sssd-ipa-1.15.2-50.el7_4.11$>c*Ge%xl>=4?$d   ; "?EL    4 { $XNN lN %(48<9:p=GHIXY\(]D^b5defltu8vTwxyT Csssd-ipa1.15.250.el7_4.11The IPA back end of the SSSDProvides the IPA back end that the SSSD can utilize to fetch identity data from and authenticate against an IPA server.Zx86-01.bsys.centos.org |BCentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssdKA큤AZZZXqZZZ20c031c5967a2bbe03e095a8dc25b7eecc085fc7e0a8e068c09e87cf7b955ebd9cdeca751e22052895ed391aac55823ae4f95885d84fceac7f65124d017a67ce8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903cd7ebd9b129e3b191aeb209c299997caccf46ddd4fe4a8324359debd7bec5cf7f03c8b0e99d1a023cb0a8ad502e85106d3e4bf1dacaa8ee99d2bfe741b182cc4rootrootrootrootrootrootsssdrootsssdrootrootrootrootsssdsssd-1.15.2-50.el7_4.11.src.rpmlibsss_ipa.so()(64bit)sssd-ipasssd-ipa(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/shbind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libipa_hbac(x86-64)libipa_hbac.so.0()(64bit)libipa_hbac.so.0(IPA_HBAC_0.0.1)(64bit)libipa_hbac.so.0(IPA_HBAC_0.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsemanage.so.1(LIBSEMANAGE_1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)shadow-utilssssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)1.15.2-50.el7_4.113.0.4-14.6.0-14.0-11.15.2-50.el7_4.111.15.2-50.el7_4.111.15.2-50.el7_4.115.2-1sssd1.10.0-8.beta24.11.3Z@ZR ZOhYZ@YY˒YéYzYYYYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.15.2-50-11Fabiano Fidêncio - 1.15.2-50-10Fabiano Fidêncio - 1.15.2-50.9Fabiano Fidêncio - 1.15.2-50.8Fabiano Fidêncio - 1.15.2-50.7Fabiano Fidêncio - 1.15.2-50.6Fabiano Fidêncio - 1.15.2-50.5Jakub Hrozek - 1.15.2-50.4Fabiano Fidêncio - 1.15.2-50.3Jakub Hrozek - 1.15.2-50.2Jakub Hrozek - 1.15.2-50.1Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1516700 - SELINUX: Use getseuserbyname to get IPA seuser [rhel-7.4.z]- Resolves: rhbz#1530975 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules [rhel-7.4.z]- Resolves: rhbz#1525110 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend [rhel-7.4.z]- Resolves: rhbz#1508972 - Accessing IdM kerberos ticket fails while id mapping is applied [rhel-7.4.z] - Resolves: rhbz#1509177 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss [rhel-7.4.z]- Resolves: rhbz#1506142 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) [rhel-7.4.z] - Resolves: rhbz#1506682 - sssd_client: add mutex protected call to the PAC responder [rhel-7.4.z] - Resolves: rhbz#1499658 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.4.z]- Add a patch that was missed in 1.15.2-50.4 - Related: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1493916 - Issues with certificate mapping rules [rhel-7.4.z]- Resolves: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1482927 - sssd_be is utilizing more CPU during sudoi rules refresh [rhel-7.4.z]- Resolves: rhbz#1478252 - Querying the AD domain for external domain's ID can mark the AD domain offline [rhel-7.4.z]- Resolves: rhbz#1478250 - Idle nss file descriptors should be closed [rhel-7.4.z]- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/shuk1.15.2-50.el7_4.111.15.2-50.el7_4.11libsss_ipa.soselinux_childsssd-ipa-1.15.2COPYINGsssd-ipa.5.gzsssd-ipa.5.gzkeytabs/usr/lib64/sssd//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-ipa-1.15.2//usr/share/man/man5//usr/share/man/uk/man5//var/lib/sss/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e6a612702a0a46848d1829f487a661764cd381ea, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=a1fd76e691270562f2e76f1f486b48246522cebd, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)AAPRRRRR!RRRRRRDR RAR+R:RRR R.RR-R(RR R%RRR,R RRR/RBR6RCR4R7R5R3R2R#R$R'R&R"R*R;RR RRR RRR9R=R@R8R?R0RRRHR)R RARRRRRR1R8R?R@R(R R0R/RRRH?07zXZ !#, ]"k%f@}|,p35յ4U\w %9ַgOrdO܆TGa1u]*vJSW&b;MZũ]QnMmBD%/x.dzyw 2`k- ީu>1g{0?3Spul'|M\o0O}(E-&ߙ,OF(xDMaFt0bTҩK1`>w<8pܠD*Ԓ.wAD_m̼'AYR¸EjBl؇9$[sy(~fq˾6'Msl \O)(OIF֦k21BӎE{\E羳t5Cj /ݳ-̻kHg™U;=C[rilDM!2MU"Y*2MóRK#Al c0$tHWMQcZ_Ԛk()rFKsb=dC *&;RҀ TU$Ԭ c5 ^xߌBL즺I oNB~-.6BɢN}@\c?O4yI/rYF_5>f>$ubfUh={sPPghJ`:`2=z]v^dԑ0@ru3Nh!_h V4fn(b @xnܨeᴨ-6L3C ]*#T "?`SnMNe&$&#c4GcKTܩf{ } oѳ*c1 ݇uvc䢄TJj>F,%8֟N@/ M|7^:gӠ((HB""6/u)i£eBjݷ`* ZKLv?2%-өdOpU׃ρ1 .2Wo7G`O e&h,mD%e?;$6{oj>* &5DbK(My+oDm ⓮{Hb15{ήvA3R4;UFF ,i.AsQ G͛bS;O֎2ҽn+,*1'۾d̞=a7^-B!_z9-ZT(Ttk"xm` Lk`|nq54,/TyP ն#9Y&JRj6tP<(2<W6Q‹}dEˉaKat&l}v4(D|?09y F8pudup=wO@:e1VBn=N/:k1Ux8~*"$WLbhqxd> 1uK5[&o|p+ySz wpL*DDVCjJ]]YEh{򫄓 Ron'GqS#+] }y.q?vR1봽\,iMG#pCG^j~z6mv8 9> Z9)`42s4C<@2ǜilg^.l'_7dGcj]uk/%^miYbt)@@,KaPfh75xA"",DC[(3]6C29N#R|ѴV2򢙕`.8< C#0 F^)a z&h{ci!ZʽAM<>?A s^U$1'  2Zг؉16$Com$)I" ܿx\]QsnfHi_i[K??#T(ޔc_&LrE:M3 j*:biч+)>66 z;nU:&I6dHJ)KC GW섺ۼ< ++ώGfU8C#X~*% myV y)。ap\O<x霭&_͋C"tM鳺Mڹ IG Q)&UU{ Eh^„Td!rbh 2z8ېdd'qk{96[e F]¯oN_C{Z #REңe扵UߟNsn n3n)j^Tfq|1*_Yt>L>q_}=wK~d7/N=pC:8`Y 3fljZI< !k{,Qt7IGȫ!*soU'Z/Ep;@,;-eu + C7&qɒXYʕ`d7%jݺ}=b1H?*d9{dTM0fۺ];K{9pҞ0GX<~+{HFݹZ DE9y;7.2[3G/:c_M½qަ[V7ٻY2GiD^-SޭjM]럲ZM3{1I#y ~YdV2l QNJ5KL.A^{,1cn E#?Z4F`'2ewddϰ,u t]> ѩ (N`=߻gk0ڗ#?T>dKt>n}{XݯkZqY,R+Y犏D!s~~lw&=-$mZ]B?Fzgk~I?*]=]C㹥b0g3ӭ;49~/$7xN v2&?S=#;)SSBҞ`!X!!G۹U2D͜STj w7y폜y^8ІkZIJյ[3W_f;M*go ]hsKE~i,5\ kY¡0 qob*4wP-CU0ʧXok"C~Fdgtaّv{f6NnA ڡ]6Cef> ō 7ى.cDEEqPeu.`p<6au9E<mQ= N\2: U[UI`&DE}gm&X﯂!>cv s삺s+$ E*||>,F)s-(OVդ^=hP9Ew*E F1COB TgTf/RNH} ZQ,fDdP̬Է2mjAjLEGWmZ@Mᬊ4gCk\XÔ5ٕ+K"):3mAo4GS_ z{l˭Lϗ}P/ zt{nL5i?{?9u6W`Kıİ) o/mdAf<y`YzwfHL"iv}f 3:| 2GqU&"ROpZzK5^$Z&Th"Rܚk:x7 #6]r"ک-Q=Ǵ0 9}F=J@_IV/K"b `M_$r@տ=ֱȒy-Uhc/xcnqtߴeզܖlu߂j]0ÃevSu, R5$yl n&,' d$)b_A*9poM0~06`mŰMf< <$vk!s#JJr^Vu8h=Թ#pv,E!ƢNqil|{ MBCT N}L^'?6Rn.X&V^cHr_X- ]t[S W=Erӓ҃QFU3m3Q:HknRQ.^ȕuΛ!m'A\LϬ=p/!w;<z42"̳ ?@[ak\mFa:Bwp1cisͳ+ \8 iMKu oC Cw6:G=6K+o6OILVe'G0j$ 'lPcx~~i^CLf:;x}Q4 Xx2m xn>Y6'umWzqÜp56inWBCogK-Ww_7y]Y'[NK<~CEU󏩻5 RxA&E"rZհˬD\0 Hɬ{o1Nٔ!j.}.8Fd=`8UT?`0^hNӠocC*~B2u1:WYU )J"uIF,{*Srܙk;i`l`m!<YW6#)nA9R*]5H za /z]'B?&ƭ=Ptw97 :nJ:> x>Ov&Q/t@,1N1GjBVeyLV9P_yMo2<^Y~|Gt7%9 G"mKCj/qt5HFIm~pҠ?]!aMFWᳪ: GO\a~KZ -_bL>CibSAx~ϲ?OPBNDޕ(/]B`d'(oU#*ºY}9Q$NWh>6cv?)+>w,>6)+i]kn)hq8yvVWlA3Bzě UCL?d@9k/r%1+:Ca4Mm&/TS1@B. [Uo>mp-il/ _ԣYa!;%T;_B L]4%a.(S'>$p EkMH"\+z8?y#$vzabл8j-}gLw#PqLoa !^Ma@y0Pжɱ`} 5T-U| UO(#X<~E V8[q6A;s8$b[H65RhG]YpGU>j0iz~LXUMF''^`4|G/7-aۣ?h`!rX./K\N&2!RS(vu=Zǝ㼜X" #q@$1ǻS'du9/=Y~#Detwdjʃ{Wľd* `ꠋS+-$T'BLY'8:ΞOu,lWpbyP_vcZFN &k?2y- :mG.%IOx~yhݮa%ڠq3"": 'LsMn q}Oh!O\ 1]-fni +=]eTK[x؂ΒTfS[85>`;iTvԚT󍎴ȩg&0{vH t }Az:֓ _SN(rO<_Qؐa.-dUŋҼm `) eL,8 f+.LQvDDX76HjL?cC]{}B W!9ihzb $-Aī+ִhG9QhZg =S=x{?ۑ+vrYiF`L3 7:D9:,{@)fJ=OcUw$!SO [,薙5zl9I\}rR,$eg65E6,iQ!F}nMyvZ=VrA%Kh͚^?s.[RExe>d4wߟZOݕ"9sMT#71, ͐vYh]#Ч;kϟMՓk"ҵH@. [wzx08M+ʃd#Vn*_5u0H2kH*m%@O+kdxKG&Qc7TgTţH 99KuBw^`GA:'fvsD4 yYɴ% )[Dp7ӵEXo[&zC@kK -_V2澎dDf/Kc!ϟ&my Q7$S +@c1r"%xs}`DYy6|adgƅQt*zvUj u'|S_v 7HcHc_o7ǚ_9?j}7~rDg b{ͦr.\ 4EW]QeWӆ)<#s4ٌ˘tA%]PBq5 %qy _ߖQa H|KS֤u'a3\Yγk*'n=v]d{*\^W]bizg HD +JLs Ow8A_;4؅e'T'Gz#85koK7艛'o=.Yã5 5Qqx<&?JRM8C| B\Q]Jl~ w҇^b\,rF.@hb'>6tcR قiGԾ$?yJHS\,ipizc2?Vqk ~~N::aXeP\'d*5f{xJ*$:rh" &P~INTBm@QcBeUogY0mOkE2_AW^, k#Gg*XaTCINP3 B) 5 S:W"t<֒n 3!aLĠS^uD;5Zɴʄ*n7k rz=;wLdL5HnAdQ< KU.FN!hy[!y*zLe?K=4QTk4%>ّ\^b&UPsrm7SZ8rl#3ZinPEHiwhq̇-u;'9KN,,8pyrrRl'5XYFhu,)=ƂVl봏{[N_ն_dm)Wqwu%W%\rme8(#R̍^=Rb9wu2LixmI$ר@1zAN0{h iq(|"/5Y3]fan0*F~g83Dݡv(Qѫl#`6͵ӲYCFU!A#`ↀxӳ3(E)I6z(/2\M& iK]:?(]ܺN!@wdOp:}Nknu /zQnYUc.σTB=m$~uĩ*|vW{Z!ɫ}]O!"yر( &6i8QAz`?#<g@.0(Ӄj' EI C5/ 4C1r IPE9iu] #Hj'շoa2Na^HPafu*Q3@z}}P|~ >WhڣyښBxZN#Y+%/ۙCzF+aEE+(L1E%JiFJ=xC %^לr0J"a;S,'?sQ笯 {2vi%,dBU7!f:΃.>d!3R|GfO,py좵'&%eʪHR1^语)8IBCR*tT'mwEuocf|ouE/x#7ѵ?7t`-Jز,u@Ze5|͎Uةr>,)ufY;(/6-*5m]jҏ#sn3+1'Qm98TGe|ɡW%Qe (XK%\xj7&6-Rt=Zy:P޸̕Q_**Hˡ;f#1CkkK;^rXup.G %~pfx.=lhWjuf`^Ʀt'Si*i98w/3N$chW13|,%35iZ `$$v9 xA+f(,H%h}ѕ;ԷX^κ"JUak47RC2^T=4a3WsY~**23&c7`lf嬣jP5$le1 J\OR'RCĽ*-h=*C* 5DǾBa(gʄf/PRlfajӱr1B@{\9qkɺ &(+ոhfXXl-UpM TUpG9 s+?;n 9XOwYvrևy)$i^1K=V WJrl녧9џELxrSMXhe_~RŲ ښv3nX@:"b3U3qK;5_VR|P^\yU012RpH!dۈ %N@`Ӓ,Ki輡$?bÀk^!sMIy*B؏YڋШ_PtdSɑ4Jur-/hn'z T&&)dk Ii\03"_¦"( JN9^&98~,J wTS8?R\?ě?U@5S)(+]zepm@>WE]GzHL7]JqY l-nĢv(ބM3瞓}57Tﴡ鹇wao">m.`7/$EEV6/AC*6R=n|ϙW ElK{ ٗNҥ݀u8ceP.`sum:D9B<qV`qKȱ |uuieV| dUJ k4+eo4=&kSKab@["~&:ͫCdۣ D6)bWɤю`G\Kji9KbldθF࿢],*3*1=>ocDe##<пi Q& '2cR6)iR?t-!!F.CTٺB-YH_3hK{^9\}HPWsE4jJpc37YI\^^*EAǂKWLؖZ!N_! ^l_s~J!)]s8RB]NAۢO ]n*oHQwdN CYp"8K r<*)A^Tҍ;!W$)TC0NUo';E4nܦ0{OXƏɪ-3m 2L (7=ə[ZFh >!yF3Z p96>ߨdӽ$]5ByJ7sLH ZQNSvc'S$CYe'oΜ~l1 RD~S;ar٠ ZSd)$d Xb3KS76D"hvo*WL\PJ^]4t!QwÉِW45z:V(l6٤%cw9"(]fM)_jnUIAZQo<" AJK E %ڒ}h(5yGC͠-Q0}@SwqB/!n >֛^[,>Gצl1-XL4#ɡ 3F[HkcD):h/WϼkYۂ[J^^~4IJ@%5FR\Qn3~r뙖|F¸rNފڅ0dOnݟMNL|. !g`@ e< */e +2ơS0r|)cϏȺ,SbR`mUެc|2+B$_+XW<СŠwCס?`ȼ)?NiXi?XH/A8k)A2?M$a#_c!EP6a[ḠL"9.:ƈnPWMRoiIm*_jKٹqDoWRmiFMq?'K M;; e ϋݬ䟄i Ŵsi.pw/mRȻ!sLL҃Kx0q%i*ٖn$ –aR^E}ҶP&&dE~7ٲ G]HLL1X|DpK~)yu:v#mj5|beƬiApՅ~PAb$ifhkuf@R"UC3^*a ;itHnqfR Nhv*^' H[|&@#ү=r8S>[7Q<>,Lcڜ= ~`9yġ4 Ko҇ ;Q+4_{-gsMM Qi(aj'pM!%"4gۚzNE 'GTaIX;irjN; և^M.we{2+P ]*(ڸЮ8òyVWw^L 1M B/[z:DFvW 2JmAnT^w't+'.tEYVaL3ħ/X~ƴbmÚ;`%aTzkBiwZ+Lf|0hүЍ/lXE^&o r{P=iGsJo5sնq9VvV1鄳nLQe /'#?pg׫4|>mxB,d&'W got-e,2)~p_EB]"uOԡNW@j*G/3:/!{)>O^/Yߜ)\gI]w/! `ŧf`9iLvݺ"qJ\ ]BZ$bL[ :ZnB!Yh g#)}7yjaF:t)O<^O!3Hvi~Ԛ]"y)N34vH6 V~h7dmd)9]=^%" '"Iܶ2ٞ9ft?O]vB&1nadN.t <7W<v߻ Bw48#$g-̙+>֓pRpR%bct\e*Fh$Ö hF(d0ov6 P]ԟIf)SgxYdؕ!.؈w~W2:Yw_686rqLQ.if)k礳 ei$keJ c^=_x8=LQ 0R#*z9OL:3Uw%?ɗ(֍}!Ȼ9r :{YmHffB E~w{hB]~!=:%p/LSʓo;~9zJǙ &DItFG{/zCM1>ЃZe5/qD[2AJ6ܾJJfwX!VCXgSopW?m0˼X'%rth,;:~Tr!'ZOr^v{tpj!fGYw걪5mӌuOY o1usFEumC,m)8⹦ॺlӢe A{R:Cl'V=b `(Cr}Š( 3Fȑ샏[gi|t x`qTՓ w0|[M?NND#޻n1LN\ ST۩dE44[:m_,Y8F7 $:"e՝]b w(Scc9쑯HnTԐ7W$xWcQF`P9k $k9f>?$qNj3R_KbqMiw\CPȉ$bC,b+ߌ:]Ƌ[QO|YovRid䟑ñ"K#CrٲJz9€h!89m%ޗ`OE_e P$s-xQ!%#X֕tЇR'qs IJmChz+qJp1 O_a]Ԛe'goF)BػaP)re>--IGOWBH3Ty5H# @ʅ%;$р8\[oNx k9j=sW˕ "`]0M8.?!t1jP;t~2F8BfXd6&t+'8@P~'@}k@P62+pq:9 '}ȣcZ~*haʿ;Xc![m /)]4V=َRG40F9!2a25hDuYǺq8\@9 zT9|9:jFO^4@Vx%Gڹ01=Rzތ4Cxm>Մzw{"`w<_lrM뗁 n"C=.54a_ppg=dǭ>U; < F|w tF.3v˝9 T]3V5.Ԣ\03 H;\2IKF搉-^ydY]5"( .LLXn~qyJSHKfO-2g~* DBUYQ7z$f0rr[-NԎ-1w@.lq7ة)/B[8U ]ɸ~gύ~1Hdm<1clNUȂ\_˸dj BySl.D2S;O#*sHhywZ% ׭p'8VV=020> %}3Գ99)on07[938%T" v_f-Sh#r8Eu/>4 kYZ\2&mӒӬ$OrEzig쯳QaB\$G#zuՍwuBD%3Uid []o=3}*ϥyE2FG6D}uXr.ZxyQMA]Ǎ#>}xa)S@y@IN ò7rA,Ji߳9_W^rHd fdQK^HaPoǴA$K!bxo1ֿ @:QnpRٸLl7,*(mʀ/+ש0e[ fF cϚW.Ne!lJ-h  |nGmMPԶk9rX+qʘDM]/ڕvbeILhd?iw@C[>X1n ѾQ3(Hk=~lo9z(7pћlv:hmp* Є;G1n̮cvqPqЇ֚?-.T[(oQA0ZEv G- kBIF3h+" k)τA1N[h=%SjN,S-59jȗ 7g .Q!@Ugɽrzit82)}P*Q$'/h&4g Kaʌ|) ;}2[& 3OV2NW~$6 Jlalɛ?«v^g  JUkq{$+o(^6Mi2`uXxp )L gaJ@.Q꿥iYS1,ݗxy1< 3Be{c)Kr@g)q8iƭQL0HtY؜Qj뛓gZ6(&y3s]&/74`I Ua=ܕWǓvFC/s[By$ a?do}y7B )VڐG%D8)k6=%92(zj:QEþ8ʩ^ ]!#W9('P ZT:/BC W;x[lr #)f)}N}mICw̬-)2]d5KX>848P7"Doy~6GdU>k/lD| fw c}ʋ2$z=F`{K0Օ Ru_%z XVTeE'`>M e cr10&͛ 8QxnomOSFtgT#\a@٦Nf ÊDb:K <Y3į2{/mT܂`0 o+ %b&{AiC2UN Ӈ;.Ra*8cK[S$}[Ŕ°q (?k2";P>M.ĭ]%UtMO-O;iWB,?2Kփ`3օNB&#˄2VLd^h+1#5 -.z7H2Fn; , oa dX>dk%4yQkUmTs/eKA\Ԗ#@g7Uq HxbfE Af&W@"E3W?H2SMhϿ>;Mye7 kJ 9@O V:!)< XwB=3Y6DʈZ}?GBR{AOZ= NwW~ É8Hi Vm_J.?4)8E|Q}iA Bzd8;ԉ&><_Y8_JОXB{_(\ <B FmCx=ߦRpXc tD9.^;M,bR\4sY/L8^QZQ8ul<( uW^Ts&*$1Dgm#8kc2 pS@C]a>  kܸa0RɭuZLSRQ)pƪSi tX'W(c>6o6Z(AsI帬EՃ]1r $9‰ HJ^?ꍷ4e  T/D2nzFo|Ŗ <&W;BЀө5E$w\vr6?bOOǢv ^P r81ߣ O0\!@6z #D(0H`õ2c7y\G}"ߘj |:u5LJj;Pj2Z]g*&ŝHC㈛_?h-Q(>&>H?  Y+,jRo""}V/pU 8yg<[HfYrŵaVOi:S.%hpTإ8kkW0ǍE%m#ڷ/א9uL/*^B xWȏ~|*x?ow: )[İ9!NQn,^HjB۲,M3p j0u7 Ee7T: >T9+]@\}Xq)ATLѓKf0/ =;cd͞VgmTclДAhd#kUl=UyQܥaƿo˧8eIx-V~#vpbP(mYuaY}!̕ IW6*t:7A51+l?t1!tugdOq*Cj&&?6mbrQy/Y ׿9D:֨Knpl"ѩfC(줫!C'Pj5d7e )'gAٞ7!xY$}Ѿik) _`j6O!ZNM/W׬c?^ڨxBh,7,t.BA3 ~ޫqdcrM.2>UF҅_OIRԍGMd `5Z*:b~958 wjL$iC;Pх=QU? &; e4~\컹'qGz? LΝ 5\&J' ̸ <%Y{Z>wM W?hX@_]LS3c@L梪XzЫĮWFي1H Ώyʐ3?%_+{vzp?r%u_,#5a)^V C[˾aCv.;r UvFO2Iܹ5ZnV{Qŗ̔ Bڤ ,nJn8SH`b.̏q3v";hABM#*ii)'G#q1 %; iĕ^4ÜLE ُcp 5CwEK:Yksms%sw `d!Ώ<\ PPgM)HRO@Q@qjq!^47[ 㷾~M!DNJ"q?ٯ{du:o5<ΉRڗ1F\o/ !9a\pt<@WB&u~k-wVaXk*B]uWZuzm']A 7hmQ'v_`n|0 ̓vX;I~d\fYcBe ) ɝv7r}b5XrMh5J[9;,zR!b7`jFX}ZDLT3䑗r tLjNg5=@v+ßVF^ `_˘Z `u ߘd㡰R(7^Cg٥*0 fJ}KєqoYއ2 V:|\BGI Lov$^d 3*m@L`.$ț%dIAMEydwӈ3L_,%fӤlzWk&ljO2|ZSBw}IḴp;whVYOEL,7Rp,-wٳ2fq:ÈvP; P}%=FeI\ujDPD_U.QqtkI1,wzpC. b CܱyB!%GFh !}VA1K&>i?'fWre4by‹cWG#_3TD/.ntATHBL<ǾGz`r*{ïF@(̻sąv6 $%C {nETnd%ԉ)n㘭ADVqg7 ~P]P_.Y5ӈaXzMj$i\kԵoMt?+0ݞL vGecWdlE}^쓭z\.F/yɾgRVLR|d*"3EŸ\M;3+?rԮX~9n J =[)9edg۰z@N*ce'&W=ܪ6~~@OR6 beJJݥo0Qg:L:c,բ~xe[3|.}͏"pN1L TXp; {8\>MC]5ۉވY'sS^Ⲱ M O dbgc~[g6pwus6V?,7 12j/(n"| bc)Pd%W_tV/^o= dg00LJs-ń $w(kl}^״\hbsE/J> *|ҏӷDP۹jݯmT!Fߴ{JP~Zlf*:9Ư+x+45bE_䳢pXI"kx$O;\Q[L!jp.qpW3F 1c>D0N^{߅(/nc\넫( {eaOP]@!>F.~öP7|m>QH(0=Q^$VefȶXLSkp oޅ/Ef*{\]]7dtWVOxH.gA?ϮF0&\90r̺Ϣj#L Fn X"< /疞*SZa6R4g izybu6٫XQ h tŒ!GܘK6n~֧C6 %+|ςnvLNπ9)PllPa{R~EgJݜLT]ϼ{?]r.i5r>K# J ZYZ`}nhQL=Owaro7OVa=J{+Iz:n!Taj ~'e#o:ה9-cY&Wl~YgCـzSdGOzL*c]Xmzo B{~UA-~i.͊nm}r{ml}J5vez]b/E4th92 1y z5UF=,8 f|e,Rs(x[xR/-u$bJ}pA֪佌Uņ:+DZj&3ʿ'3]Hj #a,c,[pJz@X*XA/7 ;f?'>΁4@[|`ePp8fSWUNU4L7gT9W]O^ c9f#@8*H2̥SQoҳ8ohGqNTuZ>W4EL~u&4uwZ3˯`KM!.L~ځv*]}Q}Qpk07'?|^9C&є2x(=RgQd 3:XD,yd PߍIۼ/>eMs M$:Ϻ')}Qr1"rꁼhlG2atb S$Gv(#ߴ+عIcFAc I Jʼn;Dh)?4 TeF^TN`Y:| xZ%%,٦/>y 2_"sV{lVP  iSqh̻TYviɟy;g}ЇQ0r5P$9meH{bh~b:uϘ %JޖN]Qt4cx(ok3UFb&lXȀV'; V{WNᐠ2[IK36/vG&hA.XdN#=VwKo\dN$iUt22Oʺ+ˮB{X xxX]ȉP [y4\mPO7XDP%oQenقz_]-Z=!=ͽўVLT*)4n031p[II qGo 3na}a/|7Tk)/G MB_  L#h9*쮬k53Bdi1`. OAl/%@kk 9>x C!p{"%m dЍXGzK BHX Y;I@Qe.n t4$ RK|tRA0o i|gwD;b!.Glfub%Uր1"DB-qcMIAgG&G¢. Z& p1i'daP4[}WvCMVR]D׼="> ul; =þn^79R׸t&}/d³ʟqa7lȧWt@Gi_iDIv۔kHr׃i,Vf pSM,6<[q-[QrU,PX%͍|F2 yL+UCAɧS;  H87Oxo ( |=@aڽk' _fJxŲAIUq_:Yfᩘv6##Ӆ֎ LhL.4/5|S *YҘ>w) X5+]^%nV<v0`6S3*vқ:現~Jńrz qVIJ^lʠ!|uJpT_Tx1voԍj|ԔTi"zc L% }NPvv_:P#;#vFRr/? . ȴN3ҵ/@4rB؂l%vrBl{U}Buѳ0B!x&hsSH e7TAtraNxee~:}ݜc} /Fvyq+,fAf})ο9c0(F Qw,O1ZoJ蠥~$H[75_[c#ɨ0[g$';AkJP1ԟr;.xBt9/PKb-Q&KRUy5kг@Si7);\ FGN o }&@ACF Y2`.Uf|kH9IGKq9}P)yO Fbw@8!Z;V1n( ygeڠ'&`C6xb9b)\ef梈 ၚ|IV26wqܾܾe./NBxWVbx-+S|ty|$) ?Յ]8O^2\ƁnܳX/s+]/6T*we QF EQZxT3Ns'C4u䌇Flwl&/5.\i@-Cy7w- 2vہ5GRlgd) Ғ֩LXXyY6-Fܟl90ǜ."6FRK&;ż ^d CŹU6\tQfp"&B*y>T-Wؾklb:SBDIsy+iL]ۮtt[PbI̫zht T,0]Y}ՇEP" :6QHZ#dh1 y I|E]/HUK^Iy:TS9gM85*)*J X΄h-ҢM>Y3$NXf8֢4RD-Z-A?@an8`Oe o^h"k.Κ@P 8W c}M`7nB%"woI_IֺBgTS\V9!@V8W_1r*pL]E.[EI +y1 7 @l5IO/5{ Ix[^wVu>$ĸ$'w\ M,GT6GuxOqzg_lIV=JuEpAvA+&` &v\q#WS` xNe/&i$t qF%4i4y|#7NQ !|𠖔ŃsQ2G^UtX(G[ 5v,k&, r²'5Sp7c4W\+#HS.7ŲhQ {ɝ-bŶꢇ"<~%mhmiR/0,iE]LppӀg:#kuDmSqTI:D<7vg}WN2 ^4q,ƌEq{6Z3cܢuEh:&C`[45sbP#^/48x (7ԐPvauUkZ(>Pý ³BH"w.B sp]h{m/sI#iL\ ;>{4Xp9yF[NC|c[ly%O([(|G5hIi2N ^Xm!J ˍ3aKwfNKW}_X˝r@d5Ʒ*q2XL/ ZP*ӾA9 Tn6<9uBt.~W3 @゙s؁bq/7W`@L2DG& M^Rʬ4鐤ۙ +#qxIGE5ĉ@|"d:Gl^.|6a*tP($-1ւ.m"BG KYo"j&=ZAe+( E㗷=!30fժ;({}@THX;9dWbkkJk tO}Eݜ@6 A(P}RհgCm2 4G;;n[3'tND>R$ыmD,pEFB"9RңN7t-Ƣ{#p>LB|qhecSJ\4]܊`]`kt5\6}gGyPcD P蘫Gש1X;̆ঘd MؗZ?"7#[X;a<9̛A\ O]4;E!7$8,J',AٶыaD=;4Qk$J~9z+oKc "r_TNb圩ޅ UpЙCU$9WIeD8 +*9.ɬWbH҉ v!sdW|U`Ih1MQ@ HFQ=R~ٮ:J'-\-nn-Fu`J}r4W0#1pP+|iBQnE-۹#| ˯=[KO\6uPw!U2lژ|=aQRO;=V Epr]-CpDBx=upט]OGs΋ºc+wϿaGeMQ,IA.*g+Dw=43rInNLr!2yq 5)Ru_rXgխT(we_&lQAECΎ#Ԕ(t^  'ctC}Fl6#n~-}:^dey 7q7U߃ZN2V}-GzbȊ~dᙊe44@AooޤCANp:1ܐɱaB lb_3D !1`#ǁtB*nલ "ʋAT+Gš2˫Bu0k|Yv$^ہtPa6AU.1 4Ŵq eDK R&-u2C}^Qw!Z JFƬ2YgPys6 nV|Q+;H>P7Uuxr9wD V*B[L2rdh^P6& ĴfX@4eђwJ;U"U nsч]"c{nVsά\DU>bI ҝ/{gC\ڤ/?9d{onu%a+qݹ5ھ$rq*Ы^/@(>}vy :5H4w,O|-e-x(8E8/E±+ pV2Ç]wqTGiS@8$Ft,8ouՍ'v!2͐wLgDQЫ*P|o9W:3Yt[՚< ȷz|wX Lqlu6`gYT_) חQjbk֛m܀L*WqK®fK`BCvim-1> DHFx |-89ԓGPϟ#7+.;jC AIv.CJۆ5$OS~}Rl+`wd<W[ټ> ;YX4fie6A(N.P 9w<*UGzDsEο3, :J <U8ir22wNy*oîSi1NEj:7S%'E Gpr[g|Ըz@<{> m }uI>T-r+չΊګ۱(=a5~λ;w6^3 ׁrX k(\@~e (Xad41B%ӷ1ipl#T~W6"̋_ *[D5-g7D\Ëp Ʊ|bz7 .1糨~!ƾ++F7],Uq| N!6 )WFf \1+UC6mҋM j$kHNR~oT֔r/en}xlnyGf7f^Ŭ]rG) -E:8_=@v+| 6$*JUu|ޭle&XV'2g%SIW&X DD4w|{b@]/y^H RZ_k$|PN4a鮁[K Htwߏ\M)>?J]QPt YY Vi˔{=XTzȏBVéyEEs'[#(W!:<0ͭΨ"9B^}gn`#4A  =,`ULMy$a>k%rdTqdx W47'KȌCqm*^w54b(i=BWR!G GfyP'NSCܧWݲ -ނFO6JI3>4l}ע?aX;ӱ=w{_HMYW/3K颇(n;f8nX$^[,{itb(/>̔y,` 01F_'5&(친u+L*بHt wBHyt}kuN_QxGO_QBJeDw~D\bhiE߁|rBYә351jԛ aXFOJls:.#,%“{SgemdiEFDl@i'DOXet?r4K ҏh,Βձ{jp7RDD"BܵAU,\w^x WҲbYHY/r,.6( j_tڈ*.mC&jONXJ ͵udj(Z3=^@I?[/9$#ED/ 4 \bQS"PS&sv&@(Yqڀ-=na-_$d![ !@U*m͋].%Jw]|n$ $O|XܤE1Z n/@Lnn Z llܼ Lĭ  $ ՏO+AẏH[?Eq7di?H(GJ5+sڊb͹(i!E;C 6; ިlRi=ⷽd*s%6ZtN\&˷짵p-/@C1^;󦭾"4)4EF~Shr3g_O\ֽ)uU?-l8BsV 7 2ȤƧY&(F7>5ɮl8KLrG$TA(VZiǸ1'Cdڹ a{$j tyhم\< ς*1Bm-b`%!P+T.ŞJnJ `8M/SfnnxvvPѕ",`˳X4A#z5ϝ9c/XAƼiidhȃR=t# 4Qp1BzmpD̈́5{ :/Bؙg9FU>蝯C>ްPӯb8G1{ޢxXY:ӝVbvB\}&/R['mo2 "sĢ'fy?K-_Tàz[۠cQ ?Y) A(!`h#YQ PeAw;N,Qpbv2Jٕ|YtNv:~)Rf:ã:$;WRZޘ]y̚@Ny?]Ĺd<ሦEQ%{X!*١Ż1Y59j;,T%eCl޳;iVR3#  /Ν$nnhT>*6tϿCt iֻ֬hCCT Q#px ҵ 412u0ݏUC; #R.bd;L_#9 Sl?q6 4% +YhJ黔 lZ![.Ucɐܳm1j@cAO^+TPw d ӀE9Ɠ6  vTϯaI*P;UIޚ#%0*Xz:h>X RgBc#RNl`}s,g֩PSt2f> 0i !ZAMl߱m~%WkB,n]s%?Heν-i{"hAmYɫ([Ι*MTC=iC-bu*Irmun( AAFBp7s0J4)nE:@D0(]tP%ȧ0u8υ}U5;.Ԑ$V[>`3"9%9+zQ.AeHdӗ4ɓfg ƾM@[WCT8g f?`q=OVc Di?dAeA$Lw"l$K{l1i9;^m!-.MHvPXB<1<ۿm 8߈4R:s1^> #UL s}C&TӲs$r,oYO}Óp'+=%;ÿ݉|< B i!+/Uβ9{MAo }1^@UFYCv}.;LpO3*G*ITJ*`ѥ42/d!AOR{bAnDY.}HW}0lhM^ɸiWQx$]WYF|gy|a$1b} M^Ÿwi6HJVg^ V}WO<O`;ɧL?P^*OƉ-ZVzl`'zgb FIm`2Zv1r0?/(|kL$|fY=ZQup'|5@p~_?|cSh!rYtM 5tOސZ+7Iv$|F-M|Ωwt}ci<_mPZJM6+Kf4㺻BEñ/e?m^WKC`uD!FzR|D7-CI)c*F^81£'Y۵ ; fZ1);_ *]]n.\)?^7國rJEnȇ0dtnKjRRp._5 {Us$& ǯ/gM.8Hh Aw(O8o"j.DїysZdmMK_c[x:Hq^ǽ 8Rmqjv'K{ŷsXݽ*%;բ>?TXAEqX+8E2(Wk@A8)|£Z@ɬKh t")v 'iXnΕd)|/\?.bf،(M;{Lj4{xUko6O;P'YaɍG ȹ;Rob)B)8\w6"}S 3&V! &Eɖ3HWISfdzރH8\Bv_w`zs:j가f7Gtil Hv-*;ѫ_߽^W16l"[ܪVW>c]{OYEYy*5 ,Z y0#MAWyD%zʜvQ|;*u TdBkĀ$PULZKÉH#݊ѝD. Pm0b[*DJ'γo4Xzc7k\_M{-rE`!}_ubc-+'Ѝԡp~qZX,x%squo;}6 cHli%58F9?Ce;ZU}`]8!.b&;y/f@m( ŮVn"dLGƫ79]؀@"nX_½Κ#N?J$c!.[r̤6Y*;1>=ROdu3z] K?o>^ƚ!:q^ǗS ~*>E:N'b݉TwucI=̹$o<qT NME |5wUlGփ83p2`ؠ]ה2lqIӲ2zŸ o?:Cp$҉8>KeUs0]z#.kbty;/XZFnXƷz5Sd $w" v&: ʟ7`uci>2ƋqS2wMf/ N_bEYc& * ͲLrrqێC[j26n,eaL-ppcЊf >Anu55.W[S^}ڕ&l{9YDWYnyJ_f.kiM A2no*ןb<>eLCƶ6B]M=,@hf gHggxBc\7zA 3n wB%:Qt>0Zt=NلhXŤ<}xJJ"9ފgTl@#ɮ+pje-ixh]~"֦(ѧJeS+u2pˆG@%b7>,K^ AZ7]fϥmǦ9yܙޥw$蜈=rwB.6JMVӅPr{sXKrN@gXY`$yˠ3-Wr=\/ڥ'$I̲c-q$~uw~1PMn9 4p)VmP8ͽunyOHilR"ukX21ALLu!47"5QFب(@.NtߪuXUxycL|N'HG߹MRrl'%n{U7tFg@æ(i 5rf>9oQ5kpnWI21- pi{;JZJр(G?x+p *Y(P)ZZ79ĘR.ХNd tu@gqz[q 8Pˬ8.mWIrZ&aIWx|\J^s a`HRKe+)gBN%.&y]>lILI4 |[S4 =g~3i]JM{ƹ@\f狿 ]5!hjdp`㙥@A8bOB8牎jU/m^8 (>@VŷgmK;u㷉C+RC!ĂqABݲ`KJzj&6,*,cȂg-W`ry08@AR! F,za+H_03muI삯U܆i6/z01(04Yu~m Yn*1486nY)Kdz% "#.fK1SL@ѻB^f?gN_@Ml'{q+7Y'm /_Sv mȉވTA 㪷4q =drEp>{mS(V$=]¨˄`!0<=Ϧ8Q8%CѻFDߕuh&@A2t ̎>459oV%SQqY8&_&TR5d4 B1 m&*t8XZ#Nagӣh 㳉10[g[#)4X(6tW+ Ytcg%ElX8 ,R'm;~aP\HV&c4z)Vk#ޘ DZ`^,`po.]V%lfő˨r/ڢ}˃N5IU'C&bKՎ9d#ؕ/hXQ =O\JK | XO*[>cT 0sy~ΈeEW]mTF,e-mcD7%g|f5V|c8,]ASBG$'b ї \,B͋ҲGG@9IW_kS/&kB4\F}'[H%){8= 4*TKTJ!@qq"hw#+""\0Ͷh\p~LfCs2E2lH涍hS82VѤcLsEFkX(mvI5Ep- %Te[%3'\sB}aZ\SHå|+$|o9mPc oq#`֭.~Lw/FU .(O:IZSqwL%*L7˦3I\^ImcB-VhRK>C3 C2nKuܦ4QC^eVm.FN<\7Ơ!6Y`, SGҁx=QEWN93}u$$1n'6~˥Ȇ;V *}m%1e&sO\}C0NJ;O=~ȓ vR7s2[؞2 PU ]w,r9Ecq>5&b뒲.0*P &mZ/;㥃Fz޾~=Cr cժxY$=̪;uƤ/tN '!cS`ӯ6"M3bXD(Pm(m W|ȃnN021I6C}KB9Y_C7 y5ݏUn4Ղt_m#5;k9%?$IFE eIQ,ԉ 2珡 V/M&>Y41^#u75cLǠe2p({eH9X8:NܠLJF"F<bGO^yɤK5ߠd ewtRKY^[Z]J{s ]aU2I,ڨ[[/aum>*A61{6/%)6 G{rj誼`ϱ8u5RW~/R%0-=0:|IՔ~CGS?_p3g|ݪK;-,w5nYz0x$X7p6Iib8& )h3}Q-UyU/0G3D[x(5֬j۪,6tM?3_7ᆨh01\m6_@B^wZOް9_M_¹}F> (5vu%WMNߪviin17OgI7Wzy[X)85|KxU#OVFks8$!D\l|i)-U#)a4e-ggI|=;D=&b/{c189!}*ᒏV"UH!1M_DsS%rȜK~o=8pB&x{b)'VwlP .qe ֖x+-/Y|̂ڶFojӋ#!IdEv9$D_pNe`==ZH/C,O57LwADr-e8vp{Cd432\16()̂,+؁ 'okV,< 58&ow3\\{=m` 'pn{Jk//wquvMܱw37vokCc[⍋ z;1q䓒B$ c@#/'FdWk9)M}7 5vռڍ[ô~ox`?|_wI7FZqr6G(J{Ǝ,a r$럝k#taHcBq;T&FtI!e:.k&'q4\>q}gCt &F!]>77hрK!!DsyXiwxB 'ioV)iMj <_y! 2¥~l2A}!J@J!77#ExSHXDq 8~ }h"'RÜgFlҘ 7Q)kuKs+ x3/R<'CuSM|07=ErL)OŨȤUG\ۃz^-@z2 X{'rp ծe.\&,]n+ـfK0Vk:W8v^gGn\w+2?jEU :UMPw0J/x2P%~.ƻ9螪\6gU)=AJ#o :: Ѣ7U@n |[U9P6idРrab}iwU ״@PUk Np|qs*X='mUz]787')y_E+V5"p:cc?YcI1B~ѢI{Iπʬd9:f5R DhG⫐T&/ ug-o^p*#pLQ s&i;s݀] 2ud{b~0m'gOhT^3gj `OW1i|g8kT3K9}?gBqhQ?`!KC\KYz0+Xl}9\He4o3v`ՅJ%pBp4P~$ڤ`_,s NJ^}r'kdmHvucqdKl~m:w2$tsT$j4QS1絣!KD-P)i]yxuoks}&nc^UBJf˽NّzYV-}8hYw5+cFch .P Ӧm*AC ?GKU(ri$jS˰y{Ռ*cAjU֋)BMN@:TG#/GRg, 2z>b$F慡Z`G(uȮq dhY'oGtAe]f 4EN%44ы?,1Ymة3fL-+Z}r#5Q~+|&X?Hp=# 6MuXX[sY2x`Rlb` PKƦhC"7Y wHBfl+"\,>.^* C21U{ 9Y(M\ 3-穪|hMR% V^p.\1eC9F{GG=CYB*[kF|{*S~"CJ8Fe/\i'_j(-žƤY)sEJ~=)gF^HZĐ8S'0Nn*2B(t=sq?щv9%t\XDȻD(/݈PUĎulo_hFIՍRGۏe,|IOMhpKd!ӈ T"+]kyU^GvuFX qp9m5+w9W'5Y5f-ET<{}VMֳ/*-L7bsvyN0Wr|@V8ҎJ`b#yU $Q븪q 6qTL=5fhto=9UBox9\ Ubt+E:~| !YJ(@16F<ļ a1Pp̑auCiD4&a]Jgp&s QQsw:.lD_\+䮋o^a<}Q\`Mk7^0J~3 O#1WZ n"6-@`##q>@!5~p@$ދnןQ-r/r̶%R@Jn\4pBNK\Ue+0Fp|{ep BmdСF>%xу-i}O_-v1RiGОLJ_Ќ>dž3FXa[&@K7o W7?^Pu᭎Eg&dKdF0iZ.DR:u.sg>d Wz[ioXMDca1Rki/0bg3\W/bqrkTgm8,Rߢ Ke&TKW@{r?o3,!Fw]m}hvzVY[l[p0AUl6J=|`2Ֆ ,rWt/Hߋ *wu+}U =<6F %50ќYc  \R6Ι/շkpEk",mJeAʣ!g羡=-&돯>}6LH+<C$UsBd`nxrܺud'uvp JaK"H0ذ}n}y]<"׾o/Kz&Fi$n!]O˻FX'+|aä]OR`]C`S+Be-pB(30:xXn񨄽B\gX/ ]o۟t(]+7ɪ]|HMN9'$Fͻ8_DLPs(f5F@dk>L eur2f% 5OXCgC>,FtvYi7ڈ%BIg:% n6/st:C=5Ul,`+h@]HXߌ Z ϴs!- JaX빊5} ,=[m#P|‘orcdG~L.w`Mbf:yòlHe~.pyK%H*2sON9(cM#EtBK1V,.=01t`I cJ(zIا w$RR>FJh9ێ[Rڶ׃:bu5AOy5* E&Rb0Dv"q݀M:)VD] 6ru<, | d{|B1̕ڰD߮-JǸPxXP¥2mqRQ_̀Z ?_A̭MJc!Pr5Kօ:\yŃ9Ic;qR\J8Rxko^=iRn*(zAt=06H7BB%@IϲM'O캚n;ŏk&EErd8J]q]Yh5%NrࠉIf<>H"6T$5Ws5t+^g%Je Cmv;jk#иe^ |]t%_uFb" AL z㧿f+nmsd=IcC9}hUR(od~<^)p %b_s*Ιgwd~THPs")\HO&~_,4rYt͟YPLsH>ԨFD [$.8rD^Yn*wz;E <N"iO 4ELJ[<8)xCR!EcW&P<= Sk箾r02O4$I!55i9H[@ԢS c-v0[:\ApޠWcVŀi,DsQawWpgurdp/c\[I9|68^а/smJ2E[mh@ʭZ1Pk`5`3/4QCJ˪TQtR)3S$~`0(c9!ßKPI wȊ?)$->DUa:l :0|gMDe$$kVVG,yӅ(|7LKڌVJ s[:9h8|2h!o^bgŧQh'G'S[2$ھ]Q2A:m<4H%.fB8P(Ýf(ȴzz6 *o^E Rr*L"GϜM68>lcl 7S>$>KMEF7򉕵YR!0NM}i Ķ" /$ qʪ :-ܰ ֩-nJ`/$_r0xM`G¦-GX8/s[~:2*5A;$Y_m9*J6 _'xj.Tվz6rk"' xݙи/2o܂ʚ5-kGӉnC)Q\e'XCЊc"!$ Zfc i 1 6”qD:/q'{(ln>?ёOݡ l/(2Cvo:V0 gafМ1l?rGj?8f_6&!>vrٮyTCO3Ƃ3꽹_փylc%bz>ӡz'͎tqr~-.AjWf˾po[\ԟ d:k|؍Ғ*^jjt^:}(ט$ ,De^= ۰o|ww/k%cǰHj?t"}$ @5C*Z_D4c6J](5:;QyzMBވITAքf`(_iя7@>$;!?8udhx[4V p`XMo5܈^P2qȚ{cW[ߌj~:h%/+}2S]H65m}p&ZH+[n8ur?/[pMQ΃χp/D=  -Kő͔@UcSzцGcuϾ"9à:KcU;iaռKtIyz߮1/ynnFFc`3" -%ZPQzg:C&H^rq:;5  Q6G`b%U] H*LdP ۤ6k=k-$<ч0 U[cLK#D:6%.i"C~ `/Ћpb6j]LѦso3]m{HkKSG^/Ľ` ] R@ 1D[ 1Hi0GNaEoJ!ʺ$̓9/V HezaBQ:uNsޔ;^׫#N& ct؈ܑdynb^(=񿏙uB37tx]mY@[ $t0 ^nIimcQ<)r\Ʒ9RSXy Ӓ }Zk7KSwj^B<LgYttWec#`'uvV U;DQ U=g%17*ugrTe|O!:7 ?sU(K<]\C/'ՋvV&_AiZ2['$`WIs9[?CԳe)+.5%e"TTdz.t Bjz2q7G.TYqďq}}`iI{- jpx/]X(o%jaf{ $_n E_Kt"9A?E8}=Z4GR6 i S}laҬ:Y`PkB%i|-U8BCcUGjSGzԅX5[(t9QGhZy*GlGlX Zt*6֡OH`DHpTrF3naܻ73)RCJBNÿ]hQ6rER:`m"u*&:Zn:T7N-f|9LSnPݦ.'Vm3PZu ]ɉJ;Kw3/( eVOQ-_ԑy,,k߃e !##t64dZ~S^MEb UDl{Ez 2;nGP}rٮuA1Djp:uk>a&6GH:o !hhgHzr%r皣kxDApX끷\|f,˟ry"[<֬D^:i^,|u[$qYh\|TwePh "+)84g>S)¥E7V3ś8N)*Z6"j)SqCQu*}.p6zy^k]ldި!`8f ]^MiQ^WNO.[AWNE]W] 72~Ez#hUa'N4<)DW@Kiei?G&wۧЗe8Arz?#E:.93rx3@&d $9_^kOFNQ\XXpm8z}qO@/orv5!-temήU! r6&҇gTtWϰ)(S.sϱ/ Qc.xƽ/5dcgY{ ɾ%oU|aޠ I1j?i/$nK"`)n*ИRm) ݑ>`RJ6Jd*yl7c Z!/KN0NzkH3sjw[b+c+%^F tb /KO=V %U$j5D+p@Фd7qeoС2{^ŻNR*vATX햅Vk kf7@ v>8l^YKBfX1ѶB5ݬ&TNNhA>נ9?v?()IFGZT H"m'2a֎3\aVt"c мmU9Tg?|HzI2Yz+UPa5)NoSL0>Cl/Ɨ+$t{X]=TޝYO_W}Yn@Odsژo'z(-̝%5/1Rt;O OixᅑzoAb(ؖ>z$h e8Đ>]!Ġ/R"J\٥BPG0wm8cUͣy\0 O%A?>SE8YN{J󓭮gʿN8r UDj-j. O,*n'[ȓE%^m2'b ן â&KQASW@󜹿Yd ^sI`0bDMgQŶArƄخ=zX=Jp$yad5.}stIgnFeYz~oǢ^E7%Bkm`Ӭ'J %5/.)*G [or\%l&Ԁ#8d :>j~v/k_?%z /6}?~!f!5Y:4ldnKå($-@ᩩ@, à iJߝOH؁g7[Z>+:/A}|J$އy4hTqՋY6 Ԝt~9  1!\G];x{]`hd=p|4^Xv^e@i^llp5#6cg⎬:7XFԪFO0[Xdrow0.@=]~D@!M1Gih: l:V$w zGoC^NG-WnHe!S`gg|.7|V.7lN3ݑ~p_=䣴M5WA;ު , Fs`*67 41P1ȷ]8rNUg@y[Lݸ|}IòN b@%]MKު3@R$ȢHΜ"lHFJ?wTrnٿS^ rCׅϠV :J,C6g/4~K ~$%QGQL=>_i۠\}ӢĜ$7#ZL:0dΣ4&}E.JHC \DnuWz^O;7o1Rw(]!Y~mE^3k$t{1>3l?uX_KYmWNj1j,/`$J|􋓻VZe }G0JcWc 6d@$$8V" #Ǔyb+\Ƶׅ;Yة]:'q}{6w\ pX*Y:oYUCk6Ŭ&6\mT5p,{?7"eX0/rǗ2ւn-5k3ԣP l=nΡi]b_W]=uw)ZH!z ]iR&Iwz03f.\sSf1e0ƅg-pvjӔg?1xQ.>_'eN{,S^u! *\rXs(z~rChh|9LSER&FuoyaSvjSm~ML P]րlFzctnCVU'cPUiCdg  לkӞd Ɣ_pJPsS\_~JʀX-9v$ W\9훦M ɑ#@nCqmk+7OلllXVplǠЙh61҄w(l=Zv;t2eYZMHtK=3}$0&%9kHY8( IE[eZﶢNN1^)+m~P_Uo^o {j-KOl4 ~ȘGaehp t}^ WlDo6ۦrؓYDtс#v83\ yS]LdcRrLSJ.z)Ҁ~P;껕O.):9Vjh̫!Vf䌢z7EZ/.cG#e:H-OF,FD#ٿcx-B2Y:OɾX'@*}0"v|ͱ :HJTdJCQJnƸW8ⰑNMj L - Bki"$S2:i0x1ژE'88M{e .Y`lHr ce`J3 ,6s\ɛ3+\"Avf_Oz9L kvhWN~`ʼn Kao `V1uB= e'|x7jsr~H2#z>@\zMEFf-6?>i.RΈmTE^iE V\C#ƴ7KZkl1 )gAtRKR%Z8 lŵj04j 2[8G؉J v0 %B}V_#K'2uTȖuz2L2nYp*&thj߽Km|AxG0'rРҪ:oݻ[FJ6~NtXo>]ߘ 6zgK][h䡾* T7AEa\+ȣB'w|}CU͑ ݿ4*7g9LpW~HV,7۸r̆tPxEs]xL}_ux/Te̛TLƑ߸ED RҔΥtvCPʶlґBaJތV.ʿK^SȚ2f%zxJ6g!3%ݬ .1[ۺ}$v|p9@w {XI< guĺb8H}y)@wK@%}(ڍ%4yEAAK@oB`Ҵ;=I ,?d_x{#st08"'߿=qVǵx\MELE02` )9r~¶% Ӻ7iV|J en #~дO\(!;7еUg#RKe¯ЂF(jJ{EڱZ:ǰWes0EERJ n KBߗF]hZj 9]I[9 S=}aθk#튾B#0)QU3 ~@z_^"%߄OuF^x.;&&ft3kN. 6˭$p@^P"ގ>ZbQ B+y1ZdL-zYF 6]$}͢8N;bEM%KiIgE{ Տ8 '52$yqA'߸FÈ+۝/9 ?-1X;U/i4Qx/cKel)K>L;$1"T"`k\\xqFДZw PFe4QfR|N..6/C 'YBʵx!8r{wpj*7X]!2-gčQ-7=_&n[\hxAc>qgj,#lg{>5_  R%%ڭjIӶuvZ\aDZ(v=\JyŸU;EGct4ۛ?nP׆`Z򃼜. 6{*zbB*6WKK$qĞOʓ^iZ BG]z6D8 9yi b3G[=Gugsz ؜ʹ!?j{ ʮ,뺦%_ h7toks?pGF NwrAt=X,3#Z+ '(bPLn =㾹;+9ۣ~To{"EAF̈́40(qGҿa%+#>&X,]T &CV~CE l-Km8위[RiTsZK%_w|Qg.Z-n'o_[| 69`Dy:7곖1(޷+)2YQH҅_}=7)ߌF+^EM2 9IC$mFbZ3na2`&ΰ1`de᪬{C:Epфq)oV}1Q9*31rxmo.UVڹx -M*J WҺ Aˠ+51T bRs}O[F}@}HR;H1-$ZEa3*7*0~!>|i]&RA nv3c8\46 {̢,☎ᇃsV(vռ&*tN.=\nZ2 tjsV@s UVrZjLDZj$mu/`&#gTK3 : s{f|9%SnY$@dLfq6:q#k7ʱV CHqo固fx%+9:*8 o US`F8P捻wͷ ;݉|1%ϝs[{S=L20mSiIGc0-f7 tFw,zs1 X5 .іdpKbAW0< ]M_'`D V3V:F=) V;}?vQ֕];n.h,; sTv&m:9Z{bݰDGUD?P5R ?9*GKD(Wiod¾r<Wm}5pNrvh.tH|)y#Ġ-ЍYXa1S^ϑ[)Ӵ1ye+̃;w޲muy~Վ{GS?$Z7_Ky_ȻE㝚 DXoY߹TDeBk#Z%y keز9dTpk'/\ZC2'8OyjI)e5 |d2KH w|RG%1RJMA=wh drM8ek!`P iVb`dNr &_ 8vF0r[ű| " Cr(Nju6 |mJhq3P. 3!N ~Q&$֮CgL&%'FFaxXuCX!.eJ*xt$ Ç 1#65UMF• &7SS8Ocs)xq\ Īf\e^xOFəLh6Hi3PIB9!FƔL"ZԻ [^}B1(hmY/L}SJ!Qx&{,^(hh8 ,,7ܽn?g/y͟9/ & xgVs݆DZ^N|K6)E Xכji~mo;vլ̏8YZZpۄyq!|/uJ;{;F&tdƒx00rT2ޒoωCJh;:u eH(FcisT"r @Ts7܌U"pH/M 1\o>F bQXfh%+NKB"l%d@zJ̼ABϑ)}s;2J2;샃? ,iy ֙+>ߑ[Pi1Eե+z( ջ>ZLѥi¦vMM-~h3ݍ)ڤcΟ6#jJKY 1Kd >ۦs!*&u{ܩMD *)?SYYغ O%%Z5het(#=cTjSvez](:cْCL)l}dgX<ŘIK Sv08*7;,25rԉ QMԴ+16v7`|$Y%񷍃1ۚeO OcF_g$ 0`)91a6@@슸n0p~(.q掃PV[x0B%$`V%}ʈiﲞ5"bPdg~$14̋fCWgin,ErbY.f0}}mCZ|$n>Ѥzg$P}JpVdߒ uXc^}\Z59Nm!APJ6PMzD"< pOߖꤹ!1; ޺QѾAٗưf-W(4 m|>CP335vdGoδ,#zu+ \4S{jCIs) $ (Q\OOJgb3p~`%O~b/cA!c{=ROoGBn!9(9U0yЈ+'\ m*R"Ӵ K ZȬ8vK8Y4LY҆ODhҮgm--β'6M?c`d5RuNa<|'`lyC1X!nY| ϙ-KԿ^qI(e7sH; 4U768 x JjQÓtbH!yey6q޿oxr3.y(- ;ډ>#P;^m.hE^xڸ|ݳ4yk7] ^h5w>P C+JV/jN::Ȍ(^@elƗ@]F9o.׏y"8hCi,d$mKF^)%L;GB~ޖяIۅD˫ͮ.! r#dN@nu+ݚ˖^ FRTDPE gY-ֿYB87׆MM\E7 $*쫦q광Yە}TƖN:R+~ATH2q8b4JhD0 (? b7}مE\>,XʈJ2K8EXh춑eY7 .Nا>H|8ta##1^ʮ;h.6sk$=.d)эqYX+A@)"~BȶCY:5jO:jO_(rt%['6l\#Ss5&]-?hf(F&c6.^*}}zXOՃ)n9d:!s4)*v~qg3e R.j2bŀxa ;ydB*\^ϢisYzNSkDWHm %uMk$ e"kMw8U#c἟v1zHD@BCVW׹@@о66_:/!G3G j-Õb_(r+c xVa9'꫘AQ"11q棪v*/ /+,Bwwf؄$dʴI+a$&`_AMYe*a]s9O(9,5HɁE=QC[r5=N L ?ZUߟc6 ob*%* ډ6:2}ߒ Z>RHOROνvGkZb[c‹e?{Dw;<^B}_)4e=_ )Z0xGp &D7}@\@4BM11tKr%Gf*=.LG_iZϷD{ ksÆW+t=k]6EsoR"P--C{ߥ!PIJOf뀊P~o,_z,~:XDC9@'Σ9N'SD3?;*x"J3hGiv Ɉa?akxF%# 'ǃ$Xp`Oz=c~Rll!H*"P'#EbZe-v`Ђ] nIj8_ [2GSNBI6,6%Hȴ& B+<x7'ܒydÑc )n<тwUIQq).גԿ-|E`Rpm$'ʺg)Ov.STe̓U/W%)6Dyj'.!,OW@FR=j?_Pvg0 uk c-x׈f l5>ʹ C 6/'?LzLY;@L_jӌ]PʳMm?% *ŻgC;/)BDrvx#p] nf :t>=w YoܠAi@jo˫k0rrDj:]q-U0(ԋH.BEAsy:ȼ릈ig/M9iM]aVq.jv`p.ވZȉĠ 믞yF+qY]JVDS'; z)"VQ@\gb19Z\6eŤ,W`4.Y>R4lw"{o@_q(2K<+S3~z-o@w~..Ţ?)a%~v& =kuooD0CH4鈙n{XKyP!Nًm)<ͽٰc|˚JMS^>?6>&v [CT&# 0t0<^A;[;قpdu]&Rut iCj#qxH*:rlqի7~ABc`;,3e,$"2|oǀψKc@.w 4~V̀_OAUAijObH7C)!vՙezhd{9ā$1{|g&Vn-cw%:IˀFGl:det ^O ;WӢV+rV(6DRU4us C8qs m6BzuOTDSy}A4UJGӺ5s|$] <#!/>y\jP(`_d'MB:ݪ}:?M%_rLaSia ^>J.U䊚)Et$Ӳq/݇ΖoIˠ޴%3/ۋG fAnyT~آ<ЁTkWᆲ"M`p~kZ1`f>gㅁ4ф0.VIѰRx~&L:_މrrHI]?j ǗodTeՆ-5Gmo|<_vB`/Q7>@24׀eU`K AHrcs E~wb%jv$Z3[ aCzo/T@D>u79,/(բPO&5ᘌp|Wٙ@0ˡcz{2Yf zfqmFI'Ԥͷ7 }ďSB}Xwe>r5í'J6KL/Dՠ u3b?~Zo?ٚRQIԼ r,SRZ2I_F#3 <13`@x!HWkSyPʠu6'[*M%J2=!w5 v_I~Ct!BL,LUwle6Ĩ_Za7GxzH lbC|mO:,>x!ŵz/b"BCɫ1xjVwnT ?[<}|~=7zOXm w_ۀg_8l*uJKdh8g|T&2[ލiKB3 9$"Sa: /J=#f]$#ݎ2bJu \wAEAR +nOu}đ:nj'v!~G %@<㙿+[@9 5#PGdtű NgKPܮB.fxc273h)v%.̘ozptM ~XdWJIoͩqLvr8GG$Bu^&GKx8 4bKwbPԷ=#PݺIVs\z !%$J;r@]g00T4wxZJ˭ȵꎰ{ EPZ g塄 #ES0PưDEs%_Pڌ,HY`3<Ԍս /I9 *д ] 8Ǣ@1maPsI/ W\DuM OQ?ģ>bM<ʺPDK)yXezmX) I4 a{m_\\?kV',xWAKdxbî1IMb0T`8/Mwu.nz)uosȮnv妡!wL4Y˧ot}R2fWGOů6[^PDh 㛣]6m51Nۺzᄲ>PK4lI)6;R{PT=BQ|SR &@Q;2A|Z[CϘ0BPzR?J8YعXl.(i@k\M5g6=r-17/8bx^N{I/ &0f˧c7,}&xWf_ZpIP+rDp51rh I޹>,׆ AJ\f% TWڊ 75sԈL:2o!u^2jHN{N< K~ANΩG~QH>N1yN՘sacIY rwAjpmC}&>{0J"˹:iT?mV•d{dP; Z&##y " ^y3XdH76şUɘklK井K>גuwχZו=~YP|I@}zx-l8:d}䃔ni\oyR\k^ꎒ~lSJ2.$fR]}l *G.kⶤozDV b;C{D7IW[!f}8r:dW(!Zv W4kF2=D}ԇ)OUu i=ɿ8<h\@':3vȵ}UM^۾IFu1ozhpSI0ɾTOk+i숿8i[oԅᙽ9M[*+\G-K50)-! 2c7!E>Hwy;0 f^O6z DK3ebTqR<>w]Jj~f:|&@ [ mV} 5.I>v5Y< <dR`3҇fށ.ScGQg8rJęt׮'լBEUJO-QLv;=Ia#5Z3jTk#m~OO&8ͧy5aI|]ǃ þ DdA+OL;PBe3Z{q>nE0Tk 0E,'Dz{ﷸ#rrS|1Xa浵Nx¸E f60$ڢ hPX|Cu{eٙ)/2J'k\mʧQ) `-9; w!2Wmz&|TDV:?t6C`T `mX_v핁lbu\O$jâ|)!#bP3Bވ lSU1E cuT~?;{we83G#a/vEj: Țz4}&ckq,|YEsXVLZ/*)?S/V:ITѻC #&x>p]'Ke<s_W{Q ~I1Z,MnPB C#}]?Զ鏡֬UJ$fQ1ߑL@9Y)f鹬WWa/F};gmzo[o/ަL̖g| !C|O%]|`Z+zPkC=rKgUun z(=n!ElثDHRQ_;|:%Rt)N0r)c'Rd' 랞f $NU)Iw)&Rr3KƑ%쮼ǡLzΜ~ﭮ@.]Iq :A7)p60u= sh˹D g|ߜxx5w.A_$Qx6x&[zQh< WHr@,d$1jycT; xC;a>x4dĩ sEʿ\3s1Ge|j)Tb.~Όs=LKW8 w@mjI۠`!/TL=hkSQU!8,`pYXpe>0y͊__=v:c|}tpjڄsl~ # .*5Qڎ1@Z͋a'8%aJr,s}J&ݓW:v4vSg qlzΓΩ )b i` WX"V;p`cUe)ÚPټo 4|?c_-ǿ-fXaR@F W]YR>8nQ01Fd j_b %>5>tIwcʚ-I[Y,VvW?M`6NpGijh^<Kp*n@f +l#Ƈ?p,bdESta,۝t3KV˘1eJkQN|30, AGBz# o ;w:0`c5TI}ű&$ZS9)㳭63ݸdη'^1]]yZJksU : TG"h%`xaFRY OJl4kT̂+Dikt]>q0Rh/~޳ZZM@]Iv+h;6 y’B$0g>d|#Е+|CcX^؀Qݡ#Y6g=ۏuM5Gb5׌z'?!f_+ UI $p/0i:ΣHĞ*)~1$wo$М;dG9 @JָG˞3rʐ t4ᒓtR&ԕS*2R_ :ei<i|Ϛވ|cOz=%{iϯ[< Bt*˙,e~W4tZk߈}+L+_pF'rA>]{,5f~R ?Ŋz Ί`r[&\gJrJyX QE#F(q7֏\KraٝõHnILBq> |`9F^03~gpu,e![/~9 e[ *iN;| j@ ,74{v/ia2=ŭ4юORMb1H]RG_U`N>QDž,_iEe7# @2\Źu1|2ˍ]JlZ73E[PɃg6Mm)sfu1+]XwIЧ^hFvá;"2Ty/_$J@:`G>=T::3vrTwHi8xuwXb׷9iØ'}G3h/!hw~ Bb\dY5͋@C@L|"EƧÔYfJYr½NgDT!Ben#q".<ncQ ʁ/欝2|H!j4Q NFmljTc cC+\$wv 0'btQ317ċh.5a[N8Sq %ՌPgo8^^V([WtJ*eÈvhl<&9KDeN $ c:y6euI,:,s-`|'@2x^{89gرxYmlM7| F7Z"d9O\|z+TNQJx*(dAO/m ͶBξ&r5d. [\Wtx4)8/j|"?JobEt 1m5ZK/yϺP;`Ai0)V6* $_jLmFC.1oMg`!Dge_6B:-AUzC"ҍSzD䰤oIyq}[oȨSףHME9.pϼ{8<,ZUؼX  BΑ0mՊfȝXƕ/a.]a̽;0v&NT9"Q:tn3ʼ#,fS:㲮DɿB )F6l)DkASr %,3XQZ 7t/IRl:ր6&splOޖ1j VףO3kt~sWEvѭg~йgC8  =$emԚ1}H ;'*L!;UfP50j:({̙=,}ݝ%"y9SǧeMY|2q?b7S)GMmkemYT$dOeW;\QFFOw>|Ɓ~.4l|8^u_Ԓq쵬1m p5aaNFܼ,i6ai*4S͂Z"{;tr=%*!~ڵ3Ն[B 0U7N@(SCxƹ(6a:ZiL1L{}M μT%XPnIkVe뗾x-+)2~^6HiסD/eN訌:3AD^ot?2#d\󫎌+R^5 -*Ǵ\QȓqmsPvܣn:Qdr3aZEӌqK*O[|SEG"%I凡A /m6X%t>lQ3"l&!ו1`Oq _԰,KJC<_UGTϣ!r@CcT{  ;R m"L+~W/<+dcO5qU*Nz7y1hbيOC&蘲с;):N<_<ᴯ]8F!@.P{u}%yrlk'Dwp̾]D zO=\'I1V^)}`w>dfI%s2Lz\A9yA-euKLjt/*yCKb#WĬ’Or)zS[SRgQzfeǏA,V鬲S#WZ3daW^0;^ݸ-9Ut=͔z;h*!B`J@ﰆXBX݅M&j]9Pv #͚( ė"U!Bl-oDFbmB09PVl)M#Dztz!3JK NCN%t5AlϼNrǨю`x+^хq5:z|v5V3%Œ*󨛄: ]XoNFJCND>[ 63Ei5^:x͋,@ !Y9-t(BԱt`Y۸Lcu\:XkSi4vuW==BBLz̜jhn)=\+}w:$G=A'T){蛌3KƖ:O@k2oƁU d^#E@7+x#k 7%Ƴq p 5K^XtY(#fR)/ `-e9yqeZYDF҉'@V,Vר WbG&II`}OQw*mU!2?--LD :AgIJoo GKygy8jz K\xgD!׻"d; XdϠ5,"P7ofTDDh=5<|D|8kI:ϕm=* + ȼ;SLji`W{GZ^Bjr@E|٪~ 2gXJ@utmR|xrÓF(˫]6G!2]9~_3Np=2K|cvk團U)߀&{eۼF[kJU@tlH̱s1!ptw3 /##[2H?.[kb#Hj4|CWNCGZn<y4è+u iWIiJkzN vՃWT>∶9L"^VFU\Nwb>6en#Sp;?Ude+c6CV^ aɤKr3zp ciɢx4אF9ӋadЌ ƭrbipAEʩVO48-1Wo#(>[1 06q$: 'y9߿9cwdE0@MrĸM?93ĥvz'5$ltdN: 4[[۴xr{B=LQNRv t3-diCBcH: _6W~'hChl.\t%r4)SX\U of1Oˣ2sNv2R3y)"YŀRhMU =ł]SL^ \KBqEXgq m/w +j :>Ը莁tl1RU- NKB,Q|7"?/A;hSz *2XB*bb|Qѣ%qK. 䮥 NYIH#;/S 9qRDΰ pz \9!}=d4 0w#%}pnl7\_R)P8=XT!CeDRɡs^hۭmeXnkj?E%yh{W _f5K>JTKk'\7wpU,-*#I`+j5c3⺷܏aIPGHߩ$i_ݴ>ٗ[6)H[!QNa=/oՌ=RyJa՜2doq_VAx\ĢHuJ7ƽ<'hIəz(+aZ\t)3|?n+?)IvLTpn[m np|,S/45J/K4zrΫg^̗|dILǛ!7n|{$k? !a'ÒV/k콐Aii|]L,n2h).g)(n"c5úw=,ʅ&r L! 4A cˠN(7 {e>=KD5K>1[ /mB|w6Ev"#݉ vMC/=ڃw38z;z 'olP;s_W4O2u3"v}k =>[`keW2CIm{j9SxuCeF6JZK'i`f_U} e*=s=!~do MjK;,ݸ2%46S?:22B؍ t e<΍e 4 \X}_USPrf'-J&l1$a)bT$¨ҪbN.wxp')Y<NXOGL9fXYiB=C CPm$nӬY{8/v*;ڜ#uU$8R|S(wqz("-[Tx*ڲˀ[A3mi{KT<Q@X"eCSU:׭Jmϵ p>a@ $c3xQYFgkxi AbeA`uN.k;BJ-tM[TqfyXdA5F05aGI"U5Rj|s@0I7kx ?k7]|pkl+ij:͘:f8a`gx}3r:.ur)-ϯީAiJo9AQM6yuQ _OZ;(11y s;MABKy%9K%O]'<^[xk9sO2Bk`/I. Yng7٭H]6Ur;mDk}mOh z"gvGWF{Gا_v&qlKZ[ܙmy|CDUgdGCSy$6XC־ _x ;I e!DKL։If;*D]P^N.IZ2dH”R(t<7> EQ+]=x.*q%omf;Sϑ Ĥ8&c%[0i¿DODw͞d,6UK!|?΍m"G ў@Y7zlܘ_%HXn-u7ڢ؏ѝol]$`!<3e:`zF]y3TBhB#XaNCT4'` h̷dh쬓8괰IMF| Y_n ˰|Z F\ '2lC akS ^{}O%-|ճV0c^;m4OR}էG{58oGu!EpQ?C{gkQvOKoWD{LֽѤW5U> J־;6s%\ջrzSTV:#0< "*;4 z ^>x~R 4 c­) $U!Ԗ.򙼝$*l[ˌV xjTpyylYM_gZ8(i q4(W*z~/O]tp#OuDG#%>dQO7"CFjiգn%994{c ~|.%&h;?y~]E`v0F]EmnAT ɖY2fRbyz,BpF,1-/Ln-`0UY.:lz $wS,wށrcW mhy #Y; R`&OrU.1;i|y|/cx? rsIO=g3Xn-z5Q=F潼l*fJNѥh[h4ȣM(ׄ}Ka]Ѓ/nNiM+%.l)E[!ՆčA]?)Xŷxc1>L`+]q"1g༝󬜷,0( y]VM̻hMOvgҹkو;'Y#1]jMׄ4 #:#`@& {'?lj1ѐeь@X jeE} :J5q⃟'O<x,LWs厷HkvF&/S?dci6eŮ'i/R'OJ[$eh􌎓Wtz { Ti-"s=ɼ?bWEtHZ,g#}c'%*()5Szը18fL8WxL<Sb MmiTIP=t?ʀ_0 7(v*ãSIW 5oWffsWy bo'4'6RvR+[{`q7SeSjοa:y"=a򬬋i-Π{^6hl*7 @,9K1Ӈ,FяPN@Ngf @X TFZeScҷ' bD'kP'yilׅd:c&`&RSz?cՅ4M]l?Ӄw'CFX^Ab`~5EIjMd$W\E`|Ex# *Oi){ou IT3! r9}}]ƜL/"-z5@8&HOQt@8){R~AKyq3Yڧ$,^pcVX?y/3=PK`TФ '.JH(' {q':Œ$?eAxpl@d}U."j+E,'! 2 <7ΛNvB-Ǎ׻罖5xj1 (hc.Rs[,QDo^lS YT1 br;kM<lOmSG媿s ڼ\`D괽we B,<;' RD< z=ךrD\> fZx~@>3*ߔ9j{r>O%6;ӤQCT~6i_4%.eӶ^wj?MkO˨W@88 Y@03 Iqo񶷸kGOmc(8LubA=dC5g%^ٚA9EcqNz Rɬr~d?!@kB~fYn?uc=m@푼4F I_̲zv8ۚH~Ji5ĺDƭHZZ9R\4 M Z5؝`_iAw)0e !@nr0I &=cjjҋ*nBPS}]" Qp['ƽ]MΤb͆7:{ːc ~ eTCf1C*j"³/$,^Oݛ6^ 0SKn:ĉ#j[ZXGuƑ~c~i9L޲ؐ}Mt,:tP`#*&r|?)7]V#?9=5ן{|_RhPzn/;Ϥjlģ1Z;'t<)ve!t8^$%>l`gGKQ> ^-XOW7hika 5W^n[?dy`CAN Mqz٥yzR (3+NJfTcJ2cP@>.D7E J{)#TPV@h-'xsa9II#\)eJϰv ՒGA,끓/w9U*U:-K7[X$`֍qFXIZ݂4Dn1Q5"UBng|4$+WJS݂۷4,ЁŐ},$q؟/R=:<5*Y6̓Ⱥ &d|D%E}OW5Rm|H]qVTRUޅJ/7But2~4LpC؃<1<_be~f"y哸AFXϒ ez3>z#Suܟ"<-ͿIy4hyXackuf U^ {iN{~Vy%~!Z,~ )O_q\ 8 uv6vn t-PQ桃8MyJlA#[g͛<.ƕ[gb\ȔuǝzES?f wDx 08^@2 Ƹ^f$X|}k[`gN;ofL`KR=嚈BxD(gh[[bv~*QAԌ 0#orƨmv.%;b;PҴCUub|#.Z" 0tnW<6sTH[fNgN=Xm<8RsJp5$F:D$,VWJ8-7O  5ܭj" u*]~"C8}37=Ě?\Y05<3iH4|B3kXw7O lդŚ",m9eґq=Azݗy@IҵD"_2}TiFK2adK֣b&) ֏SL(vVH`xVg.W:]ぶ]QM+bmrfK93Cٞu2(/cqӋPizyo[^A׃}e&?D}\GiE -^V0&=lj"2TMqBr=XBZ.ENy'Q7RLy][=]HD[8Sk޴ޠU{#y~[,`c nJ:g/Z֮ď8:w)&rVQE^fT$jJ)K^3k3f78>9\o\Lۡs ]$I.ta#&g{)T8ĘԮ[!2f-[3-)99@Sq:R_&5hnL,R; .\oU3Dulj*U+Iĝa͖>fUZإ ZZaV`zʒ\S K=$-ߤUFUg'/]EtƊwУl= |I|6_J\4J VP2sS/bS┒1xs /5 T܄iCU6yw ]RaН(OPgru7 =GC4 Că. 5jf-6ZD !W'Đw%~0 AKltA#XGрLKY)bTPxOgND+aQ~|{}TF?ioߪ>q0߸Ԭ>kRL& WD3x!VsCVKpIn/s22=&*ŅWǚ{*_([s()s8'y&:1of'/8F[\3_xjp}f_FZL =;Z3-JhQ;W%;Bzҋ*pG-^:HPK',_R]*:, \u%$УT܁w$!I N%Pb/^q&r*SG QfeΠAM#EKvQn-dc U-+j^`evߛk2нF6c{NYjLHR>XtT9 a:.8SF^k3@L j(X#Ńܚ|?ߴ6VU'-娃7^ge7gbm k`lKU"-1<6@T;ۇDh=&gXNGyX Ԗ'\<]l e-RDd&6'jk_Xx%9Yb}+qHzRBEUlAػ]핫 ՛<oyv 0(hK>7A"Bኖ4rrJ ({Vmq QRḣ%NlɄtP . nUqل9[yZ59]AܔSI/Ri FQ1Z:Hmܤ4톂S]Ć."|ð<~4^"5iG~X[XF?\C̺jS3yW*.K I]gJxb6T>16; $ogΫǥK9SeYҩ3;Q*WofnfX2d qPeOwWCi]=$!Gl(|km#{āWWi xzq"Oh}#7K>6^$$ XQ%||$?XvHMNm-~H|c)ojXneSvO0J!6{@ > L] ʦ6x61hD|W>cVN`P W5Y̻ugߌ7Fe@,&*4$HDV o8g<^q[4ӬW_EvR8~R#rfx{_F.:کVe 7eMیUXMւdg9ˬsVc1Ůi`a⊜P?IX94I@4VbiJB*řʹuMTٷ= nkl?dfV2n u56;.sἙ sF|9QW'EsDxw-;ZmV37!6EYB#:m.=[j_~0<mfe5Jbk^[5R;=ucNkQ鼿`ab (% 8W5a8Zlxx;#'oOlAM+.s$w49߸BEш*: wy09/rޖ}k }hY*U]>= 5ER)1{ȓ1~hv)5LR]PIMFs^Z۫ŵ0PX &H< %ѵ[:[K>8L`Ʌ8g1!f< zIEU^cy906ݦ'e(mܽ.d E芤vtKʢ#m<}Y RԼK_ɛs@Re5PH|Cj_>+L&]]I9KMUe><#inY89ȧ%qJ1#86=ڟ#f5*C5\E5 7Su\F3pԫJ؉Oa'=~5RmnjIy;sNI+:;i.E1S\KFB2Jy #X {qq3aFHһgPnD#6 }{N jJ!sz3T% C{FX~: rp('l4hu0pIg?>EP6Ed@!Fe&>\k\nUٕ8dz$"vw̌XCI@ܤAv_~Cfp ǕGL:%EM>|R* 3(z3H6ua ˎcW xK-;I"qځ3A{D3BvK B ܏75rwch?ο<$orXȦ"$|BuCm"mVֹD'Rnoy9n9U2di]qhmQե;}PT-]13-o#!?4 _Gl*4+-lSol걆t0rZAo2| =0_wH0. )\Xwp&W"k?YMkzD1>SHH2'#P:Hڸn`;`Ř"E|CDw۵LNc?-&Y`9H@R@=(>"]B/8 <>\-vM?jryk4/5K qsNV3F3)zё$Ƽ趦;!(iq!^3eTqFF;K!LۧTI@T&h؏g[PQ?ꎂ&%-gay.h[TkK>_F l4-DJ~[j úo[T& n>|a81_'#/#zE#䎊hDhDVӮ-j~ՋPMX *ie]3˦Bݑfy"TR ziW{@tf` Ulmo'@*T:: 0MKMm!te7!VNd.vip);Be ol֎z뫿6aFbtkfnc|o4򑃓A8 (8sa~!v;?d6:+f-HwɪX;"~COzDѽ昬W n@&f)XT 6`|܈_vLX پr=-J/U}gς(Be=#k{ĮyŠ^6{Bsq/xZ])g9r(Ry["Xmwƙ\#zH0:uZSzˠ+sJ{N(54ֲ ĂD:I'-M!l$jIT Ob0*.5`j2Zz+y^?U C\~ښߐoƕdZvsvJ#9^r?OvL$ uJ{L-bj~IP"3vEȟ/ ]dͣ)QxƣΠM:?{>Ӿ_LV~Mtr~$͇ R?= mc$dl8BcdUVJ915FBkFx(q7gaGOw7G y¢<` |q("WBzo$`/c>2ʊ u$߭ Nj,{*$e,F=5Foa"=-b$8!bO@vPwN|#}2P27M9o ل⻮+BﰦR !)T$|*!,=4X=k_W|g(2 kmj%F|pk+u ZKcs<-Gh$'lԴ+-n{rMcʹC7Z1]c֫qث*SkϹM]0y_!\ 19ʴ%X٘\^pa&Bws=%wg!~ owKo w߽;;F.b\=@PӲ- sK*Һ0ӑ|訂3KZ-Tz/܆R&BhT+kxyjĠױC68]W 3cm1O8Ґ%0?uX[MChuqh\Qƿ6ry"gWM:'3CRΟYsЈ!Π#[<<1T ̇z2q./ Jl5}UGۓELac1l}%I7"|}gf1w:Xڃ*$k2\-;Eg^eί>ŀf_`;4V[R_jLkn-˚m"`߅ tT`M 6v*eNVẁeY,@zYxe;&];:܊P_` SMG(I! ,c!GF :#jV}K dJ $V\%=e)i1mITg+ o7k U1mlvUYH2vr;P-˥lWTlJc!f%ܾքaA˼9F[d<4Y*?:jۻ!ۂzdؓ*]23;&aA=)zӻ9(+1Fi`P3ډY"Q,3vlxϡӀ m"ʐxAf+˓<1A8nX|w|t .?!G\yEQ& _e1R 3 6WwԠL΁aYŕ.-TC<}<+^}i&3ƒAJ >JNɅ5 垱ZTXАʌ2i+"ɺ6nP3J+ ^yg)@tt婞Fjhr\ ж4~똯rIiWԦ) vrv[ ='@~MI:"Vr=J1vG,q+k*Oה8Ej-"I lUO"d$Cci*^Hոhymv֚w E踫u{l R~HyLK"5Gbယ%B`OQy6;N uqWP]m-ڋznN@(9("ZEC D7lwȄ2zXJ鿁%{)2W&sߢnM]ib m 0ksI4ڲ1;/%|:ZK:!>#m~*ŞħbhGK5a&fPѯ8iWk;k], A+j"%fVO똤rGPz6-%%GO=&URr Z1 &G<~]#Zi !gŊjw~_DĞ}(^Q'f1E,x.;>\~=[不^7Z,!R|n2׭|QٟaRK?T­ڕ %Ws:DMpIGR&e \NKㆎim4lohmP6 -P/cNn+*x! 8ڧ+@eF3tk;/FIR.8fRK!; { /+7F!2mӍʚ1~n_$[v})T$OI6*juoȠI8=|YR.q;#A .rwY,LD1@.A+[3&rtފħ>PbiD6RIcy$BDßjFެ0g"od2:0gn^F>fᕒ'Vy^0weu[D^$ﺽy* w_mkTL H5~c8K~!p0$lI:O[x\59P,X ,Ц s͵GAG_٢8`9G?=vE `LCNOk^s'MTdHdԞ"ٵ1>4޲t"5b&+Lntv=|#psb޸Ddl CRؤ@kbǬơVډP9]#|(^OueE<+D9A'~#]F1nY)I'3ir$L 7y]a@n~׉(L!Ӣ;vticv Z=I!\?ѡ=OKiOH.ROz9fV(|Y7 'LH]P b]֊FԝYɲ+ Y~- K\ghދy~ 4M$k;Z.cޯ{10[}S,>a+BZɥmn M=gpjU"Xo5չ95GgR*xh 1iDZ9Ve:tr{ ÞtHtzQ*?` .nГЏ6yIׯ0MV^!KXբ'm_wj#N^\>=4N>i`A+g(ZW./ny-5I/l6׾atE"5̰_paLom.Ef#X^ꑉ \28TR<~R_Nu9rRj YxbYxS̓Po~%YaZۺ z.#jky5gOJ񦤻QbAI;ZN}lwVz$p^a Dz8.BT/4Q>MF:5-xdAa^~vۧ2*%{\k0Gnq!#M'q׳*|pstwp.eaMHz}*@doHMppQ<#9!^߷b_82׻ 9NlrpmE}qS'?Qʀ+%VSꗍMXXnCk3? L ~@]es{ Ԁ ʗlJql>oNo Q w"KT3-skXy2@(2Z)sa{`'=si# + 9`u2h  zpfY+ݚ~yEG IQ`Rk_ޚ-ci(=GtqjJș-mT`b˱D`,ӑ41taTezRm?oG =.!O|6ϭ%.'@-]k^Yo7"VO͢Um̢E4K]^~ܥu_.VPh:Ё.q÷?<*ˌHU.3<%a3cܟ0DHrIw nCTs-kڗ,[֚-ܡz n<;i21ϛ*-;nz; +Te>l59I,XI ?j|is 6ڬb`^>A˔;LiYP{gl2ڬDIu*\>ȺDi6Kw0`$MDcw4`(1C} >d}Ȇ΍L-gb{2cTtEK.Fi)(,f$Y |o(ѐ#0KmG2W#iE,=Jخjrח;o5 jSGsX&K6' ɟxGu FN(>5+Q>U]m =8\ V'!AʮٌWemc)-jiwy״X_bC#uJ>oj:A@RU7^ՋTF틣&Q54h*vjWPP,=z1wCmBN/ 2+er(Ha6<Qo+ u}RcWү0Il ̦ `9Az}&ѓI.mčmД1"ad~(M΁ˈw0@>fr$0lxj(zJix V^4%`'MŖHU qu֑rU8@aľR].ݻ/9%-LRB+45Q .|Ǥ&tՋlrZv %M#nPy:!%|Ԣ;şɇ}uRXq}?>D7n\ XAB9tdF>^G?$`Y“jm74%1s9mf(7}8n H5qvj)ڙm^vY{/Jvt,fx0hw_h ?G*ld׏޼#v[(hƔLe 1+yH(S-T#GlAG~J,UeFkZc'8::ǒRekbõAd+Po嗥=*^upWೝ=d\hL#z>44\VPaqMSȡW*yȧ &ũ)rLQˆ…CBS$yrxbK[k\X*<-bnpK/~=m*l 2[' QFimò$}eN6[ / ;( (=tW%hF3$0-0AäY H cU@"\MPSloF31 Z̊mF!(UZy-1K7]^kqu?ZZmbBI\SbGkzx"eMDYƼA;C'G_o91OIXzKT#T(+Js.RgF=&ye d)1BʏIf`ލluhF2ē4dRբ'@otk@ W} }oMɦSY܎ aSXnF85Wd]Y0˰KKD5Ƀ!wWu &Y_i=l0ާ(9XCj0+[D \T4/jtE`@ !N\åe z*MJu9ܻ<m7m*WDZ%SW?bu:LT9>z>رwo6g3O&J^i )jӛrӕY MhNhɥe4_W@yamgq*7{m/|qй{ "HoKTe"II%^?QL:S&SoSCh 3kU漘y8*F`i:28} |kZ͉>";3W?kaW,/<>?x4W`̩-ߍ5hy=T+}M4ΑqFe*_?O$#|mݝY4Q4`b`'snb]S9<&ka6RMGXE86&])i.*D}AC;e+.lTH(: GlۦXY#^HZfi> ȋW[$ڐDb"DsޠD}3 #%3щJ-"XWL@ UE_P@O=k%gH̾:4ӲMATAJ+3?*#,4oQC:~F~pDjR&4! y @!Q '4 ={@/t&`PXw0 @/^TnR1Êb*o%vO4+[Kė8<\d|fWH>Cv6s{OզM煭DOjȣ]]ѽ30~z#!YU&R`J͕sWkTLȆ@X!⬇R5,`,&7g(%D}] Ng_I Zm}~[lt 6.il|Fs?eAnwco>/KUTI4 H[S8 Q*gC&=B #nOD+-J)G,>A2p5"`- ݾQᘚrJihlx=BA8f?wK骗O_5!IO:~]7+tRXƕ>Fġ= $Q$>Y\:ns`&gQ̪ûOx/䨇{X 8 =3ch{9.r|~o^ZJ+P˒ցeF=#;6%Hbtb7eCR:r0Msi^8[_euͤm|]Q߼B& Wp{+Mc˨NJf)H^x ^pFqlny( +MT`!:_:hxX>R4oWSr?a7Sne:"E$+:C_z9 &D{da'|&TVG‰ڼc`#C4%Yi-]ɳoۉaFD:*=6+kvtw8o %Ch\PkN=ө&@VUf-c1,˕i}C ʏ1d~_c*q(6{fsMe=Hp$wm @sYw| 8gr06 \+, =ep, wXh?wg: _?'sባՇDG1hSbC;HpAͦR1i ߮B*@"@5_rb ubr<3n*h3=DCMbnq|º2~IVB T =/z"ڌХEyYU|1/KOH&cxV9Om9WrRj6\>wE Z" kWStBX4@!~#&3qKڈc=k9iXT7qg#!laP|a V5柨d}gACu :r>MLjODMqȭS]ϥ f tuv䓙D_EǶVP~wN9q?'`9ILMr=T_"݀FN;60 BZssG 䘹iM pU }˦[O[_NK8ZC oA%sj 8v 2aaH{;*Kw&U=3Q}@P8Dl\<~ k2Po*]d`\`;թUβo}lUswDž%ּ)"u)J)XkYoC0Csm2]];KwIvk:,cm)V6oԵMsNӿt ٚu;yyBYX7;Uc}ÂJICܷN8Ye)r\&VcҢs,J[.ApQmZMC1Vcϭ?G=cyL: SÅ)8ӂܰd-[5~s?.%rAyCæ$BH:SnQ˅rv+>%DI7Z:ݧPhZ5F!Ip]u -mS+B-'R56.0㦾L3_ǍC *R8%պ5Zǂ/SXY<1:_uᨈ\`hgBPAҊyܺaMT cYuW$_5fUA  @\= 1tI e{_?Q=X1#![ hDnBHYuZ-%o0]o./g@r剎BbzOweĴIѾnMڢ:l]N`#S &IC BWoͤ~;86zޭZTO.NݶL#<ǂEP쀱QIӕz(Թ&\}Bl[65>O'nդUOQFi!PRqyon)?FQg>!+4~KqDۃo[j; y2x*dxb?ϳ yOX^\[eB>έ\/gC|@xSOwk&; GDž ckUo"E]RU/drp1,b`]ӑbe=q*Oqx?7K6[l {\_Jyv̨P$BZ[U& / <r~?3̎":b[SB8&W׬t%`X$6vm.$:U!U tj&t)"#$ALV_dSqh l3PhsuGPgliq|}N}%f9*6޾ܨ_)C[ ÐjͩBE/ H\¸LA d]vb/$vɋio&F#݈O?A9[$p_~lԐtο~_M5z{a9!:s&x?G;s ʣZmP'(h$GCs}MZ7礌 Jr@6S~h x}bƓJshB|\QxWIFOf/u''`e8ھ`.zWD=2zP%%xM8MES,aP ] =e:o~>@9J,ɳIx.7;ŀ5E v~0gznzl&d ;t ex~7B^h_ \"zm.EcR'oԖץKuiDž+MO6ejNTU2Z Vt#JZaxRKcr?8M~ZP[L\R@g 9So=cFRA7צΧw۱54w\=Qw @O"iJ^{ gxBCb/yrp5ݾc謌,rFuʡjX&TΉ%PGwîG8;"b Oϑچ= cKٵ*f54ؔg z3ˆ okAWJ"6Pɯ6: Цʪj-F\6v<Vͳګ)M 3c_ԙGn5k(#BJ-\e,uF drզ[`wFw^)18KTu-9"Y hAC^D>GEr5|}Qی}Mqa9}>|HM/Z:qF]u9tQJ.ScK_? U"$etev!b)MNCgnq,h'm0lt-'] ݘ~^f F+Ǘr fW^jLQaD*}G%mXaIPF;@伵tIdt3M&ԕ3ӫՇNovI֋rD^Rn߬R)71td+n#}w5Ȼ}'^V^@]kP &Ⓟ7a}'Op֢F]&3_ޓVWZ)IyyYgd>X ;1i00NB^QN촿4[< e0=_%&sdI']C +͟*We*8{u(x!jq*h\{+W}<6P2F2`X KuJk^6j=5j>d^ R`oGe&r4])`Oa\]!&Ay V@㨥j}1(?b b9.GJ>`XyXj\pa(T=0ǝT)JK)EaLL:`jJQ^9ej,Sr#6+2[Xs+xYJ=Q#xјm>UDԺsVYjQ+kynAC_}q++,<Gt;Rt2hv/e#:sJ(b8x_L/ȫ '[r4_Lޥ S褤|=DyBʉd|o#(7O2nBCT:3*lm_ii",WGdw9,s7$/YPO7g`q!/Lmmf<]bi˳cri+Nڐ@#!EkAW`vۚmXŸzÍ%Mi iCcJqDP~mI u06gU>!5vJc=zGgM!k8_o\#nҿ!ABb.dQ=  S#N@7ő0 (*Ass#yi8î`ibny5hjjiA0@w-l'mQ VV >aRsRĜmRC')a%wnxsb4q,-#w["{\Iy %Qvxڈh;)NmZdF:@ZޜMɇr:ʀ+C'H̼[SOV058Q kԍ2pSV\!nHH z\mLI Jbxtݍ.W[\ҝla308LSpFo&D0EDn7l6_7pfѭB4S UXo@)aX9y-2oa6t?2/ϭzRO;XG0O)3&H8* JY и.۰'(;8j,b遌gzFfoer-ZV4 -Ç.z[" 2*qSW?npfZq]"/^2Xf-#V)IfA7ђ].䐛bxt5tmbhNo D- *ݔ_&#TZUezHJ+Z] m.I#By!>b+ vmT'r Т1 H)ݠz{ͤHsLGҽ[=}6^GG'U VѴ8~rA'@"r׌Ұ:k/*#\#wg-EKՋIf}\#{$:W_|V&.(3zx܏T6#-#|аq={$P&%tv9)PeLjQ9Z.^;sv%䜲(N|[y,>{ ҸͭMKr{X p̝E>Ș݈@_ĥ:pp6땊$w#5!<$͎1"M ed{+3H'/Ÿ"_@1]2(>|&&-Ѯ ǹ|z);@oZvm6XnEum_0("NCb2ʖiP~Q,7$& obˇ&D{@btQka(S'#`ƹY+ua"7)4^Tȉ3R-uWZ0 J "I17{}6OCWmm#֖T3Om8p|t"vȚ\Mc;"lܡ|XMJd L~d3qˍlXLl4;$ {o-/jnOn7l|r7J/3i" +o,LY{-lIU6ad!UjU~e3;pĔևNrB{ \rWHGԢ>ڰ)"f5c_ !+TKZ4~C`, vWK3 @)ԬTAGO4SR q{$s;FZi?n~be Ԝ(6lnn@?=Fu ]t_AȂ{hxY뇷if>A*F#yȆDp*V{f=ar8Q`BKP.~tV*huAH&E$yS*q̝C%Y/+a5-B跙:I@Q {A% ¹Vg-':b W'ý~'o9^i)u'[l7PZu>² 0`ݦ9+K3Dl=/uw/]_l<../"j#1jC\J 6Fj 6839 6~S2I!ǨPԒ)[[hnp1޽g̢paM|PzUx|KS0V@շ}?Bd Nr% M4:,`ʾ gohv/9 0̎H^~'Cg"ձplPNPl |y,j {xfrrV[=h8ɮZJGr}lw)9e2α T=Q)re1P!`ؔ\j-ˢenFPqx8]i‰}2 <5G I#ZәMXsnsEޤn| ^ 5zg򜒀/I$+SQ$EIᗪ P/:K[ :\K2W(P;ihRwmdeEF(΋D)h_Zџbܜ!D~_߬@[yfi^ yn1eR!dg\=O&QDT.*G>]N"|5N4Ju[ <;ic)/qleӊ1|UHO}:R&G?]׮+pz_δ:~YL̜H ր{ Y0"5 EdM])cmd@įg[OF&=hrرd$>5% Wg>9/֫Sy. A;' ʟkmoY0'M~S'nݎ{s!c nf4F O'<}S|c$fb5 Q\Hq"7@ $) 1Ƭ戊]dm1&50Ș]$*&т3G=>ݶ{3fEѺ&2DAމ1 s>'*qUtiVoA]xj[uf( ý?W5z.>D6"A' BŌRIGo ^l, ngOC{ Tm-ɸ\̞Ynڋ3ζCyuZoׅ++%-GL+Iw'ڔ f[ R@qx'$9AݮhghjMŖ*44aBqt=Y7VuRuv+3a;2F+{0"@MBk:0vg&`(om&3C@\ gom:xa#"փ}i7޸S0}H`&h<#7⣶8wFıL*eΖGIGHV%9 Y +|9 wFGJS?V|/OA\ ^Rs'hXugU˂sQKA?ɇS#ŤZC?8:}N#-0/Ʊ'݋xJ@{HCݗ|,iu{d漦ev4ufQlHsm!?5KW4maL\A \^bB$Y Y "T'_ gBl) kZ9:ESsA]03(uCzvܣ/^~ZI)XHDfsqJws|K2k_YxnT6!@wi.Dm<_:x}QV(&(k7u }^Mғ#dDU}TDrp0o/$2cN=ioCTrSPSL4P+b[_ 1#-moFگ Z΅ܴl3nBRP*w+(?s믚 &!Z=BR&ذVd4~6lj-IC#{xue=͖s1hH%^[N=3J&,#T@V# c:̒Y ~~kVv}~-3=*ME(#j$[*LVN_DQgš[1q+dE ׽q}(yŝEK_QSJ⋃Ɵf+ʷ>ha4⊁suQBzh7VW*_U^ջhFg mʑzӜOA`>S6"͙XN]FRarPOmdz1y;MhR n Ȼjg1r"o:P7Ne"DH0EňXcLrLMC"4)²V vz?OYi0.GXSStqRςЮcv8!8}AoT.X<ӄW;H_<,{)|^? VouQUD{}<TW!Y6E8J><Π N YZ