pv.!oMg2N()=gx [%7[UcKRtJ̞/ zp(Yϫ.U {]JlN6-dnfBx*:M_ f֯ Lޑ5B Y@]:mޢi!pY72nKnsXiz^_=M5z BE%vhoQaZ eC^/mS?劷dnA!T"?[R>]^'fgSk28PB! aM!<\clQt{ީ "="% f2B#SY }*H<Ո y4bWT| &+R`fg%w~y*cּ'eՅ, \wLɽZ ^q^58L㩠e8@E~mǕ7ZF ӕIx`Ca (q`8-N5r[Yh p0*zyDShR #dk/}/cîn{LdTx)BN@95[-# tFfzX#ܿZh֟=6WHn:iYhX+nG=v}?)צ#@Rx-'Z7)\QTd 6%&@>|Š2[lnO)m%q5(HLeR_]z?i0%1bÍ(4tN ރ`WcSh_ЊN g-6\ZګimW<Lv.5i>DTވŋHȰq|18et윌>׃mn| {c۱%MCA:w;V]\sUT# }/34]t \͂_5#yд͜z~z*k\Zhq}*tJ{,|L;a>pDrFҭwS{ė[̈^@eGSh)wI$~r E;wdUTfrK+#w@/w#ۻ8a OIfpI[R̓Z$K򸴂7n6JѨ#U4IRv9svu ݖ Oy_цQS3£3/O_ZF8 N#g:. ~GM-lhue[J`*Dr1E ;6cģU5HpP^Ӛs=c=カ-0@?m>bVEE]ʍ~Zs}0&H[s7O/R2ƽayY7ݶn֕+rhHUy?xKJ,~51Sn-矰wğfҢulURj+FPN*ĮEn3: mPK sq78ߞnj~״oV y>Btɪ̜^nlA> #-"t:lE%ҥK @0e}z* -b`((:ݤysIpjz$.*M|Mb= ⤘JD ~@#p[/y rwzʪ'KAĂb(CR6&wMknuSJÝ\?3Y7*"͗rMZZy*,0qȦTQKC(~:j,s~*zBY'mǤ]m~$ekxW,TWL:" @(4I+|t Vwkor;4Z1ܚ1UgQаTa kŭtj'["叨0>`~Տy#x,:,2*fo='DMkL%}NMGDcH[t_(9M8 Yr\ıw<)ې/f8bi$(V91_= Dmr/(?61 E fB&S̶#;߫ T"bK?̼hiTwm#iekv"}a8xkfs6~*)Yyt4\>ǦZP< $ TF,lQCC}~$JaߊY[Yu|,ܞw]4 C+=?$جm֝lfYө^eKGeG s7Ev33܋ACrBU$# -?<-Hk2 {E"@Nմ@/øWGS6uGz1HHfɣ 8os]+"z"S- ß%:Yd:~ JU(ف,)(Oeb'8|o%yGQO}@YPoYeV ojڨŎh<xcm>%&Iޑs&᮴̾*D&Kkfw?A/!.k2zׯۜv454| 1˷hFZhU&cX}䆈8f>C;o9]#.Ţ&,ഷC|QU{5H6CY1wPg)p!w-896ΠWJcXl˜+*z1LMC#ڳ<4q9~^;BXNWDؖI'`>tpw5낎o4dbI}&ɜ{j0Gm1Z.ڷxsŘ;` @1vN9U sEBNeTx[0W7Źɢs-;Ā޿$K31 fmTyHսDcbJMkD9-II|VZ3s]7+Jwߖ*HZگڅ{@,~Pl=]ZEQ 6}Lľ^ K/۳sZdĄ. ' l!/UolYS#v:Œtjsv}^#$ɞ;EwEp!;J3ԟSV:QO }n> |LH޶Z sK햟B2Z3 j F k5 P}[}RHj;?Tsq-:߁Hw (۾ @}Ң=z 76ԪgMچg5`X"flS0*Gk?+MsM2~Gpr R{/fel3%EL!> 0dKɲa?S ha_ gVc)uUHd8i#3Dq=} 0&SYEp_<P/bE0EۗBjS.͍kzbNxZ/UB=Sz!IE{=`D{G>sU5nwwgl|@^!2A_ұ6PdDu7.xmBy}zeO3So3^h[L/?wܱzi?tH4owZ؂rsY4=6[02.Yz9XD#Rg2gdrE˺i$(3܊fDMp&F bg8WX" 25u\,HS̚V]Cwl6|>ED?gz:*CE_(RVfTrj-ujBREhyT7gӽ%{x+<j^X_GRH(BS[&6f2WЇZ?'.؜?s1}P2ϪoZ 6>b.eYkxuzRPЬAҬZu!y3*6ƃv^v=ԸuJ,'#wQAuq4y02NḿɵUՐf ȃ[ ͇\Bm;(N`ޖMdTBs"$#q!!@ jLY1R@ ??i\{mgtLjdI Жa@cmξ2/?x?[}.bdc?(+=7:2\s~Ab'xwn-HuY!ʐ~9dH<Ě9D1Hi o(|`jr-jK59}qQAW<ϋ/ 67#5vfHvQd=ɞQ ϛKӨ.$Vmo|fPY\J2] V$cu=-{+g'1xAT'>ȻP,x{.7 L@h^>Iۆ8DiF)>5FiJ^~ꐄb~FBTz檧w6JǼjمl#hk2-Q"F |ArIx[D#C#hK K`R8V$.2,P>{`v=w&$Z\ u)bk…p2:73zPQPw~&kth[-*  p0`bMfkpD}oqM(o2Q b!OoYӓXtI!ꛨ!'{c\gsǡM'GrnI_`."|Xb[KgN|<ҝ<'r& [ώ8!+lnOUHl d# P^H/6k\B"bF ؙ"@ H=ZG & w6Wl6nVxT*jRqT.f’rNQɣY 1>  N5WL1 "oC7%Q18sa<[ PD GJ#-$hUT`[JD# z'벭50ɲtW`3ߞ&򡅅1\l)N܋zoiC4bqGVK%Sh,50vwæODodTUX3? 6t])POZn)1.ț|Rp)3c`RJpOxWVvG#|=L'4OO֔sv픋6p_N`˒ hSǵj f̣ҽTŧ<%дetXy$Y6SNNJD7 -!<˲) :OW(rQ8~v׏ғ"!TtOxݴ,ƹvTdm/S(1^],3AuYpw->NvYO¹(h-1!O XzLnƼ×/wG"p \/weخBU0C ΉbIvI0_ZiТ-5Wrl=i=3҆B- By,졄(l` h Ca|.OkryɌBnުԎs2E?^El?mmf,m97 #M<_*QW `#dI`0[ tpD 'Y q (n/WFa'>hPtw"MᣁJ[-_<{U& "Z|N87ik; v櫀b%/? ʾV'w[7RmOԵ',q%7+IZa!rPybLF(i=U9v.mc)=(C~4{\PA Ȳ.Oq>b9&jAkgcs"s:1ۨR; M<f;U@Mty"I:7 HM.ۂ gh[V816o#)lJ0xpms8TW: GmVp^LӟItݛ~m7s;KG$_2Ϭ_~iF=G'Ը3+VʱH(kg(ɞ_>}lWWwۯ8VӡKXS?0v?2.ޓfdb{o-!>"aDǃX #@J?iC`KYpjf4y4p\@b7YD3~ә_ oؓEd72|΀I驐6pQ(W_c1&p+DIo8Yqq(:1)P60wGw̙e֛[~m-MV/=M VY!տIA` dY2PggB{#~3WP[Z+&YJt)?pq tߺ^*e#(!~kZI(k8jkuBnuHwiΔCeҪɝEA7AXyPȐV'їa]| 0kZd5ܵkB$7t1li'I[?K'vՏĮz3K*0NS{m"ݻӏIh?.^& 9WGO? TWs yew~U mP@ZH {=uyBG3$ wl26Euue_aH+:/fh%mL i_btI0x|#ԥGI 7S8\#原 (:QQ&A` ^jV=j4vW YZkԦrw6gԮp {aάeL \'Xo05|3f*w[ }>2M fWqR^ܥzm[3QNW6~Q ^(r},[Lu_]9@}T@-A>" 'ګߡ`Ot6?X\2*V$(:qdXz*ߥ3 'bNsV48ow@.lY}=g3nnpqш5wk+IQK'a _+q5٘Fdv8Fq]9v_KP\4d?pӁx.yDXԉ)1℻ٞݡ U;B!I;匉.P| Cx.VC`;dx2TUz56NޥD:(PY)mX ㅓ-®!([e']LLIg; zSVso*z|*!-t #7TkRsE?&/49wYlWX]UYik&jvY~r.w (όǥ[] )dG/7@D>n@}{vGdE=!GZ;]͵:hQ3mxlGQޕ6iK\-'t5}-ݒh#OZrU@0^MH~'և_u0$~Mq"Y rc?ʃKCMq)NS, *3~@||/BaE!F}JvXکffmzR x D5|̚矣2d9@9l'"]Ƙ9΅%lK^ |88r_kBo}A`.)i;T^uhRY1UGeo*uo-%$\8Z[?@t[ mnWa7 ERD*Ƃ؊rQ._ؾ'okeFb5@Fe[_@`"R{W(/bu4 oP@5"T=㟥'} ˅T3CiQP?]?(659W$чaw[:P;I 6Mp(<'a HI2Ԣ5U7Nbs'gPY2-=BX'{͞|~I}- rCZ3h OK?,_3Xݢ] ,W6( ra'r '@$e:o,b.a΅/ݻ%S BD;}Gjspl<-&8c ^k} x+X|K~pl/92F 2f&3tAۣ~x&5o=`[,DsAba"ebQ"pPc.%-j3M Z'[9pMZћTݴƻŽK,/\Lg<#1{Ga7?8[PHkx_1Ձ_MUԦ3lh喵Τ:ь# +]tE-gy!sTkho!aπz"a`U8\9pa=?tjkU1D;ӐNJX'IQ#g*2%ku Íڞ++;R}Y/h#$f T]͚wŎt(aZ_mSz>:K?ASQ%xc j1Fc>T{H R&Û S-#4\b3BEKC&"T0bjZ'UZ,dZEV|35W1Ukv%/ ܙE5?:[ 3ߖP cI}Fa>0ptMnGeƸb1:f,O?,crmG4f7!({_vmfNV'$_y L+kY9u-ѭZ賖֩wbCM 5^tA(;1 U-Kiڻxqˠ:&q)PT5((Gsi֑HbӴh ~"]}:h>j˾EeY4S͆iH=[!UDM?A|x#I@jD0ѕvr__B><۬5,.9(A%}FDKryw`2'#1X; lyףe<Iތ-$X8آQirgglcTzӽzuxoc\n.V% w{[sIwSVw+mY!}O!CVfrBE޶zf K)#Kv+DaGn)Z(#}_)mJx=UGץfR|(|9 >d3Smi<ߓ )]nNvb_p&R{K9}73aqXy+[@cW2I۶P{vuJ s\dT1G8C,#&ksiɣ3r"j8LkYY(N F#8řm<.ukqGquIFN#NӀß*vg{B T@>OmA'4Ϣ!-,T}r!;;VAU={Rhr0D& Ql}= ч<B1ENOPKȤjp-N >)nb<Vypֺo27%>#ڪDxJxGyei$E+rZ4P g 6*.~U׀&:jl&@_fZ`B6HISޗQrr&.7sZhOLO4^=,]\_b,8.dF2R@Hu$r#}N2~1 ܸDV2AADH<7H2|rp4R_k`Lt@ΑD\<-lq.ٿO*̀%'r3"QhZKəXInř<>Sipk aݭ ࡼt7չ pĚ \ "L[`8BaiS8ɢ愖w2~8:9]LC eZٞu{\w2mZB%lD^ɿfԪv e5i)J>J  `I4  Bԃ*"Aan:}oϏy3`2y`j*gN؟H_>pL1c8nA 9km mbU%,$>6c267k`;)R\8ѭpb pW4+v yq/Z_R5T':C CuKe[X ߞ7S$r'@CAbb,D6DW8]wy{." ^=wCڪs,;*yURM^w[DZz|s(zaYX1jakha${׾`dN%),gv^z[LF+1'n"G7*/#V뾶\K[σ9UF`O^ۏnF¹Rإ~-tBq?(l{SKޙ>fc7J-1b͚&MY ],<^}߰q/Ikov{N.,%, (ўg(u˘A>"H,! M6'2 +iI(ECkM h%[q3n8w_RL@;j䈛|QB֓;:,cM!Inyb%O=J Ep*;N_p;!]~DL .} Nk4˔O8{J1=4Ks+_g7><< aI}|r4 ҃#v-/=xEl 0zɠ_&cC] SiNƫ{]mj(vS d%&Gk]/A`6@A~њJ؉ZQ们8|46 Ibt R v;{/Nw^H SF|M-aҮ\Y'\Lsot :O{D\=E9MݪX|םkzw2[ V[Ys''da@bFsX?D:\ML `r2!|"AAbN&G % RҌ#LcA_̙K{3O^zwXxXl%zM`FIf) v|i ~v6{B2uVԍD V (>`3%l(֟@q57vTe,z%vd2c p߯+Zzʡfz2RG.EbZ~lpmNHX\'PˬX&*o:ěK-:v3 08iyf-7 wEu.6)/={ Q|3,CD3D?Zm-WZs0:R|> t]<ֲ/ޤ:$0>w6hiVf'PU* r= B,0NWOϊ*6U:(ߤ^WkhB1_ͻdoUh,]|{6~$L>e7e?'f9(>C&Xa@o콱 ZƹCiʅRBҔ1SIlbHY}$*R@e5ݬ#~4"Ɣ7PhV&n ݎ]q:dv"w SKрpDX_D-!btF`mC>Gz\%ujjqd)g5mmb3L,9LfU8O{]=C]gvt-4޳Ob1E :=p2)r"Ic_\w`1h#VpkS a)JVIrƦ7. nv[s 'Ϲ b=K Y.Q Bp \,>¡R~2? \\I<ÑCӶ\blF%=vtgM/L!Vf~{Xƛfst"ݞ};R",]srIYh-ro bNAϦAܘ[{S9]J٣Iw=F!ъ h)-5 #}-v"cBU3x1-䓚 x  ևQ 㗳zBGʹ9o*&H=u*Wwb ),L]E] Lf+%&nyj"h@|V-@]Kaʢ5`nYCqsJDO>=dƀ]ΫK^ -luv1!$E"4i5doi, Bڵ9"C*2N@O-o.&91;v= w@ABDLKI$-:kMID|6n+B$!;LhWPqr5ʪ?R- :):#G^q8ٽΫP>8<'.};G7bs~:x?1J-ڧ"Tlo{,zTev9.\\:l`]ksTY= &~o\> c PqP8E a zG iN0Jh51y ^Fŗ|`!ŹEP=EU=&6w遢U7qji Ksۃ-‘dF%hؼ rg=|qbˣ{ j'n ZC7# bLHN ?1mZMHv[X,BWK#|y<֜~;ojF:vs {Rآ9[e&] SflOc{Ȩ(=tE =sJG_oU ̳/D#OҠR Ys vT-I CQtiQd[\*aЅ<2^hKQzpάvLUyFuMق5ØK,w)2Iy#\Nf,]0/ _?aŵ*x #Da-4H5N'" {ɳhax`L^!SAa_$^b@akU8!a?Lx2NRawԪ 2AulPP{58y RV M|)̕42S;yRW?hT߉e& K7bNm($SFI͔٪ƴ`t&׼pJlW^LqC7FF̴0o5-e@$hڊ}53ЅU9Eɧc"@9"C!z]@LZxb=%'91h*2RڦrwCA4@|rscd.=de>")zƪwCڛ:M {C.Y0I]rhI gg`]B@NC'-i DY]V@ޤ9]Ϙz }y/xP=3u** ?`Opbo/\}2QL,g\, eflu[OB}TS"5aﴁ$Jm|#d:]ꖑ^D{?# BN+H[Q<~OP0} @{x˟*RxNx}tqXASQ}2NzgJƧ &}8}I2JǼ?og*Abv\PtC֍0hg,c#sד c45TaљkRG"f0bY1J+'Ibcuhg.cpp,bIY&*kL4u/#3nn~1忛H( ti9?ĖuoSiеsDoTdH'/2jl:4e{'1YRy~$㣵;5epZwUZnV^ 9 #AQoy( }q{T_Lx0<mo='W zeݓKj~߂8mUּ X2% tKNkB .]wdG0B̧#tR kBWSK_ aB+xݥiN`ŠP%E1+$|oGe+ D,E!㏒eOLGZy2ՍM{pDu&θ);Qhޔo6i@%'}wNt*LVfdWQ$9\a΅eg =T+ٮ65&MX2ǰe5bAX23~4?|]<Ϫ_1Q 𨦏4P(zn. b3Yln?E{~х`⏀o1u^w3C.5le uB_T>+?wG ` d2է_髖*,!#au췾S'nB#qDwRq{/ES&n/3ayEBqUnf&>Ρ")*%W*4mtQ '6wGClb)2j@WeSC} (AmNJ! KK2[[G: [ E##mU'ɏy~ lcL W_a)W3KMp-$>˩,#:bll.`jõZ=V{_1hLCAJɵ3 .auHS,Lǀ+9_N0hYq`o\! {2 jnpHG@y[$1mobh~Q0^m?qPG -gf`s;ԓ9yQlD>$ xUj,P\65n ]{]5`Z" 4^$v0&J˩}{e6 h`XaPo|u(ՕmyI:*ی>#Y{.D>(D[: c1~&^P3'_>ieVO{?k@"=UfguxlQi]BR!tF1XfAkA<}}+m/J1褈ܚ `<sA@!IeS+VbXT}p`{~#`4A`V6ӲV4.T;@eVL lzŔ]C1F( Kx@wN0X^{Gy2C1Pl;Hx+:z.n8M h6-("5Λ#M}t|/Q[2 UELIvh{!5YI.URc6B<S-!'CM{1\ },>{9T=>!\X ġ[J0?$R{^.3͵D̋B0BO;,r843Fx f| <#Snb3bR)d9b1eG 9R0,+7wsZ׸iw3vdiqrz75y }dr^H%<LOcTw Z>b!pοx(fed1tH𼛰ԃ;"V1n';%Acy5j1H !ބzE?͜3jQv}0˵4RMI7ps&)ec d/z);[7u-ɭh)2Ǝȋ+K.1Ht`.PbvPPo_VɐyeCw/Z FJysF=&R~vnl]y r{O(HmBwdiQHW5>I6: t0=67 G9_SjpwISu Ȑ ^ՙjk"uH+Xܐ 1zQ"h~%k&*fU2aN3qMq(jL{Re0η5Sz8i oޗ^,Q<Ex$_PTN<ƶ%d_yt$cgK_&g_ms %zJZm&S'\H u5ALn1q/eHVߧQ΋]}~A9-xսJbdQ ^]:|@N\8}W{xwtOkSeń5QiP-8ļG@+->]o|lƭT.cOpT em8ЧIVz8qjR0ݺ iUؤq?xGP)pIAZAcww6PC,gU?I1kj(BRg/7#5W-$ꈜ5!fD)~;jkL%nBdïߧJ.cT c\W9HMăuZ0uDlFŎm`s.zX=Q]c- NbY rn4 yHtʇm%徍 oxHXRU2ҍFؘWDgR@$@ZJ锇l."eM%Fz \k:ƉTgxGvZ& \`6"xvGGi[lɟ&dG^{f h)fB0;ETFJ4,,"%JxyI3BC"klgb,ZZen#4o-ܨ= p)4W"kQU Z$<%0J8o:5!b9I$yQ+UF~?K,? QkHB*=|MAECH%UzXFж I/ Zc% >,׉@~ jL\Y5/˵-~766cIߐ0ʀA>`=Vפ6R&/rTK o xě (VDw"JYN@Aܜ ;KX0.MG=TOA+%m*D2vUHi't s60oIuiRsc֤,Hˬv$ ;~#8ăCuka9,4~Z閗MǪ<%{$W ^#&YfB Cu B(zcCF=zքhl|R:ZT+2^hS&s" Q]ex5[HAV@kf)z{thMn6A67E7t ɰUvr㾸^s7xCUg) {YeN0!(FW㓫<U#!L6Uf~L=rqgSϸqeꆆ_s9Hˋ?@@K 9H xaKugRc]ԢQE1='^Ki(O3HtHKgW&h?!cr@#$]ݦjºD?)7I`5;]L*o+uV}~Nr$1>A0xA3WA kauD.0vvRF (EZEHc0CZzJe?b`T̢=-JAR3ddq\xҾoYLզyp*bŎqn|=M&T.C:MDmd7`CxYKa5= =/SkҽDд[';):o!̌#Kx.! Cv+]I\qNx/)K-_ .aGa.]+XrOS 0ʡ|J33bj!R4UG@I7+WW@0'~hR 6!MC.G<:7[Tp>EnƦǢ@7gіMP[N)`;T8p[fXH X> Xo,M[8ݰ%nƎyUϷ3RI;ɷ:t0&+ H)A q*EOI2[M[]nA@ݲp6_b_9d\`ڊD> ~4*_K`\eh qxt`:GxěkH$G„#_&(I~Ž nLc-خ$Mt;=Kj~?NHܦ`slޓMFEӜP}Rok3>376GqpR!.&Wgm]nT!\D6k3H?UԈپe{tb2: {evk\L|-59{Nu-7F!~|pL#IvOXSF \5/#|j HN^:"h`ll(41PS('¤(!FTN&,d{MkK~¥~obhwy0,\wp*یAJ0}]?uK_l;C~1-M񱮯aN(w;%Μ3DtWpD_(OjjÊ F<e7l0=֕EQ)j^wm5XT%I1ri$9prmNoӵ7zYSF<=XTY+íl.<$.&1ľ̓+5WSٕdTL#`x^ WҔ@. ֧/p=u07U䄳_|Da%NgT+\M;9@As/ȓ@0LKBjZܓ2nnC)U4(z ~*u.Amfu W)/UOg!sT!-u [,ix fodR/ ։Λ6nUpjfn-; [`by>-$+\!n뿸8Lw?51&ʽպ6L,N,[=7:BIOݩjNq O 9[E03aw p=@D ~{qfΊXbm3_Mb~xN&5~\rc!ISv3fAVqڭW|x.w%{itCW+ct"6x2t2tk0- q=6op`C܄vBޗrEqj aSJ8Tsmƒ:1 oF1v(kJ2gr+CX»9\7Mf:T#/T`}&v*q&"4'+{wVhDӀHI|ìs$a v(ŐHum\9˘Nf Wׁ]|6*\n~+y2mxd,x?׾V Pn%RaVp[W2P$CcIx9662|RcДO8l n MBQtI*ia^1- /IZC6XnVB cu!D<̓||)v3CׂAF ]E*EM=Ln%w vou^ vE9?CЌ[i Į% 5)Ǐ~u.HԾˌWtѥ(ٯ+n_͓OE13eeu(r&;oz9ԐBkGs|^dPFI?iu͙ѹc&r <("kH}߱b`q.t#`W>x,-SWgHѧ/gKXx3J@}l(4̛tZ mu%]`XbʖXE9,I,i)!E C׭v 3Y_| }8uc0s{suǍsΉh]͉LX#Reݧi-PD^JQ[JI~W~%M/ t^e6uqӟVA>!Ɂ7J&e ̞[4;أ;p"+Vd>;P7OXW& !D{mf+k"7κ1^2É}Ll fS8ʨ0Om BѝGhSk6"enrdP:y4X_^n4BDcr7]5>Aa aywJ1u.$A5̥lTKEچ!J 1O=7|ۜnEwل ŌytkW21OfE!箓?}w,%{lJk zrJ΢ɹ0C)qYbe("!2a'"A! @YkN#hA`.QALH(V3!Lit˒f@SzI:kd(yxOz7wWQbO v{GhiZ >.`e|qs"uQӓjG(yʼj䒸.`'a[H,vk8UF_ƱUhR8%*;w+!x_:h[#M}Ӏd mq~'x"3u]S{ ;)ẇ](!KVEwIt-o|nY=`8O_}5[{}Uܒ W_Grwz>,xNBpC;bw/dգ(%k,_^"21%gZiC,A20v{Dcjy9䝿NsAu qܻ̑K}!@#&~\oH7O ]HޛyݘTo%lrw]ٷPjI=Eڼ3QsvRD<҉.+ HA>S&5 `|4'izޢ4RK-hݢA°NAC/qn8x*s0ON{8g>l˰{%$";Z!$7/G_dbƽyqA۷֘1˥&>* `x,qu Y+f`+lʂE0K,Yu7^ƃ+; ^*Q&$#?G֚03#Fg?ޮ7(oa_{ig1aʧXwK֑:X>WX@B 7BTr%_E'])Gt`M^(-+ |<1d F<$0Er"Fp x3P#(XV->&un- BDBP@Zv" Fnݎs#6! %K_ =d0]xM=c| *r0tΏ]`Ow_o['H7-nq _Iĺ)~˼htm0))$vVO6fwl߿N(e-Mu HD uicf JVGnm= BLئ\ u]yqR,4*=XR/<*N[4&娝n0A Gէ!8C+]9ȼjR6`hNHIY{ Tòx.>C15HJsuxz<~.ccA#Cy]aH xUfEzQRdgqtgbz@e%%ɺ7Iڇ SF7޷þqB .-lbd]43`઴SQB:_O/"n%)v'b9}x(|&V.fGKHS(;* Vo ne/>pP*D)WPrz[stFݐ)lE"(BCք6y]JU1ۓӼߦbPݏAsGʍ~z YL GOh/䟔1WIω٘>l^٘Ka*X\*YRa9~rq,#z+M&` ՜䱚Ҳ`ۻD lגsW%N{G0 tt2\`?(eHKkVi_Pc-+eOsչWDܧ3O?STd,40IHbB:<`(硨./ViN֭VKq=!ĉ'Gsˆ4J:7{CZ\L D|ⶴ.su˃FlȄW)M$I 쭖yZ}S.,^3}4;Ϯ6 (Hk2.('wBSN(]G\K3˲^锕o,Vyfz'f!xDXl뤸n54m7aJJK2``ߪR|)Áh.}\Ev}5", b˫B=Ԛ%. FZcJfy'wQ#$|~LS}CYQ x9RE!=Ta#yą.]l 6a^Qh zrD R`zZXWDĢ$DqpDUl[o `be>.輫 U>0:.nSꐪ*p %%:uhC@dձI8Qwy_sq,#pі2U[kC\õH7XKYDӀYܫ2WiwBLZ-0v8'&c^0PM X{2*7i T^fE Ɲ->!MrB . q]$C.d!G|Q#>ânƲ{jN @Oïgekss wa#W:mJ&_ΐ-t/p=̿Ěʨq{3cE aSBh4uBPt۱3תʡxnaz"p= Z^sӶ lӳNॊbŸjk,p ܸщ?-_)AT7>o}R_Kfse+ÎԞdE#NAuʻ Rqn] 'P #b:푂Rͧvd$čl\R-L/45Qݹև(#H>ܠ,ב~NuA-$UtZHlڶ@&ϣ`+,Esw\QD.; gxdMr7RКa v+ ;'x> |J8fҀ/*Y [uqE~:?yϯԝn탅,&Z{~9Fk!_¡m`32?Ȋj[7:J|k%)aN9i;]ƪw{JYn팎&.4].<.HΈm DU C5d^ ?:"\Yx>)vn0?Ԥo/ duc*+Z؆2.5E6ˁ:2=ƣ3)fV IJmK\!(|'mӖ^bIUmgaDצO)0@ŇiWnfqYQkTgaA iSmN-H:"nj .բ.Ss`:3wu1,[wƘ&.'s*3v"_KF;AˉIYHV>*4q0˰d)UR|Q`' o7; 2ex O WS fU|ݾmΊDw#ez3j,qIQZ-®mjwd_lMJb0OtD>K ղM2o,/ YRR`kQ1]x!wu] ͼ* ,c4TV7c#*eQ.\㮉q>y}a%UyRV5]Eua+XRB[WbqXw&Xy]ͪ_?n&' 8eE "g_c۷ BzO:;|JȊa 9uCG/K֫}U>tHtGDŽ`3˹HCCsEf6ENh喲"`3M?)%(#dw G֜dȫ[LNũȞ8 l3!DçYx--_1߉=| G{Hbt^QK\nAuU0h%όVt>GwCWh5M5뜜6}&NGaKX\7ǦyhìN0FiOQ='`2 ͇6չI;zek>cSbRo 7_tBlDθy9?Ñu۔c峂0>䉮d9U 4K˜q+7%u@qP@{ά 7ζGͪ㿾ueC(N~Pym'R*^G ذG3 ;j+`R:Q={ ?9;vwRfjj+3&nz6Rjk԰]i:0_KBS1S|HKv^Ba&:ۃ|cԁ!(ТY,(or]Ϧe`Y zjJL )[oyֳpMI=ŦU!]tۈl=\bSq%D}3Wމ\q٢CDX.ۑy!SN7h)GDkMAGiBuCE"* Z%wߛӣwy7c㛀:BCXY/WusyN:GpQW/;aJYHRs,^}@Mu/9b&*Js[P$=>ز~PgSbv x_6U݇qd;8n$D[#`GjD k%8MV ',*O2?{ Uﻇ.jA㥗Ѧ?X-ؑc~FT~{C1-4[0N65U,eG<{?4E*Gjn `K1gߊ͸}fwKm \wZ1%d(*7fv3 a>! - K>1"Tb_ažȴq%d~Ej ,'NmvBMI' XO 7XMX1Hq* +"w,9& /Em'vp),9Ay#S,N]LcꟋB3t0VK<*h0%d%B=xF KU?Z/GeIP;^ \^&Jo D3!M]<=R[yMlcЬŚ0Kzb<oO{'h?AJ$|TUeC*h^lh8E1^ ]>ّPUŦ )WHW> EhEQ/.@ ijZQ1\C)0 !ũ$A)jpQ> ū`uY>eU;zP8 884۞/ ^`_ZIo*[;nV_dDZ?(8A(@,TKyb7d3 Kx%| |JӤ?F}qϐKv)Fu_T-s)H0>t+&Z<)+|C0eQ (a.;wl:X\S2lݦ5[ۛ7ϝ-J5˔NwL8b=hQUzpj WCJI.ֹ%Q12eejJ3A~ {֓0Tfx 9_B6^5\kK 9gw8A+JށiB:Yf!U̶I4![9gqݯ>`bǂ`CXp-<7"64b ☬5 ;*J!PYo+}wWPz2ʗZ -q6ޛ}-H0Gr\$Ch1H WF@!8 `cM&a.҇FY:x][lNpoHGk>S4Z;a{PȈBk*[ 3Ayc([:mm )訏ԍly!@6՚)nL4wB:I c]g4K!U}-Nkw'Q,aʊR׌buChw`4N{PDv Ol}v9ݕIh=YSiZdNVGi[ W}#!A-–1ax Zan NzH.j~2¡!;'\&SKv^ y])JMt+%r*6iV|1iD1)^`Q.$A0xįӿ3Ѣu|'ASŠ%셯xrk+,z\JGD{.A&559iX*-j)w=Q;9Vd2@"E-"Y#:$֝8ge#T<ҥl{Pݔ|Q6̮#s]S5{gS$T+?<eVDk{ $D(3Pi>332KZ(,O\iCR8i(Y(r/ B+i[S^Y A: 8N$\.M>]}Zw>w$"nwX?JxQE/~"zRJHgl.0;QZ*bX&gEfOX>p c>~[J*6\H+[R(̕_az=F0H B%%!ӏP 0NMڟԨ𔳻}JT1S,CJ s *7ݰXѱ yA%^ I)a}'#)R}VFJ+9(wuI1lVFJLaoHw)Tfn6Ah]S*jU.u-oBO30U:1I_K K-PB-]k!o\6 Y7ΈB[7ՅjMф q霦M#B|z>Of 1+FC.6Jd/'9Ä&A&+4&s-agR~7p{}<\m jkkpȷRm z>,6dVZо7(U~=³$nfu4Rdh l /1m0דqab{7PMn YwTvg.}%,[1Qs͆rѦK2 7 =qXJ6%K.zoOȐW0Q6!8(^+"ȻSGu"?j?uFmaןnW^ [T]~5 ϳ.%M XS.l&o|#n'T,-F}FQx^#@PlU~8'| YdEAtoTX]>UV̞Un9^FV*JUQ[VWS{3)чB+ӅA1['bofdՖвA/p\ٿJϜXy>Ky7dDo2'r4Ę\$">>OwgWKsmS,;й6 _jA, v=+4:-ċ Us+'h(u*\e׫J njҺwV?6{P]z"S#{M{r{.l ?:ÜYzk 18 ڡɅv X]in]<2᥷xlbCPp:4uѮ,$y!7Tmg>Y[NQ7A[2#?.":D#ӿ$ jUn8UT[^sl.R$Z%Ӝk(&WPM2CJ q0)"&s k+'/oI(,dٰ-s JBtB͞#j9]z9*9wQi A9ifT ZZ.Z]|Ico` \:Yr82Mk^Z7vvOw!N4n V9#tXXK*|p-Uqcg"T#6 Lxx2+(,ZNyx" ?+c`itgJ VlΤO4? +w\*ETI fӾ A{^ϖ-84P<I^_҃ ͌ CƟ9XҲ|RaMf.<UҐYT_Ks t?&:;|̝M +OE_mwl>:b}1}+Ѥj|a(vVF1Y:;}y%H`ݿYوcbEWP ~I!vj}xXMω^jWΫ5\px8F* C|HICΐO}lvZO6<4 5ٺIB'$\~zB(0W]|EWd 5 =|r2Pl4(?)lx(O7D@PM[(1OeN~%+sLrE<힋( {8uuժ# ͣӘ̠9I'"]>tw/e2 O6yqtr~.e`ֱpG"[XrkSnp^I "\;)S 2v]zIw]*@&[$y} hA.ؤcI4mX|R }".)e\̇EZD=hSd˭PsAL,(?kp%-%LVR1Kl)M4Xc6g`,\t#2t _-͠JDZ.}}8`:Ip~p4KWkYq[Yzji~ sSaV/YW#\?yLqDp]ʮȥ1$N0(9OU-fE1VQ baopD18FTTu~{Îr53dCOUO@W8+5 ;wHٯ odZ${9i֯ 3'/8:_h';(_~l.fB.ɃtNQS dP5o*i=( '2z2tҗJOC{#0iPHwtNV٭!@ ]T[mLώL%_7LY@ wxo5Y_{gnkK\ D0[Р:,twuGZGg#]g(ZNlO +,T;niN_e7 Rfߩ?`DP1_VȤ|31ggwƍ|koZ>B&HW6d|ՙ?-8rO}ъe+/ Wr TP2!ǖZSpZs㷪im> qδQP^ȥwTJ/*KekZCpnS}[s/ukLM̂6=~̾MV΢iAݡ,Rp%vRE Xqg8=}$+YTBx1o+FNk WeB :+o]f\'̸j#!4&bљ0br.A׎0ʺ %[zQD́nbd4S6<\4dv9܂a#32jah8d P }ꄲJ2t~wå|j>"O֙XFNG]WSVd1H:o @Ԛ1A7{^~]g >fnWn3PeY6U%~~r!PPGJj -얆$ ȐUNl_B]PubAeir(pHUw<]~񋞘fȩհl;4hD+^(?h9RTYW{8^: uGk|jgȡS+&w k4qZR)q{ǥ#>[ lv[h?mL"?E-P[Aqfsc~(-ˤG"N ڡ#q#XXB` EݔD*-9:~(b%q{M*A+3+ 8~d~݇*",2-m~6 6o(}B%:Pra5:ۗvc"ֆ;!C~( {/vtTe٭gp^HHh uk{VGTqr >ǵ" #Q&Z3n H&_rVL= oS3FS#c'ºM%B!}c^SSG׏/u~zKb}%$E9Bxj4YBWj/ȷEJ .(xs~>rAokϣs`ii۪!89!0-3ُ+&,)5b[۲~>e c.5k40?!k+jZeT~ޗg*T CAݨ߹M3Bh"W lXR? 콧I#C?PJGu4PvR%Фđ\|i1i]1}k@3q>0Wybfr w/Ql{2˸̿ЫAO)S\>"ص,Gj=G'(wk [! A#o,~ÁSFӶ͔[ <ת>w˃SF*\|.:m?ȬN5ZM:6GkבHLU3QTQ£S /YðOUO;<@BS`^tP$|EX`.@I-^ľf,6ѾF]U%t7XJ7φהk:xԸL h_{_vQ6K8.dLpG}NknQ\戣{c !|lpv&XEe`W/e\r|y)U*P m5Y9tB$r= ؒ~;Bx>@x$<lʁABs?$x *3C~=ͳ q,gEI!pUwo_h! VjҲ iiq%ᄅ1a$legr"erb{l,|k;kQ6<8MӪp kJ ɹ:Zq5iL?{/  (Q n!fI 3em{*Ssmv?U k[FKnrqrTq$-oo tret.K]rVDMyA/Ao&qQvj,ph7\zU}{}ȧg0X!)HUk .m}q6xhPztL4pw3۱gHCYt3CJU@q58Hy3,ݜ?P$(Dx [@_=ˠP#~5Yi\q=p4U8l19~:ި|9BLm|GN`:?(65 bG ͆`1JSM Rcbhz"OL~NK_2O~i۸y G7KMFUVZG8{7y$?kySiRPŽov`1Wv;㒍,47NMS!yިO]3;6zq\OTiRKޣ'|Fؗ'þ/ռb^J_i#/Muj5Їu.b`NNe4.K&nrmNᅲGh]z3roDYp%gLXvFss.=cvgEg=_ &x|W]ݴ|e_G?Z!&'HPPZ]-=uacVbȷucٽ%{/ ?6N(7qLX0A6?H4 ߢXMKـ\4L*«rX^@ }G  j+y0|š$i>pSwq66"^6# wC3anƒJua'_:mFlKB"T Snu\&q,Nd6d#ޅX&qYe@BoُcVEzC8U՞9%<|=57|iw((^6CәTsbbSՎVng/ 935^ ROsd׆|!:~7|ɐn scjO<3ln[ic-y/bL6vi?[oUV{%]/ta9҇im-41ub;U»3 F`<~>6օ :/SL l !>YXNV0%ou͵kw`6tRCdbWfEyFfAG":㶽]%R}wӪc+: MlnbyP՗'OPks&_ 8K;=_AƊH~p{;B,ki;!Z L49<Ӏޜqt >m~&f-,9ӉJgw?c(%%Nљ>hӤ!nb(R݉Ńs4Rh3iӳ&KuosO9Zfkҗ} 6QunMJVJ8zHfO|q䣺GEwV]OޑD1H]4:|ssH5(p"݄8j ]^Sno? ʭ0($PL@b[˂x67YZCn7>\S"{9b<RIc0) v^h. Mbhz/D]_xo䅶H}~|GO`,c365)8Kq.=+Q(\,JEI@B7([]nMg$"T=ULPx*gc=6?j1C;e:xj^Lp(QۿZЅ!"diAIܳ&#`د{sڊmO̓pLjܜnT`â_r0iΞ:V|25ӏ(^2]*tiDձ Lޙs3 >0οXyc/t\Keb(Qb-{!.ҹ<4"4=ʹ:?ĕnc`A%gJ%=UPEbJ`@t_ ֝q8@k0o_g!$?w0H`4rslgX 8xƿM4pJWsVh&[fJ4/dsOr-n;03q/JRj,ڀ?E>p: 5Q]IX$ . >~|ne˝柕Whk6 АmD HD;ce稨JbPJEq0 魄TV[ mN a? vƆe?Yzƫ,J0D(la?+7oQr#'ġʽ԰RaMȫa>ݤU'`o!:ɵa2 >2^snɌJT>=cD8;iydd%L*D[O8D cN \_ Z޽TT8s@*uA|?Uּ d)m72+*zA&nt]qT;ğ^:{1ħ]0M#]n&4hi[gwS`{=ƉW|][ ̰VǢZۚxD%qVx(yW8+XQ ă`WTZ#,J1.6g4oq=2R!m3~|2Qb2iHIҚ7 LvG}u|8>ӎR?|t DhF$S`K&X?`|+"?cEˤ"gZ^HǹM{Jpuj$FaXRx6"_h+Lb:>U3#YHcM'JH_G^>PՂRgP#Nfھ P`^qJ+j# ^([=9 (om?Mhܘj).΃11܅nILoc t*}j \wđ.Tj'qC 7J grv 8>-&?q7wk+ | ۙ&C&AՊ\VȰ?K!w \zR1Ss9䎛AR|1(WƇT5 To; B'\١MFqHi^O34YxѲfV qW70 b5׷Osf?j&v,B[ Jxo07ջC=wh9a /$>dw[ۏa$%} n_e;>"\K/n ?a_ K;wgflP+h9mp'Ep[#E8Pt lM"wQИ?NSQC8%I1B.Vg_PkJC \GF);wes= @>aݜEWďN9&NI\(݈ "ȷWv0.}jXJi0@կQQկ|͞7&0`ogqפ }C+-AyW`XgݟD2x~={[lsBI7%Kg%5Ǎ3I/$޺-fr".c8$3՟NQ'8O- 6=AUq&@EEwx(9VIᥞ6qCI%Ә=O{RPOV8[=|Db `jP лӨ&aC T߭W󳞾16@dڡvtUb ĠLӿԫZܱW 9kxU؅Γ4K<&G4,v VT*"u^Y<$ ?䢄S~>cfh`El"H\-X7- 6"> $2-k on쉳Y9xrW0_Gԇ^e6x rY 6'fҠU n!ዿQVlД.H":fV˴os(q[8SZxem4nn?]g>CrhGd"s iZi;* kˤw1{,rǵɡ}|nG:/cDö0`('Lh `vۛ5bGWk|?:}A2Q)v!$H]b$cwͺRz܌!dIÙGxhq_D;4:l~Q?bWR>9:FXع{'F-姉:rQ8y%Wȑ-]8 'd/ui{=c^M Iz[!aqE11E,RS)I|Tmt&3?(,g_ (;D}_GBUH. ,v5QSN}Z{ l=w SZqk;,:F^fKâ UM'ێn(HdwkO1e{M?nQE:^7pb 1^}u(\d٢ЀwMO:t2C\0)U:+) D p#9jǎUhG^ g| 3+Aש)(8 Ɠp13g.%X*s1qZw!9ʝ\43LD40:=)/'L,-c"~J4Ӧl`"PHdm$onoDcK?>]1kzL_[+ƀ=Huh,U4񅄞LEL)̆)z,BmܺX@߷>85.1=ct&`'uA:bnAr(u7m-rbIx.O'87Sc.fCJ!pٸ,LNj5XLY /z 2Jᑐ}v'$~hd6RiĞ+'GDozƳR!=6nPmh2G6̙|Ⱟd9F?*2kc{1&R9E#`дk ؘi1CIE<ǓBJ7R<؝IBVD7t0#Nl3r`Yaf߾%)bkE[< 8w`ZGAy4hTТI׵bl<&X\!ʢU q9ڋ[UVlVLOmBÍn%hbP)B"ȩAKJ/p7kCfÌyCU e*Y~w'k5Bm˭Cƕ? %t $5:x pM۞9#^w]5R ~ rhI8//BQ.<qUb7gꏒ/>N[ɷ/_k5Ǭ])5lfF%R2$Ken=g}g9h/'`Ж*vP I=Wu*3#FL@>}uPPǹj'zBq*#]'[Y-:V#5|smR %VE|M2I#!;sM&*V4\Ҙ$V o,P 7SJ4/ĎagaS3_Te!*j%VRHw2~I-iGbȕϗĄnO>8LQ> J|)WdVVM)i'u9OQ~ɥao{ x8J8%=hjO-2Y9f'SwxMυ{c@ķ^YKW2!89iqcGUKr7R{.Gh ԋzVoN@|[aKЯbMQqֳ=L(ϳĢaClCgzgM3MG}Xv8u_AɓR,zP\BqµD7$/ef2V+"X7 o4$$֝ X35.f8GMA30\n<y=~u [|bv*GVkA=>3Y1r,0xVz5ؓJiUZj1r\\>~ԗp,v*MZ &}.MmbxUStcp2BO}n._Fo>Yw6DT:(B{'%n̵A<ñ8z?{ʒG L5@HXq ϋ>w2 #0G} *^qxgAEƂ8f (R=RИm҃]/vΰ<U+|Uf in`6,i_tg ? ݐON|)Uз.]ac](.?ߺ Vc^\4ˊ,|;nEhKdۻLhU('ҩUk:`G/x2;tzaSDdg8'W))]Kǘo )#:7sHp4E5A9lj/)ErgS+0>V$iAYċT8[&^rfA ]{ȈɀI<ifV*-jBOT6#TXO:0gOL%(G)uVf߮UF{΍$\F̺rv:rElu3Xf¹QSͷSd"Rع2NElc,AVTuO22e.(%8G]#7~83uG)  xu%V^rWA rès8 /O]a7kkPѓ/^sn-9VX &v e%f4^ʲv!@ ȡKM\~h!8@Dy5]urXaP椎`Tڱ׿QmdQ:4䮪8 ^[ ޑޕЧPg*9E[=XIfi ݽ4.ViLMyv3t]Fg4Y ?uQ ΄ ] weáx.]^ʑR\w7||$վ.MA_֠]{l&X dPRͺ*^?ȏEc St^{sFxg$O__R`dǎc@WEjr}sHfMx&M7N.Jlaq ?N=>ѳ%~YZ|#(.~ 4Lt)Ή쵈 G npó"ZQk8#'6jpey/-3΂5Kvs lE\_A U2*Aq6}F.3P yFTB2" Jݑq0}]mFc5bwϺ1Z)qO)~Ayio6m_eá$7bvuZˠ%Гl'WOHu9H|'.UK:#w|gI ,mbFLOM9"1LE3'p `'R29Ws_(7T;}\t՗_^`O\m0i'浴oƨC]cUc{ TKm䜣y9@ wQ6wzj->B֘?PLњv{T;!4oȟ_d.30ܝx(^UZ! Hqiʖ-/8[bi;L {Hi5z!:lGc߁7ϭc }LW2ЙMX.suGL'"J5-3^ W5/? I7+$"c>wf9w2XDr ʽ(:oAu' ndFx>YJ URNL=up?L9$zH{3}?cxIt9ī7_fKNP<2 3}\^T pH@mqX,KR"B#A;{C걅&]ʅ)vb!P!ۥ!5l#nw6g'?#3 EULTԴ {Z&ܯmN~ނpxz~Lv]xA(eSw0ywpΤSz۝a竷8cֵF$9b;Kp+k&wa."%QfKq N*7Bӹ^ n*--/%z-^=d'!L #ãz-S^S>ZTpJi}z̡C>VNlV ą@y2xPz<8\#"N`-"dPA( &n\P䯷}#㡅FV. bN]=4?pABŢ́7lc._ ¶EXq!#T79XFGuHSGusX2CUhJ%*&^cH-#ͽ?7ٴx`A-T@)/dUeG7wO"i:CQkD\`Vp`Kjw|)1ؙpZZDsW1ūOƢ=([)G92R@*H <}`)i~ZUjv˷4:Qz5ؕoQ\pX/$`Db* t-G8CI0lXO9p/izlulTo×%VF&e2GesjA"?L\8e$xhξ -BHGE(ucB9pHUT4?S3&𥴽CH`[&e뎖&MUĵO [UhDGng|+ l)0 M9Qx; k|Zzhb檋M B:ƻ'&?bVx/1` CQ[탓_LP2 Y0j TV~pP-OqEBe G6Q՜\ٍyB6DF$sS9ւ\'_`c쉯_ih6 \P:R[DeLX1ub0N?SF合3P236AH(\3^sdۼh]2K:=71!GC%%=_Osy68L,x,^%9ȤM^6$Jzy<=6\VL;?8 D2);4n)M_pB7HBlx3v i U]7Yzf@"9knL[ "E\ N-72;$/ĉكMb"VŶ5AoHOJ핮S?w "]eO!gm}}_i0:i#C5M)aѹYgmto2rN~kZ{(iSsLdLx=$7c֍)"Y61@`\hrVG9U_)F Շh8 4+&`\0Hٽ4;o}Nd֣D;P+xh䧶.(rf xv"3MuxxLbBF;8QHd/Sr/8lCrmj+45 GDRZǓ$16CAlE&\3}>P Ϟ^z91p! ^^#dt1DA8HHqsIfH?܏OEpQcҵr8f]]q]$^{9 I9?56]{&BLR|3R{ybBd$aZG39¢CqM|KI|,g9r`}$)R%L߃ f}?OPy> 3[Xr1p!1o ~ qOZ,rg!b:8MH뺾:0Ai}?umAk&v ]D H. x 1B/ysN-\gFt)QaAB"x&!+3pZ_;v 匿a#`x^(owNzWgò\ _pKjoZHD,e3B{Av=%g)(Oƶ(;!4w[H'_0;d~=ܶ=ޡ3"cw}X +W춝:xG7U`fؖ )>>an{|}j]{(|%4c̰a૫]1\^ؠK7U2EP ^=;@_}W}y1t*LՃG5i/->%ZZ>eypl)jy 4}㿵͢PBwbzE<=!B?vQ1Uߚ~u?CV U /rߔܶ.YY uYNqNun 7go"? [ko! YzxpXq~MRXz5I'UѢ$ BYÎ9LVW pVfq5r5W/Z}<}K;6hh$Lim- Z*@ iOx_%:c/Y}@bU$OY82`QoեqM%{*I<@"&!C F }SWKz,uVCfh,y"Z,彨,vL*UO+O~zdJ#增}>e6}_8~1|'K c)PUƑ/d( *2eM?6P 9鎷7y \.qwQ_ 5`u+PjcKi0Ԗt^p+es켽4Sg,8u8U>ϛ; ~:<#(#xw@1Ň[-=ԝR%Ep'{?J@%*7E91 FCI[c8R v,'ʋH,xYQ}+؏ޑ3{bf2k9/Zwy|Y+4}Y.WSFL-3/wl8dFW oeHi6 }GIvj^XwyhdW {Mmu\l+iN,#/38q(OC퉳C2amsnS;̬0!=<)rV6 wx$5ĒK.GH .q χTNgmG4;7,QO(=R7JU9v_+Tmc(}, LU<̎?SJDyicsG`/Ü7:19b48 7<`~ZH1VÑTwMdrIѷ8CybqMS۟Ԕ:!}RIWRHBAp#O9^#5OKh@b¾[ꎿ"qv39iu7ElabFy,Gzix(4\dWkeM 3 \߶ *Jh : ꓇b(e|30quB0go`RI0AI 2@/qK'j24p(ꌷt)̣-zZ^`H,o6_7qCKkH%{Q&K+d>dബv 1O;sS#P>k_`'."v`7|KX5 [4KyO)0kW\)ϩsG0F)RɝK㰃?p I@,I2US EzfyK7s&Ep87P`7Vvn,0{e:M7;n ?r9UܿHx́)滮 W|: >y+*Dfb JV \c2E1>jo|șgc0H=@8}~-'ܱ. yoq|Cq4} VΨiM heV a>bï@'4$m5뱺RXS̪b''7gq EbDb棴b q˦<+f_I 챢[[d:$?L)̎<'xWvw̹rVfށQ%w'ibj,PgX~2I3k^lcO%l<[D@@ ]/d)I H(C~|#6|Opp c>zn2?iJ^UF>ƣop7SdhYYNܥm#lX ({N;2lOkPML%= Cg^ffCwA.bdtꈧ] Ezg3ZsEV[]?m_{+72~͇ԯtG: O]8>D`HTP]UļN$)sZeՒj!BNdrϬRc:& u7֩ @E G3*΄gΧ %ce+QSAg fzV Y| k5#r5kƆiJ@I5!%by SEB@7VBTżLzut  'l5EcvڲKwpeo^ka$bЊ;["8fbi^}J?pEYZM TiYă QMTY4Wa+QJkbRrNT*Τ_nm:Bɮ>.^{S[5{A{T~ RSx9YBzb͂3jO+lS9LwVertQj4) = ]aǠִt.!ǣVV^jq9 .7EP++*/h35=.7yqW%1x;+W7bf)NLjݿ]53}A|7'~9l}X/UzX)R#KcWygiSrͻH3tMFAsgTӌX/O=.)*?}sADyQ JÚ]PSj֮9ZB=T;{!߲hk.\o,jOퟀ-/= t>$4{ yi݂}^bP^:0A\.3CVd2UIb5G3v0) Rkc5?GD9xX\S3p?B}Ar>/LQ L^/ɣQ*ŐuD.0Ҷ3xHͲb}Z RI'j_ʜ{e`'Ǿ0؃=ŕ*;G:'OL'8D1qyұ1L/)raCe)OÍz_D́e>a+8\=뺲qE )hX}:$EA_&{_雳}ԥ1ޝ{'.Jѵ3`5uܔweF.mgz ShUn./HE8JWKʫ27/;["-E/49YRE GHUGڷ}ūmZjgHY7Qc%Yi:OQF/rE|g; d"۔Od2߆RO[s:Wt A4janΖW]h0~If,>eDK3Tu,VgC Ԉ#_nBl4;fgR+/3[f !qgN.X/!5MW#ѥJ9z'yA^la2˜=>eIo̓9->xpH%Q][鐙%qS|f8The^`ʤ >Nw)-ØҔۼwP[-OuNtTL[a6s$cݟ ½džYLheV6IsWPRzL reΌڟ$wjQvsjPl Cc2td[kRn‡bLvzc,M.ʱ(W8 ~ݨ%G5_4^WU="* yyq+B -t~(@vKJOe}ٓ0:;2{?16j@0򏞛X8,]JSm1_$=2bSj\&U$,J~™8 kS]Mo#Ez鞒.Vϳ#<9j!X:QWyF̳|[zC*CStBް~C\ ڒ|m}DNj&74[uBa_Rcd=̹"3,NB\CpPqԋ -dZc_=-`ugl^ ۰\,3kaa3J9 61W r.@nȞ/ᎠS"˷ ,>bwe8b1W.-qθ< Y˗bYGi&,z>CgS⸡YI9$aC K맬Ōe|B Wbp%U|} N͒{ix6-I0-ib֨ !=7iB r!~8^@9rBxA9Q^F>/Cu|weq Ɣ4užFK1c\Iq"AIVϤ 'Q"c#q$EduﭛHm HZ>ѯ!@+޹u? S sؒgiM.N mu2ч΄/]3DwW;?H9De#ejk-{@:cыz1#*K4b!~&oxfu (Ӝ /мg^%Ip3F##dQ:yk%ZD\_M#ׇ䗻L+sY-޹XQPW%cy1ђ3З}l c_BKۑ\*~&P q4#8;94V-SY>kUf,IXz5^Q(}H"h59.aת !D_%¨h 8}6z('y>)~60X;I=%%ⷥÿ1U,1\^5eSxs'q,Т*#XP <<+I|)Cfvesj|,)h)ũu>lqVP4wQ([C5}=(*vS`}WB~%/NX#h)Ly kɥ!(~.JI]k-k&Cyů2٬F~F.Q:HszTbm) Xe; 'HDRߥq`9a_CNMO_#D愨6OI1<4/pWem9n@Yh*vŷ64ͨ[?+/}Lc)ABwZQ@X3{@.hQ @McAw8-f_QTrB-aFȚa}k 2NE=F/K1@C ŬnWPm^ꕮpU/ yEڎw@i4YD 6[)" < I&[5V@y!SJ\CHczhwZed ;_̄Lp&D>INӣU/䶐khs%`z2z uq"Byvtm NXgDnAϑA;EXB@ 1[hsƇa@L9DB=Վ6:i"g:keWyT6BIM{?tTN!_H_E1kH'vt*3 PL({,Yp ЃC/%O–v Hu`5d]Wݲ[Ow>4l0c쮇ΛcM%FIwҸ77^b_3a%e-%p_!"nWiqy!OjD짱R~R3@Sn rv6#S&/-)-$x̊L p7E! 9x3\*۴{i<)IN aHΫ$e4DiEe8|2ŀ,Z1$l~s$k\yuM%W~mm\u*$עJW7F6B9' Q?40eK _f)[I@YسXG+շ@Ư:tpOACHJۖ)%R`s.Q\LrjAF:,]YnFG֧A瓧D- RlO`_C <9Ckݭzǯy4c[%$zTehrJd u#pʘD<F ,C}?FP`Mpp#2 +ލwo(d$Ωt`©2L)_ùhxGhsڶ۵ܜ WBm;dox3|N>CT|I%-W ,QX#a3~ JӟX,aLF~bl$MO7!}?A=A}ڛ@ߎD/QLr޹H*U^{hۇH,q1tw@+N2A7{8žX7@6󸕅+a Wb2Ix'Bc2]z+ɛc L5+r~+u\U^{IGxr-zs8R\ۜkף6 CܢћC8Njli>}STpf WNaܤSDq\SVaHoG`.* T5L… tշ0UNe(f!f%/{tF-x(t\3VNL+A婏J8})X|EBPA$P/b.Hg{k,ON$@@ǜelX$gGyCW3 YAg$$q%bvN6vsTZ~`%yE.b!)'[V 2KdښԳ@^9{^t%ӰIęNh\;TKod~̂&pLEpM\*Fl%6nW*¼"| ̰o5?43ɸ. R(Y p$ QO'P"PV}xt ו%w,=PKnTt7k㷰\e.UF(p!- MZ 4{N/f~ 9KXR­2+ec@ Hx!8=us$YqYNgTa{T<.T5ap6uA|qB撢5nB9+JuYhYR=z%~i9؃ y"݉(j/0WT& ?ѻhC]uޘM`G\Z#O* GonM{f @3IzaGb_"uYG4nnVQ {YFj%LKXz]ۆΦ=jʶnnd:"܄LUm>yy௎R]\&3>x_0A"OQ¶v.Q-E]Qd1} kXJQ!xwrύ*嵫*Ө*w/$kAH5.ڹ(5;Q ^0%rF}NO0l Im? 62|6 T %U!.(ŪS`̶ְ.onE.qLO~M."P!VS;0aw31gJ6w13h/:fXƞ2+@֬Yv6wgVJJGP+s% 3dHsYCIa.}9o^~C7gxw{251S/ dHT$\iE۸XϻFtWSzuQKvax&̬X d+{Qe'i O{2s1Ϗc?S%r/3zFV&^nfFO`^OeU8i*㧊t9W/ʆ23X(|Ze8j;u2z3fȵwgA: eB%YVJ{p1M DP|ԓT>6J=[/SRb>9!d_WTtDfGC /(L= +`,@Q.[* '.9ڴ̒J{\^bZZ3.}lg^]͔7Ա bg GLWcO~<;>,D`Bet-#~44d|Y:^Oh./sRrE!4SJ)[٠y*BK{{,iTβ xZ2$YgX+)& gq_fXAvn[\b/iu1m[d\)95n=gG|x˾K1=Le?+=C0#XqQ9|H3OԌd=t,ӡq Rě$<_IQC]\QӘk1L]0=]BOJCa|Gw'É6@n?qGoى04;*]ZQ}m:x'6M! L5Pt/!5{~J+'{uX|IT~OS9[ۮVQ%hpȓK繰d0AØ7f{!?Ɵ1D톫Oy_2TlW#gس&:Ϣ)TzɁS{dz)kTZx}0}֜tq S!QA0R*`ٛkK}L+י^v+NBbm;@tLms.akHRV؉ H}j' (K7F$fh;b^,k+[n6?WlT؃bm0T;RJI4%)㌛^ʜ q..'=L(5Ƣ(WR6<(/ gt}VU.-LE?M럿~ Z:`˜^<]) 3CD|;%`ވ=.R\;lY[q5)km֬HalO&몊ֱ8XMxGѲ7]{|@b?9EMỤH}l57mJaC3c?¢x: }IehcZ-ᢵ;LWLgD&B_1{7eqp;545ca2%rX.#f5rf; %?ߚOiͦLM Y”_: G &8%>ٺV4*R[` Mr'X}fPI?Ș)ЧD.QٚVs<:,q;>)ޑJZ>S56GX&R6=m|ôM-=:#ɀ3?otO~^Ũ9{J깛+St9T#JUoxGT{WJ F :B.W=L~j3BBp,sҔ.&đJ7REXL64RQw@gq:3*n$Ӝ)pr^)_ST<8שwޱR&=L'^K B{A$oGo~W$2i l-&[d_a-8gp6Vw+:1$m݈YdC;H4Mj1FtDz4ǰ'8Wg'Hs xuy>h}񫺟iDZ0Xᘒ48֮y8C s`@a\xs9QPCI:"~-=4Vg;|b On_7G/ ea$Bݚxs7$_;'e ![{}T-tKl\1Od5jhpj݆y3eV&h`U¢/ $71^MJ^C4@j_ Mr\5 }?m4d`txɦݔ|ͽ[`(C7ҕA,~C̓KѲ} J%#G/FzkbŧƞA!t[sUYOs9\K)rE@lq K2f/]=~$ᯞr$S :{!O/'eH/ˉi(Gsz )I *=wR Kn~2@oGƻNz]ET$IwQVLOb:;|R6CC N|V4؝|rIvDPQ&ˀC>#Z1&sfN֚phΆtP|8Wx[h?p7:@h)(@ynjlAo6dٖ]werIoU^&%^^s; :y^i^v}GplG{c}}ӨA>8[%q2_3oc\g!JZՀC;&7 RF6|[3nvx.Hnjt)}ghj4Q+ |({1Ҿy NӤ)\a ӕy") $^P3lz~l_)H#TxOE1kxXH͒!N+RcQAxV: KhbϜ+ "ɤT mQx)åDfsߔX 滛+6kO0VqrϝNXlu*1M,3 :cXٽ_lJ$O ,'N^VuM6Ӟl1sʨ ޗl 3fmK*31XPϊ>lY)mOﯴR ѲzFz^_7 {!F?A%5-u $rT1jƦ#V &67H"^mZ_eB#EɰC)/g,޻χ. &F(\R㺲4,Q0! zKɄx ocTIX8Ͼ`Aw\#cjxVZ+A0dYkN;ņl;â*}ccW9Uk5.l8ܥ;pJ1MPJ.a_$C- t`_7lH6퍶rc;CZ^Oܦ{DPao|R[VTby+45vѽT|D>ʬ Ɂ=(׵YCZP*9PE~-54 yDuK H  ~|%++*+&*G05 p^r)aZ \k5wˆr̉!NCg.5=gsZ}K ų"}r3iJrjQcVa#,́yM  >7gt!6MO57Z2"PJÌ2z 97} W+mu |; q>k{ĶֺܻcZ;Zx=Wп]\^u<Ǚn^v܈!d|ݐx0m[&0BC W6F(gjC 抒}HHb :$~NAᯏX#6|M@0tO+8{\SSE">{mYA.2*c/jIVIϔgCx6-!opIȫ R1n#Φuz-] x sm%HJ ZI-dW+ףVk5,ʙ*W.=lRAu3׀KǝnxXr{c#ɵJw%*SZhԘ A$) h/R0;\>RcvC'auȰOY̑$q$#⎁h߫A)s7%tXjiğ0`lؤ/,ł:.Xf$5|*N{K,O~NQ.*c {W6pٮ!4 WS9ŅoՒh3/{jg+A%-Ο%jMI2rG)CoffTN$mEἊ=ȔL.HP!?W~Y^:-jYt"AChbPljtV4H>IaG4U*Oq6э[zqf1 %|Fb>%uN7dn<#=\0470,0cpu…ŚJ(&ٲ:ܩb=j yyOr`4}/yCUd=BfԯI7+lh^S3|։xu -յ?6nzi'ϱԳcW~Y M$K͟Lvw AǧĝOeė[ yǞZQ&hz>o!VFKV"GU84g[ESF\ޮK%cTs&_-~M+#3 ?돃Z.1?zf2Č-n8{,ii 2ჵfy LJ"Lgͱ/V( A8 oΗ7a#VEGCU,n G!KIΪz,O<1߮G[>m(kbsk'w܍'ZTH/d`U]d߀' mCMfROqOF^ d8dW-AN̡0{MǨE"qZKN\rwqJm2GTHb ָ!}EOCw_J?+\TnJ١ ]eIG*fH^D ;>\nШl@*['p1>V"|/Mg_ K69x2";n ?.Y`)0ϨJwRd^GaLZHpu-uP"c<_|Rؓ n7sRbu, 9)u5suXvn'+;˭;Ȟ0\u9 f@T?WYxoZmҧt=[޿BKnLAؙ0$ 6'ﳻ)N} j.Qyg@?uQʣLrNyeާҋR9P/MNRBex.)' >T5q5 [O5*\&3 >SXT}!L9 H4Wd$5KEOh\%yνN%34%W5,3 3f 拾fuvSO purpf!)xa7K} fUWm'8"(G0ފνssWd )o5ޭVjH 1SBi g{>O݇ʻ=X)6B%tp (γLBV YH3^5@z{8 t#16V7'EL$&LW).WZ.`SSk=+ؒ`Ae-Hp\7ȍ /jj{z]Dڿ8ٜvo8Mv@sg8 id[$D-0BT`J I%mKbKJ)nGDN5Wc*Eb Yn)h~Mѐe-zlAٗ['ѻ^#lN "QG+m)yf۽ L #f6/z,lCdۤ-%_l7:]Vte{GR"E]gm @SsR~q0F 18o跪'ׇTV\eyLhF[zNi͟ze13-@]mRF;i-;H>= b J \Z,aP(n (eB-Vku FX{BŴ$~Xt}DyaeCޥ<\8d:7IP%}%&bh}r,)U"y$ckiЁ[82s.ˤYc3nAr1Kmz>=lv+7Ϲ)6GU^IYzT8ʀtY64 Zw V@Z//ɅO648/.t{@"X^ xܔJY)Q9('ݑ.s?ΰ>nQΩAf>pІO!@F`'9{51{ÔUzb`jyʹs$Ns"Ƣ1ۅ0btAX?F*]#6J#7M]G!mY-K|nr@6쐅bU*){__nqkӝ!9S [¾~NB55&JORH6JJE ۧ&o=@.xޭ%:ᔨ\5&Ӥ%mvP-R B>:=NO,'ax2U 32Ш:&Ss6Ą4_ha!/=dn<|y#HVl$q**J*o4LcoI—CxϿ 5l ÄM쬮tRI6մ^KXͨ#4=XےQ_o]F5[mdcz 7!;~@K5|'aoT@WyȞΉZ/hHvL/JNp/E{ɕ28?Zy) fav} XFCv]@ !# m?֯f$q7-:7"W:2 g8i!QmV jT;!^IVL =>éǽ#8 & !!+]>$.Ih*b VߗEv,DeFkȅ^o w1FpܟvI]iPJICѯ7y]Fi,ǖyq Bm;ΙPqɪNG#T?&ŀ /ݝ})4(ˁFG׶Ox 7>\M6-V\J:1 hoCSRhZeK({ b4$ҩjy6.4>h/ vDǻd ̶/Egڃq6N@p6py.^jTڹȷZпSG)oDoSZ_>^X'ԧ,:e*t* 1\ I攉vu#h S`0k>&rMw˘ۥ5PQ?{YL8[(./F +:L؀ʃ_{A*ɡdOG y N l'@;.te6F7n=Vn1%1%v=P}~_)eGFől8B X$[dӇ/ W#k䍇gz;Rb׀ kV>qs#,^ .ǫ%c6 Hr~1Qٷ0idnFoH <|Y?a>~jsa`V>c%uW*s\ɄIjOiu(-'ٌaݍuc1m\p\4꣜Wj:ܕ%0+JhhjGh>0lC85Fa:DfmU0ҼE"xzjZcSKc_4?kG\fCzZ?n갯5ğ&.3{z%VSJq=W@.z+ZXyё-4 Y}1{&Bne|{_Ϧw JMS##xb rͦA &4t 3WK3m$"2;I^;^mp0Q&iJOkFx=xEW/)/œG3!mAgI%1r)M/֑ FEfcܿ?ano_=@b<ƽP0.e>^f m\z~f [8cj~t=̓"Ux|S4v'm>ӷ| L 4 p|p8ADu/!pȬr =T[:aH@xϩV"+f4 >7QF1߆NCwSL ;6#-&LX?y 0usr=A='1 MfY#FL\CtFu@߸,y` -~fzcZ-2l(Q~M?^J#?ue?0a°H:o0 ձuHKAVC"G7< ?zSk nnը%ѭ&Ő n"3IӦ:hγaHrɈu/ݿO0I InC!z ]B??"36 …>pGs"}1iK0^a#a堔4DTXL<HgT^- ġU D 8aBˤHkMQG֖ םcluk +cB%a=5 _;{,9^7~:<Rx* 7X16 ygDO8ÑAAd[Ю ͻ|Zu_pX:VK7W*+U6glNaO`qoM.4>{K;J^d; A/a.^hA.=<Р\%hXp\MF/ 6^,,g%KDbMzXkq^Lj%0;yM^ O }Z׉ۂ)U)Հ(!0&_6{1=%X7zl7 #'h4s0lެ(oe۳b 7 T[5PB;ٟϮ!? mqoOd1 j:AM.jjc .WBA^Uo@Jg4RfV ID4ͼX2 (ny9H_zwAQÕB(d/> A5#"bsVlN!'%&s8@\_pA%/6 ܽ;@WkR=uS\F.tWq*}~uz ]GŃ;zpa•Hnu^N37b_`[{QK|.0#-qrsxE*G]˖C(0;K_R? MHnbvܮmF8sx;+gV-iRA?<:;V+Y^.f$ R>NDn7:'S>bFAܨ2fL3@5|; ޫ=HoBȩmHj{=!M$5-vU WM94zMJFC'jwWEp*.b+hJ\*}EXb> =&y9M<%pwxiY-*-G=F [h.봛QĒ$\;HmLY9K4'vwrldO,@+#<֢-/u͓WI'CaԡYEČ{4uq@hv#Ĺڐ3֏Xx ,uS~@))Zr i : nff2&a;0X N9Q9͢ p<_/VKBɜŖ)b 0tME+\'b`@l|y1H.:I2Z{ھ8i/_GP9}X;&J%] ip(;u$ go >lR}pd@l劉T/%3Vj;p!q/`QO8L-r9 /F+a\^֡[0^mp/jFSLTp hu2~?uOmb7.Ga?Ը-?I;pZi/+~~"N![Vo0(|4)$J$@v\lY9 ]{h#wi'-0 >i#a F%2B={m>,x|)A֜ sQ#ͤy pK0tC9#hlS_!UӗtRԏQ%6Z "5;nMm:C?%?ǰx%:aB\JK̿{+^bįkfU'ŘB~%Ԡ}@ +nv>ۛ{q,vd,[ek}$9SH봝?# 5 )fqm0cI4{gR ـ*.|h_χ0$*Xo8W cP1P7U*0t ){]sUd!ےl-o фP$TE®Eo:wG1x^RJY(ʹGP 'fӪo4ح~8!eIGb/>tܷ+% f|qΗrـ+ XD!k/o  `Rj$tllW)tQ j]~KlfgSk.Q֥b-100 O4t5?6>cآ߀bx*xP%Np4=SrqGQ.Y# &ߖV*?(p@:xjǴ ʽ̣IJRZ„,ےT|NOgN]ZC.l irC2" [s(U\3؁a{`;K8}yy;iic?nwbX?k#aA>˯&u؋f@jChb! \xz41Ho z2*7;3 5{!?52q5ܿ!f a'Of4UZ 'ςmZ.brv"]^ 114l}}Թ7NsyՈ0r >ownW,jfvy,UީM/Se;`]Rb[$!!R!J<#+])6Qq;'3ؚ?{ l\kr!.\* PrN1[-;yitUe,z뻯D?# 1D$׊F'u@1DuZ&ڷnx`7o6}K:tLIzc[[1{W, Hanz!J0 uzsro=C^")H R9vbU3OB\oCċ)[kIsc%:cԅS!Z-$c IyIo:RN? J!rc4i'zD<ě*61d|: `~h^Gn] #QR:6-O&1}d<Fo|1|jOK217ȫe;qk_5d|k``6*&a]%ys ̥ABHP==yj.C ō$NL(gӴ}Lc`ƭFkFk=&@4+&"8 "P8u_Ie#ŋ$=qlJ9ZO4v+3?τ" `zW;I=`[ƈ0edO[[Z ۂOwUwq:I-MNeY#(jC3'MWoR+9 9Ŏ`yc/%Η}{q0ƀWv bF z:odl _kͬssg:־T iDs}hiI2^y=cӹ3ZE>hܔ&<4XGU&!81t0B?"\_C aY}HfKtN75FcξX40.P7b/mLp'Ǹ}O0gf ZB1ndfCX &%{`3*HѸ:Ե@A2;-jhb-fyƫuIS@H{XGm.(Ç_iG0w vMNJ7O 5HJB;ߧP?K^+r}.揱N$ī7Aav'2ZZG;<1O$j">1a%"`$NpTexmtkf/ݳ8 EERC\+b'Lf8ܱ숯A/ފgȷRt>>f L"lq՛|H}.\F 庄:zfujN8gܮN `ZM,(o 0~OXaկ^ WK].9PP`6H7K>QjM1r:o-Ve :~eB<> Bt5sO`b("U Dar^rRކK9B%Y$0L*a2CzL7.k'GM_"y'qNtLN ~՗AXe,b1!?%sn6?W!l7M#މa[1`L2Ws5\??F77]i6&-UY{ uNKxG͈%*8Wb3'2/8=h{R=S -f#rT-AsdT3܁HJ\اTm{@ 3vLWAQdrrןi+9b?\򹤚Ip'p>JHcwyqlU%Z2 qn+X7P!]^8q*q;ɠm}]"aE/5e ;!8eih47BdV2sílIkVoOdiRN]N"E9o .{ՕɑqMCiQo#N}$E27wiw@ľ#)+CF3*xa|0dI$ ̳,8]#CxUV'1%MHT}G ɪ_G0.[w>\3|`=Ƕ)ysSԧ0/դ6Ζ6o>ٲNbpO [ sRSx,%[ Tpcz?Yj!jԾ]Iw2oW!M[|6:~lE}bJ-ߖ!yiPT ~uDBCOft?fKg%yt:73M | .8oN|>#z"H87A FŏD^X4<]5b Jo A[f^~Kr[kПtk8>߄F1(d"_Skbsfcޖ:0"hs$FYPh&bY4<Ỻw.Wn>juL1T1 7ƵFD DKM 4 6plԆ# Y%3># ^Kx&V"-hAgVչ=@Z`/k1z#umd.<2.GLR$`SgSUC4,;4v'kGX(ZL"~tl:-vyǥ*c3;~dW#DĚ-H Op(9"D0Y:q]o$P}S$n$رrvz TWl|'@ H̀O0TZIg n=1wSIy<"ZE>yb;hĭ0[@b` @X<1cvlڎWa-u{Km\b9t.Ҝ8X.NT>kWWdQ?a醂\/0yzBx*<fX\4& @>r"5 L-JH$紡;]t(]ӏh}G&(>'4a``tl0 ILs)%Za2lzFaO-݆B(9%KZ'3!h֞}1 >_ױTlA8_sjfD%b0ZD nF9;N6KBM抚\cg=m!lGJX z^cL ˣ!ǒʿ~S8['ޚ-QANnt*^cF;q쇋))է p9lnyc%mAR4MEU簶B=5QAr^]bTww%dO}_SI'L^.U]>[xpm|Tl Cr`WzKm,hk#p/nOo"4ԁ[=(,n75C[įu*Bqd/}vyl5UŢuLע'!DCx W9s+ʺhXQH W[‡<ƹF`o >oiol7C%Q @*=E;3)Q}6h2Aې"5)YAG_5DD%ÅNy1~(3H \.A+j00P5+f!MA)t„*Nm-=ɕ&{NelY *˧K:i}յR%Z0ۿĻ'M c^|k 4eMmWCL\OF)C y6O|5r'Ա>fu$SVnZw~ s0ĂD)a*wf19k`r4Ygػ{՟6n%;W:oq;> N8#uQJƄ@lNf$O^1+y~~suUYd8#]H*P&: 'KjfT\ma_ Da6.fáȫkZpgJ,Ɇr?#Qv`5021$K_; j*,PaKP2BQF=z:cթdٝ@H۸HrSwj!.:PZD+@<8]gU߹@z*Tf