sssd-dbus-1.15.2-50.el7_4.11$>>ܽv͹uj >>?d   ? *>[ahp         2  < d   ,66 )6( 8 98:p>?@ G H< Id XtY|\ ] ^ b}dBeGfJlLtd u vw x y$.Csssd-dbus1.15.250.el7_4.11The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.Zx86-01.bsys.centos.orgApplications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64 if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-ifp.service >/dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-ifp.service > /dev/null 2>&1 || : systemctl stop sssd-ifp.service > /dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service >/dev/null 2>&1 || : fi7K5 큤A큤ZZZZZXqZZZZ4601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8fc0c5275ab2d9448f19885ecc6dd6f7d3652ded2a89a16bacd8d9645efbe8cff722cc8665771c5abfe71c03dc172a1eacc136de1a938a0595031b02615bab0d0eff7df7df7aa3e6ee8d8341c0516b09a22a60410d4266f1547242fbf604068f028ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90318e72cad19664582f901cd2e3ace1c5f99297c39d3ad964c570d48cbac4cde334d8713dac505bf2de1a05eac6dc839019305700835d2a4b14fc424c21e8b10b04c8abf29b40b2b23a472e9e892b8e3c447cd5d572ca095c40dbc7c07c362ee145a075bff2198dcf62ab38b414494ce43259ca3ba768e79f581f250eecf8dd91drootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.15.2-50.el7_4.11.src.rpmsssd-dbussssd-dbus(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.15.2-50.el7_4.115.2-14.11.3Z@ZR ZOhYZ@YY˒YéYzYYYYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.15.2-50-11Fabiano Fidêncio - 1.15.2-50-10Fabiano Fidêncio - 1.15.2-50.9Fabiano Fidêncio - 1.15.2-50.8Fabiano Fidêncio - 1.15.2-50.7Fabiano Fidêncio - 1.15.2-50.6Fabiano Fidêncio - 1.15.2-50.5Jakub Hrozek - 1.15.2-50.4Fabiano Fidêncio - 1.15.2-50.3Jakub Hrozek - 1.15.2-50.2Jakub Hrozek - 1.15.2-50.1Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1516700 - SELINUX: Use getseuserbyname to get IPA seuser [rhel-7.4.z]- Resolves: rhbz#1530975 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules [rhel-7.4.z]- Resolves: rhbz#1525110 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend [rhel-7.4.z]- Resolves: rhbz#1508972 - Accessing IdM kerberos ticket fails while id mapping is applied [rhel-7.4.z] - Resolves: rhbz#1509177 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss [rhel-7.4.z]- Resolves: rhbz#1506142 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) [rhel-7.4.z] - Resolves: rhbz#1506682 - sssd_client: add mutex protected call to the PAC responder [rhel-7.4.z] - Resolves: rhbz#1499658 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.4.z]- Add a patch that was missed in 1.15.2-50.4 - Related: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1493916 - Issues with certificate mapping rules [rhel-7.4.z]- Resolves: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1482927 - sssd_be is utilizing more CPU during sudoi rules refresh [rhel-7.4.z]- Resolves: rhbz#1478252 - Querying the AD domain for external domain's ID can mark the AD domain offline [rhel-7.4.z]- Resolves: rhbz#1478250 - Idle nss file descriptors should be closed [rhel-7.4.z]- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh cadeuk1.15.2-50.el7_4.111.15.2-50.el7_4.11 org.freedesktop.sssd.infopipe.confsssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.15.2COPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/licenses//usr/share/licenses/sssd-dbus-1.15.2//usr/share/man/ca/man5//usr/share/man/de/man5//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuXML 1.0 document, ASCII textASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=75678c2d001ce40cd8e1444d060858c43761853c, strippeddirectorytroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression).R RR)R+R-RRRRRR/R'RRRR RRRRRRRRR,R R$R"R%R&R.R R(R#R*R!R RRRRRRR RR3? 7zXZ !#,ts]"k%{f}{&-򝍧N4ߠ6ޗn)U[1>0g-Plj. (7&dN2D.&k}),,/|3,ϛFK@ &ΣGX*}-ZݱdgB2Ǹ5&J51 .7tx5;HH:*lK2F_::`ɤ_`z*b Q\匥ЯUiE `;+hm͐*,m(sVwi^9GXͯrG4=Vvoq Nc W`uCRnuG4\(J}t 1d ag B7,֌z1+C]aF)2")5啚ݕYMwl> 5bh\OV<-**{o~ -ϩft/" ƛNuEGo#A$o3y" F2`wYElΑn6s4\G宅0YXZCN3.n<ՎTY{6: v h ^yނNE\W,0 q; kOL%EWC&{\Y>]!K;61Oh\ G$F|8)=O_08E'8NW{W˞u<5Qz~_dA}/kEq)fu+n%V<9nHotNFz&,b$r -q^EdCQu;P~mc#9x gS̅4ājk٭ U Z.0S9K3Qx+PѬj?, l#ܱ%5H(H0rgUm_sR:u6"2uaʯ#BvR#\ puˆy87|˛.r.i:O?EV2pA ?F!}_G̡ǕXH@;s,Q'Za uM {%}Yahy~J3&Їnlaȑe[z*w$ʳT8kO=Sap!d e_a&l{ny*nOea lKD LEWV83oO $)[kfyɞ K nRo)?<94+KE`Ae )Ob cj{OOdϺ%RDw!d)wX`-eUGmٙY޵e(DN`0ńY6+8(TEް4kU7e#emp+9zz?=SͿ4f&QJi`հUDOy[&[D;"MD0:j@ܔcn r4-q+CVTtw0>A!MmM3ET,FWB8w*-1=i ] rnQW{'F.7x|M$/<7ٝDZ2 RbLߤΘ> ]|ݯ)%@I~aS;;qvdVzMmrUl JvTı6Z]FZyFklb/b,GËsK=CԷLOLWoP 6VJ{ g8v9rn)} L-'0eG` NT#aolTr"tNįYGqh~v%bUSnӯIK`r8s[vSg+j1%(DVȠ[t4^Q뙈d,r [blFq}/ 6oV/¤Tb, w 'qJfӺq-fhyVbSdv>CSVW8Bj]==1y,b/pWIcXkc=-s˘.2r;YNyunsԫCc]w_ufPPޙGy_DTC%5/|ؙ+$ƅFv~[~ BN׽Ù͎2 :˖ uc,tKcԣzF~ے]U'lR Qps:OgTK!\Q$^W~+KHFjϺN݊ `OiNK5y@u':]ɦTƋS4pɦ`vN=:f~"iw  \I_r){{|i*Rnm;ʮM-oWyw>\ٽ ☕yXN 1؀С< Z't9Ekd|,Cm!q10úݘx5Y‘(GXAu/ښqܯ G$4]q Wi7?rV[Y% 'aFV4C\g1M6Sh9vVDc!#>I\v)g=jU 2 hyRhzDZ;ɾ+Ped{MfZ)p5ifeOdK*;HG:t0}B) ^-L8l53EL84K­lJpǪg<߮5Ө})!ĝ̨gJ\@_Zj)YBa1#~cpíqStFČ`G bGa)-fKXn%CmCYNϸTE1z#ZR@x,wo$;_hEA]CATn>w0'ho1ڍlSˣO:,r-ԤAB[Nz45iqlVt$Z\UD"MܨiPt y^珩l=@?IR\SusMY%?S.ZEA>D/.œ2uI 58G*U%m]rJ21'JՆ? Ǟr~$U "6WT~ )-Gm ԟ7E:%-fSXMPF w4LT@ܘCeg_/|8yas]!ķG3oDݕ>Yf&wXtR`y` Z%=8|=33S#U\ q ԦQHdyM/gLnfd &J/ɰaY7AԽH>i8u[")ە28Cb0_{,ƻq$Z16k5=z]zH:E,(ށd](b}xk(#ՌW ˥{L̗M#K!.yaUrcf0BH/Pbm]nq~َ1/`Z!`.A}g (o0uLz/~ƹQ;t b[ۗHKg;39 zk.A/sy` L;4͂Wf>><s#ɾ;,8adWfZIe+O:g~z^TFgQG\ FgNDN@O.uRxTnJp$[Vq bWB:u6B!]ʄqX#[fࣜԴNԊ} o[T#8VӪ,lP_tB /b ٞ}D2Z(F^u&#|lDP6) l9N|;*Oo錞 T| a*hJnXz]3 /#Oh w¢)EĭQwchE<~Uׂ)jG2x @'<+0sX2R:oC4G1ik_@]\skħ.5,ca|([yAЉ~1ߺiDۿ7`%3S4@}cO4dJXP=U#66TX7Ã\`o,H(Va'ɑ3'|U;]y!yapnafy&4Ơ?:I,o= ӸQf',>7^~coƠr irb%,Ҭ+}vn_b+=~Y+VM@6,u3R׏f%t0s]L>Nau *8pN|y1##q6u8y?=Z7_ SnX"[NWD Q5W {4ֲG@؈hA-l-Km]eRӔrɯQJ?[gae ,+R򰁄\u VZi-l:eYi I4w#*މ, -o]Wd&l3i.iX.Iېwp!?Ic˕"P*x!d)s߱n"lF&7dwmH.a"D9Ym͚gxVk! dy`RR;o8Q|)pQzqf﮻Y_*(cy)[_OBHRgWx^@[]pnBi=EOqf? 7\.$<^ݧmM.2K."ctSʹ^#Θꦈخ6YeFJQ5n š.$\\Ĕ9=gDYz|-̺ITjf-lڅS)|xd*rugLm(. ј(J*a+-N],=TQO2xM:5=hF&M/Z?} q O gƸLlALMŀfk'U3ScFzqZV`""Þ#e8#2{+'<"_]l Q:ϡW0,n(7Fy!71h˙GYb|:x}ZV,fx)8҈1oګr=/1j#őf x)aMmbj}54q(:NRndh[wq M4ݑ"9+pk\8umts' 4^(^C ,`]Xwj[ӆD:Q 43U2+9ӊ?3ٍ҆: 3FQje- #+w۴OMAIYQTMh߭Ԧ0fᘲ%r|(*ĉyBn׽<"ҎA]=V iښ/"Pbཾ1P7h"Q f m`Bp(fb'N }78>5ٻjs%"Dߓ1."9@fToLnKEŞ/9v)tp~샀ʽUJ//fU^Uަ\ArHuš TD2cj 9VDpƘ@ep{A L5Yu!9+64VΝ!e2)}vUWjghdzmL(ɍW0$wvT029ǟ<8xm Vi;$濊Gxg[8m$|+?rx; l:9!ӕQY판jvi啨كd4hT$g]/ ZnEo_p "osJ?p?[ز]˨N Xݽ4QAOr#!ݽ!@[<,H">\hVbO%Ia$}J&R%)NFf4`ek6.,n)K25m|ʐH0E3"A4)yeM[ÊaG dVb )SE' H u.k ON {ޠ (͏h;$Av6G^gb73-9ﴸ;rc#Š7z[pdcNbn,dLg(+ֿ\ل\V7]r4ޓrSE6u{GӶ[yoXTAyNȊF3i׾%F!%jv1a"&׳0zu#]]ݠ`%,,)W\)}.8ҹzд/YȎzaڭU##jvM|DuT&60ȐnTe`_\pJ~i=ԞTx;4;O%"Dz1pfAƽW`5pY;Μkqy!W=M""s5Ji{, vB qZJiB-R#zceъGW`{+%+?(Q ` uiEp&䳍Hn䮹9Rp:;j"y-ҳsk^yL=\fz^< -ۀ8x)8IPLr!~ձh1̰;34Q'Ka:gx_Pfun#$]>]Pvy=ۂeQ@2, UՎH dlC5ϿLmX 5]zD:i.[ @up;5)z[ yX/g7CYLK,PuO-HRxĘ8 KUXEږ@/ӗ?oUPK"Ԗqw>-< Y$eйƀ/>J6l Э%1u۪`fNnhmAG"JN! C\u Iw Y_=% *͘wqy6.i8KaoCayT3􎽪-Fͣ׷-|$ʭQGtaXT5wrqg-բ0L1V]6"nHq9d0Ey!Uy{KtR{ML裃l9ޭj"!3T#MlR?#S-\&୞'.7mȥ5=XLWl 7%P1Tǹuy$5ey2~O7Uj\3ԘH?WUNg&~8JuZY)$HՌe]Hl.(AoK:"R|napȺ\ t%][p7}qޠt ] ֞9qWI* ufP286ų-Z=NVtXqӲoZƨ- hZ]ϛ׏qC9:k N I8奻FA'7d(HG E歳Hyw5^tٔqܗ0}㋗&ZmrMYT$?`U&TL_#[ASrKFZ')%EB_c@yjA>8)9M KDs,c;+%>4@Y@1;Q=/NJH[bFQ сy&G|sw+Z↚'6j%{`,9$" Ce 0WYq`ԗ+\]j;)-R~_ؤIbcN sP'noMC=q)ORi%JFo73S.(\*v) 캠bbۊGψadժ9Z2m~RvX8a2P06m1lZ?564僼-ƨ6E 8zڰ0PQL=ȝ /y]j5e̳ S=ʡ)Ĩ_NCyB암3aZUaT)/3?n,h"TtYJj]CL"1_(CbpIu{G6G&L'[HCJow4CkPAEbOOϋ*Tk+9xԌ[!q=,#L(وuc |jT|qH 8:~W!>De_UynrLjx ,YıXl9 ߷ Z<9[XC%>9 15!9bGГӤ/Hqb#='AuY^_ap An1~%Vp_K$(Z~lDX,zr20nkcC-Ɨ,c~ NKg1x3OkYM RO\dkY}vߙTK_Cf,_Z7Kzt%)؝uXvmy0^/L~hBn`($V<ʅjޭ9'k5~GODyjyNAɚw1*A*g^MFlx_]#OltK'*$;ikw.СCgҰXrDP豙 .ܶ ŃG0 VTR0<=fr>[ 4j>EޘZ5z)(8}Vr1"\Fy!΢Zyw;L%%~~.JXK`~T-Wi]-_k+yyCI3oUJsQ5@|1% .}re+li`:}yJ%` {~7x:^|{RWGZ{g2R?j6?_q8L P+o45 ῺFZqbdžҠRFYӒnDNVKJWt'n%#6/W6([w5ʳwfOQWǍh{r6Z53 琕=!(rd.ߜqhɾPʑ<댼SϹl*}uzJb_Ur~(ܪ9<E!+BSl/W7ҐlztJ2?ǽf0C@y.s#WuRF2M0MŭX $or4l ZbڤJ a 4yKc)I SՀ#;!pFnl|_P[g.$z*65[3rxU 8EBC8ܫ;gU O0qZF$u{)گgbf,לb>`EzJM mGpքݠBGsVX2u`;3C3[dC;}LPb_MtQ&LnP8hvoS8sc>~ŵ~;6¯<:8(cYX֋Q,^nLsfjg &w)3sqoAu|0nw_3K5*!Ft6Y$ ?2*GBiE&yci]*@% {N rZUݭRu? 6|b4ȗƙ$VrҸݱ㵏 BS=/mZ]~e [cbkĄZA$f.}xZ P-7Y 3 Wa& tA`/8CֲJޓr/H?~SYQڀLKTr=J"tQ`,ñCbX&OesC)HB >uX9$oriyU0[ Am1>D;Rz s,Ec|x6YO١,Ijyݹ8Y#,yFPDON)WI}m? -woaW94&#mbjĶuS/CJ0dJ/ xjP+Ĥ@?3=Ct!mf2Y}Gc%ڵU `K?ɾcpW=TF0,-:!92kQXnkN(X,)P\&6Mќ ~rX7/Q@d1vy;JL:JJ ۪s-(3ŘS)G+R^ z,;4N>* -Ѵ[r`1ٺs=b~0 k Enh'+0ol\*_w/ kQD"b]H[/0a% G <5{IeUO?UP_-!w_GٓN끂Sidm:CL 1)чHQ;4mHC:gGy)+P.6ڱSugFR7)qHw0 ֱȨrOHI|k:?eJvSm8.Ck;Y$NXo~HxjcT-~[&İODvXGәKnSMԍXJuJ+IhӖfhbKNCӍ6 &RiC30wPZ#VAS;_oJ $pÏB3þ?ss/S&71=0ü^d#I!j^MTYrArgwz~ IUd>/M{ 4 {לVSh !Ft :v?7%C~_JYА#.nƵ $ 1ƴm>k@yp#d,'Tf)N"w\Fè8(Ws:5J -"OJ&lEݝHB/Y@‘QFx/EN+j2˝,n-@4),qVʼO/(U>QqԕB) SՐj L6}3-':qQ' "#%͜<_v :1D7s65jJP/@g=4Q:C E:= i1:&9lY/{eBAMj?͆0ɝx(OOJ&~l0 @ʵ28&%TI,(I*?*/MEN1g|O9Vz:~v0u1LzQz[ хk&7"h|ZOjqyj`I|}cOg zیlvCpuaHIDž vdo(d`3V){vWO!q y ޔqKq_2>DUH$‚kw)fnS_K/QHaL=2`XLЕq-)fi9 /P\ $Z3_OB/4P6!*o2WY:eY뻠;_ ǽYDp!݂u0lP|Cao$vn)~h=m? LSAx=*J&{uuto#jֿ; 7&$lX~_xd½oBI}t\xe)~?Q¯ahM 2!WER30W.=7ʚH14w>#YPyPRooяVQYƜ[%dfΖ xn 94 opl \f&CZ` ?)L~5 y,*z6Fۋ&3ؠʫH'Y\<6k3Z=ʹ9ZqTdzU(J3Q6Wk/ abj̡;/^D4ožNH=^4I 7UpL oFb: c3F앋#S7i6N&P1Α2J`P@]Ca4xM`HKrR kS>t1\Ro6#5w6!hFTfbRӈ 0r8|\ɦ^X4V>ym$LY8a@3X |dˆǖVOivT!rVK){I=bl?ֽJD/uq Wߝ#O|tnpcM)-eF?ɅiICTNw|.Q{4d=2305+ReS:u2F ƣt5]:27(&c(*ќS,~bg4 hosbbJ1By!MAZ>3.-N<2 zN /KÚ ؽd%8k2Q2yOv>~VVoJԥϋkjÔL Q4'E1LK/w+qC%笡 d#FRQh\-{oxg‡v3편gy[`#,Gw 9uXqjMUu49-/P<}  s2j/?;\8aX=M;$w7%ȷ99_7rxYagB2^#ْ\WI1{ٍu#&#N!vRB [83[ބZ~-prBW`xy]Z*ZL`8bs#'BwRBtuҘoBف.d0r3C\xb-rj`ắBM@R AD>d-mk3]1x4o~6[U@C=#1a1>ϼ k.=W]8~La ]hA‡f0[S=>['d.bǪYVP#s q}D1y~_]ΉYBr̷n!.xiId9PEx'6!mYgO~Y!HSVF EZ )e,қd|n`Bwl8>ì~dok c-Ǒ)䪯?灙 iwg0~tRFx;!k\FATsq4ۏ#2\% T$bUa^iv 6,0ЄŕV@J.{M}FŶy3K/en0\;_%vB,:g3/tٶ8XC)g;ee= SQl<(V۱MXX5-\dZUQpeމp~խ)o:Hl 9pO]E?#1σWvH0jGt[eʇreuxTS4q{Ms v-Y3{# OMnQF]` j@~}bg=-frh$;s *FSzy"9vK2J'cQh'č DU mᄐ^4-C( (3EnW?9f<j>v_B#h@OG,]OhpA\ⲔT.ǩ1ǖD(H]OHSss\O5ܠqaq8Α5}Uf*'S01lpA!gWf/n-">t' lc+ӳOc>+JXF:xٔUC qXc9i-~9TQf7uŋٜW.[.5Q'P6o(a`gTm~5>Xr_gAuWqlssCLIs^y1=W}YvB"?mD:i0yhnmQPi5+Y3lhO-{wz|\e"[}[VCr SUusuQOC:'7N2wz"1߷Ezp7=UJègO*4NG}<$%ˆZy,LoZdabnG4aӮW|p3U 9΢p wRh/~egtWʂZwit4մS|0i赹0jd;pe .:XpJ|j}&WkZ{nTV;l& FBUU2R{[#N_VKJ.#^n k:EQ? )=nX>- D u2XVs$) c=@#pW8MG ӊf}\2Q@&.BY9cxm[&=oOc=&+&xclRԧNeŬqjr{qKg1M)>=.٢R+*%-4Tx !_ zf{9k`3u;J=^FףvptY[!{?ޑq$QFT ?8'%RA֓%]Ge*Ytd#ԡٲ8d@+UO:=1Ϟ }>xG&- gӫT6v   ސa#Fw|i!?wmw\֒ƪ!`mv?nC.#fƦj$^Qi9Pך(=h|FO ($3hU!mcmqL/,f=gl#ĥ7euo8S҆Bl!bvlΒ}{${Դ(lɩ^rW}7+"|#hY꼻F~b6hW=1J&݋Ќu~4Nx'K6e(;y7ߚ<lG=Yübhv돂M>4ZD|$nڳӰ%;NPcB}a}p"#k|a>D]-e FX+5:Qf VRIt31Ә. ^&El?aur|BpgZ*:8mx 2Aףk "3J`jGހIq/26aZXd|4ͥ fI- {3O7vLs*_Fsի,jm)zi$z+֠dJIv=9'mz*g l#qI7L%~8;o>DQJ_Zw8@UV696t9~齧On(qA{Ve7Wҁ!ѿ@Tb\90Q`J[FcBJXYDA+POg$5^.qݨ5pKHfԇ|A[rNrqʦk3tlw{"Ũ#s?q7-M_hYμVV)]xzF })+j"=H#5xi҅i1Pgo{ Hmۨ]uJˤ Z\q'q U%~kd+d+ }22>9ba8 ͟1~{Q$:*5G!g8nΝHF5&7u3*xHȀB>TYAdy[MMm7 :lJ PZ0qzs_9)-*PY;Ҷ l/mɚ޼9-,co1qg,N˸Yß\s&@&{ZQ: Ft+Gn 9olOa| ɘ6}HYr|(Ns1g8W6V`l>bgv NjВ Ml!=` HY6vtF%0P.[7|>82JЃ3 Y`kv©[IJfr=5bـr! d.a:c" pOF9݇wD>l kB~8kwRLU&c K# A`:(LUbӉ3b{:"<#)OGm#)!Lj|`b>oG$]vNAU5x`);J9{֚>4R=ϧ8~8\e(iD ~?.H uy6'ߝ>f/6?{f& M#I, XkBaMR?+elÎjdy9OqSw.?Y/a*ZrJ"[Qh_wXm F[eL9j LvތᓶTH9T:l@`"a|zsԽ󴄛Ce7b{:EpWݍN_4b;N$ L7K/ʁd ?OR"HIڙF=N-P%/FA&M ܓ)Lcv_Z23xǥ&㰷KT܎ 7N)2˔@b3ol'`>vģtrƊ=R$BۅxqCt"AYWb 3L`RzySkt`ʌJs .q9v}\xCyǬLh%zhJ8{_(^53OFE}c6Bi~q/pp[9;P2؆@/_E .41="ssz[TuVkLQ2%0ә%nm,/ໃ1ڑdOQ Qjýgz s^*"LnADĒ翧+&L{C]fk/c %* /r;0LNz0M\)&# OD4{LVG`o~g{;Ë'68uQ1~`_qFQRlK^+re[)ODZ\q8 \JTtF=Ůq1+6|<=P$=1褁ˊwZ'rC }^ʘ7?=-z:sipƾlM*i5_DMi|jOWP̆՚-:h_TU'Y@WƐ]|g%sUHL>- 5,MvQ7E S@P^ȿլd2q?<Wj/P2v'X$_N2gW3Zqʊ;E-,V%)%њ$ 9n!_*m! L:*핸?zHL :#؝ހ^~h#>6˺5BJ(X0L/  /?,k'lR#SMC+W}ˡ"`5̚P٪z=sЉg [HQ?F!\ёL VcS)cW׏l%gz1ۚ_,0p+JHrȟ(5iEyLN̔4q`޿,ҐoN@&BAڻ q <?| TZ --]J"%ըc@ژ˾vnl"Ft+f;@v3 ֬?Z0/e$k1`Qq7]y;pڇ۵1UqNTM1)Y'i5ģAba ⟐7[0YbMhVw⺴!K&\Z:Dг `hy'Ȧ'/+sΏ9ĴN?Uve}ޓNWD v%d7*7wg-? Pף ϼ+ŴdṈvm=Y`f0ʾ^\n2Ի3Tؒ+N- }p`z+ٟ1r2Dۥ6fH=kf/aqt]$) _B2bʢr=$=SD=$S$am.ikfY6L 'Y D?#o0`K$>_M~"t+ ٶDU8]i_- cIr=EB6bN¶iA!v0Н7Ǩ=Ue+˹,UOژ~ζ<ӎ`kYhbJڭJ KI^RmQ ,t\E+yh51햋kPGj/rn+C} OR@1oc^)"~ſ71? DvzKa6xD Jk_VkG])fJ*œlJ̡TѪp\ e`b$3N1LLȵB\6Us_HU6:X=ybgĐ2o`5T/ɫ+tS D>fo44 W]p# 9)p5m4(\aIT#KPA,~c /ik ֫q`rK6tGk ET#+Zs) ݫ" gHEg {+X~܅;d8#HnDh+w|sAL]e9!u~l):)?I_еġ@{5u['u 3F7JJN~&]%yKF>˸5YFp]Y~wD.lۋ-1mU R|a7k?27=+S>R@NzIUE"W-ڲ/Ljj"JIYAe0fUFϼL|V(qOv:CR+j`xN"{juO.bx{{aޤA C{ O$}–{_q}ј ifttICe@:hP DIxB*姑IDajSQ|#QԀFWބ ,Z͋agI u6jvkQt׮ xAsp7 Nq"]1V9U"_`Jg){Q P^t%D@82h?ˤM(fdͿFG 5  ض 8cBqyyzǼY!_;PZdD4ᣫ0!,፡=mZ?wD K>T᜽|Opr31? Py–dT2 0N*3g>))5呬)PB|?7 8U;?$%7n07*(20|{8Gu?tܙv\Ԙ^-USXw|%y ƹbE™D$_o%}@˭ҁF'p Z^H#o!9|yHn1p*,Ӧn)HӼN_$ c _U9V4۸s<_99 6lB`t|夫nԭ[9j[tu;$?10c69ZqJ9rn8a80g__DO D ~*Fpá\p(>TˆiU BR6t'@=ބ2 5j<|*a 7|>lZcRBE>C*x5Pբ!ݴW2pmfAN`{hfp s6![-0iyw0Ų9v T6 d2cBkE4 +sB9;ːs?zm2)t@WMGFڊd?+)i^VaAfՁS uPJ`#c?`kHU<F7f?ĮGVd]'I6T 3BJ9eS("iO'i@\ Y,x _.,*'%Ni:}YY*g(~rgJat"S9aZ֧,q"20%n-.N_щH VB$­&nXE ~alN~\&&t >!(V%/ gIg8Owcs"@Y"Cph#(`|;,ck~ @It3y\7b rRJo@x)VȂɼv'<ҨW?`fJjD?J_sa 욇g*Lyfe݄PT[${𿳙Vaq3Z_Ow0*llO}G=ـ&Osߐ"p۾gIKz5=o׬'N%hɅuŘW"cYz|w#vPP!#>rp.N,oΔ _3c+!){֮e72څw5o=}4eIEJ:joau9|Ҿ_\A> -xr2"MҝÚ5 ϔkXpcDZ>\X 9F"6u^o A%GmMCSdp!<eW/HtDG^`c\Er{el}heUX{>~zG #c0"teȌ"nGV,-;{j;ЪtQBt1[}R}$Ovn@}in"Ӓ\P4JvYWAWYJ6*,.1ʆrR=j]31vh88bOMikjI4!bpyiJDAi´.ธbmDH >NRR.ǖXH^d)T^Z"#\" wu4j4ȶgC(5rVA-Ցm4W̑ :*q,ӄtIm|$Szi_RWPqu \2D?9(5xt". X‘)l;Ěc99 ?s$λI~+rFAX6J'\num5ٙtSL_$!'kyAτY^Beԝ#l7q#ug\<=!rB76k|r6jE|?M6$;-I+;#_axHGIαF0-d ZշDyu=q 2+ ; imn*/(b>ń%,N7;EQsb}"sWPϰ$ɯLi_=-XQmvO;Dѥw3'W<)Na-*>Ley<.Į-މBBDՐŧGde@CqUW~Cg6 0 XO/lZ{cIifBcoiyB&q:eZ{֏`)3'D3 K0Fo`ۻhuQ*3B;Wa,?6nt<bsB% ʝ-S"#oɫL* Ļwf;2խ^>O^J( fYv UKJ: M4 g`HRל=8;$ttA:i&~q Xݼ kZcso1Um$Q}v_Z,j-N-1 k8"L.> )fy8kK}Nb'*nNPapTULE)!g2,454te;#UÓ ALl&:0 ҍ3XsLlC,7zPiԍ^Ğ" 6A>l#XLaǞ1Ǘ3ʐI@[{STM@IIj! Ff)f|,H5lk{C8+z+&ʇ;|;;*Q N=i} qnVuq3zކXJA8,y|GiΎCcޤsx# G)[?([Lh:V^s:ċrBm^OތMj dl8*(B--]6Y%:e 3;nv9"y .2ap’{ȡzg^AdPe9ì:VMU4{DDshxwתb{U]wW+m+ru:aأwc2= 䜭Rbd2furp{[~&[=L9VHD.Y]O2P c b"S߉R٤D&JXb+64q"0n,ء$r.f01':j @͙[q'Su)?Gǔy%{"BwR:Ղ)lYOKCLv`׉ٖ2t'<=^,np oo;!#iГgU;0޸}+"bǷJܼi8YɢHcY.$98.`fq@ฌ5P&K"w5<$}D7?`4#ƭ5ǹ#4I:ew݉ɗzvi"A7ya]?eT5B6UJNh lxKkYRzoM#=i:#QCp&@ ÃN#M@7-fhc4 ڵcZY V# I!'mt)6TKs/4f{+5g(3f8X͉nkK7VZ{0:U8(t* X+bq^̕Wk]Qkg>_Jml[}4:0W?EQ^|ڟO6X F:lb'ə7lr#`C]: ?8ui*, -tݹWu{OI2HG}C? 7PƦ-u3JH4&adǯvnͱ,\X_Is2kn6n?2]g K#* "_LNu- 򬭓0fOJd^/65kUc,f8lG鼠׽0p:f^5;tB5)O`KNȉg7kt< ߆ "Z\̦օRG>աH(1|1R-'Qַp.|}Czh'ė%S~c$+{'JRпsD,W 3Iꓜ->er?w+~UW>mۼ>ѝT3`^ʌ&v ӵ.3 ,ZdE?5Jj:bl,I.4 r -NbrۣF_@y&3  i@f=H2AjLdeubW,vVycb,ɱ#wfcE흸G>??Nv4nahU?S =o";C-w"d}X%%B F%=Ͷ'}>:5FڊT@4Ĥ6 }hvj6\:q(;bԿ$A] Оǂ0QD)hf^5wD 9x{M H <T(Q+= >zct$e5ݵRAz/DQt{CO`t`ca "ui(X@?!QsTg){ջtP|4ijt^1~5bq ㍺=U'Ϩ@K{׼gK l#4S -"7\gͻ쩚$CU>vc7L$LI^tbۓPڿ$t'RN( rVN z{}0R5[{ې0:GZ~⩖x*XwFLjEq-' "n¸@.g.6g]Y-p1lb<69vu-kK W=XPH6җ6#!Vc-jVqm.}k4ޙ.嬷+vU%IfӖ6`~F 4]c78 ?ƱFZw 4Y5:=W[٬p/S^X4(G]*|޲z;ZLA`U zXȠxF"-MO?g^[A<Ӱy\X;XOoYHdnT XŞ1_ +ڕ?5K2^֟!=0/GfMg8Ln,0x]vȶ- 2p,_Vq}ЙazJ> zd 45>nf ISdm{?[9_u2o͊ӈTpn2jI;gȌ &h2p Z=7e$ggV>|keFYM uə5%2/UZL Yspّ iٜkQJy}Qs!Z}Ǻأ4:9s~ EN]-;A!yIju%E{:YZ q*⼤^븉jM0\6c`SLjU9m:3~IqtWE|ew ^\p9)kca")4*ZliR iBbxO$)x BY hF>+/cAs I"Hܒj1%`MRF8BD8.X,3My blք}ay GwOxX_B4dT2b D$/ l.^`0\ȓkQ7׸2!K)HVSTkNoh{m~srܗo@KtMB`P9VNs5B ` Xzط <<Ua׊H +(X{V }i.BgzE}`ZVz9Ӗug+wD^XE\%uMxd/ 1ЗVv/ڂ|ppn&._f[k'}Ip+CMO6J aJǙ=BF ݦQd"`Ԩྕ.RF~DKG/!` ]Ok*lY!&yGntGxωF1K$c:m"I#)h3-l/B?WP1}8!HHOpx;JIMrIϹv>VHp%5 )(q:q5B%s0 DE]i*ኩCD^߷bG`~WW:xZԳ ʸSg(jRxe4͚l _zO0tIix*/TImWq(;1!1}b-CC rUcwMecHF -~\>r>C yKWtp1Mddn63fUv.^8abi Ԩm,(A^MAya%#;#<|2|ħY*JsH pb ysD]| yKOkopsÕ tLWl&OL척  6"b+k!9Sc{*xWF xJ+إ dE}LqjmB"񘀥Z@s 4- ZTb>}H9ƽ-Ypӧc,6\xHsM'S`%%\$ԡ6GxavS,҅CJTi " YM]32!\x(tVrzUE84=~nw*ڌ#A$(CN5 O9;h7Edo6l8K#uJk*.?| /ktT˅c3^Ƴ%6K]zؚ |A^#ӺJZ蟠?jy&Jìߗ*^?8p&Q7y2P5esZ>.FD9L[G$F@^ TMuXdu4N`!є.IIbI 0+Ez_Fζu/͒eXތ暋_-Xg{)?Y]m\79E:/ _WV"ʲN!;7Y&.E7Qg~cn%˫&{0mK Ä wre#ESؤwq;C2z+ii$ G׹(GKhB[G 2a.b6vr@Hn^:|)pL*_X4F]#:g"X^޻q#iHgkma;ʲ^re[vJK ~YFeCRp2LypaEzӀVwђՋ䷋`nN1v(6ԫ"1(8EjK2"nkx8r f|#7~M}(٥  lJL35O ̂F;(}6Le)nT3(γ>l#iJŏXl!q C}.# *Z0޵itnv:rt=M(cC07UEf< 9D&nu,L`eUCʇmxkabĵED*Ah^D7vd 79% P= mD f"#dqShnR ;sx7=!(;儛g e ǚ̚8z,.rL"s+M!8FR̓IP  :%Kʜ`kx{3OCD7N?@1*3O\@@AY=O_bKZFej5_@Ky!+8}{3T|̋s< &'O bSK׽&W,PGt2[dqh_YFdf0ڞO~YE1]"ZnFGK >-Z?a6/ boivOY2\vqH#f@-E K#cK\Q϶.Jo"?bm8yB ە6KÃGB}t>Zj[  s(Wd6fcjr#x|TEV^mHfE(]_ ?<%о[RG[GPE HPLھmnjU<羺7\0v4 Cn{Rpt4I&Q@fݲsh ܉"g[kg&Q H7N- !XpKmjm\t* 71^xDEXV2 B&,].<|>.#Wh/aZ# $e:6D@ ?n~y~4M c]fpG) zc]1\$BJ.!@}&iNgbhm.xp~]cҾ2(I(U DBBQwmD,[Skm@cR&8IL4Иď9H )&nӠx+.<#,ZfĦ.fLא%@vBh {bӼE|^; E%fRfdWM].;R&lIk|ֳch.5fxQ9_`|X$6CѮN{;dRy4 YJ-MCȮt!^u ߭QSPغ,%?P$,>.we-!<  :&I&<09Y^DW Wמ|GQ/z]mn\RK=x͡cN귞C1wyݗ9p~*YT-"(~.łag7SnvyQU"?A6P+(ظQآź0L(' I ntٶ7Ei(N; Scs59F9 LÒ:|}АoX-^c!.sږ5gL(G&sqLNE[&ܐ> ѥ]&_mSs7?U[Q^WB^w+ :p %!]/bVRʵn;#niLMl>"9*Kc;_ږ"j kڥ {$!z WJ'R [3oINg=]XySahb&#+?(Sϩ7ig.tT چ(x78UQb}џ`WOItq(u'9A(hW"H4l'6n_a"?`KjTe-Z U>bGئ<%5WWʪ:|mY9K*eoԊL(X*:w. d줝[X'c_*r=&ÿbɘ>+|"@?0vE}HoBXFZI\&$^T'Fjc Ԉmc5d:nZy}i1;rz![w̴N~JOWu蔥9LKQ; R^s0ZB;dV]{j`72Ӻ=vKy3='cv(5/8,H!~)m'\K`=r0oTLF0|S (հ4[bۘycwh|&u{gW9͕L\jאOfL} 8Vd?n 蹋ǀHdHV#qF6tΒP/J- \Ξ,/voPG[#s߶ ְ%Wbtu*AMGB.GQSQԔL/0F ˞Id&qgf5G="΀9oV"#Tzw%&"q@># N9%V;1sTcDg`{hq2Ub\ͻ$0_4;ֺ>8qڵ+ƐG0q([#Au)VL4*7oa ז3,)G[" GU S7}%ײ`tMը7:?uLZ&$g)٘W'k`ҰYjep{/BM^1S{ x&iBݦ57' Wp݌cORM~$9|:3\tef7P6]@|tٶ?J^Xk@[ڂy.$pޚNb?3gHV)'җߕW|.o%-Q9b ό䰜Zà ~@)`aX*R r(_G6{??k8ˣ nyqS~䉭>x+˦ԶI{7yt˿Xﲾ @l? W4gFCvKL=T6b5#r v9qz}{W(_6B.3&.wfpTg;b@ʮ:mEE昴{# /ulI۾D< f{Nl1Mrլa*9hZ9  G$TkCNܫTCQ[iIΔ X?r6lpeUI>uiNӡG[ngf]=P&W$2ϊIm1BW](< Cf)4u1ƘK1 dndGD V˪9>qrHn<▮cr@SL yTr6ʥ/hEJCåno]m菪+RYrd9_A\d~ cw裀.16L7ӕ >'XzPn_3cY<uswd?_7KLs3}'zAakQPXE|@=+ ??$]7/YM`?Z夦VjQU'qv}CNs$ڜO4tzT(Bݴ랗c; C'[S@ΏQ"#~x#[tڂa| [h1֣3Q;z6k@ nr֯uv$CKV6رI*s_>Cqq:!C0S@uaD=ͻ݂LJp35{y9҃N[yX)z- ݩ&a_#$6#ozf 86wW _[1M&7 5"W幦uswO't W7;Z1R.I -P"om+ØkoRJ5{xg*Lw[v~b1ʺk|uΌo a%{7ػyЏvD) 0ϣ8*\*?hFsyG N kX'9Zm]X]`Ra _>U7$`N}CPuZn$ {J&P;~CW о<ʜ%2+C5x@kCy H[.zo$B~]]kH~g^l)UUgўh)_HD!xz"fwl+-Xר?X:-r Sɨ 4==<+v*)оWKk"SqH0Px9ز_yQn2r =}FxwVB藍.Rs9Ǧ2ypT x DNƸxjeD3B c)`@fKH"qQ*WLp.N(#7v85땾[Ꚍ%/ŗx7T3.XuNW26O @*N {kn튠߆<*]j`@p: ,;4:*]b7e?Gc?S#cLP8\1ߒ{!M(E(ESOw щֺW:dyԟD =3G\*#懺#mp60恀Xeg5I?}55&M!@x"pƗ^8e0Xb xE^,#ӅUQޘ!#=4B@6 .y}[6J't%b“Jǫq3P/1om` UWUok`>#mށV|ځcDB]V5)+ƎpBJj_au~ex>}Nef(_%}55Wz = OK<6c*U!Q!磋q7>I9f/{~ZEy[U+S u~ޑѝwMJ_1y6L^rYB}5d,^X”`%Ty`;Zsx3Iw&壷3] ?J)Y9o!~Dg|>Ca:2k_FH41B)ZG~ɞ*WH"žU Cx&n8gR6&Hԡa iZO2J)>+/e䉓Hـ'Eԩ:hq"0YO(Ud!+VӸݻگVRsjvV;+b, {y%?99nfERb6,453"Ɵ~3hxaܤ Qz9 }2 e^<5O6n@ .=y뻱;87H_+lC-T_+Y(Ԅ|55_^LnI "~f!) ]Rh"H,ҟ |LvAX#";@~V ؗš!c}A(G1܁+⪔vOY)g#=56$&^S?{d!M<6%3eoSnI+ ]i;x>rJzT v Ƽ0kz*LGrfʭ\,螨@)Ë1\ڊ[¾:Q$Vx8軮݃(Ҏ ۷_$)O@)CTd0`7Tmn.'W ƥP_+V!| h|{Gɫ?#hZttڑ%A6  wǸSރeό}v즍HTꍙ#ޞh{A[C-H}0WhvvJ(YT ӽ)w&z[gH[uWN Ai|,WD \KS!!֨j tO2>%1椆^b ? _}A5SxacD' l "|@ڝz(JB]6gy1ͪ!x1nV.}άHE{6Փjh={ Gb~f9*~‡GUmr-897M-Yd72=$kwcN91t\f $``0kJgܴ2tso6J&55 =hadʋ5Xlhbg! _F^uoORQaѹ=nX;%Deu{ {x##)e=Cqj\ѡk1Ok9YdpzSc}ZX2]y"enΎP[3slX|cW-Oҽ(ŞnՁ|tlHNZPO`;Ε--[ Y"^u-[=ikȻ2>*0o~Q(xC~'K#db]Vi̔.>a+ǎs87+N<=t8G*)gh1Xò\'@}=DЄ14g9e.ڋ 纂Fby,%CyLT?[sHݫa]O qD0 e(]坮Ɍp>2 z:Y@ 9vemt2jiI+҇rpe珛ƌ.*K{je!(t:?P "RagZ"-aV6(PcSW2̱aĩQv|5%n =Z'Ȁ+i2GGLs yUI|urQHp$ jnTnQ<*q)_?&cVm@,oJc Bz1d;;v]4[$7 _kS?^!BW9(CN5TYݓ^oC:(X]2J`OA$BZk¢HXʭ~ [:C@u(!p0ƳGr祌4J )̒!P WY񛝠Zǘi쀕JHByb-y>BXipb缱%t 7@mΙ0r7$,;zAB8lWPK8 M0Z'\P8JˌmuSSQb4ī&W,Fw = ?2H:.WbXuڔ2f9<vvyh@ƐM#c1B$hQLj^/$Ae{َ,Xpn*4Ȱ_>ӌ+yH]F\6)(NŨK2;N㧙1pn) ZOfkV6umKa|e` fi'G͏9V\kO#)xţ*bAi t*m3twti9X{}pC_l4rXwBqwV䳮!dnS. K1`8hxp)/}lH؆5_m|%G^ea*t4`|lusI"tրEfX4BK`.}"έ#}KM߱IɆSA|:43@EE9D\2t D  Z4 L&o[*]2+ ]ԉph9£gZM?X4N3ao4_%ݑ财x~ ND/"ǁEowlґMҐ 8{f"m1@*c!UʍT|Yv3>(7`&Y1Z֘irU NTŤN#hn*iD y[`^R;BÊĵ 3]˕Oi)0<bwh zñsSRRG*sF({1X]Fa<C`('kOɦd5p{⻸j_ oMXI#C5{Xl>.@b*h,T. @A4x뾬N,{<1kp h'c`̶gh] Y;4I `*p* fċQIfScGYIu0~kmSbf*iP嫖>U30>ZktlBfWXI:m>5 |TB* !4z*]0:>ʞ| =PU!Aa*KDjKRC$KH,J66`5Fx*p\j\lXIVNtOW<Ɔ$9 +QDϋGlag ]z77Qׄ=Pq?p뽻1'uחRꃡSm 'N5^B{v.M7Wķv|Ւn9@_-YxyB'%[#ܔ Ĭ*&>m~8Ƒr@673UN85\EI ߅S ߟWərym(9[2+P/Ċ`hrq 3eB[6>,AöVi:c I^zJl)]B x'^;>QJ$-gYN_Ȍ.k`1q&5;sـÜG'quXxC /x. dY-ӃO0)(${;M, $r{qPbל;<;"V3(&䡡1X0@[V QWS=x9DKf>2+2Dl TD‘nU$V`d`g<~l8QX^#qpYizRCnVzk S6Q%.0ML4Y{uyٳ& 5zפ8$Mt J|n5+ ,="ri͜DHD8VQ9Q Ͼb@cɆ .Fiv1%ο}]ʾ6HC`f H0L˸)Trk gmN'ͻfEI<|Wϴ&;H BST5S`{>iU50wqլ ~O4a^Z5,~wB '꽁fJ-nZiujaxTzc2p a:4s2FrzEfK~h]痛~20)U?^R&{s2g>Th:q: /,?ri=͞sש{ VV)IVOOE &1h\Alx"q^j*M-_L[¹#bL[b|~e3˓T:@*0fԿhPb@28oGm9~o$Ge0#7ahRG6L"f" (ZmcV׍ dBhC@Dk h ]ٱCepd6~{[qhkgsXq> Kۦסw8L0Z2`h3})'Gm$.8T]!g' !;7?ypw7g 1My+*Y5`|abhNy;Ԡaܽ򒼥opAx>WT5ӒWS]QgLm7\oVsUr N,28f)b*bb `G]߸N#b J=;ٽP=cu,)n#&*-q&G6}_OyU@^]:#,/8G.}b-C=,?t4sRC& 2 s ҅,s۰|w\j{PQLu<^(,l݃ApʨUAN$Nc~Ґ+Sa(>2ې%\$ ^יRMuمGZk /P6w ؏&Rq"]LO]DaHa Ƞ᩼Z>+:?m#j*#(dmtI (aoTG%Z~% Њ6ݞ'J @]* MB-g+.ET[qj^k H'6S}~gU{ewl1RID9VvXiBCn.3u3 }>2x$:ofO[ ogۈlRK !j|(9' [t@o[Asxvi ⧧e˚h1ް/daxf@n$Őu8n$:SOD}7ӎ`I͙1*v?2GT<vΆ a F%_ vhZ(az|,CN5B\Rؚ" Rպk c\G  T"Ҧ9+x5]tHL@).A" ͧ48zs+@XH~ ♈./85[T~kB41ɸ3Ϛm ΀/\8"@Zyi%A-x*3hUsݳ^j(`jj??6cxcR+/LmsxԻcNE#OnvMMZ9dX5G+X /B!KwXjrI#:!4Az+h(3JI+S!;xM\!5l)R$X'k{, x>G70{u;0Ip]vF1l_Ut wY,qR;XS6RZsqM6. Ars(VXw\I܁| FMvuJ{ۛ|ifG0^nr7"@pFREÉ>[k'H~Nu9ִл"|x=M?uq KreE\m/pzbuASφ~!(^[P&7kekSk,*h:~x-mϨg~gRoט-^IJ]{E6(ӝ ct9SQ.]㭕?h7P]8?P a圏lO.솂|g~?f-&3X} pf R/Bi -4.~&J0iA"b-AZÁ"ZܒR}L\:ictfW[ 1 ~=VVQ{D+9O`ֻ@(X->5В*n 7E .QP,_QzQ"6!"2+Do\g+"r04roӓh`YkLVMȾ>ո[6h>˔*H'@?EԂ%G]ebu ^TњJ<\3*:QxZp;{lnEx}!o$0]tی܃1):awO;la\%h\")J]A"="H9^9~fFF~?u䷊\G$ET 퐭\_~:toe8h,R8HxV]Fک>ǏsCd??$ѯxekaܪOyNsv6E$KA6W:.#ɺׄ3z_xӎ^l# aDJdfd >cp!,x 3$S p)JsD4Ш7);V̊AtJ ENL7SvIca׎d$9\.(EuKSh(Ḁ;ss@)εϖS/.Al>CSrB;ñ)[*g4 }Gqyß  O8ueR6u:dynvy>PW2h DZsʼn}24Dv'S;}_ǚʵ+G_F;jN\XlNiE$ pO׋c]{HC7!= C [da<(#ОsyVRw~^v $[.fQMB嵋''KDkJHC69wfAXh³liY8<s!CGes_ 2ќLwo,=\G!Py0qΕ{Zomm~YSvrz/W363i5@M I[СeBH$_ qL=EU&VŤV%kL֒+ȋ։m:F?X Yb@j+^b ٧?oj R8\ʐSoΕ:!*_[a1c35>>9bYɔ2ٶNHG,PPwKUUo56e8N`1Ḑt ~NÓ;O|9KZ6j-`z}q30cpPF$%_ɻL&RݩJoL6\%=$پ Ȁ4LzaǖZJ)w?O=?-~XD#}ϓ}:}  Moü& K$^vs'0Lvzvլ: r/pރ""I,?V>°Wh?GE{4X3,-OJu;Z~J9g밣&1Od K:HN)s~v-m0ޚ1_[<OU- 79.+HH1wl`ȥi3qڀiDg NXޙcYi%֬ A-" z(/u`38:?#j sm{6K bHŸH`%D.21g+K|4bVxD(PIF|%cW3a{0X;% \V8bTēxbW0fI^|!`Uzz}τ)¾H@Q?]*MTi{bd -˃IMsu'|9ikfq!DW1hUogT~4vLS1t{_,(U̡VYwwldD.Uk8̰rQűDωqqpTkM~QQ$#J (TobuL=тY* /A2-ѐ6i *I}Um rV;qr Qj{Oۛڀ^xݫyS}jbffiWSkm;D\ sȟ?zp`$;ߦ˘i}}0>x1#v۾oei G?fk[-9s뚷kYZ>En"6eL K~cBu<\tnQ3ڣ'՛}d UR"R3l:ﯢ"`! zg,:ձ342XsX3#c;etczCxdaw`7K5lz* IS^Bd` sK~KcQ̉LyCc@5 /eEW~VlE KQWC,Q׸aH !9)/4,>ټ=m+Nڇs,m@x?燸Wu ~5I1#jݚcߛfZxYkauֲ5McU!Ϊws4{0-eBB"QyP<QYZ1V)z3G!*Y46MnH̹Qq[,jB/8\P|?fK&+5`^@vO%_NPɚF7uO{=.6 d({iڎ=GJtHwECKF;d*h&觇 Fdлgzs_.̪6gr2vZ%hyx,ar`|d?ŽZQI7WEeġ,=U+hvT3~'Ʋr\`66eq-k _VҭN?g@kG_@xCL/%3I*ێ}xS1^^YsU[+ 4h<խE&ɼ"^|_)cgpX']w]y Q߂IJS[ 'qWOޒkJ4VaNEa9WCͮ ϞL\6^%~j5X U7TP604 '#,EFeD0}36^x *5L0ӊ=2xHة{rv"ӯ[8/)&N K,}_e PSdsJqB}bV&Je@p|LDw'nӏ̍!n +_%5s[h2SdjhxG,)iM #(;+pk wx9\ݎR3,/kkcPߣKٚX0Z21I4Ü-q]`BpLf0 U(N<#➷f 3u곘IBmS٥ LNF_Fֻ NBSTuLUÂcѩqwR# =nJo90m4wꑉi uU5|G0 z\#k@Q‡h˨do].{/3KWNxX`ak[26iiD^iꃹP J=g-,b1/4 :-gSTA;KEb栲?ə`}̦ܫG33rp"F>0+Yx=Eف!)†% 5Unk2d4=~/qiA;'{"{ 7bːCq˗8+n ގXh> Zfy` R<\JEIu0m;{7=cYf]O]Jw.oDvי@Wn{_;p{㥖Zlz8)R}Kd-2X+AXV镙5)Lqw5'6/fAR>@:{uh6fS8,NiיU;Ǒ/D o/G1d:tŧo1i}01*kB #.j:g[U(Y:NbD3Lvq7Q-q2w_AݵsYSܝ%WrS>#K%cnl]#l@3L}ZIqh6Xdh߭VX >&ik^!r ~㍼6'AVCpQWOȨQȆOBxx2TLmNK崱t ؘKԗED!&nAT6"cd6 cb| V0]iiwzKb?gɈn/IzJiID) w 4NiH-T#9B|eñ2x.M;ixht8r.(\h0t+$K~[>mGU1K2-2˼,g6V㣿dɷ  ѧtzи },` rB !Pl&۠DL|mN\d?Jl#4*k\{ ƹЧTU'2|[UUЌEeZ11}TP['Ԧ5q>${}APf^^G DN]fu`cs+H'MO8a׷W2 'Ptםþe%ٕ@|ƌfC{xf(O庢FFaK/i8)|ܑEn Ilyc/ #U1izIGj4 09𯟅-#%{#{$f& nX$Nj:6ZG+z| ;\*ְƒ3#xԓ>8B7NY3fXYM*FWrtcIkфbց>qR" H72k + 6#\u,'9s+Μ*0%yXja<:~ Fl^qņD-86㕜4e/Ѣt*ũH6c;}KZo 1Hc+$= R^5N@P%{ Zعp1oBhmF U++E}gyGk 1V6s=ٸon+2$*{8v8W8 6`@ "p֏{K+?igO*;Fx& 4l~ cA DoUOvу/?$kPynza ^s04n)܂M?0,*gU0n [&Vǵ"(c2B5?hC%!UD`چ&с\roIqtˬ`BѪ%У[z_3j,9LO#wXy6;߮&>p 'Y5%삸 :m@Q ̢n&r]DQShCjA ꞸN Ak}qw*SBq ]*:S@l(z]$e,@HmDgznYɳy:8@JCSRt]B`J4 ڮaٻAcWwIW 4O>[5WMMo2|[X, ɜSjPtm)qknzVa ʻ?MxOiR09`ŋ蘲L$2AEph1]ɋ :h#/hn m=4 x&B\%9@ uv^{tgp3CnFf2s:N@ ͔8Y;Z"3 VoW_yL P{Mbػ0oj9[\:lYanźFT[\Ռ^7hW!c. Z}fC$8 GAF2D:3v_ZatU q|W+ue)nc?l< 6oDx]GFuq_c/jlش=|2X[W6GbI8/ON%+g|9R5A#Mք,턂M>vQe> |҉iu8e{f(dBl[Lwv`NVOD18bBibK: >".xܛ=R*RYnbYk}h|_Tao;o\NFO MȊn*ݫ-ryhNcSnGr Ei>VE2n螬WLCFa/fgʥs;vy ,9@aNN8a3[( Ծ|w}hƗY%8pp@V\ vAK]hb13ћ'\E4`ClO~ƷEKNSHb'VG* - &8~PAї9!h#&ɗ'N~Px +TZfv ԶNU]3- ;6k"j9nH,I1{H\7B#ޑrc^٪{YqEa_3:M>_oEQE!“ *1R$ly\HFI$! 6u0+D#"hۃ:~t.H?ΐu6-|#^U1|qcZy"niFPFקń32r?(`̘Ʉ0zmn{fy:rn>`<QhΜ1k̷s)P#/\NNupj!d䛏溁m< O].ur@bm8\|b_7-]]Z89K!d В dr p׬[V }Nr[z$ĥE\7Nu4MS$?Enӌ{Qtw`t _@x(ɊD-z6閜+'TF͞M\ۘdU{*w\F\>4TQ /yp`9+ ]čkYfSD _O~5W8Oh!hΖIK'Ӆ̚v(dbMw̻%G o@0n|C–3GN| ioq_ 47ZJU!劗u"!@$U\8Q< GY_gÛ=3=aҿhV#I:zy`$/NlX܊vG _NYƻU`j]Ĉ鮮E%_}6h 0/";^àcj{d"'b,WUbgya9y |#\[s4U >k"cd$[;dKȧŻ+l vv/ۇN 'Bi^@R R/DY|X05A7i fKrfN,)X#] tl PRN# ^ .'==@N0 'wUZu9 >R.;US`w5#CISͼMyW21~jEBYSO3/x,{d͇LYҴ6:B>?*tel8[=b]v2"u1B>J ͂.ֹ7r1sfrS(~w P~v٫qA` 9Xuf7;PRs^Ә|D3VrC.+Ul;Ngai^j.PyH?)|(2 >$?asIȖ7RZs9(CM:!H/^"` |L.7VoJBǻx-xwEX5מ#,N_605#dI/jɨ8 Ipy"^.n6$ 2%MIIC5ia"OI粳gX꿊;qDIM68w.If~5(R2Ld,A3`E?n*`)C[@R%Z317pa ?!<=Df!R#=5(Z5ծJ{PONy|>: q+77vcfAr=jbQ}^"O=$Bڃ8 ʏ3Gb̜p@KzR3yr{PUo Y:h~Nv,ErH~61l  mD_ӊTN6WSAW{_eS"|e 7tW,]1[ZU%?LXS>V2r8\P$X_z`jeqd"h-K~cU@њGOhfr/Ly< D*79A Q `si]AgqjwR\B/{&C8 dlE9MZ*O (Sy` I|dO5"ou>JXضE2s3F&HVRZpt\.}~ ?Gt1Q\F? vB6xODy^j̵(<$B)MS8UwtX:g}?h?Y(_Z ?HA 3#({3&gQ{)d!wE.S}^mN(|aVЙYlW/ Կ9k$̋kO ıׇ(8COb: eHVs&0m:m>~BM Jٰn64kEĦ!پmMKX⣆Y|<@q6lx'aoc!WЍ9e h˰xl_8byw+mJAuma)kOFe;)uSŚސWXL9F,hd> &,&GRI:CPn:H{#%O>?|(ʉV(\J<=fƎ *~pJ&#fHzOcɍBsĤx*e*,sp?^@rd(a ax=Ni3 Kަdc8bx%x3+H`a} ^dÆdvO&'p.ڼDDX/Y 5<ӏƚ0A nls@§h,R4NY aP1(*VnZ`39Fez\M4)޺U3+xqk3YFĮ.phO7M7ݫ,XW4fҶU B<&x[33Ȣq#KMRErjLN_&Ǖ?Xq9E"b)n+,kmNd<8h<2oo88^ES|6%p~E:nAJ;"$ieue_n8T逩'iN$F3kX:YׯRކ݄Gk\QJ?yfNW+,$G7:@}V}ա0_&.DE;?Q`4pTei:}5{*k >?0Sj=pzz݈2:Zbuǭ ՜W^T@lwJ*z${?S ]}q :U d9q~$]uz_,;GK>kr}W]SK ^>nT(Eͫ@Ήʣu4`GI5a;x F.:\vdЍ?mt@xttU"ܯV{[)J*<7{N"x}2iܳ 9#pRu vJChZPL_|B߳5[T="c!b0QuyT<0#"Ў; F?M".gV_<ܟK3cf k?B8amHY('[mH;NT+}n>g1Gu!{]یb[!oˤ-e`gPa#<?w$iR3Zl "T/tw+wguB33=M$Ժ%E>|jӧj{ga꭪N7lYb""Xg!Wܡ|{@F PDo]⩰,!:/.eE/~:UDŽHF' FBQdž8L. &R5)@_5F.M09~SIn;2?-Rd!|@)T[ y R%f3;YanMGgv)|Y_؇C\rF1cb!ou@h+dCSn;HJuNe=fÍg$pWlO4`DXKE&+N{Za6G|V㎆⛾'x0 G2sҠQeiu7 ]AJC*7}77Qbw?sgmnj"QR1}$TCɾzWvmodTo|GBCqOчqBGg>_"ROrwFhad;!;H ׸pyO@΁t4!Gq3q yzGdÍxZh'OXw?xT3>GvάjMf9o@;@%p{e?ebIHXo/~V*auYez8'Bq`ҋ9W{ρФ_ V%aE@]~Ն&N+W1~J,ўTlx(& ,d5VphʹO]KBn6NZa ׂljmXmȞfeŹ:la,alW7ѣD;Vv;Tr7/缹!̐_v+=4m :aDGP`F6֒vyV JSF/Χ9T]7D[2涸@{40 >PGOt * ND< :sHuMR=DUj ]+e7red|-Bn"&=M#Đmz>b&N~6~֓  ^?:4vNjsS/[ {%BVGܖb9#g!L~7Մ}RFL,W`&3L dѿ T8{EGqDD`at蕼nP04C{i&VDJepw[/g3=jڒF*ƆLQP"\gH1(QYXnk[*L{L1~|k G6h约q{&;ΣMd5vq{ A#D'oNI7KgH&_`=O5KŔ'ZfpvqKD^ȅ67-RNp[s{wJEDw3*DHܞ@:T̳nf w+5ڥNz΍1/4`:o > Sm)a{o\̀0IyƪA dwL@Oks9:P" Ŗ3nJ+Xyc:|+Xig?Wԟ20]Ŷ1>:1nۙJʒu9KPaMST6+:Lrc[&f2†YI㻽{mIA&rp`xU|;eVpR֚, 'X%]o]@:_rB~ \k ݅¼zW[@\YrYffaLz[TGqj!cWo`ad;8|+Ô _LGt"g=SO[kE&h@k]dU'Y4;hE[R#bB&[SŚ1EF킩|, Zkc$)ls1%aðtuqPۻX7L̵D^ ? l[l{j,7l':qGRP?rhU!TMJ %cYzNj$l4%bJB&ff& siIxP˶>>{H-Y6 Ig~:CU%Mh(ݱX n~0_wiuhiau2%,v%c.uVo9CQsIΩe^bJR9G+4 m 3`>%_|ė[ǎYkPhI,fwS:1xC{hdԍ*HMdNp$:'qb5c/z-.r,͏^38*S Int$ܣbtDZXя&$9?sLipa_3'ҜϠ9, B-6X#B%9>A\OwgE2/ݜY\ t 9m{82b„M&bo1b ѳ=ޥnqj%c!ʡkQ!:sce䃎X6waU)QYWU kݾHC*t>ψf_R$`ѿț}AiMM;Y#tmX.kuEԝyO؊% h1!{HH=F)3@;0E5'7)kf~?F \좆c;i4J6~$3)+_ti-\ QդQ-K1_Pa綰,75P58PL;y8g)WaАg2dŎKN#\R5t\p`̜1@?s;QJgPG7kulQCgȟQ e ňx6o@ i懆ҜԠ+YeU{4~Hp+i{>c)η>*My8ch,={+C6+6|o/aƒG, [Kʇ2Go3{gE8 X=x YfeCJڨ cHTO 2 4s%&o,,gxy= ^ĩY<8h)YVR3ӧ̭A'ֳYCE9L"ȸ2FR`~g.v;e jYpN(lP鹰/~~W;4dIX=z~1 aM򔏽l雓NnR8W <3Ⓥ!䷞(O$$޼? @_? ;v$AZR&Iqck*)N%kTMj[gZI_6h'9)M{Pw(VDT.y҅Zb+7Ae0!|.3KA;V!˟f-AΕI2AEn% e,"+6 G_!^vrQ1<ף9\}/}R.NGiΌF$[ľζ#9.h(xu{3VQTc#QRIUXE>pMV5%QPV9O=MTT5WuD@ \7XR,Xq! H{NBY${p?SbQ0 uzLA],ЍFQf3HG qe= wQ!X u 3O1ҽ"B7vP.~4WXx=UH?]]3iJl&2xɄ04m"j7(Rk.-ƼܫPcAϦ332m+AX`: fcT gc/aO-$`1e9n,-Ddy9 L@/TFɹ tB:ه.pؾO/N ֗.qxʈ"N{GѶJqz:]d\tx;Q O'v.ޚFIEPzY*t{&܇k , g'=vؿLp^E'ȨH_rmg;DNy{^zr5}ݴY +aIL.FkO2 Z{}:PU@Ї8aDu3Cm!F P-1%%qMA.}zSPZK-;v-G3ʷ`/EiNC NqlC@62ᕢ9 ^WKzȱ,"+0t_xͰ3rxȘ+(!h2-GNS.XtZM/&uG!/,^f[1\8t79PjSi?cMhH]P0_`!Š&.?IrX52’X]CZDJk)/ZHԪfߒ,\؆݀ ;{ȭ!O #`n\Aw|}C}kJ>F/Dѯί,oY6oYU:BlDsxhѦkE~"#鲳}3"8&m~*0̶c@)p?*LX0'0f$;W$f }PTdX[o{$8z6 .*zG<*ehLY!BL^T.В -e}Fwf ML7[؄._?8ׁ%0 "?ɕ څ *FqŊF1x mT. $|5)X^Ѝ;\ ^'O?0խ[R@rZ9Hrh S@h<)}A kkS*"tIB ֓ZC=*.Ȩ A\4>UճyCR@۞ld$Ҥ{ٚs˸>-T(Ue0\ݨ" X1ҍݹnqJF%Ad[Xw Q CL:, (M-O)8aTK ceT̈Ov@cl:: }j9aZWP0cݑɞ<"-A-Yd)cT ҝ=#3/,إcb@&&_9S1)Fy Iu *G4[.4R7R2BK[B|'k<,UpsVpt}SIrbm1vO=6Îe4~WQ=$_4KW2X[C6(/$1!K~eGa0e4h s:U)] bo;xnHK(t.px7c"m?8 P<U5>$M>Aޅ{Ksi>buE։)B9tb&/Jr14l*vM.gLR6uVC~0#buGޮRL^ϦabbOFg[gY\B!|Qug:8^7Fnf$k$B]g29GBseWͼo`'oh%9j)JB7ϙ,GƊtD7b.PGBQ+>x]nm{{D҃63fe<'i\}o2HȖ~42hj7)/G{ɓA|R#Ve?$D"{u۱&X`}OZaHR޸wD-c,yM hg{S*Lq=ĠDLR6j6^4I $m³%a rV< ޯK܏^垣UD=QW֡Aö,lMѶQ~2;!LĘBۭԀ.`$Ԩ]7)#q]?fo葫:~Q̕gPweTa [H^b"JGA;~-"Aydxcђs=p޸"jSB *nc:QP+0wRᑢn/*chI5e٠SH-LMiis}7潙ܴb2X_8/9Qq8?vo0[ˮ!c\s([1ZZ  Eʺq᷆VԳFE_.*eS1σYhe/_mU΁X؈ׇ1ØcG|\@Զ5CQ=9=a]'iXHxNd!zU:YRh,/`gPΩInfn) $@(ːalEKiC䱃.,Jwy(SC$K452xg,r]kt`R)2 1=Mٴ-(7gkW\Vzbm'ՂL|C&TbäO>ǥ[4vÐysiMƄ@\:^5C9 u|LZx~ ǢiDn4l*x*`w9>wpU-_`:oeVT156l^`Uf?r˴}.Wjr̿$C6e.{% lb4Ƣ@ZFNKM4-"HȥU.ϕrg{& 7d=e+= @,Sd{EI ~kО8]oi+!EDB\F p'Z7XUh*M}nUR)׸у_2v d*//([́}?ox&t[84 VgN;n!*}=>fl%[uHPtjomQpT=J Z]詡opTXAaF6^iGP,5e 9@<{0)V7^FBXTjbjbYZUzCQ$ Bqm`ժG^\6(e~VC$%z ;\&#&JY#=s>|! Fn7HQTxZd|>Fv!f2 r#|2#HN_*Dx] s[HHaPM"xUTRIL\b^Bw-w34 P4GWT?xɾ5yҀ垔|:NWLZn:.j,7r]>S83´vcYtAs}ܙwSzcFc|XVeIE0pC}%ܗ9+o/\Pwa!?F;wbF˞̞-M8!F't$[lA`!,ݜP+g7bHq?" eUQqigb ,`I%=@p9K˕~"#,ua-\ zQIf٭ ,> {_`j8a+촺gIC1"g) ,yd>ԯ!z(".R_&y> ķ4!9DAg\H_ɛ*WǸed.xu+ߑ-cR8Y^".[fsU"S9f"SP$c&2Z`5eV$-G3|?Gh!L$t9 kBl*Y֎,.0:pUkkRDنR^&+VN=&Hk\d kۙgh>M6/HQ8R823-϶A0z&vK/(o}W2ֹFGy,Y+OI+&=%> jALHͦ}YWy@1qkå|ϴ7ԧ' ZŃ4lk/U?(0bfZs~.[He'R=`fSۄyRP p~ZPdZC9mWՑR99ϡw"o.GU;T~X?7/55'rgk͇BWA ڜbb2Tht `?"=3Lkp:C"}G%!o$oW[HhFwDD܀%^@aLF3~G\x -Bu2 ݎZ-@T\̪KBb57_d$ lP *KB_+p yxEWYø$yr? 8>cU.l@_xp*FsyƬN52;6!n [T~^C~P_먝9 6Ņψ*c%yݢ7mh[Lt_!o{93 yNzV>B>1Cm)EꞚuکs^xXϴ"h%[܎ 7u+ VI3c@QIFjF\=`JXoωěD\t*\#&#u-dlCA[U:$X{((7Ejb(ܝgݠTr>d&!B/D?ԖwS)J А_/Drkjx&\f(4QqVH.;,5d'ˤG"F:Q8!cHAJ󾶈EN%E-e8-nIz>fi./mwo=TD|sKrIG>k< DI(,/vHŘ !_GTčGqH#oC)d6`w莩ɧ]EqEpQ^/ck?0N kE<ʵT|kHg^-qĮ%!>A m j#Mhbux=J"r)[~r FpGUwQ,YU8F;"2V:]99EF?ވz,T:3G[w7-a :*T)CFMz=co !<]UU]Q !cSJg67@ljz%* bc Ke6gm'nS}kP_ʮ?(qmYRC-,tu RrCq8OȞ+7;kW†vCl*prk(b+3历^v5FRKl*$t$xkoC;DɣQ3z "r \ԿAM5ʦ }"vn7`q2 Q=lF|+f\'Tj2"QYRК73n<($Z83 ?T`бi Fc`%I"QbN-zIYhaQlfeH\n3"H7OT/bn,3eWGS+fBxm7z2O Y ~Mm\Ĺ[#Ko6[b>u B j`}kQ(t(YC:cH vqc w5A@نpI>FRKE8bD~ >ȳ%3gGƝ6엺KXAh63[m;Qs-aCAuW.)/@[E{B&_Xv+JzX@@a؍DbYԏrnglƳ-~t7# N5~TՒ)T0SFxM;5)Q2]^ޤP311K͛ e8$#ghFGMU1SEѮCr_ea^9ҥ`ܟFG, in]C>6sm[tDp-^OkghRr#&Y5Sc`ƽoVKm#mdPC*sa[{1PE/yTҦDV@C> ?ݍ=1fk%/O᪭̣"Y +/Mmo ۧmjNղɕQ0k-23/! 4@E!SC )ZXj ܄D>g]zxle짆gߥI ~?LҀR9GAȮɤI&pүtIxL2i/KT¡*\LkrJ3e{aC@x ]9+{#UIE]۟N9DM]2HdPUT$2­$,=/oŒ îU0ڟL=t$:o^gLYo"Q%:Ezh8S)+@*d [M MC2u}ʻKrfbL`niW>肦V*jJZ$@Q8eR[DF|lS g{ec*~AB"5bu{`ękqNG+:b5J%Qʜ GY\v6MlIllhs{S.ao6Y[+)ݽ$Y&Ɯ}czJan}V+dS LFߒ  =o}SFN8v}"_x$5yF')*F%AA>XH -8[%憎"{hNln KJFdkbέ  Al+>/،?3;ˎJ<]*1}TN);8}k`3@"n9>! '_`#nraT qp i;kk21xvk{^bʆt}O9IOO DZTh3&"j5B͉*ݥ69yd6j~T=[ ɪ9- ͻ,њo,#lip~UL[`Oex#rv"&WB>[LC<\bnpEgX0EKQi3yU{G Qiz6iE4*J^IfXz)R)u)6mڕKTds1,px̶?LbKp~}=F18D dcKwĵ\Xt[sZ1kr:|lX>/02 Gx98ppdKnQߚE6EL!}{-'n5AֺoufJntޤ{bpp:O9WS& %Zk2 ;Ptu`-8/Vv4B(Obe1 g"hY>.hP'䏧%SAa!fx.fm2TlVﱤDH}\}wqFf\3uuSsǵzQa'Fq;?@AVmxEF提Z*mzWm3_ n ;Nʵk+cćN|JVh9\OLSv /I,lK^Զ{O-+%1z,ûi#] 0^IȎ4.Ye q&~3L%9QvN6(֑ImI:R+lܭ+JP7xb󫑀~ >.)'d玉@. 7oAYh-+t]i \@ʇ?SukYs/bEAOIjJXsw]UQGN`>.,G1ܒ#QD  lHUUi1F̋V_M,ז霊QfT[h-FH7}ѷ"bK zȝʌjzzP][WyPAy)ܬ cT.ZV^"b<[C!C~x%FB\? -hMT[*$;&B-ntMO gu}vܑS1ͺ@=V IlYog4Nq , UZ#u xLal>0"&Qvl|sndƸU1MCdF2;x@|ubU|6mC~#mph]l%nB#E5lKc=Ϫ׋.Pr #=F';t%퍛dwȬ]c[k|zEe3Ȉ}|vdbp#1,Z5 k"w|6vT| lZMS}-дN+Kb#SёDhAT8|LADZgi)4^SoIM@[5$giC+N]iRW^ 漢3W[m>yT}]}VDiwʩHfC3u#KlTCi~Q4u78.=N A /2'T5㮂QHsn7g3TēSYn+#PT:,b‡A!Kܻ2׸+~`nv6 .`~~FO#q" @)_yӕT֞y@>QUb":-9Xx&Z|l'[w `0| :2>ץʛ=0Í#&4&{+͞e}gR^Vws7/Gms0\xrЌ<}kcvs j FΑDS&Zt@F,hfթJRH ʰ0!,`h{7 53%CZW o)P˯4#g>Ojv ,A\Q3$; "DL?+a7tjqtƙ>I 7 ty^\~\ƉiZrgTeVu>Ch(H ›ސzLhU9HT1,0-a[z:#@-N[<ˤ&‘6rM A8d|kcRX.(W|,~Wup2 ^J`y*;YJ%Y\>) u)`KVq<9$iqO2?O $5F|l9VgG29+z;_,=-`vQ(H9ې×k0ۖ'~32"S^\o{Aٿ_xL V {3Up)cCdTe&au%`#ګ"rPx爪\ZtuWg3Y&׈A]ٱ0Қ]lw<)慖VBHChK-ѹ,KZ:f,D$4I!ɣ+=c.B|@拢fF±9]gi]x#eEn2`\9Q%E?tatf0mDsdX;̉?5%%MR=3 hzs竾0c`_P_xMU7֝Ok-fL0>/.ĕ]y% }M=059 #a8+p+E|yZ 'cʳnQЈiӨ' cN iF+~>L޶'H#gLRv*jV?3C 0$z?$@ʆN@I`❁豦躽戀p+:ȗD#`cĎ8\,4u 'C T3@}쎔:hSM:",f(MmebdSguG%1VL`,[=3Cpܷ.|1kj8fA*7XozXR\ĖXxtlmE@-c韈Y/[6@0;—M^IY"%+5Dچ٦OnzAx/ktRbtԞE i}Ț|R8|%й5m%W*gҜ\;U1 sb$nYoٙPm+xw$acPےn|9j rueafi +֒Gy/] vdyz&eшC&ݝ ztuX-¤Vv"A=ڙEu;ȱ 5lϩ^!C3qtb$4XyeIM ׍Kr;ƴμ*K_hԪ:~ FqཱྀdLIqhٱQh3S ӏW?JbLz7<]-0+ˑ"Vm^.+/:ppP ܩ&Z,1B-SE8I+}B%I)&%#nTzk=i tkO! ^G9&J)Uw_` Ufqpb+ %,ځG`xkQ$[q넅&,Iϸ1bu-B´h 1+$6_hTpC<2׭h/.@Rpj I\䆓D#Q1uhV[ P$bH;DYW=75б*V͟iM3 ظؑ3|nVO|,ҼebY?M1 38toQuJ\®~wnmMyڑ)Gͥs#Vcee+Y /YKv>a+dGC} 7鋊YզbJpj5E9D񇭾˙/MXq4f8S/LͭN6% {ɉ5[8/:%̗CR`fXw:inj F xeN*DD3i-8an"2`a(c\ Dslp‡P#ZM" =EK,dދ"ޑdK^j.\`C} Zg52x$̹2ϿFCRҴaaEABӈ£o,HC27F-B|  9-Jg Wɜ8,uv3CȘȣz4TADd#^2^ňKI~u <Bi,x|ʒDk (s'eJ1g/T#$'m{OtM>Sޓ T|V8NPs6ШOMiE4mw!*GLq G]is*--&3Gk3U#nGy#%2|u]r \sKm0s?(}ą,Nn $zy,5Qw:IS&2g3]斟Qymt5`eIkrj&a|u:6ryi؎{IA2%DuJC寚{YYe+JnqڐҚ#0$ۉ .(yIitn&6Qшo1zhWd ?eTx8J-ACl.&`Twdoc;$Qu= Dԫ ׻ iL8H%VD$ncG ׿}~8K3h]AɴsowvGx<в4A@j2^E-(yz9n@'>Ցh @CWƪ'Ɍ\Bm+o>Ij 2yʮ=Y1ٶ i~>h1Wt{Y&GólG3,^. %3xbF4pp,x:5ڳ LVy`G&d ՟r2֔h+nI`EqK5A0'.fkՠcJުBDAvZGF\̔_Y64F02a;]iV;Z'6 %#o/'_T8s!Gu):V%!8KQ>A'XJ*42|N3ujӅ ppg% ,\'ؕ"tմ6?\+_21u`I9> v)sA/7NF)nYh:v/2y[2<s7 .!:nM8~l`kv72G+%)3z]AWn`A ηa z~ !UّqaƄuQ 6"`G懤鳋\\Lh'Kh8[lH.?"}:)d}Ӷ[ώxaFjB =/[hzO&}ʞGgvRNv(m?,ىU6D(*?YBGA `oMs<hsϏHvyDzb rjHpxC!6 d~b6 $5q[8ۭ2lJ)S['> f3QG_PBܲ[hbX*;1ETC 'EH8~`*vWpV! xgXy_(]jA59~UoMtcc`|Ab]2O_* ALVfv Aӂ8ra7{N,[3@ %*٢ ɠS8|1τvd ;8L'tq$$Gx.T`ʂ0T63ǟnJH]{hu\&7OMACgdN$ش$7|hbWGZuGF8hDG6ڏYT7쀾C)oYCߔR2Lhö#@1 <Mq$kT^Qo2Y&D)2e4nՒ%1Vo3aʶg!qm~+.Qt;yaul]@kc,}^i,WmYu5=? 3:}RDcNgz lpVyeUXjKn?K^z(gK$Qf}3I}ϡ6Af:sA43QdGgѮ[£jw<+Igy9z`?{=YeXWev;PbT` k/ R$pܜ7]<ǓX+<fbYtlѴ;Q#x >4lB(Ftݬ~AdsaQɝ11w-S,"CȦw6ArDk΂ص´|L퇺k^\ s ">+d3B$h.X '鷫^M{6eNػ YD,,RC-/0ʕF*WCȼkX{nydP#PqQi~3]7ĈA@v{ٌ&<`nGD`U`݋%uιbՠ ?ݜКV=Ji\O /+ ",y֜2(m4 #~o zGZ0ϮA7B A #͑9=?%0$[_^5)Sw<8F[72+DC||HS{8V*R Sn6!)ӵ\Id>.dfW(m/Yֺa < DKD^Ptv\ xUe< X}P% `bf Ko80|w[F*xs}iⶍ3vj7\1}1)adÄ.P{j:NKHu^0۱bmwq xYo]K5?C!Z;Wi7t3T5'V/S4EOGt*P"%&hc-x#HgJ*lx2:ZYVpuld7'"=`eP^jB$@{rDqiZsRFہjnbG&k=@OP~JDuW{~'/V0BCkSxp{,йba {t>!a(iU~4T' iɟ9}`A,î ţwr_"?O%婏Cc7|xO,N,f$`8g_" _ۥ8;mHϐvPO9<LJ٣R9Àt}Nw K3ZOk<CmNʿ^(#,R,^Z b /߂l~vlR1kkGi"d&pe7D^+>]>e3c@M|nJ՛U`Y5TLȧE1z8/oc)( }EEq>10Օ4@/pV?YkHfwis]SԬM9Ƶ$4#Olpc\iXߤ*Dʯ%!} W ^{YV^wUc% XuaQm XՑb5Q~/gqT`\#:~ΞAG2h a0c&>%ΛB{lyA$eJ"֑k3 (+LHsVL<2zXHSfGB ZJ +qчxJ;Gw4#)DUq{&Üzќ[4ڙ.݇io26Tm8uȭOn)u@H`J|+e03x^m? ' wU skg%gmX9zy.~ʖˎiUPOsbŲf AD}yUOz^ʖN'u4Y/Ecʮib,ȭc~%c1Q } \˾%MpG&mq:d\e>XͲ5pJ/qDK>twY+gU`ӲBp51Z( ),A&O9,Dh Y@͚"K'mv"ѓ sWkkFWb*b%pQChl,Uc Iq,7hyS׽>}6~d#f#$ a?4h3L9:C Vw^of8mF8԰ >±Lg PMaA,\16r#Jշf~((&vWʸ]LA]aϟxhcY`%vd2 e Iՠd(nkm`)0^!EU*HӽIpP+Z jzw!bga/rrgIaѠ&Ș+q([pXg]',m(FN*Bp/n봓>%]`糣HKCGPt`Up9|܈4-ZT|!=IRR߀l2#qrK6fbl miHf`| ζI)9'wQv6$Rz_i1l7[yue2\\ϘaH 0 3Wr4 :vm8>:F6U1DOmmbfH1E_]f<ϤN٨KsϸF'[lE/T"RB{@,a3(ejOBAd*8ղEVg#ή!šyY:V(M#!#