sssd-ipa-1.15.2-50.el7_4.11$>0eCV#,|!85>=4?$d   ; "?EL    4 { $XNN lN %(48<9:p=GHIXY\(]D^b5defltu8vTwxyT Csssd-ipa1.15.250.el7_4.11The IPA back end of the SSSDProvides the IPA back end that the SSSD can utilize to fetch identity data from and authenticate against an IPA server.Zx86-01.bsys.centos.org |BCentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssdKA큤AZZZXqZZZ20c031c5967a2bbe03e095a8dc25b7eecc085fc7e0a8e068c09e87cf7b955ebd9cdeca751e22052895ed391aac55823ae4f95885d84fceac7f65124d017a67ce8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903cd7ebd9b129e3b191aeb209c299997caccf46ddd4fe4a8324359debd7bec5cf7f03c8b0e99d1a023cb0a8ad502e85106d3e4bf1dacaa8ee99d2bfe741b182cc4rootrootrootrootrootrootsssdrootsssdrootrootrootrootsssdsssd-1.15.2-50.el7_4.11.src.rpmlibsss_ipa.so()(64bit)sssd-ipasssd-ipa(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/shbind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libipa_hbac(x86-64)libipa_hbac.so.0()(64bit)libipa_hbac.so.0(IPA_HBAC_0.0.1)(64bit)libipa_hbac.so.0(IPA_HBAC_0.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsemanage.so.1(LIBSEMANAGE_1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)shadow-utilssssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)1.15.2-50.el7_4.113.0.4-14.6.0-14.0-11.15.2-50.el7_4.111.15.2-50.el7_4.111.15.2-50.el7_4.115.2-1sssd1.10.0-8.beta24.11.3Z@ZR ZOhYZ@YY˒YéYzYYYYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.15.2-50-11Fabiano Fidêncio - 1.15.2-50-10Fabiano Fidêncio - 1.15.2-50.9Fabiano Fidêncio - 1.15.2-50.8Fabiano Fidêncio - 1.15.2-50.7Fabiano Fidêncio - 1.15.2-50.6Fabiano Fidêncio - 1.15.2-50.5Jakub Hrozek - 1.15.2-50.4Fabiano Fidêncio - 1.15.2-50.3Jakub Hrozek - 1.15.2-50.2Jakub Hrozek - 1.15.2-50.1Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1516700 - SELINUX: Use getseuserbyname to get IPA seuser [rhel-7.4.z]- Resolves: rhbz#1530975 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules [rhel-7.4.z]- Resolves: rhbz#1525110 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend [rhel-7.4.z]- Resolves: rhbz#1508972 - Accessing IdM kerberos ticket fails while id mapping is applied [rhel-7.4.z] - Resolves: rhbz#1509177 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss [rhel-7.4.z]- Resolves: rhbz#1506142 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) [rhel-7.4.z] - Resolves: rhbz#1506682 - sssd_client: add mutex protected call to the PAC responder [rhel-7.4.z] - Resolves: rhbz#1499658 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.4.z]- Add a patch that was missed in 1.15.2-50.4 - Related: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1493916 - Issues with certificate mapping rules [rhel-7.4.z]- Resolves: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1482927 - sssd_be is utilizing more CPU during sudoi rules refresh [rhel-7.4.z]- Resolves: rhbz#1478252 - Querying the AD domain for external domain's ID can mark the AD domain offline [rhel-7.4.z]- Resolves: rhbz#1478250 - Idle nss file descriptors should be closed [rhel-7.4.z]- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/shuk1.15.2-50.el7_4.111.15.2-50.el7_4.11libsss_ipa.soselinux_childsssd-ipa-1.15.2COPYINGsssd-ipa.5.gzsssd-ipa.5.gzkeytabs/usr/lib64/sssd//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-ipa-1.15.2//usr/share/man/man5//usr/share/man/uk/man5//var/lib/sss/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e6a612702a0a46848d1829f487a661764cd381ea, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=a1fd76e691270562f2e76f1f486b48246522cebd, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)AAPRRRRR!RRRRRRDR RAR+R:RRR R.RR-R(RR R%RRR,R RRR/RBR6RCR4R7R5R3R2R#R$R'R&R"R*R;RR RRR RRR9R=R@R8R?R0RRRHR)R RARRRRRR1R8R?R@R(R R0R/RRRH?07zXZ !#, ]"k%{f}|,p35յ4Bv4wmbհ|C0ɔ0iS\}}exgEom&ߵ:assrKLtqCqRh@ t@!Tďo5ߐ~DУ759o#iw:6IGB n < \reOfZɁvAf sx@g빾W' Cs8UnXiS[0[}O9?M2(󢅂H λ%*"v|3Fډ.k~>K; Iلohx2jA!XcVz{ה 0bY5FyA*~) Ӟ)2b !%x_H`v~6o$"Fkʦ v+uZASPw{}!ƣn"]vd,{Af7>Ғ vvރ/s",zIʴ zn @*٫V ";i4٬"I(HrͳpW6Ф$E4hY40֭7Fh$nrDo,Q-IgD?XBTq?T K@iZU(HR.(&F!pxxfu!9[: K1aX L(+SR>18GjNxEaSve:9̀evE+{b`*Ԡn[$K:Yy3rBVlG Jfڇ ۬2cʘYh&}$4ek<q&v:o7QpA5`,Z^|yj kYuy=}?qXligT5ѐF ,R!7QY8gSAn.[4b5^U>l+ZGgy)9pۮ\$Nj dcՃP_U)AVז=D@åXM/ygZd-ȺP+o<ɅJ= =/lj{ @_$VA7ZWW~YmrSCe3c ќ8z/;6sHQ9Ul03D400R^Y{a9P%/@l@jFxݱk7yIAij,DFPA׉0ՐO7Jȉ\A\c!A@ 7dsxSl(1 1nh?F3>{E~#DZC!fm/?D`6X=ARA>h=“Ez"[ Э{úX!gEDutnSDJ LZ"] \KzS 5:8a:,V\ nv EWT|(A`kԨfF\@et"DPvD목WDYl;.ZX8uE1Mʃ܁ͬ-Zڹo)ML:1u862J?O'BO{sSۊ|uuFkg|WmO:3SW, ~O ={Km>$<2I7J>XEbXmRew_$ҌE7˸^φ>Kc9{$~'S2<,|̩: wKcR_WTIMW̝ic`ˡR#(pwZxw(Ǯһp#qё/D+J?Os%PZnײu`&np5Nm&3jLY:DL>Pj7e2Wwbs~{C|VȪǨIv# 5AWx~)C_3QN:UB jAAFԋ0^BRu>_Y.?!fRtߑէS o4Pf7S2'4iF =pغ9UU]E(MwijQ^Twb˳eL5AA^Fg̟g Rw|6OZ$]Kb*V|M0I!e9fYy%p0vSM\1A_6OMjaSJឧA$1ky5yT7`DcV^̃nfNK:+Qj8pSCIU<>]b,_}ASU ))k ܳlqKkRÆƯ!gXN<1oJ0]5[Q'2'f=3@~+NO@4WӲrOp5FIvR+Fe8?rD\K[^l~FѪI~ᴊYg_PTO^s4p&\ ܌*'}`%D?~YK/CksCе9$S俯ŴQX|) Z ;C *i*VirOFJqgf-}3vK!x 6{m9(7 5WSuP U>?8؃b*BA2 Nքu$dԋg2㈈d`Q!Yy+iieEЋcAܷ%xaj;k6[$CLH0ZXmtKɞb?_y qi2kt[X>|'ˤRcPs=CO=IKب ns`4FSkFP&(8w m8bQ:E*AE/fJoٗj/dR(Ide+̂~CvarzҔQGD;`~v;'Dڤ7[|G$A𷷅&|⑚l(GT侴sրV8Ix*~5#hjVk6YmE2(F44 en^vKW*p#lYpqK3'5Lxֱ'0/k, ?,𷮜kڕpuMz^Hzh# 0$0d:K b5Bf<Wx0,7jpR ~Yl ~A."[T}v8{Zp7#m)+ݪ!faBd%3SI@!AG}sjn<7^3b*0U.GTgҔ+;x^ ]?A;"*&kTv| Of8v'x(#Zs#s~w4`6Tߣ "|2u Qn !~^E)6yOm`lМ_jt6i:aw5(DsK7KFT-Ϻk@rfu,Qu▲1/G ycu=0WGNWr[3J1x@POKdCHMsՌ|).Btfjv9C}zP8 );h3qm> GҨ=_f|կ梵Z&cG3NBKpen6r6 N wV8*>d}e3 2Ѓdlv2"#ES ${c%̉b-ԇqc\CK9ɽx5}`1|xMQ7J=gZwr yXo_aۧ~d4`)U0JCp{`Kni ,9iޮxu aS5IJ]Dabnr:{V>7Z@'t@4ˌqvjBѺ&WFM_ɗ @mJ՚3VyN@J4⦙gfg# B:8S<6-,#LJ|L}0Tل| 6(;#MI!_Uv{b0@W->/Il)>I{+)J`my!1 vյ\ {1(Eh"| /RvvaȊ TL昧#>2)Y]<],)r\0.6N*h\DN#'51O@!}tf>;{[v+'5TOl=ZAcfyrvO]d SIV)<C跱+&mbpYQg^ C1XM"8*:](lRM -RdRRU3T(*^Bm0݌Zg´K8숔+Au DOY4}$ -VBM)-k02y6F{U4"\;UcUrWnCdz܅r쉈T&{u.eOYO [Rj(Hutj8-YX~`3A{jz6Tbxyѻz[X]rEDsAqd&pUl,,jopP{JL^@ee7x%R7fƃ7@],ؿE(E('a^!9PPNrףRb8\_܇u&fQWR;:ßHwO# F깊?q(T0`'Wa)Y&S"xWm4 k}'$5t0Lb(w< 'sHӠYJ1t`hWc9f Ko5I%)˳ABg4#ZLRyjnY_n@HۀߪfZ80i%M#!Èr}i o(_x8M;iY5מˀ&.k70ZT6Rg:%.aMZ۷ wݳ9Z$3YsEMшT\|xskm)ы2L?46ܑD|JUSzDu@ ٯʸ4]kC j؆qkJ+7Jv}C|$+}//g^ 3Ӆ5d|x!'ʊySk (;U )x)D< pdJȝ>UM"vcLȯS'vEv_٭";LiJ:!cUt@y"y~agI6{Wo0`D m9{eQi&Yᡄ<0(qEM~Bp+_[g@+],fqVVQ;$;D'%ܗNQv|/įѤz];`: E2n'f;_'G\L|A\@&w &oSV7^r6d%(P+t&;֛H2HvJxiU}кD"_y@KUu`$d 5 'M8 7FſuezF;#U)Y>%Mc9)Tm0=ֹ0 n%JhVTZ2F^xQ C ?Ɛ\]BiˍKm^Jpy _lyP-I4(6$+81iX=b?4m):#$J/,B4/֊1c.Po)W!g,3~ucYaԌtV~AIƽ+&ڐj |w\s ]c437Ra.A5#ӮxN3&ceIP}TXcbؐ1Z)e2 NbV?'oćy=' .)QR*ŬRC'8_'Wx)!Lh"*x[KC_\F NP׬+1 3-t6^F7.5~h)I)P{e 4g MW Lo]7ҬIcgb|iۯw׸M ܍PJ!bCelК:_`5oh'ϐr5EUL[`{ufB(JPT"_fXp$㡬X|MpOÀ 9S`/kf{FFؘF DB]ltfKI IД{bRäboo{PD#"5 SI-a'ң;dʡ;&bD4 <=(H\2/oԕ|3C-t?K-a3IѠP-t4ܑ \SY[1,=sB$~sCs6SB7C_ʾhao3qrd Rt$`*\#mZ9%opW(hhW֖i׎gn“p,fS*u0=mSw*%گ&W5,XCzo 1;w/ɮԈ̍7jfH<:]D|Sx`IGHLuxv[̸(K?nOʙE`b`A#3=,wyh8/cxA+*5=McmlB(|OU:cEEVt_S(`aBu3E n(.J~p'~n2- L eR!Zzb</y7{aM؀u/-VΈd6 T _t5J N(֚cHhA,Ky- ]8 }Ӥ``2ˀ=AHnqU@PggaMI2,Ey:GI>=;LdB z\g3Oh-|䑯H 'Ҋh$T<vcl=>p٢@O(T^xQS;7}:\ɣ,LaL:Ο\4w%G3Mb~E~_D3Q6N \H.yDA^ѲhmMvezbf n8u)[]LaIh?oI&pO0gٸDI1FXhw*,cOb2yw-X?%*EڹWҲS)mBD;Ĝlӈnj.Ŕ!-35A0y3@ Tލ@Tu;^D=}"y+.T[j.l[f@GTShGHF(yx)-o\N E8\Ld})Ĺ3/Y:A^1¾# P64M.^r!y].,W.`N7}iӕ;]hMG^t{ }H҅  ]),_׶ CCVNy!}|p"ܔeX#2^Cdq|'O?G/,xra-hVC9PN52zt6\ H? xs8˜s^6["0S:")xs ag.vU+|{H#;v^=/袳9 \ﶛnxCG `ΉDiH\ڠ O0{Fհg[+_--QZ@bI׍"T{ˢ^A-INf 5r\s .ڜͳ|gH}+׃kjxv '6 >rDƉKDaߏ̍e{M)oԚQrܚV=h/R,횐آ>+P<5R`k/㘨tt_ljU1ك,3$=2)bF 6<2dNV_B/9 e*?waS ӕtyCNH$(iu=ewnSC1CRiGK)%@b48%ս3͇$Y L,y&.Kz5A8a(0dw|UZ#'v_igXL&bɅlN[:&s"0zs=*cHTk ~"vy uZ&S}94boKNV:%;b#B+eQf…Ht@O [UdH- Bߪ8Se/4Kxh:Cniew@Bv # 0T~Iu=h5SeYĠ =;a9; yIc ) ]s4N_Oo,;A5ر2?H];M .7ŰN$LY`7+d'1^G EZ^-fW *t,Rl*aaVq5j6q~RhnCIـ_d#EKgt@Ggő7I׊!sRJO'kT/ʅ9]p9A'wzpE/U4>SF]g.&>cDJE[F wVS.G"]2pXv)#?MbǖD*o!R|hu΄a0w>D{ǏvsT/z%Y\zzsXyq{Ѧxu,EӑTk  !ͥ1(~&*pKMiޱ.¼ID0BP":ˆ}3m(5 P|fJJ؛T6rZ[KŜXOqR9ȌQbU+ؐB5-t[=ޮO[")-E!祯ur0m\ꅚγ5α'_΄pa纩m|Vk͍[ Kc,kJPQS V3,N4 IBPR_.YZ{`eH&J(A姭m2bycI3@la41OuiF,`A!jŭ ġc QGh H>g D 刲P VgG"86ֶ1wκk2A,GeZ䪃n|) zrC5qȦaͳhF/±aB N1Gb+VؼoeB6KcăKZTPQ4.<.J\YԊ.M=SR#pC$)進L+Eh0ܩO2hHzv?PVUt8=Y3?-Ld}oe ,ڋC2ŕ ~o8& b1 qR߫,jϧa 2!Vn0=k7Fl󵺡2[W.8 l<5e\izmo i#. ZГDU&냤J^ۄ!OW#B"Ԭ(Wq t{_C ._D{50 (|PmS5pIx[nmHo'(,A<μ {('7</@[Iz`}SRv 飕DDyKe:NlT@p d2)PV$ټ,o*ױg~jPg[tȢKd?WG׮[EbIzC1U{H|6YQU(PJ ZՃ*wݔ}EҭpEҭbzFW|?s ]?)VY"DȀk\"!Ziţ+K׳-Gk3U'ybp\fjޣo8H>!M>7U01SՁ_Dh]k˸9s\A.S;6tӮU:1vBpq7 i;0EYwh `njsag*_I @Q}Ml9k@͓Al=~s ݱX Fv2yPPù@#"hX vOLAXhXF~9x M[#—I=AR]G F֐׬0<MW@/\ʊ6/V%4Q>,k} 6jI2S s6Cߥ@:(l72z Pfȩ̜Z XWUM (|E,QL3Ug@T:%IpBEMi7<3{ DsV`Yaw 6AjG%B[ȗpC| PƏcWk$$ya3;]BO۱2$Bx]Y8- D<K"n;?FadU)ȮГnH%g搭UJņB.֐Vt}m;fSz 0g s6Ԅ:8C?_ f=87DTs%+єGu.3Noꖼ2 Rv(x*:Qs^K˵v~klٺ.uPua\Ue{bC}AӤI<&uceko!Ӱ,Bnѳb򋚯7Թ3jf ,@ϼ`)a|3&߭|iڣ~͞-;y> …ĽͼiWz\騿9B) ே*qoQ+bU+lͮ񶠌̦LXTcbu"*bIvɜFP"H܍lrD3 FGFb ,_̫=.{zQ];jٌ:Ko$ž,"PQ(mdN6v.EP `UA= +D@H%G U"U._V#FQ[㌫bqչl!SW*x.ě+#{6:^`\UeDWsla Z&66+'u݂o϶瓘""Fj=7aճ~ I!ҵdΌ;[e5s}ʆhӖiyEg{ˀ;Lt%bt4m%;\wk!?:(^sQQ}vd:>RfĞiY`^|TWph#ж`I8B!Agz|c8LGE/KMetqu,3u]qqgHNi|sag.K~eM `qM+;*^!&]H2SaSsjű`=@od-7-[6== 92TAR1@gTO-QRyA{b-e/CW d-*- ~Yv5zm+}Tx'~n޲2G '&WɆQIfR^g2uwgks^7zaϴ= y'H0PA9ǝ"*ͽ6;C ~ +<&RO8TW4wFatp[T[(YZxuOݱ=UˁGE/{4L?ќ~<5x rOQ2/;e+=%&;MW\ƥUxDK%!c5%tvqJqaPc,~<蒞RF rl@+\#'N>j_!\'%oH/ א,:wD1|~!xᄻzOHϢcLv i.F6* G9H2;̠陼2 xo~])s 6@{j6WleL~:f~Tewd!:LQ!¼]H: $5׊+F?^$S-i.DxW`aX"x0.n}WGKiE(̃®a=J>5 T jla=M䱝xѳˆK'$SϙW]@5552W(O͍ *1"QCJjN߅ :M /-D09zfxo;H i ͞e 'IPE.H`3[x,Ҟ=-oᇲ?T"Mp CyBPjyy0PZ]=ZJ2HQsgs$Poa7@豖w7B;k÷qi}sN˓K_dY_Tzz;c;s4ͼc$;@u[CP!lV]&4'YCI}2RS)3c[;XZmh Vu<7sc%auV &v[cÏhzjfR?sN zէNo^%Ek`SųeH3\/Z8Yb=%}Iup'VF`ʠ$8>Uf`dvS9e S3*7R>=SJ*e:._m;q/SΉ+*֬N\LAxpH8\ )__;c0/qwG_lXvMg}hFH Kص宑G!Y&QjQ8tuF&݂zoFS h_N35X[¤t']QG{̰6|-vAQ%_ 7\˴_o`dKXws.˵[d؇?3Ԡ KI9FKy_EO5}7T#0+a}4J!5UqSHپԵoDksf< 選Q{Mdk:oUi'.4nzYI8_{?M7qB=.q&<6 K19. P=)_ b. WrZF4ز(s A{j(=±lIpۅw]<~q_P҈S;~QquU'Y9Ox;-6/įAk9QaoԯMq,v(_es]!KF6t&ЃyLԒ8No 8=(/QMτqc~&܅ejtkvGgL?&zPpu7Lv[{HI<|+źt0A9˖g]dVhZр yy4ĵm_bUvoGku 2ѓM*u/N9ݺGF(e}(C ]љQ;j$oѸB gŢTwp^thTxϓbA>$qک< }H_ZAY=PzsFev{[|"O3x$:opOQYKtz9`礎}ޫۮ4օ([C"0rf=ELM@@co4$BTCQ$zOP6:+vtA@p}|]ő>H򀿥D9Z7Ggxz'Q[%YA:K "},0i 0:Ig9>N~yU`B/׮jZ+@1zPh+>#W KI-QOU6_ yƮL!$s58 2A8)+Ůh/HFFBlVRgaMUOOQPf^ʂ?ܯIHk!kC3?_+8f__[ =-I$O›|7.knql5MkZ jհTj&P,Iƅlm%; .8zz GZ9([DdC6Y5vCGSNi .?HPR5_bm )'Y(\TAo GՄ)]HI4?ZZ:'^^h[лw8UX'$Q ksJ/":{^4?S1Ao_ ]?aQ”oѹTRG3AI5*e\zlPީUy~Įwv9@R2'r3C / 77_0XQDY|)sz:DrtAHfQQtck~,nLkA5ں'8ȅ\pڹ-tpa(S찜t +~Ukh(9%qIbPZjS:d~ߗj)Bd_`j<1?Xޑn[% V|`^ M'QUBhXgNQ!\\dYYr}W A)kα݌} 4w!AofЃ@y_Gifծ뤼'wvfL:'޲hN,PpJk- GB΀Gr-B6 izϱF#bi912pkMz@${ G'ԯmU*!ݚ e_۰3XL+*}/ruYj,X7=U[&ʚA/r^#YC_}] ťa3{̋i-4>IXHWqg)|x6EW)Q4E7VtXhq i؀c^$Xt5iQ0!\qUG*flu46ݣc3Hb(i~8+ZG{ A!0wí$)a43fe@o_5JJȔ@U4p{% M 3ފǍ:e,9n|N/~#ɤxd<ؕ$NZ l]k!gԡ*".#-oU߽YƺoLb DFeuDi$3⡣>tDJlo̖@n6{Br v 8Q8/ZuݡB7LZ"U.>Sd=k4xn)^Lۼ!DΓdyTh x.1+fE?vuA}(!U d`OBue]Lje"XsFW>'/drw=Rs Ԁ+~ ҫPw`@~p1IQ&_ծDK~ҧgj=W>q,N WKsoԕ m.0YP =9X5[?>18!0Vt BXqMH}zչQ"⏊0YYkt iSN5qyv$pfk)=..ц;\9=E/н::G}Kyu]Dd9 2/<鰀kt͗ւ_7|4 lU&k.ΆceҔOW3 ж.SUer?uSd 4jbFmŌG7raqfq[|v(<<"_X;1'&G<1*kU2l79_p*7<0.Ә6jEy2KnrqD @72<6" *瞠wWKr_$K=҂my cUp>_ÀƼЍeE}N->бXO|8q{hCxM#pϛ6bi,!袿*bYupg֨9qscO.!e$y1EZP ~]]jlzNB`oEY8CyŮqT7֝ay nn$@~_ؙnJ5=qV4M?mH'$)b5Mԉh3"&b J̐cc^ׯlPO-DLy_,rq_hRM/ !BK ^yղz ʰA} `?Z!ZEMφT$<-5d*w[LShIҌYWFXi?9B/35); !|\{*ZNBX#>Cs+#̒?;΃#SyUYua"Plts٩~F-N]U΀U|{KX:Z/9-|&JD-R e6zohҵ\*s@\M.YohK|YZup?ZjqvnwktoneΌqȖ$W1`V\[~lk_vk8H[9QWx aCVARF17bex8_*p,ɼXkNqԿ0bݫ^39dMw{5`SEna KAR3);e^p+Q-v,˽,K4fGTlIX[kKՂ޲&${3隅=aY>1~ys$ 5p :"M[z_]AӝOez?1D23zrm/42C\23fxmvxsgò>gPv rj[>|,LׁlޓCp jWQdaN{ܙO("w$K' &dI/!Wk^Ԙ*r:~}+0xfKH/XMZOA_VYEg03Ok9dʽ ̹Ɣ&xƵʢ 5a]eA}-=ڙHDZN9qWڦhWŵ)t`F *r[0bڼv{{$n=,Xݶ̢9NjWB.:'a60 ?uWX 2;a B >F/WqОT_% ]+{65ٺbkT_mB}Lr1륦,܏ϪV(sˡb6X(RaϰEoQe}|wZ{_@z P L)oL1fPW=31PC[$Wȥ:x _]p q~߈<q;H?lk((C(vsƀ"[]b']A4)$@\;a\{`WKv2sQp"?_g5ͣ7џGXj)3Q2ɐCX?Tjgk蚼@R[ t"vlWo(-UX _ōpis eX\WQ[ߚp2mz3|)Z f-'v_-y8( h+xn'>#EE&ֲ |g% $eu4u"ᖇPVLf{Y]:-]o+hM64F!Eڳm̟) r3nz='tblLrjكmr.~̤ \/6cȊQ߲;(@&PazXк.GH@Ew`Og0~"$lIzH3%w ?AOnXE<\# L55Qc6YR9[|sEQqv،c lB ]ϧ|DX>DBߟ2u>cCNh/ZSL-m2(*I1!B7(w4|-VB>x2GwދZ[YA|wPnq,\rAc b~|O;\nZ;TӲH[0;8+MfSZ@ AM:TIswTFC*۾%|#pN4CkhדIí 9i__ ;ި4H=i(곱P¼P6:NWՆp_y_M$z/T ,RHg/Ų^ކ60LTpul0 R!DێEH,xbE*J:}/҇HunȬ_9Y=k( >b8_RP؜!L(sDOpZ^cؿޞ5}Uwi|E{65A>:ם9߮(KHбU1V(L 5K=iFVOn0.8GXhqQZ6l'0ON.D5$`X=ww<ܣW92 ٙȠ /l;/7~p;8p/[ T hxڻk9\)?eǦE 6HD:hAўE+pCH%<)y`> KLwHZ6{{ +Gy3da'40@~ (SSdI''2&gC!b&le)()C09b 노W`}!ZN T;33\Q󖈵uݞ2CrÅQHDWOKM4G Od(F1ᔸ&#f И5Ix"DZ'ZD0.\u(%nY+yjE0T9O5J˭X`njScn!F~TfKY-YjJglPg>DAT<fe0%\6Y?>^vf!󯇲3~%ȵ SCFGO V:VƪP`R4qw a)m-.̳E. F@HF|`ɂto| 4?.F=+11U,+s6}x4^fo?j߫'Zg]f0ikуc5?AZ,5m%>ޙBԨqG64yatbrX-ػ-2pGRr1Ѫ<ZmK!AW37-4Ϩ)@4t'$ᡔݶ#%zKS)iCr8O!M0 s"`̵]#e6G$ӳ 3\Y5.G\} d|4ҋ^{@ l+IpYϋ4dv57N633Hnʗx2" I8kW`w$Fbq-L&RZe8#G0&YW鱖rObل!2(T7BFܙwT ?gīda/ܾ<%qV!M@V~ڡC&&jhBI$!q r1\'J/.3cd0J?eF;9QZ*[豱||9!K:ԫ2hu[^HC%ygẙ)z ! f>>P1_%NE9((5N/? 2N& }%~&әSA,>fMg{YyS(Yk0YF*~C$'=_nIB12'Ism]I0h[sOhXw7+!Rn&JlSR }%QqwyaEB} <ʸ>9 !.A~% YQ1t3A~cd̓mr/G0mU6UTM:_N0-^mc ~D"Je}~ãrLo8)C6|-?L p.d׷NSan?!L]Ȁd䚹'')$$#]J}R"YjHmSHRJ!oN, 0p3ưKVJy.ۤf(*4\>D~Sψ"٠ES.[5rhs߶驦ɹTϰ5Ě|M*4[+%DZys/5}zguc@2oŤϳ>ۂ267M,d i Y9UT\l+_R##y OaCGQTLdf* 2<3Wbo۵[ 0grqw#t-xF-:%2jŠ[a Gg *[T R~}7/o$vlwωYy)O1qևT1$s]{LE3-yv;f Ku=qzzUc7h| =*Xkւ a0SPr}<.K 'շXnX^_Mi؁MQIx(Mip~.9,73jނ!Xq=ں#Z@K[- fc`4.nFf.~YQ*,㐡 Rݝ~P19VCwPTq3`2mo8>-yt)KOẁ'N;q4(FjEK(*/o j P] '?:cIc=ƈc8RX/-TB#!z!شoLjZ\<)w #J7B#ү128+yԜ)S ra4+(E?\-e`!nqy\s=<Ɔbc }z<#1 b?&;hK˟T,*_.uz5|9V}3D: eM 3 -Dk\tjmۋM| d[-*G>dci!e`&VU'@v;7}ٿ6Qk*bn@ICD+q1@4`Iq/T8߯fʌr'@QP9]Ϥz|\ r<3]AM&u@DkBy}Ng(I.i-XxqAtA]ri_LG5;L45:9G{ YMo̻6j)-]z {oMBت.5A: A$gX5=c+')%>Z5b8ŊI18FzBӳ[svYڣ<Ɛx1{}} Gq\BV'bѨCCFrÀMcnް@{ 4 \4LWp=g8[F&T%U ݬ,=Gjkٲ#*ϣЋט v%#֎} +e=x-=&#h:#mӮerϙ1iڵ6MVzHo(E%oV @DirZ0&.oY. I/\fVx )c7qB`tB!Y7TaKQ OvvcHEA8hsxCE24e2 $Y<Oo3U7[DeAM,.4U#!i.4R{Al(6J'?d6~JX?V\q M̂ym>O/$`]`v"P2(ui%doX1x1܍X,ިlտHZv=Mds9r3$1a ZSt+R+>|Qqm,O_D!7 8LO,w>+3_ej]/j#\j]3_?eX2 @F?Yl6,J6ԅ DKIX<[#df7*}Hla%`XI@.μ>g0?>Kw 毟:-!<ɟ<@L̻Ws*$0o pRpϋn]vQrB-f4ؿ /ˋ_ງGwo"&j`{#р'AnkM$.j  ݂W#4xbj^be%k˿d=U0,`ɑ@ (XĉB_E->Lhѡ$ybH9#' ݤri!U7aPnSZy6[Hǝ].~hB:ho“=os"eFܔ-Y!YZHBJ#5 "y C>{;Bž$IX:ҼFOe5sdwtg _{V~ ]h˽>fŒ6]ܗ]ޟfR^Ma2nRnD][h%iYOHj"tl}4dG&3pPY$q*um4ғ:3:7 A4.'I ?oٙ528 l^ZB2zT&!FűCJu5[R9>D'g<ٍw0;lZ ѡJtS[j)-a9Ұw Vpɤ厇nh_*(M2<Ir{A@&FKePײĿZÉHmrI+ɕ+ 965yP;"?6tMԲ/s虖7cfSxT6n)hHn)tsvU"H6TFnXZ_bCzT$ddei6HddC*!{ ёܬ[Pcl\p=MȊBUL,*6\S@DR2FgfdJ-q|ed\A wF5ٹ-J@@ev"Um[dϬ}hb< X YiE~ʅaĮ7v麷61"imA vPo%50lQXel5d6mcߞAA 7WvtQ}K WO%c&}fS@'Z63IE̾\a+|R<u@gUc3?WBL3.e$Vg;Q\G*젙y#- i G%%[&/Y<}BJ`qݽyߞQ5eM̱9fY^՚P#r'O-5 R݅46D_0D Q_~)bZ W݋!v4(Ա9^@EFG#:(C-ڦ'dDb#vBNo/-_˚GgeSj!nva=27 b;{Y,,AfM]Τ.G?Wb }[<~W~UM#Ý*Dk$9lb£޳7B9eA4c@C 4ǩ65@+%r`"AJ]B|mhvk0³O`15 ֊ho/Lռe&IFYCcjxhUUZ|uc4E<o•QOfZI^uT6fَh?'%M4W $4a8^ᆆsSF@2 ^6T2gѴWE'cp_ngr}XlT0b؇Ž?(0:~vi_pZG˲m\42sȸrgkpV+D=c,!5,8> 'R(0 IV^]S? VTHr}K sCq }V3E)D~Mȴ\{Zk̀r=V͌rnoHE|2ſI3 ؿ~,|j8ԏ(`P]".F ޚdh4zk` IzT@w ޘmNr nLQP?nh$1䓧1"|EF_Zo,IvĂS"lyVvUV_e UL7Y !^S"u2+^ƁTvH~/6'ڛ9)͖rpeibŴ <NO %H~x#)la1";&@2ܣ29LEp ;y#nu[& b`Eɺ4S𸚿~aDz3B)󸱼EGUay[ 1(l׉2 >w?ٺ$N=ԏ{G ueZ1A V*3-D '5(;1mG\+쾼ֿ-bSy~ђ̡SPfF 6s0۲oT[$ vu:*zxM7n@ջ̬oÊ{B7k6gV6M显}0VSبOzډc.Y3PR30Ԟ-dz=u:t٠Vm.c4Qゴ0ZPnLp;X]fO?Zzl~!ԪDI] Nӿde~U"q$9sv7o0#yeo~daHM?ځ,m])='Dv>VgI#KyZ 45wQƼɴįQ \'7Ox"\ZZdhVroFxRo[L Zlhn6SΑE9O>yD&G!;,^^sN8̈nQD/ӝ! #A2hD)"#CmXWf%,hjDIhqSP4n8;+;56uK+~qQ)X/ccd{^r J-\*8 ܽ=~^r .6=>X&ɷ^NY[5<5|ܢF K"kWi@+4!MϤT3DGBV )Taٍ$Hg_%9D_$&.J{: N_ˬ@dx rL!]3"XNub(ZC$ZNuFB=U!8,f/}ctrmVVЏ_lBqZz'iUߐFl/۹t1K{B> =+e.t>юڂih쯂4ָ shT3eY]<{piД {Z6]5v[Ld m[?[JX}虃TJ|)b9u6:h Pt%]8+WiO8*ȕř lxRǢDX}A0[_IJT:gV,AULj(,^T겻MࠄQCcs' qdQTg=?(=:C_N802Z+!@L&]j4RY1R٘*1^:@0{pGIK/V[w U1!ކ&LɃ_U|i-P4pWz~ O9Mbɘ3|T<:W5kP%D局c:KI OTK9Jܖ2BfTw% c&8s垆Z Dz}&t?۫t씎o`ߤ@nREB.(+6CE{ ':Of`c~VV& Y0Kh/K٧fTӫcinrzeO-e2/j&`FJ 1B3t L\ ={ޚԯL&MMLܱrZPFqJ䊪՜ʩTGeS7NtlL=I;QMbϭnPS;3g)Y6OxM;Ynq$9n&.ѪTUkJ=4|$뮈.A\ħ}SzeQb11t1 lno{1 ~ܡh SEPoh' h Y YV) 0:\AfZ|M'@n'Dĥ CTe#hE*kT2 3c;s3ys&i3m 8Lv+DLWغMiU39euAွ [[qXX EEe <#%ډLInٽD mv`~Cʭ!'ux$+}?G2(Z)ZY-4@d- ZDhr> C혫{9O!LFƭm>8F( @>3p X\D8ZKzsHj!gSj+ēʘҹoqfrP =iKJ$=SmCK+\CFa9;n"Ȑ_"HLJ%l(3Q]>~pA$5E jN 9 ۏ5EOR*DSy0/DYh =tØ+66p=so_*٢LJr۽@o-~b( g;# ^`p:FߨCZ62}+Rc ]c:d ~1NQ 5=$lg&SdHr}~ wZ#(ȳ3.S62 ~ KCYffH:N-M&kd5jM-Ijmx㢩Fq"knmf9K99R2OcQƍa9S]Ȁ{>-2s,)@fk4%b)17@VfjyQ$1qv9G=xT u;|>}Q;9WGqA &P<wB&dnKI\_]F#գ}Aaxp%? A\ i! \.<6#(?e,! :Z xmO;6j=`=Aa]`7;i&/nE%,tMNe23'EPgqbnLQ3jm bx:Ћ#!ؽ\Vi1d[Kn&ٔbG]""QBe\" IzFaYQRKN|oxaI& m׉s^Ο%M<䏢;c{0ׇXN`::0#s:bpԝ)ߋDAICwF[ ^TuD}PҟA-Xrj})#9x v~*賹fKʶ?jJ|Zy !|T5g{#c56HR4a\x):Ma4=tzvsgoNWde }a_+3ΜaFi 5[q>kŅ~­_߆`e`7K|oQMw:sq='g5 ɺ'x\(s["iu+俥4}!KLCn/۞R)Ag T1ih7x璴)"+x/ sL}cZs[Gba%;mL,SU1"[ cJ0Vv!J\H 7DmNLP,eRhv /Y`-Ltܢr|DA,̥Bd-1|ɡd@ @|8oФldcDS=jlQ\1(QcKr ]ᅞ 9"X3|~+EK<b^>IM? ?CndK)!ITw蟛4(šl Vp _SݵbJBmq̓N;O)h&(JV79CX=x+CliJ9co"!' e_-rM|- |/M=KpYX{C  C[M@~Ȉ@'V^86R/){H3lգ`#7 " 5 ,MOItBB <ΦCJ6H rZ=BiMfs7RtsDpbD%L/r4x*d{AK5㳣d쪞.~61d-U /g-27QEq;sώRfb%H1̕ƯΈMC\ՙPg`Ju F58I`ӺW1NbJw\p&[W0#Vn%K#> 9OsjY9+RΝsdn1 Uv̕OP@sfM.#/.ahۭݹ1Bg3l1pCV4 ixq45= eDZ r׮+R%$;b\S&v}biMPH߷53BGر['w,/;,"OE0N z-E jZ;^Uwsio4lpj]T&vx'J>Ū gsQev劽8ٹ~͖nN3(TQ9D( lDKl=h]#F:; E 2#YKlj$x}M$ݷ]R+}/XP^M")jvJŘx[_7S)7 7*q[xzPSrn4 bbWf@R)70IR40˷bh"T7hu?2 d`D2V4"R1v$v^@eKuҧ8t,n'56:(]Il5sвz?!b.I9X~5F_𳪥H2$o5ærP s햣LDUv䁽U|hXk'x^rYQIV.H<'GeioSQ tE-> 귢?oEֱ=Y^LPV{mzF&+Zp6S[Ĥ?Y)"Gᨣ)U8ʆÝ'q:1[ Y^A+ Gy5 QqtiV57'6"7nlߪaczk"?  m0kb}ZF)(ưh10^^rH;T9';Zd9ͿD"=ض//SԜS z`/%M;a땹CX?Jôgߵ5}B2'<92)d?iaGJ (lU%-D_Q FeJP٫G.PoI71ġ;wSP(k[աqI[S;'.d=d} N;7%m(82d ,.kԸ:F'tЩh Tg]IY,2a& ֩R{es1tG)(A3P09_|psYp+@tNTO#bY_$̑NY(+bq#˜FP~1mK>2 ?~AlD.\KV>mv2T+H%q8<*}lO`X,6բ ]wJrɴ͹,ϑS|gA0et=0a>m#"뜢u* i"h\s2Ǧ$TD&vį֬g"c6M!iЭU8؎0Ȥ.9_xЮuפT\yD[%k-֊ ;ˋzp#D?F  xJ 2eC[e\2! +5 *83/*$2ܤ&] 6A?D:,t[_w70œ 6 Yܒ { kȮr.NXSd:_B0RX?oC@ifE`Elkћc%D3 3r l]^W͢DɞJ.A)$-'H;i֪@BL)'BNGv )b^.Yk {U#R=_&FanxT̬faC} C 9}6ڦaLׅ~פ:+>r{pXׁK e LKie>ZG9.>VA|?N&_#Ժ^rFC-Bz1_XC%Ɏ,Gm ȳוQGǎiq"/ӫ#(aK`,"YDv:Ԛ3:QqHo3]PGvK4#4D1cd 5NBcmZkz79;lTD@^U!~B,OqCT}uQikAůĿP_1XYV]X'e<5IKVC7YH-jZN>ϭn*2_g8,;GS^oKB+x-wg鶻*X{J5␋0#K~G-nf'Ku~ٍOEQ0%\x :r* oN^6@q& -Jeڊe 69l t{lLإ8m> IcDlcutsE,&vEO0e5==Gv%YX~V m5MP9U6}gA7$Wchr4Ikl"n0!80[XWFQnqɕlw:D^,Xk4~kWnQGLDǠ=qS) FJ晤p76zQ5𾁔oJ JU茘{P&!aN|j f; Һ [aE4kgbo#@gAI6NQXtޡqV1ևKԥ+ KXX޾z2+fepd1㣜Bq.hm)hKfz W0[ue _/얰`y~B:lh;|M f9@R1o#u rb l'C@x_@]] 8;2(_;:5ӯE},JU$)97>Z# R1 1`^BZ ?鋹#MÊo, o xpڔԬOMt?c| Q$vC8]x &Xb҄g]QG0!Ή-8zɏDL-.O޼J{& g>bTGÝ8Ӫ0Vz="=F.?-j`kFiA 5;i 5H={fFl9+sl@?/-H~C.i?ּ6&dhhIJXĄ8F2(5He>W-U@oz|ebILlSd ADW5Hea_Rf"kڝuW5[   $Gw(|YrdOł:X$?if8Lj_)Ϭ[_,KCjPpMDS,g$~_ږ &NAfhL,3?K_A1oBiSj/#B;zT4 8Jϔ'BH(3IiM戜r[|_x?}}&W*#भյ7] GXsTrVP+ "(vktSnWH* nojD5 8r#EK~f$0h;j2W w"k@ii:J$C!AeN2~XЖO6 A쁥>V:5%\".giXge+'B3AW\ 6 O^O!H Jlm 25׿_ ;v9+y!?Ĕ¡1ƮoTa.x/\6&`X)]Ε'LGk#lBzT]T#B("+3Lft#(_3-4۔jwṵ'H3*ʺF-5uheAYWzn` - HD.(w, 0c)ľtv^ tc'q#)[ӉH p;M6]"( p "G?]1iQu5 cQs؟Qm4d@}UDxkiR@XGNd\?UR&fkR4)l(O?KP/B/@c'2Kҁ] ®$7S*X[sZA,<=*cLW%>sz qHC[Җw|#Su ްXR#%y0*9Ѕ9L(y5+o%Kߟx_qsC۩l73)$ ;P5ύawj1cɿ_/ ~|uʠYPVcrae9 aPhyR#HBK{#j$/4f* )SG /Pv, Q>2۔L} T.bxޮH{d8~YW䙮(kv6iu<,y[-uJ?3y h!.gH^PEnR_+ld&Qt1_>FB(jc.ߝ$c>p Ɯ˲xaM0U¾tI7?ް `g[ PmdS>4x2U(h+m"@TVT3}jf!ԻT;]p?Ʃ)YKR[5ûFCݰ4$`1O?XZrF~!d4S}Ƌ"I*aAS]5(UIF R[9t00hqzPѮ JiX%>[xtͶL bgLk;&4?9[<6Jb(r"=Dwy5F ,(9⏉Ď+YiR+a(7PH0wgZfj0DBD I L?۟j8}KRlߐ`SD mpr NFB-7)a:phEWd.$?G@0t+ `2L;)E*sJQm8#*.=.QQ#URIG_C럭}r Vx]qp><䴁_bkoimQŤ&ՎpzT9H-Ҿ8&tN:HPf'>ݢ Ghxp@nWhu.ڇ294.UE|Ӹ\6m"#nOD0v՝ȼ?܉˿uU0b )PL`2Bd9bJ>)Zc&ex"Qbx RGpT$ߐڔniyX,2=Fowvˬfkhg :yrꩥ-֤:vi!ZѹV#$҄YQ ȐInyIIڐDF:%!ʭno_Jpf QqP?{)YӦtc_;.He#>."p^VSsd{TGi$p*' U7(Gq '+ScwQ_Djby8_^$Lr|bh LO)c%H$U/ ey׊Rn$Yh'8=nR>L/j1:ƖY+_?tpW[grNٗͯk"@ޟ\O,AѲtoX3C2dOzc:yY܉tlK<(&.q/ ޞ a?9kDȆ˧{Q-V+-m~K%FK|{|"y]5߭340@UoV2~9܃mQe-exϘLߗzLt_PkZBjeԣ<ʘߠVoJm)zY'@x'RPyv, Ty,uȚӳg>#PJ$M'7Mvu?OɮJ-?4ZnIiꪕZ, jX@"i4j%w,Po@ӯl?`Wb}e.ϚtvPGʇ^ʯ\G`,]I ^UAGL4ˢ/ym,Th.`=0?DTkeporu˯vbZ/r2@E0fq^ Ixd*+CyܧVIk*T4[cõPKdj/i^*8az`DfGoU5G3{ߋ?ܙÌ$Zbr/Kàqݣ#X"(lzQL0JwxMo$S :?7jץ `NH(P30R=)'/RaKW?w,-c|>L}n%ru/; }%ZlI%YyfH܂0'q =_7B'D㈈ȯ+ك mXS3,wDh1GRSz B4(_> pYuAB% 1C7ۜ iέ0ٍ*4-c ($6X([#H򡵘oWZe9ŨA_Xj Y}y_=G౗I!JD,g\4HO#:fةXn2BIuh=G{h= -_;P{L3 ck<OEJmKv7R4.3Jh9pLCJ1^jba,5hDžܫ&/nR%y?iDo=6($/E 1:U;gs3UHZuݟOZb%ޘI"S$6 t*TsB?7fVnbچ75e/FC_u۾I<:(]%!(O3=ߞu;6*J+v2N1Pal+gp)[:t@F)BFuV&uohwy6's{:ek[NsB/҉@x_h5t{OswWdmC_#}aOʚM;nz#ZZ!nG(ɝgs.z_猅B5SҰs*gkAFtEvxMGtA̖u^HvӏW{ZC_R3[RWꯍŐܬ2F=Oaىxu} -O x4".5UXq)4!Rx˰5$M{Ea%En{=s=WDRG]HmF$4훕iJ+-wk4'el)£PAbRօ^Ls~BL}gWBiׁ|TKI(DKWHj>LƊ s˞F!8L%ӢoI3k N k՞1kK+2JQⳀ1\TakW:^MKhOy;yR+UgLW$){mgl߃IY}@iJ+|Bt "ľ}4:HkYu Hbbq↕+˕xڽ꧂zmBs1XSsWeL/lh논(\"wMP+AE_G3"{x&vx1*/ͷ1tG.,_1O0GuT^Ԓ(#!R}45.M{s^4CL0 #PfaSA W=>s]Wk~DL8!R?e {aю*d[vtXL//}bYXЗg&?M2DѬ4-΍m:I2$W @IxdI>/y<9D<z#*>gOU=W\8AۇX B&(ܢ!L]r*KJ'&4{lkHHg0í'hbצLyC*/:CX1(2Su pxV9va71EhKT}7 ꩅ_IP\A \QqAboZ,GZXr`|_t%Rmy~nEVThQ3e:}iv>>9v7^2#5aG^vpOSUO'x.DYVvrI]Л9<|Ҳo#ZC ]Rhsgl߷[*:B+0jFoMa-GuGNRP= 8bq.SԤ_u(9ՀZtPdXg:"N}77˕%Bl@}Q;pJN0ЖKj)D,,xuǾ瞇dӈPPlJxj&Р/{AʴenRA4[/V4N>&A1P8x*u)Z<}`鏁iQE-?P aG i#! aSeS)lm]=jX%^YY*N<OH譳i_1hQ &gb 8 AJT֎e{xZ%΂ 6^og}IWل3FQqkr *? 1~S ?gXbqWZ/1oۀQ=Cq|?8Q8 T~q0.^D.l0婬;p]$]Gy{ȗj֟ϽE3[URROU*HTfVoH|&L. TdЅ6Jt?{֗rh a(qLevGҞBhL5Uv=lA7W \isx;˫BEk)̢xB9F[y$DA[EvE7h}YBc Ae=Lgi^٦v[A#^<D6,}(sњ}L +J=UVAq)9SsB&Qr^[7LBf̪46>82L[A"сɦL2@ QbA`vɆ ks+0wwwfulQ@6[ͦñ2{Z@~ KIsntP)N1rj0_v%\HHHg.;Fu; .;2B ] ljClBl` ΎR8b9^" U|yy$IWcmW?,,wb*|ۓnc2\rC.d0~QV[>l!:x-r" XGwrDfkzs|_۱h C\WoI8:k һUkK{]圄Eɞ H`rZ@2LXQ?*Q ZʚXx-߮]M\Í3ѓM$# "j߷V6kB!c_Daz`nDd5_S dA2'qǹʢ呦/h;_Bn +v*6RlH}y9~;ۦ=A5,i@p](4MNvl A94 SWN4l9ح*<_~ RՄڈUӈVb0M|拪Z7n*zu-.Ra}"kݷc`:#?O$mtߡkYxgl0M871V``ǠuǙhMAJ5z9fZS2㯫'g ^_E~?X DCZ٧5bקxRU9;a풣9 =˷6*JK]K0UpύK77Ÿ$6s.v O'䝣 TS#@} ­8091T'wDAHs\Gj^PA "ErBl݅SW8I|9'Ͳ;72+ +ǯK~xOʢ֒_gnI^|Yܳ'O] `IZ{?~*!vHbhMNJC:ZEWTq~H?2r7d6g+f^F!БN.`J)y(/N7,-߈GÞU')J~ܝ{+󨳟{F)`ўap -S\HKxlE|.a%ֳl7H Y2ވ7> B 'v95I*{8n g5gҨ#`P.Qߋ[Xn 8a_7ф{-e̛HCW #o*?8wvI",q/u^^UXI/u>'6o SAddB?tte-% 8Xt' k' G=ЬswQ5^2 F+w)QaCj_¥-"y1e3tPsa {vmb&~;ɺi~5t% yފO3Rn{x °ⵊfZ ! UZY[}ըu(h_Mwxu8C`UcEFߩ•-5;\0wLEJ,-VltȏJoN.m8D#SKO@[KZס).rBpu ՘NpLa4jfҾa~` 87HnCO["P}WjwtR$ݗB*qȠ5S˭g wd9Qi'8ˀ%oĤW/?_:Cc"ێڴsk)΍W$z&xBIi.;b7[SÏO(j-XI!Ő >j$䑋M5nyO3eqouﭣ%ka 3EFzpj=v괙Uw,auY-YiEa+k"+ƒ.Ee2ɬ~?M*KNO& y0 eml,ԅR-8A7m㉓f J p/( }`=9&_o{AA Ee=qTMj&dM!eF 052u$y"(( )c# 8Qe. k ,}A;Nq<ĮLj20B}בp",B|d (%bKbv#s ,Wuz]^f\|Nhp"fsVd!(eN?~ Iav<~ZIP8I! lly9M>1*LX=^dup{;h`i{/$x7a%fd#8!}e4(Md:,Fp>Io# ׼k=oQy[E;MSMauup_Gz谰-Bc5{ZlOc!zvB>Gcn Jݍr'ȊWTqA f",dgB^ QB0`+,ǣ%SrP̖ l vAsGj[}22>V+6/o?7CጪpW_q:W&xk-tթ {C%Xh_m! "a=A#Ŷ]A)݃9+چ$i4S_#q`tg*#ǡ468w% =oe*mFy0̩c;<}nk FIAPtNCAM%xP [zd]xDӸ, ;Xgkn3+N?zF]8F( 5-, >ꖳ Lwg|^ &J$ ̔*Y:|%3u!ܕގy|P$EG.LCjY|~BRe!PY_T EQ̾~{ 7B'ܧ]m5|wBc#p0ID?"Z~^Oeexf pa&6_Rd=ZKVz ?y%*$0SQ[0Q *w<|8J,^[}uz5ޕnm6- ndѢz9U½vȇ/ 9R#/QBqjl=vB QWgdfܮ4P6џ!F, S*qc2o?v̠oō<*=nۻDa3p=giˁz8.ClNQq_+ 0&p"wǿGud[H&?kZ7MtIڙl5A.\x[B AvљVYW2ɬ gMq%#V6qpՇRT܉5qA61㻪h@!^713tnu$)QNlV3g} F@^d|‡F !>+N }B~q[GJM޵s;?.t|1/Hbv6.&IAj %A}369ZNK kEf~gMSЭqs]u/TWBp[WBUI=UmjVDG2}#W @,xYq%w)^ZN)Z" t00vuCH/r#~N .R/DaA._[see_no mlpdIV75$1`h I\Dhݯ~nr̈́[St~2|V'스[Ry+\lL<=k蠮 "EmKIXR)[)&{"zyc  /Jaٙ7GgA3nqPqN{Ȝ + Xv4:=Zj+lC%Tp s ih`Q1xtx=3}+/.m:b@hQUa̤6@0kQ'|!e18 JsD:ĜkN˓+A,& w4QR?U;NXCuأ;,L%mu b/)Gʍu+!wgW)Q*ff h_LH԰(5 q^QcY:w>c؎FWosy~oghL]czIL똧&_x&#Si3d'Gx!Jj+D`&,}]A,ȥc f;v\-e8:Mˋ"d~.E:g|Mޗ;+q%Rs)o3fVvSrZ֢Hv~U3ӬJ>GZ(B}JNy)L/$s2Ĕ}Mffhܹ #]>0y%Q>W<*4=jmt-oytxk$Le\ K%5m@c9d)*SP7_)bwghoS AtmzI$h:q.x[dS /J&Nx~ihY2&N+LᎌPaHz` 9M̻r>[Y؋l8 v%z)}vgV^%\ho{Cv L3358(%pmudSbH'3ت v`T^k9ћn8^ߘ y4IKYs'7ysz9ykުUUH\7=wFPlY800o+:M-co_% I}TG 3 IU [}Q@KA'ݦNilbo^;]{\\q|[6 dٙ㵊JBHgQ1 *X"lGPgJSr43NVb)-oYm:4?CH-MHQ-^:R"!(9LJUx\#䬣WE}IaTzl6a :@rr2 Gk" ٩̗3&f|ΥAO.G+\6]1M()U5ǨI2~GLϩMֆd:9.Trǰw#\w.빙X m@9 O }`~U Ǭ2Cىakuag]QpZ$mwt`vɯlɌoxitTѱ izEhn_Cj@bf9W)mڛ+@=JsaŦkpɂ  (YU]$V빒aVn@|bQ oQx\r2vݽ!ݿ(;mE"c]bS'Gm4>&esDkw}(Kހȍen%[Ե_~YA8fm9*˪bfK `Tl7ϊ89 3R$%au?wHSM;%mɠ\jwHe3tv?""=/Ojέ|r?62/PG7)-s4Elt0C8qsOy yɸ8u# |8ڎRW滓q?5W~JpjZުV;JNтE QrYSԛ6 lreeJq~vyh8|&<iWܚ O=JSfܔX|2(.A; p$]cV)Ճʼn2tLeI..Gx)J2k?rݫݰV@GT+9~l#ptO`X$X&W"Ͱ J6BSIkfNL,M3'l@CA5+u..tI2'{og;eW> 6zŁ1. ^Eg~|PʞoW6~3 >g]fkeQ]<疭rO/Y\dT, >̾07\kJ=Gy6eU xka!*ğ+Qp(G%dd=*wȭV^.JƁ#9tcؑ0Wn@M{E?3d!*?E[goN\],ztH0=z'YݎISMʼn9Oaj/wƲI5F#.l_]-/U }l0IKŹ (vQG悝NyO4oCh08gs_%?nS?kW|!`zj9^q2 N^h_j[*g:Ŋʋwz,M.U\F,">$M !XR{ ^z(xB$XI5GYWԍ 'R pzD<`ZW?qjw-%c'sEIl2 ׋*D e` 8}q PyKxz18@J- ˓2Ї? %'=h+=D@p8?؊0sr*Tj-tT% 8Z.%Cl4¯ h_ {1tǓ]TZ:0d `/7 {T@|UWַYO_-hD tW~+O +?:2/R/[kMwyW/utnjCWzml C 䰉\ڿ5C~\N4;Of-ǎmT522NYK I>_+f ^m;ꂤ*?fKX򃴮NqPK kэ Ov-B { H+?9lHP|5zu gḰ< չ>NkIF m ءs'Rwթy%%YE* O ex*gP{Lҳmދ-ꥣFv4Q9^YnmG3? aZRܡ,OʦkܩxwAfJθ&?pQjm }ӝd}*%(q6-H涩ys˜M3X`ߛ+&> i1J[D[RsY1PmFY v~xcpmhlz<h6e~bh<m$2)v|;z];92̳ENu;WB 6s{ijU7"ArG ..9[Jɣ?,Z2hţJ6ߣ7+K8vcZW |aр}DiW9;xy" Fsݴ4PLz/k c \ گ=l?mL=͌\jI/BH`@~@c2O2m5al1LV'.sy |M䄊3jI`|V.y9̝~T˸%e,eh[u.1NلfAQ<֌MXz˝aWDVLK^Wp IgZek^_MiUhQxk*E;+bf/yD5^A FQ(-WO:rA:XuUVZC|O>S >߄et҇g_&F"\EJگa4byM(_HpyNQZSPluE>2~b~>mcLX-m 9DOUE|-/Hz~eCrO a W$9DB@ܥWoĉ.Ƙ:y*6glc^R2pBI+#$@CI W nO2T_F,LKөPl,Mn_4/4_nA @?ָSȆ%GsbeZ̹,ew mN[<~J~Ӫ|ji75o֨kcOlۤ&35 /Gq\EQݒApS"@=:H2W4WPiFhW#EN)v CqEH "pYCӎᔺCSּ ; _qڷ.#tKꯢ %̞&û# psi.ɀF=߸?|6ڈ#%8{9lXm$+P:V0ƀI K;N=O]lTUu&Foj4 `H^[P!^A L/tr$I4 ACwth88I"^i:%5]eC7+ >:V }3Jepͳ[yY`F}Zo J.-uw:zN&"ٓe+ZIZPl~sYأ.…VPMP~d@ 9:4"pL4lۧ(W(= F/E@Dyi([fC-)%o'O@F>n ٣G`I~xNmGH{뫩f<bK{ˇS~͡x!]<1V5n$՚SZ8xC&{@qAņ#% <9Jv lABlEgScFgbuw+ .D<:,)fc\\4Y,~_+aJ)T.H_;9GK=:U BƐ]EA?#ARRYlaN=3CdMklZ⚮Ft2֩MP+õgI:@ͧ[W)7fx/I mS)$r¡1x\&S& @+n͟'s]"G9AyOfh͝xX-.pe ̱kl!Bia9fG=u e'{ ovְ-X"+%az${c̪ARQz:xm;$8K2E Yb ߌv KE-%)>Eݤ[$g鯓zJ68BYuN2DߙZ/dAA82/Jwsu'\r[i`l74 `77/j#8 Q@^3>F&8?\Jϳק/m[N1 xu{:dfہ/ںm6=3L e^zڵ<ݨ:`HoM"hFENI:}F%IYSt#~(^Lt/ mO~mz$ܿqh1}8_6l1S'+)/dey"gO=4-A+5v5 3_rGmچS I]NOTS^썑%JR<wh߱$TczwsV{ ~Q02i"B^=L"^!ʰtD2h&Eqj*8O}#JbY y{t9Xx\PPx)(p"; \|ͭDES+c$V6&XIKs<VWH/# 3V1yٴἧq#Gۥn0)j!@tBʐ?yah:;ir&n=PGB69>05p#Ҹm#<$ՊQc *~.QNƜ'Jĝ6b`^41b=B;.ű1/W2g|Y- [Wu.t{ES8/ުraG!Z :yg'Zڲ'ݪ||ꬮw{>y6Z D`*t_HZ6! P.+f8)3jdYHMwl4Ld!$*UI* x=Ev"4˃ 'ε|r۴dBE|MִD~C0ɥItuu:Y]?D8[#G-$l⡪W5=ZN?7\\7ei(+ j9xًߦM_ojNɾdx4䑐EjGjQQā/{b-)U\}gl0>r?[]RbM֚EvyoH"2aW{=: _{ƚ)a/Q^^xШKNàSd;ujh)TniݵCF:N| O7^VdN\6Kp)RsH˂OДdwǎGaʾ>10ɮ["aoUNʖ"Zt_Tc3\M>7wg߭ 7P|sri^D th~X fM1Cuxé<4l%g+[xGMǾVKLNBˍʆ''ug;߿`2mg5B8s:K3{ڶsTZE+&;fVZP=Q싕`W,Ҁte,mL Օ@kS#JZBaHAWI?e^OTC~Z4ui%b6', b f+jXjtIw||*cҽT`fR ^Mk8Y 65>v?'7X),z]_1k>(Zo&p􀆮9"*Z#d!T\:F43U\E)-a)ߩRn`煱0V7JK- ڮA$/UE0~@OCoCd.] QSZhg$ĄΨh9'o%}*pXu81i;{}/k7XJγ&ٴ;j*o|1v c5Y '|aҋIsֈV3X)]@?e5A鿷wo:ɣfۏhn%?AzU$E*~UѪc}% g T7eƫ2~Uo?y_VIRXST}Ա(=N/8WB޿GEXN! )t} ~}!F^`?eu0$9msĵQ@Y yyshL̒?)EcyN;?А!yM0b'7cd1="?=bNsȜ˱lP$ ɮxeMHߗBz02֭d>Ȟa{<XidH:Oz)ԮNK;Hbs& *`ғ,%|P9e㆘~IAhF}VBy5M!`=xcP\IH{@lBց-Ay)DD7wK:L^Yڇ{I5>nDq3Pj8PV* e;j-t|1ahSRٰMķ}eLhl1}tX%) 45Lx}@PGC!قγoO)7pڮRґGki:;&iĻ'\X{:Ij b5wo.G :?t)y *vf4PWHRo3LF8TZyesGA,dxgؗv6\2>BO}.33?x֥(Mz#ޤQBF?,6O8$¼$c5Ci~0k3 \$w& `ϻz|R@"3 [V?{wb$ck1o.'(֢!]4n!UŠ#/ P[BqkMmjkj4fqNuV;n6i!GRzR]h79 NU?+K 3fTЌhƺEgD!Y×qИ,Ʉt@KKE}DtZV:@9;_1AQ+'FGq7u,W<;k>ZM%QS N ˘+ѓ< l qk"]L3`XAwx9=ȧsO!wH0/+*¼~o n̮MEѭpcZtj΃M1l )<u\RʐVH匿@ 1[@9KR0#1PǸmE")J{Xi۲ȉobǃL2xr7ʂ"Y4W굢q lHEдOWZfqZ'n rfs)Q T!YJnŪ>{С Nz\2/ә;FWRuOV~<2ۆ>fY%kt=P&ge`=4> $^[ox_&#-6g Ǚ$q!eۚ2ECڿ тmɁ,BGHժ S^IB,=T68 S[ m5@i̪d$q%[&~D7kn qr+ANd戀?k%&Wiă;:uedF3_>nvL C-"E _kI&r#@4Mdq$ hS5qN[@|o;%)%G4p+le_ȁ K=nKkMs~T?(4lMFRg*8hf}ر@b2d%7EY,S,U tK8:!!v=@(piiuQ+`ȿ`4A?~vg ,I4j7A1^۠As`OHaCbl8#߼<ʡ Pcy00x]Q;lpAYl%(“nNHS)ѵcB0W0M-A=`;-XvSP:d%ؘ>k g O,.k0RY19EN$Dd{h6aE48/*x_PS3 ATw cgOIF!({Xg!nR_x߿_W(40DRW^z39 tp=Ʊcyi~KGTx iGY 78P+A8P9 HIt@Dg +el:mT<>+7ɽ> XAWE")O˵QJ%$A~M#k$@ av]Mz~5UGKqd{0 ф]&GQtaxNkx$K ij11g[#N;W IqpdtH2<sںD_Q0z;w(:ЀW`c {; {b,ʖ<:o ;do ^^ǻ k+nkϔ)h;ϬfTۂv~>G[Lsׁ.y /YqS,P\}c{/zIg1ξ;d;u 5S[`bN}tMDCX!F+QLyZ룠uXFdPKж3T " 8ieɿ[6&^cea]asm e9tXY v(Յň٨Y"1Zuz Y0qQ`x@G<{y)%fwqnt'S5;IsTl3iem|Pu$VM*O(a4c?{TS O~Sb I>VD -e<[E%8Xb u}d99  TQXx2=Wdrgx#5 +j'yE@.Sͅ8R0d=67jR'rgNQ; 3?4|3=ݍ/2pdǙu# dJ_5!3bc3 ʬy@֒󨿓O@` yC-OIE}xh|7</[C![\XO?5'|F\1]$u,H할RT1᧎LN{TmƵ=A>e5f ۉV携:oY2 1TU;FniJ$F|u\;J,>tU"8k݉kBA%'ԭ8$c:\MCޏUkukFpE3-=6"Vc]*l#7x.4T7 in,d8f<"Jw= ^*MȃC]]a[n 鰠2MH5̸!V@2{P saMZ>mBE'Jj5v)oiq4ܣ=| snPb74UPE.|xrS7b7m/gxݐryz9R ~y6jW4ԍFz~_+ 3/]syiIBFn8:reoxx@,bޣֳ֖qNyx'|a=z9b(=(Plgu'&/4ͧN@^!L*&稓MQ2rW]@!?p[! X9>~qL^Q;YX l<Cޟ3= 6-[DAWi"fXЏA oÏ A~KF oմzfWXzPS<^͊w*X TœBmBp'KKI{HSK7)N╾M]U*?SX̸49e1f~N{U2̵.qeC4e nsu^y $3 Xkt ]|,'&LY c<-r: rc%SIQ)NJdkN%424ޜynm2bD copPtސti|jIGIפJ]WC'TpNa:,1^k%5Ds9,% Jiߎux1n XMNIwENӞb[ 0]sƵi*lh쫓w39ZިnlJʐ$ `/<QTP2̚R12u~RM0Z_B5PǩozG71EWF"X~8j!@j,*5qңR>_'- ugH+#vTJtRTӃ2r>/iCuN+$Dw uKHo_rGJ JW}B#2y=Qjc OW9gw`; Ur 7#  ]7߶d8D 쿗?=TK5:$t痾QwZ|I8S/V# >Ytk\ Ta>[QU4-lS[XsnYӕR.{Lv}[?6onXvJaj#{5kt~zKGي `2bEFHo]r1˾xAΞ@eaٽ 9aD?2JIƑ8@3tPWL Ԕkۿ2%֡'=c$p F8pl}=Mjn[&t͙lJ 7HmqxF7mɖsnHsvNH8q]EaZ0bhXe3"9,٘_D8* s4j 9%i -w1!-=l)$8e 3 9ÜU@QPLI/8c;^deN^:T[ qd9ɲwb|Iva.rGv_EY%Hcd轤"Njo3"&7mBۡ|B!>apa P"]iעOȚYs}̛Ə KjR*VvX?x'>QÔx.'~V)C oy }MS;- ÎithȏʼblZ8HdKS;DIQG&mO2TQ¬Z'&jM!PF+ H b(&1ɹd5*6}-{Ș2pˊiro6ODx MW_IĀFUװZ-OQ Hz*0>UopԺyaƹp_{LQ Ƽ7a_>S ?f9sTff or&|Bώ !~~̯.e?f?lq_p1xFc)GJr܇NGNtMSYrﯤO=E&77;mVc%i&D$e܍yTY[ۜV\Ϣsj/pʤʠOVb[YuPRO.L 1E}%=.Vs;3,MԾ]@R ? ^66& !7t1DߜFxn7/ V┢ Ev i]<4F:oHj& +.|ECJxNus>ar 2jĭӥtrônS>?ԓ+uU#9i4C?6 絭ATe9z0>J&PjBR),_'FIW!<6'NesB>)ƵjJiK20eY2EU-FzX"Z9V$&d7H ϔ >ƌͿrdfhYjxyDX*s!v@XyХc/_/X$ symuq&<*֩4t|vFQSt [g0ވ݅F&YֱMq)d9(W iaR3Iy )nlD:zµt)Hs<3;DƏ'FEl$aXO"Vb2MN-z^ڰ۵dUo~`m<"-0%>#u汐_7u'kjl"!![)o|HA+|iEf%=_i ܡ8Od\r#ose wt#x KMۉ$b?GPqjȽ(Lw`=& NHFD*j,1W1^[^qbAĹPŗ$ g(  $*䝛drN+?oM=DE*b)x3ޠT0C6 Z HZlcGj> k1R_Wv[jZ 鷰ѽ+0j&R' 1o{` sp,,]b #->]qdfRP=b%=[Xw?ψ囏a2dRDG D(-񪑉prah@Qtּuv'FUl&y~҈t~$Ljzez%89 "af |L1YpǪʼh/;db6eq )Ʃ,INH3k? F zqf{Oީuwm񽘵gkì?ۭ T,5HM'tG[L;VWʭ9L%J2Ӳ`ZDV$j=NYwU$X$\P3:,(|p.^A<0 F'vcs8v.~FEƍ.'ֶ CbސK;ǿz)85]RN|shb5lˇeۋ-Ͱ*B8ÌʐWu^z( }y8tvu[7CEzp.FJ)MW\Af`Q —Q1iQLӐTRPՋT{814V c]ՔpBp`1H`H5  @u!c{j.`ф1:' xEo5/CB/`˔#.L9"=[uNP(%>jEoڈ!=zǛd׫{m+`ոѰ#*㯪VUl/Ϧ\aX04ύyMgjVFqq T! ==!| 4<!A|ier^F[~# d5 Y$b!%'3gA++3e&3ǑE`&2jաa6OHL=W5sSSM7Rs$`*K6rENoXNۻ}ah_23@0(LyN&ȒGlAx5%P$(mvd(NA7"Dҭ7H>yVJI < n;ra}-+gT_6m6:=<0~GPɁ\ /u0fot7RWOM*H}˙3kлؿgaF &S5J;]' m&/dE&ڹՉ`q~"mf3ґ\2r И{O@3@P`H+ic(u趒gV[Ds7l" ƗŐzؚ'+}Ne'Fwp&/ON}+&~s ,>ڰ3\q4.q=w2P2ѱ6[lTFCz|L/l9)/ͩ?.V*X*JH'.eBk7]S!Q>W.M@xD<8D]|P8^]osb ij+&{ƿV.E^jRHA5>衟W4&&.U f'Gq7Â7,ZEkS2M@|Z(ILL}N2ޚc֙WkQ}OCyH0#nK0["ʈr Ujc%QHs@ؽ8h5I"W$\#,0|x,϶"C@drWvtڛF5Ͽt4wW ݯ%i0chV ?m'F<7.28fޜ kZmESnC'99oQkΧzM}$pw lW.|@\|bD-xSXѥk{je&Ƀt>>CqMJQ}-B  U1 w.cbh l7\mFDk\V"tt4'BmU|]-1?pi&@t1O!YEC˫fWYr/+OIyJ!;ogeR[\1;.Iyg/d -͞Ɛͮ1솷96ӟ!|`d*:2Uu!>I2[Fx~ k>r܅4Tȷ̛F .@7,|RQ!\'NxW9-[,<;UGN¹3aE92LӀH= Jғ:Aeh0,m9$y, 9Lck} d6}Y_2ju)hoֹg+Vb׎{ Adq3;~)˚)D>/j)TDhNeaɅ`x0ΦgCY9oXPIDuoO,aAeԍH/jbqz#y=R]d Z;j2_Pba"UY T{bp9w^=?<\X s*O-韩qР}yLԂ'R?(oZoc:(J_&b43ה>ˀAf_k(V"m%+tt7k.oˣ$3%f{[[|OFCzw9呂Ĺᆔ62p9"1sc+ѵ3EƉn\JN}ZɘUE*hi@7FȀDxWC4!ݗ{̜}}LEIT40-0?U&@ZWC{ aw(`OmWTs*3-̋^^Rϫ^3$:-. 嶐ѢeNuf vmY^s/˙c}TW+A>Qz@/1+ݝhi#u,,1ʓȎsBs q9Nnָͦ22D.jYcPg %0g v?Z IdB! Ibۨiy:RSs/}#V;4|43TVd n3^Xf9'*ȪUL |j!% z/U2,0Q2Qye Wy8 J1+uxZnqnaHØyL{h^7б5g*&\$/ۉ7CPLPZ=4_-[Q(kba '<]5 Y>=E4${;5F(Iڔ8G |&O-#/2~8~>[uL` ޞU\Ẩ<18Qb 2dh!qD؜+&̄ԇ_VL5 ,ǿ ;c!ۓcI*2aI@"y,'ysHuzbY*_R+G?&ejUiP虈r|.^ gݒR7kd{]d^iҜ%#PH|s i_aIKtz:: x%rZo2<>&-IN__Cj6(~fa5rUr2pKK**$61iw4n$acc7\tb ]9jpJՁ}lp_|&{b6`9<ى*ji ZbC] ;0sY҉3vmq DC CF}|K" o\C׺J7Vp8L〳z?V˜!CoE4Zo9g湢#~[ :ܚus&7)rZ4`aTQ(J܏*ȡљ`D.q4kA?õ Բ yp8c+zJwQ~y5UoS=H?A@:{c1S8#4x_Ww(`X M``ÔJiZOA':Uih40/?oPdbЙv _̓Xxν֩^ 2p!qIkSxR΃vG)ѝx8::knQȧsv=Y+a4r:G(yH3r?1KK$f8,a~؅nwL f#= $t5VIp`Q`z8EZ;-dc4ȯPŝJzAN)A5e^4mϱx"AQ)a@ * lLȌjQO|ҮwwrА_r(kg)DLmC92(ĝ%KF dݻZe-*T2ҚBU:$.r9qmK09/R QZf]6c@r*2zåU T~3 ':?`lWtan>P@ϳ1+yǫa Cl(˝~6m= t aZ9= @q]Q`/ksF2p7RsF}5pW(Qˀhͳm|RZҧW5ux.`\I|+2mhJ8a~@'Ll_Nc{V/W L6"ʸ]˵A^*_^'kbJuX9 WvZVa$er9X㆔[tSqĊ(LLh1a\N9=52Z}-X~M_وWX]TPRф!'s8-@47ͅy\2EgмS#!}Mdȱf ؉#ݑ7QK8YMvwEO:(?`aUdTXVidꦃuݨ "0:"WM,X햂:bD5rXw_ӥ?'èJ @{&4%cZd$AFmLOX!e1{h@2JBKJQ5\6IfUM A(sjCm؊>J_xcX:ZFgqGS3M4Y/H _2{<%?3MڍD/;]PaLeyEJj+ZT%W ڋ"6& ԉ; Ai8U){b8a-Gx= +nSi]yjP?=e!|jOf獕 7 ue#"0uT̃=$TFs*]Z)ﴂ8fp#,4X嬂_S_BqnX3)=nyxB2p6.Rf?(ZD>GCD>Jg z)nU 3ܿPruy˩I5?É\&?"$8y\Н^-j:u&\E$$ HGW\uTɬ+9MwAj7v` H,ymz<@ NJ. DKP 2;w(3"YM?|Q'T X+M:kvV>b=R*˿5+䲀@`oEw )cH][s%8Vq+CM?t+*1$ z ldI@ 9t0\K ?44Gf@ Qb (1lK2(YAPL(Q.Vգ olUe%™ PCD5Y Nkc}䋰4Ae@/fBY(rȈ y]}#^aS>߭lThhT)Vm't@Ql4h9g:ҕ%]pҎTolq+FhtDglIR͋>8P=585P&˛  F 4c7용%M(za> fMLM7xk}ƻPͤFC;AgB7VZiH x\(t?QxvRCKW 0YYQ f`L̀JSzIrV'=(  PΞ,(8˥Ir Pd&.ktHp$Q<)8(s$%n -]*^Z«kS9gn!I  Z7`rz~{Eta ڋhDJ-wLu4ʝKǭc#a!)=DќuNu1/5 b&s]N:>WĬy+PPc4zUI7Ϡp|Ed5؂T"N$C*\tO/u< FOs|4Fm;2bጹ㵑C 37za1*SkiPyQĸ- E*j}/ܫ̀ ÛcW+-//*fzZ}{"`%4v}#/k;;nx5n8:Dkޛڝ4LQw nrU{pGTu5O[v`0d6) Gaz2Ɨ`]f;?d~v.̸GE)E=[#@Iv*qw!RDNoYc 8' tS `ȴa:Urw| /%چB)`ʣm 4JuR^:Db%vI[},O U sxt$g-ugwʞ6eJcCB s0>bEp0:892Mj,4s2I^D0p |3gccA 08C1vS_Rڰ|z2G_u2V}!9AFa z>% ]+&^WYP9>%"'6Y-ESOܷ; /OKqZ;v0|9Ӯ/p:jX4 %$DaJN-/A&%^"v^C2*`sXe#62A=ÿNY6q*6NM!H4jsO}w|vu!|ju/6H 7Xy.2zP *2XGGISz;"5 xuXIMݺ2x>=C˝@Uϙg јQʩ8/`iEbrsYvN"kmt<`lZeu,(=o Ә7lEd렅=gB[8ՕXj?\,)ׂ9%OkB)dV!ldWtF3ZH^3qD0ANpooDA{F+r0eaj)kp/8OT~pcaFNTop#2t|q#f(mZjmvDnvg, ibGٵ(%;%mb:0ޖ6ijzS]QȹݠAMI*% Rv.+)qXxLQEpd]X>zɿ+o,GKWkOS^"'-{ÕUboj|G )F)xHn˲ r_l[Wo=Ψupuě!;O#qAqϞv|ܴ-M*T$4W[SI FsC_lenFўppLblJK%Ax|mqY1e7{>f|MPzEzc*BSm: * .#G˜T&]wG^U5ӑ;wwK#wD?&pCO˟ei%yd@HuHh0>~[Ad> ` C[fpZhiLr}ܰѼY裍PRƶCdenG2jNL8o'=*0}pUŠe)D'YA`~9Ži9VtUS~&McҠU): GM;4Th@ C3-OQqZZִ$@CI~'h7~L|G~Aνwۿ~Nl9 q :> ܃yӺ&W֙+kWA?pJ2oRI%Hɘ!AC>L3<9秈FHxG^ kbӏ 8.RKф6ek Zve%WU- l뾯L`ljp^MspYn4Oؑ*ΜJ8>C,%L ta$;4 %Xnj|)x~׋kKقQPZ!H~ͨ"r X7z-hu0>EtzFl UAq3Mk:(!uלX4?DN->_/@|:J<~*{!zպXq!RH?shT@vfp<:V=?&UE/Dݧ*Aߒ!0)[ !0 K0G\i\#2x3(Vs? V|K5-D[fbOLecK)O޶R bFG|I~*r&@euW 7 VTw]MKfaT[ہ1T)0D0owQוo6rnY}BxddvsB SfSv&>sƘKb @M5_B]J3N41Y\5#yKP`U}hXhy+#1^h/a$]Wg'umA3$ A V(Q/f {h|W3De1kf=[LQrY3[)~W>> U[-2t6͙5oƏB>+jTT]vp}LS?Rpw RCt.ە|4S~p[1m9/Ll[4~@(zȪg$.BTȆ-&K7 |ZÂ)gs[9IW=#eY 1pN"Vˠ Q,B*6@+jVeG0F =S zr/ؕ/ Q€ٖl^9 }LG&BHUdHAՂLǖ< {6"oy'$kaă (z};.-ք9-RF\ɎnTB7l:ʀNRPcvJKqČh} qㅻhJYap;Zsw+Q:cķ8 Gᝨ˫VOi1^Jda` 2cgױ}HWM&$S2P FfNpvHnn|ςURj~Lc^rz&`Ntyy7RΛ!(LT4_&ga=_vG7q]X3κ5mFyY\#$&݇;o4:G-.FN;/y>g]NUܐ/ pRY38qrD$0(}U<*˻h&!wh晈; r0)R;092ג >WO㖢P*k#uVȎaD9${F+IsΎO43WtBskCz-qYĥnKxqdyqVw;USQ-`$rpd5g~k L; N%  #6a߮HsC \_reI$(Ɯۢ?O)Fr I} 9fWJ$ TOM}ԲpWB;ӧOtiWGMn#̒ZIG*,3%ئ Gjd??#e%*HPS]RKq&v7@)#)ڀaD!Mb?'׃InڋS*>کSfMY;n6RޘSU\HRxG#SB\c^*4~yBY.b2t!RGvU7YϢdtNvٚɣhYd[KBfma )/+n\T'S~I3FGIdrSYg x{dje ,7"奉d8ظ VzKY"1Q MS7ZKl66Of|7l`W(T޳сoOq⑉iT؁ Am CC3VyLU+jZF C<$peQfDvOG{+"4ظ[tN!DDTɆԄj,u܎ WvMl;Pɶ ̀MAQr Iҁl \K*~X(55*z+!\W\p{DW#s#ZA;ũfا@;ě1Ȟ ᢄu,yZ<ÐGiaCGr=*| `[`xg=A c~FYrM1PȹJX Ry_hcpy tNҽV !AfWB "c3>W<@y;WLL ơ+DѾτP9t,\6~ZL֢n~ن~ F#>+LަfJ8U1l!$dfMqxjB*ZfIr*D"B3ShNi5%ˬo\`*eXB݊~PCmw)S T9L{ &ZX?يjł\Lt90IEmsYH(Ϲy~b/DAi} >o VxZZPX <%-t4IGqN_IeD A=h?bTly6;wVM^Ѿ˾ϴ9#]:oeAt'֋ly2WuPqt305mzZoo`KDo,@&y!yHə{+!8:/~t"CjS8m _zte)/ Xi%p{F%klzK;@(c -6qtr|g=E,y<,L Q1伈qZ2g8Dٝ:#Y;>6q67*k]:ʦi=2% }efJf$fEg :.X;E J{E}_3&KMut,0o-5;,nlOeXOB(E^ĎޝVJDNZ~-hks[ԟh?J9Lݾ UY du|,3JΛ`AAN>PbϊUO,ML?`>@m @4 %xKkISFfJF j0!52$`5fV[xFLdw݄sw>khh.|%5 #t%ƛ~^}CVMx'qu̜JxcQ; ,CEhovYBHܔ;-~DVdtYioIDDeLPOG]p g%{~ x 3S,ۇo1և_]w ^;xrA"`IJS0 4Pڞ}rS Q* asT&,8̜U+L_ KRMfe dOB0Um3MÑ7 .E AFi  -́қ ڧqfe "29=~q:.=La"L@3v-nrFȣy Ghb @A!gq CX⒈z0$7hn=KZ3X 忁 8ƣwijcAvĤ lq;Mж?Vwn!J"(UX7 J7@ oƳE[k㋺n O5CjaQ6Gv! g }7|ub+X\qHG]V\OدB^<4Ő ++XR +y4_5&N6WPxtYQ8QگĢ{ʼn9SC.BL¹뺃 "ma \ [N4d(ʔTtY}ŎSmCCP渶 2ϙ]:TzI#xVz6`d}Xގ'Vyz\*&}yfE1m|*\_ P`5<@Kƕ'V[՜0sS f|)>=h+PS.t,UʹM -' %^u%v;^˜wVTvq qapt7BB!ީK1Jy*:{s4* ]y+CL}dGRgcCUbJ92ʲg(eNc>p#7Heq06rhw4Oi>sN[Z\2ecuNyagE]qv2>S?- }%#+R;l`W@_r'D߫|Skqh,9ȧsYV}H &y)7/8v`>'J)faʞYЎ')h7L&#AъȄ_&8_oFt|H@/.`PS>B z{0CLh~iF'2JOO+|}V}pw#XNU1J7W) : l;~h*&F>bq&>Ws1Ucف!EYϲMlH2݈JlwB8):in[> 3υ !eK_isBdA,6g7˳<ij Bg56q+>U*"J62 f< J?h%+10{2}_.fLl J lt"knhtAJ1 cc$5Pn3Z{:;7DVO&weFZK&[qnPX KHGg>3nN%2ZDhN"ӃAj0͈yX,-CiBhvHEn!Fo܎h372oqz1 h4bLq⛮Fʞ0j:=`ߖYo 9U'/2g3$_3K\E3TS2U~=z0A}]O&KOm;=+)S\'k0A9r&eh Pڨ=t*"_ @Z߫@xf±Y9W7)D$cwƆ6"Pz'M`kF*QW)O%'MZ2Azn[ A51`ƌL q,^D^UMf"MmckgCZtF1;G?'AY_ s;VT%/4k#тOl7hr2%AHD y^rY8~!zsFe i7k dFWWrt,?l`n@=PTF뒓 q.֓mE/郿e6Gbv Z0^%k09czlX o3#Hj B^<†i"HE%9,TiH=#r竅`tm4b=f?f>K$`3IߩFHSB|F|95"";@QdoA׭,3֡4†炚,#ڋ,`eÁFTM>0Ff5j@ :yb8en>(g] ,!CH6Q I$-ޭN 3-tE)Q[қјi ;{fas-ekb:hb(hUAqxwACҾeOB rCA%͡#y67J5[0ͦ'(e팼V!YvdA VWѪ& gA~}:V[Y G3ϊϜA\+j p&J9E=UtUM@fhJytDDF@Mq, K2J M/zPVywW.raE !͌rE } Lj z7tI'lzWx*Ʊ* VFJRjXƙVa:f>0p*ǿvtuwU!`v@9P\RdAEM& !&ٸ\.'ky '2E)QeK55Wꭐ:sjK\rmm~"W JXޞow, ~xl;pKo<~.m0BIi&7] .:Мj4VNJ + 9V)2 CL'@fy⑕U+P qbbq톕ΜM7ðQo22֨g02%J-s+y{*\t[lD/-cx M&0\ kQA?y^ g?$`k;׼fy.%<1ߴ2SNiՄ2x-4탛P1Fe21;$K 7qGSLc `֫x΁Vh$f>Fm(OsA$,a"Mi uYbp]+黯TJZN/t"b]svǢUTs!X3}~OJTr6 &vsQ{J,rnO(|2TE⢯M"_4/6%|!+?.ZZv|o] }/YuR;ӾSF޽ 7e9o *0wDuثNJ O"OԚ=RvІrb`猐Na2#Mg(KP:*Ҡppi$2 O9Pư={w@NIwֺ\1< ̿Nf>_H[gr-oluH^J*(_QI7#?OP7[)d(G. :̴^&&4rɣ6q>p,-;ŇҊjdXl%!8Zo{OWo&Ha/?TЀmzp}XOR;春~TF#5~I~9. ?hfe*: /ƨR~"@#Ԉ$dSA4 Nn [¸@^"}quݛ;*eljH~i r@<[CA;}+ՠN?4yKNauH"_zه!MrN$`U}4־:G  Gy:gptWi4:$?TW[ҵoYcj` H(l|H^;1y>.«|A@bK.Kz{ˉP1{FyQ8W@E@gCQr)}XtԡO1 yO8zM-vV*z( jNtG+F]x 6W.UճPxP#Rɯ#jX# WpUlut#I6*چGJ'E``zc ŏٛ#}5f;DX"*ܨzxKY: ӿ~[;Sicx*HL<\=@`%;j%vfmvSu^rRYHQ;SQTENLhGkU6՛yXDxܳ1(|䚪,:GSKUAD;+[1&OF2ԦĢcI6Y1#3"w\} $v,rτQܷAWMSWjUQ&He-RMM]/-LLL˖~L[o,.T=SHf#6^8 3G'hH옮Eg(GbR5[58!պO+rK+ q6X'd1%??2 Z#67 6Eȝ6ZyF_I;x*Wo?"sOzl,*# @쇼(?+u;Czœn$>>Gw7oHtlY{l XZdJa7?WuCrhdžAa9~m8\6zuPZܔ~Es@,`Z7> ]ʊi`D-&Ich@-*SxW Ӥ-?qZ28 suQ.rg)M`!+d@ 1}"XlBعSÆ::T&^w<=2 <3.DvUNio`OXeT޴+ښC5ʥ yX}YT=X.xmHTZ֭L$r5!9N1L}As0¢?nDc+hOkl^"),rECB>APꏣ}^GűD$*O8s9{’dѾ|,&z tpě ?6Gj2*}*\7I߹B/S<uZ8+Haw0B%GTx wDME6-3&/ Z%g)OHQZBq9$aYn&iI riYGKPSTR X"/䙱5'j(ڜ!̅mn(AFz,%YIq6*ɱXMQlE'jL YRxKQ%=OƇE+hS>K:mjNwWqnwjj&5/yC4D9C W/VMzZc$lqFՓG/al1hWP# `c j`Ɠ)ԅiJ¦$PLř&fOJHDۜ"r_Xoj="G@UƦMlL|\T9݉0ab =r Qrΐ1{HB+DMuf"?~<)6qz D!wضĴ,(BmFٗ@Џ_ 3Vpk標e.QJ렊oV|/;h5g}{vp`42bF! x&ӭHQ(C#Q[r}nc`#,#dLhY1_e>GwQzQLJSe׻Bz.tcW'{6QIVhT&;p wq'p>%Y1 T|.n5wDmy*zyL?Ϩ 28 PHC79xGj>~7f-ƶTѴh.Q "v,7uty d}AƊYͻ*[^¤,-KlH?l`US.6vT]EtB9֑.Ż|hQ TEMKЯ4)Y }rw憒=Z\w-{_ 0Q.5x9=*_Ev.уv1K>2e$(߱ `<^d:D*.BŝnpoR𼵭7v)O tb&cu$&d}F9v*ϐ_Nô.\F[B5~mnCfZ uvq%~6d1&=~j'-@{( s3zg/||k psc3îL'Y\YvXO C'5!}|e6i"L<@x.L {غ"-|z+K8@LgO,>!nriwCߟu:o)q]Y?v]Fn0RG{(Wi'B!\ Os^AO&=VKqa/IK~6m}"I,*wI%=3`؋8&ǖy']rbO C[xlbٸfzˉTznIB>(Y5jJ55LOj_UFT)ةpF8Mr@mz Xi|9^9|8)מ099U:឵=/- /shv)~WҔ?5Lf/2ka@5J)qU 9 >O/³CBu/MPPkxAy\|%5 Xy6 ? U3 a.-չLl68|gND\HB5Yg 6;p_ŰxY% 0-@V;TѵyhK#wzg"7a"AQ8ͯj Pl sR{kec*5Ʉga:Gn<㑥m;8Uk?*e%Sn)3gf7D;~66cbL(?;p``/`IR A8g"WYmկHh*i%le|:`k*y9H}oӍ+bi#qfq-eKp;AJN/ojYTIL>< HKvSfo$xˋea@79GĎ٣ W.khXb(#>RDծÿa,FeqLA{1h BP(GլPvZbv.Qwnu_c--h C0` b1ŎAu6m HXl[`j+T8?` ZȯޞLKk(Q:dz(9(2u(3um4UCjtWC0#BD|(m1~$Q%=Zhx:͜KM>THjɸZ]3'ܖ ']EdcE.U hփƅn-RȎAMV`U<14y+rn:V, |k(x@ #5gc<|al5@?|f.} >LKj-- h3֣P噫wil`YG!WG{mpw?g-vWl'ӧ>n^snKEԪx~b;oeS>JЮՇdr!ǼpIAJ1!=5ȁFd\ӵ boque@E.5)eZ1%_Р87>*Gٴ('n5.*g\sz6)6vIQGIS$Z|e| a'XtzOY0t. >"+QHNcw(p܈A zc~2* IF3|;ff*i&M{aMz6hjQ$`  <f꒜Dmygy92ʄF 6Z,=>OgH!w-/^bk6>0} s&GÑ؁4d L TK>kKE*$ HҍC\Psy֥7QBVcJk]gb9f5kȟ<<>؍H';T~5,G"'ƿ(#\ZnJ?mp6f<UJ 40UMhT.$"9R,ֳOPHJ|f"3Y*}*$#˽v9ǷBAIXXՁPa9R=㳤̒4%HJX=FX l7ͭk&,`@PwBt+7(fi7I4QVw۟Ue?}wv MExϓ1磬(QT=_AKШك>l_}%Mmrq-&ؔi{{27cDmv.3uzt7pV yJAIMWhq3c2TH2*CDb/+΢(9ޢoZIob|}c_sMʒ|$#YsRL D7*Dl.nJp9Uv!ϭzM4OcoV9'+~6Kbke9fA`%0Ћ* -y&!k RKVGXrmYp  nû蒈"5-oE]ymrRJ6> W|T-Ma`]ݠ"4̷8+?yAKd G*VԋF╡,fAhqap+:i}:>UI(E'm icЅ[ bcX WUvڢW X'ۈs$GgTċrrmݝ1q ͶI%9|3|x~#Á9=9uFIMŠxÄLuI˽1kYJ"\֝V1 )ĈbWR&TkW!+Abyg l姮ltv/PUd3詿 wxQ\ZlYGk0+o9˧YF KD5H@s8pߓ@ >*u ޹^bbOm"!OttnK& Sw5U `FRiMkNI-I)gk  kϰ6<9%p+Rq]<͝9S)#\Lg$v^"_-)hTԔSm^$voa{5JXNZ1L_^Y8 O?UIJȵؒڱPG%q\s \ B`ʡly d/9FW |$Z:hn"MuЎ۴^XT<6#C|*g5ot5X4C3NɅB8! tC%!kdGcEz:`CquԷ!h_awOeb#_n& ZZjkf+["TzZRWU"8l G9ego'eǧlYfKb2,*NGHln@8Y, sQ{{]qR[nY/Ӝ2עL97MM$9b26eC8|/ g e&GV('=Ζ=j}!L>9֯$@EBH:;P12Tfg3ZòhTdqUps<.i!0RODFj<0|A5F)%hߵZQOGXř-?IQqF#!QeGkNza.-qJ]-k3q\龔p&9g+@*j/ŷE`$[ݬP StR4I06΢\5pkN J 2qu\DؤvPb8ʇ0 ё)!Y}K7l>t(ݘhj'/bFGmfM]3}ܸ!Mۊv5g4_6㟂 0Po/>1+wn*adw>M] ,,[^h@'ƜoOTcM tb)Fn i xs4e;'gG+{-EW%pL6b?+i\K`PWĶߪxT)ڮ5Mg?+_}MayF K&3~w9d Dc:Yfa :ްsJ R֛>.,_7V:lٿԀ4?T*8BYCz>U6`7TFFQ"bs3drLԄQCy^YڤC 8+tU+.+dKE&@&bx.nX@ []Oy:AxP (VM)O&a*-wF@>u{~*Yʒ4Ztk`=1R٥'Mĥrhhl-VMB+ cL<_C݁+w{ 5LcXUf NZ,5KD<4Yv=$ﬣ{0w#͡ [)̡CvP.,eysu%T2b^t3h~I"`z( wx5 o6 ܘRf`}ܽ0̚Ps4mG)SYm6ҰsIď67}qә+2䵾+u6YAPK5~8G豁Ck04%wbL]_L'3 iISbTy^8 gL\6V(C%W1(BLd(q Nݏ /Ajaٗ.K?8޹"]߿}[􁝏uC(iy_O.]}7!@].fk}`nW{< p.tM'3Xti7uF;Fm^hGiҧVt\a+E>ƴLlQ=>5*cTՓ 4]h n8jeƜ y.DBc5O߲:ẖl,`!,-` }qпizػ5( (ئNIO  j8?|\wq+\|VWH'i坟=့gtl7ekyEiǃ˪~acZ.JJwJي#&8CArs؉KD&7J^wh 7apdRV{dC`݌ T YPFL UIA"cGauhnNj zP- {4 7ZKLLQ(f_d.9285yq1!t|`>#is[tp|a@IBe_ʙ_Ưl\r6, NWqp6*Vj.rzAȂ\f0UUpFY,, P-wi,: Cʯi -O$»zƂ@ {lX^M^fkj:Np^]:;Bzc頚JZ=},kb1~Q˛ q#rXs/MX9Ol(~Iz#/dH*BJQp^ 1O<Ɗ0 @œ^ *@۶ YZ