sssd-ipa-1.15.2-50.el7_4.11$>Co`B!OM2h>=4?$d   ; "?EL    4 { $XNN lN %(48<9:p=GHIXY\(]D^b5defltu8vTwxyT Csssd-ipa1.15.250.el7_4.11The IPA back end of the SSSDProvides the IPA back end that the SSSD can utilize to fetch identity data from and authenticate against an IPA server.Zx86-01.bsys.centos.org |BCentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssdKA큤AZZZXqZZZ20c031c5967a2bbe03e095a8dc25b7eecc085fc7e0a8e068c09e87cf7b955ebd9cdeca751e22052895ed391aac55823ae4f95885d84fceac7f65124d017a67ce8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903cd7ebd9b129e3b191aeb209c299997caccf46ddd4fe4a8324359debd7bec5cf7f03c8b0e99d1a023cb0a8ad502e85106d3e4bf1dacaa8ee99d2bfe741b182cc4rootrootrootrootrootrootsssdrootsssdrootrootrootrootsssdsssd-1.15.2-50.el7_4.11.src.rpmlibsss_ipa.so()(64bit)sssd-ipasssd-ipa(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/shbind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libipa_hbac(x86-64)libipa_hbac.so.0()(64bit)libipa_hbac.so.0(IPA_HBAC_0.0.1)(64bit)libipa_hbac.so.0(IPA_HBAC_0.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsemanage.so.1(LIBSEMANAGE_1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)shadow-utilssssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)1.15.2-50.el7_4.113.0.4-14.6.0-14.0-11.15.2-50.el7_4.111.15.2-50.el7_4.111.15.2-50.el7_4.115.2-1sssd1.10.0-8.beta24.11.3Z@ZR ZOhYZ@YY˒YéYzYYYYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.15.2-50-11Fabiano Fidêncio - 1.15.2-50-10Fabiano Fidêncio - 1.15.2-50.9Fabiano Fidêncio - 1.15.2-50.8Fabiano Fidêncio - 1.15.2-50.7Fabiano Fidêncio - 1.15.2-50.6Fabiano Fidêncio - 1.15.2-50.5Jakub Hrozek - 1.15.2-50.4Fabiano Fidêncio - 1.15.2-50.3Jakub Hrozek - 1.15.2-50.2Jakub Hrozek - 1.15.2-50.1Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1516700 - SELINUX: Use getseuserbyname to get IPA seuser [rhel-7.4.z]- Resolves: rhbz#1530975 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules [rhel-7.4.z]- Resolves: rhbz#1525110 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend [rhel-7.4.z]- Resolves: rhbz#1508972 - Accessing IdM kerberos ticket fails while id mapping is applied [rhel-7.4.z] - Resolves: rhbz#1509177 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss [rhel-7.4.z]- Resolves: rhbz#1506142 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) [rhel-7.4.z] - Resolves: rhbz#1506682 - sssd_client: add mutex protected call to the PAC responder [rhel-7.4.z] - Resolves: rhbz#1499658 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.4.z]- Add a patch that was missed in 1.15.2-50.4 - Related: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1493916 - Issues with certificate mapping rules [rhel-7.4.z]- Resolves: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1482927 - sssd_be is utilizing more CPU during sudoi rules refresh [rhel-7.4.z]- Resolves: rhbz#1478252 - Querying the AD domain for external domain's ID can mark the AD domain offline [rhel-7.4.z]- Resolves: rhbz#1478250 - Idle nss file descriptors should be closed [rhel-7.4.z]- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/shuk1.15.2-50.el7_4.111.15.2-50.el7_4.11libsss_ipa.soselinux_childsssd-ipa-1.15.2COPYINGsssd-ipa.5.gzsssd-ipa.5.gzkeytabs/usr/lib64/sssd//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-ipa-1.15.2//usr/share/man/man5//usr/share/man/uk/man5//var/lib/sss/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e6a612702a0a46848d1829f487a661764cd381ea, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=a1fd76e691270562f2e76f1f486b48246522cebd, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)AAPRRRRR!RRRRRRDR RAR+R:RRR R.RR-R(RR R%RRR,R RRR/RBR6RCR4R7R5R3R2R#R$R'R&R"R*R;RR RRR RRR9R=R@R8R?R0RRRHR)R RARRRRRR1R8R?R@R(R R0R/RRRH?07zXZ !#, ]"k%w+p}|,p35յ4GhGxX]5z vd-qNkN1p 1 z;e l]r'wP$h vDt iJRZ_!B'^VGd3W锦?dY/VbԼ@ ۼ# }jL 7k!^m{e!qYG h/Xs FT#(i jM,d[)GZ/ SKUس0`QL眠#U?iW/ԽɱW A\Ǻ CՑK|d0E>Fᐶ;T=SHX~.}?o[OX PMfXtdk&NW۩|5 Yslj*oQWKLaX , `^t}W7s@ϖۊRc× CMWc!{TZQՒk.C{s4wS<>LQYz We|-k۷r\ݚ שbogZIxYy>m}EɞJI9qoʈmglMħe Hg{Aݨ/\9y9 i>E?]3.X`M0Ŝ *e a7@SQӖw-ЌTg~?F 'Isi9j5׵t9jleN21oF0!>=^!g6Ycй,)8h,Tu+vcA=SZiP^>LTIP㹾MˡFRyo(Cs\kXQDh #/ mKr۸_eK#ȭҭWpclxF=ja[ܵ%^6eKO)ܘ@ʲ,ĉ4P 2*&  f!='0cX0ID XX2>T!h.(^a@+ctZ)t~ 7!_u""9 V2taFYm3L{L;KɩڸAAyyAh,nrp~Ѫ46a!%P2ƤTҌ*4ƿJ7:D3{|e ؉S=h2c\^^"bA&T)#[>4!:7LH?%9&( >Бpm{$oVNa$ xW0ԕ}%OD 7ģ&Bҏ\C-cޢ/m3Q{eT\ |zo|/tF ֌z& }Gd/lloO[l7D;,6kmlx|IuD%*%ď QI0gĹ]km6cBh6#IGA/eSwvIIlUŁau>{{e+xlLlq|.<֣_7Ñ *|\CI.'W\vkT ^4MSʭXΪ&Nк~A4eko Ơ(M[+Yg|h~vrN4"="#ΐ6=`9$OClHVz__U9;ҿjo@ 7)Y=jڏ t[ 9[$E&!˓Ji^:peA"&j:fNLbs*%f@]a[`C3 W0޲Q-{t2OKnJF+ Tf`FSy i .btΧ ᶘ&*q^\<5|Vj,  7QL6I-qv{0Y{BPI.mƚO٘ji"N˼Xǣh bv{ɧ?+~mQM  Q~ 쓧uiekKZ4 m7#T=_g{7k -5ʂ.E~#"C_M Dbi?ڿ!q[RehDj d2[rzL ) H>8v##h 6٭DMc@nkPGeƜtwx_ز 9@j ɼYA]>*oCpeN㇮rZ@4&"gř6C*ɲ)Mb*XU:QP\'s ;z,!1ݟ?6xowLt@(xi詛=»)9?^nb=g…qfkQ5cL7PΆ:^}0R 4F=H'ݾJVq )c#91HzuMIßF(ҢT2h)!zᒳI SmYQnee5 7nq4/K((GsܮVx"4@SgS K&醡 We#Od3M,c wuklc;^k(#^_3]RJ954I%G#{؍jNdDHl?Bط}!͐ٗ$Khh60pvP8l,;GԤDYރk+DPyr^Z#UvE >%6@cmZ&g5gZ4٢dt2GJYi!Dh]tkvjn;yO5Z]TzviZ!\(*҇k;|SŔ#0X|}<]2fʃ}#wl1 hs4q`j~21w $P)ʍЯ1p|3 S:?63oދ8iI3ס飿4JwK!:\wӞflF$&Àbn Fed9ذ\ 5 za zi$TG՘xO46=n}Zp s >} SPޙB(&Č{&?O ﯒/pxnWͷ̍9y)C1.H s^0e{)v8:B$I~/M` Hr:|̛E6PTNU6ݧNoTE/ݐTy|I̟$)tLŬ&>@^iz'.d\ג 㒚C^#a1R]iAcQ$JKONeK W? 'KN$ ֯BSv~[07f%jv,΀uFכ#N.hEQ{*lSkin)f.ߏd#VeZjȟu|43[8j+-rSEPb`{`Y6)!~r i݋%;GVb1c Y%md c\kQiKHgSr'9,uׁij5`;؅*?|rCtPqǺ=++Xaaq@ky͈]4"z C{ #Y_]Jop>Fax1O*u񣮌9t3.&Xh ڥRh)]qxP ;5n'zi;q0k?A^ZPR _Xu%GTC̙{Fw.5&L)yDj律,*z\1ݽ# *RYF N@r)W;.4nƅbNS$ O9=uBp4z1J:Ur"f+" L5~4|PNfoVS@s9|'(Jsm$H/ (zP+S:TnU]y8y¢4fqJLG޹bېvKOST#k✈L|`W"MGBђL JPWo}C`EQ~6YWW2gb% P%Pr-iYSWBH,tJ@+u+3> K@_J"k Tܹ0T& jC-͵$qv?D7oՓ#F˅60-mks[Wvo ^"b{AH(J\2Q`)XYtr.';FZ׎ 914їOAl_?0!n-FqG,3 b΂]E]wc3OJk㭄WͿrO?<, 26 .rr1rAEIl,5I.\ Y`g# zcb&*X ck \TdKj?/FA <>ɻl\/O E9(9ql7'pÈбD{Ə3ݴRȇr#' ̃52>X? %$$u\U' N< 3~k> j!`[TmuTM5G搘 z1N7U<{x~tCdxa|TF^Z/;`D覠e8:3)6G[oϰyqH Qv*ğZ#` Нĺ^.he:>lh`oiüdW =3=qBxar{PPl36)N4QA5aNaNWY Jbj%6CaO=B=;>LlڳVG}ۺy a# 32Ix&ffl:d)J/{ U^{vd#<;vU eXWhk8|pt1q|7명L&@ѓ+iEj-SHaT"GnU y=NTkYߖFkM^gw]fIS{Pm4!8xUU0uK=E1FKWTvhDl]Ol;L jkhy8[,}&-*x9bI|UFg yX{|IxA NP a vx|ӁwqLZ aN<rAp.{o(?_b?cS\|9bD)LBxI$kI8rOojczrI^*%N{9$"@odAm\='um-V7]Yo2COuy0T9rԩF_RYE# "]>T?VvE : LhL ReQt4RyAXX˸VFMH;C .Nb5NޫHZ'&ˆTkƢeUDj2휄ĭsCHCtjhbZgS1ljg*I3k^,iS'AvOhԨ}܉֫ 7$3þy=f=ǒ\OS(cD^5fnlR!&Y -x iRӀ] M<b AWM,6'` f oH 5J8$.OA O䃬Pח0t%Gu ,Y/ͦot_G־dW=N!5=N͓_(_dG*p8 : } m`*ϊ4jaxx'nk#%j IY,Yp5 6Og~MC\Z% '|LеhWSqҖU[ G[mW+aP_b 9g~c(C%E-B&^)T~nWRԖ.籮٬P[ٳb$8(m19qC 7WՆq np|3^fmJt3BkuY_]"C>q\ 6;֡ F8~NSCva ֔Os=qcnJGr([ t =`)&*D&5 SN 5o+[`y! O#|DRc|n b@૒\׵[&`'ZtZq;p7{4.!`]MyPI{Hdo5(|]K!j눘\9tMB2#kWri27=W[1v>5Q&)ǝm'k4)GIJBo2Bd,ɗa}d%YZ${h]]'47UhRZިA>K5j'DkJKǛF۽z䜑URb XiI;iZf (O<_o}:\x\/@u~pfQb`Rx+B~KWN2X[Akق^sѳ!mZ?,&w"&<1r[$*)_] Ý &5[%UH 0GhE@QM&oخ6S#R: ZӴX)<P)Ӱ^uoI|4.eu”)r{I&P'`g1|/.$jkC!sz:7?JrT0ptT%Uc%u2( S^T4{28k>2SB0AǃJ g*9.E\C əS踇8J+OQG[=a5rUO-Ǖ7xMlLu۾ fBPZ8gt:GgtI)P]r,7'5|CT)'6Aȷf[ؕe{oNUz!AELJ175/5z &PNi? K$K! Mx \#b)6H!:m%"(8Y<}Xc+*Shi;Y(^lCN{T`O.ʧ-p8D_܉c3.~m="Lq(l3"zZ`*PEG|n^' DQeLGKe˚wme SE)j8~[ XݥbG|\ʵW0'F8bdꌫll''U:?YOx;APZƵJ宬>8&?ߚsrsU]=jJ`X}ȏéyǁ|X2*ň>ҽIXp/sp+1엎1s٨.+EthP/&oq_X;u )b0SH3n0lP8T* Ji-#{:uȍ",Qd,#v?7[ylbl 32ouG%y"*Ms"Qí":?hN>c2+'Ee;{ _ HtC;='/LcwUz3T=!f\Z8_D~^rkzkB+g2}^h!=_r ~QOf_8 y8#fRփlHƥ+&fE=Dm&BAS<68H? 1HV+ok=b6Wa×x sF}:\Aj,,&C.D,g$*aJ6SNUB#}*\g5SeiنcIJ=9 0@|Ƹ Ey뒓]F̱}3>\Mp+ܟ|V WnW3{D1.1˹Je893 C5|Zg/0?6`D vR(+*^q|ٟ!;GÝ5ZW䮏$V0(z0&]r٧3ţ "Vo ~<ߎkO;6)f p VmhЉu^Hn +*`) nkupe֎9W r|6t?6Z AwT}pF$d9^sϹ>A:/3? 48ҡ!kf`6q# R2v @4!-g;թgoxe' ΅;6",(Otї5hbsߊ+b~#Ia$(}"/!|| s IL; 8OK=\o؃9n`Ӻ1qGGiJrlLiD^u$8ܡ[%:JV1R5{@wfgu_$]Tn֥^z^jt.mS@) PZ]#J* /)\/]g|dO(&r*ū+λ[ಁ ^K}/U[^vNp`a3Hا9c+vpQs6J!bt"[<(BʪٔIzO Z Ȥ iYhUWcZ,M4Yf9zlݣ=2sJ D_l*k(ZhVYZAosne rU_x&jdžv6LEPN e+ft^]T~CW|&T@s[hJ!b3ۭ֫(Zp]lID*j&H(4D{h`wߜΘڵ& JzeCM}#Jw{p\viVpLgqrB}'ȉk|u]Hy@jF CbEgXhu]Ⱦ/v̙Њoxolוי`ony&w[0xn;H% íE)*Ձ2wKƚK 8K/mi {!/A }J\ҿAb#MXcpߡd6дQmro/LBcgƻ<@^>ʺ/l28@B~Ic\QP43t;\rG7=6i>S6cQIo.,(C~-6N )mB]2~.)bNwhrwYv=wlx΢ۺX)U 2+Nu\`V|K sLU)) e_D2-" CbC8.\g_ᄌvᣁu/ b˃E94ȣm|E(]_BH/qq=U Zla -WsGH|ZA+R7M\ 9= #.<׫Š혹Ź_ k[?qjY0Q-dƶ?)<=P`}iDHچ_f >OPn[zlb(5[nv]:pHE!=3ܗ['W_ T) 4^JQhiMR/A:[kan4҄ψţhqq cW_gsͲQA9Uv 蒩$L.#83q\?#lS1`]R?醱A/%~Mxx4 sBn+2dl):wb LONmwEJJJϥm0Z+GuϺEs do㯗^S_%U=| ˡf6x& PȰ*/`aT$rŻ(/Ia3 ͏Ww1{JZ>y4846<{\g:Om:Jn{WÁƃ9ʓ62>mށG%gjB۞(um ut,\wc Q #.fOY'Ht9v:9icuBHSi[Ĉ" )9;dFRɊb;5_|^̤OZ=q ؙWgyulavj\ÿoĥ!A”` |K${ 36-҉\IBq#MM9RZ}PN:AyJk[\l(PN,(m'V$M+_}-=ܭ3s#$0gm6{ێsgE)LW3Ӭ~ig+N|)살w6@^>1sYn% ?3]&8>ӯ5b̔V9ѕ~`u-`soZzyw z }nAO)Ҩ`rQ\c Q763%gp,YJr{@_2o,P)y& |}ғ94'C"y~j-xZ'Lijn~P)2ge#LLR](˽Lʧ4_ w 7wsN-EysbKmsGzjS*MQ.A,knͿn 545;NuUAT1trÔx0<[Oh'ˠsoַcF}T;yf`?Pd&ecڔQVٸD,Q#]:_H@n |bqMRT؇fyaBrz1 Qܲ&wiawi1=Ёa!1cl3Cc6mއcM25vr, = e5eڢ*2>~Jw 8S9hShWsHLkzFe@d]dS&prn `P>/@JC.L|  ]iN6z m¸m+D/\W%_/;gEq0Ә#AY؋}MKK2"eYTXo:9@hl6#ƦVm㍘P jrgz5/ani0 Ұ?D\tǕ5iR01!ĞI?vE?o8FXՖ%JSJ3K8C(*4Ff] (Wᙫ>ߛ3C}܂k.v, #N~ԩvP})k {5$().qr2q嵪x4I5dO-dE(IDc3h+OH71康RӅ@ʐu(ݭ쓍JؐTP, q+NJYˀ 5<aN2xn2U޼Ҕ2Ϳ 9#9ܹuAkIf"a-:Sbs |@:J9ÅJTەEDO{ KU&]g8ól!8(<;ҧ0>'Հ3M56N J9HsFJ ?c 0UŽr&(z{iep7wk \K;xk6X"P="[ͫ|!ZL ԹI%y)#Nc7ѷ7`Xo#fd\ , ߱1&R@ YN#i YB佌Ex>(6v2h G0`J۫Tqffz k9b#O)@٣Z8mkO%iQ}f0ҶlӃ&#|7rc ۛ\3-)dU(~ =xtW@jBsu`1v NXqNd ]s6arbi\[ㄛf ^Hr~԰-hmc͞xP.Jq |xPq sI qc/k7du\8l#vrN`>kϧ^19Dl ,&E%)vop3$rU̩ǣˢ7' ~ܣȪ5.Rs7پR{ ކΗgzy]OnQmHc0c5U6Ht1qj o={AĹUudoh&؞ITD quX'H)%'t)F/jz9~$Jֱܦ{-$ng,=!hdl?9T$ډ Ԝ&^|\~60墟r*\z]5=zڢ,ծ!б|K* }@پLH vTzTeD´GKvFfqL]R+Vb=i)qTd{΁+;@J0.xX=XSQF潤 {9I' ,!jSwLM=MYSdGwaGTYV ^}챭gI2s?F!%oE W\Ow uLOHk{Jz#  ` JvfJPG#w?{DAA 7`#FH%|*{g~w({2,*)ASU^Nd9$*yr,V|  QCRZj݄Gw$+CYfH<)5θxJ~."]u ,̹ǟ۟FDڦ8wY;]:mI#RKxC(gq#]D$1A#`x[] e2(ƙ',P|B*>P<38Ty/" v:5< kq0@!q=Nى]=4͒(񻊓q]4==*7fs==B3(zp=}5퀏y.G]p;"ڀo_^MAPYHVy%a/  ӝn%010MWp&XF avU|!0Q10D 64|wqAS?{m78T~* 2(W߃onm }pZ[d"K$GnsK:KO_xA 4!F 8 ÊWz^)_Xj>UG7<  p'W)]ĭjWX"_Z]i灿J'4󡉈/`1dQ{;MK&AX.ATkpqqq/R35Z%ȳS>s>~O+FA[p#q8p37P%#. v6g!WhvƳҩmO4;\HxwZra~ ol&*`j:l4C DwosSFƳT󵯦*!/V΄Xq׼;X`˰AN]!@|tb%;{on?Gݻ:)|FC\<ʇG;.'oeBW##}_=ιV+X515ȋ1':Nd (|GRs.L<Ђ#CN?s0(1ij6hnO$9)Fa2$+|NuF># oW\0z2< Nm&pd;Y^ EP)LCѨ-YzJ.^*ݶ}jv+4=KmD%XkS+Pm$5W-i8>UΫ,Tk ZQ;h1LO0&9d?cӶu&ݱ_9WH3(PD_·Xl!rn>:_vO*]ƻUTqr  m躖3V`qoy‘)Ua ABj›M6g_8]B#SgCOL ;ݛr*?m QV?|rP/]_? Czf9À˃ax;%o &xfy(@yb'C1nfJ!e Qw )R91ӥaRȉ8Gĭ}#)~NTt (|cΨ4 G]x*@y>[GNaS+ysHف}9<vgz’[mV/'1Ii ){V ʣf'0 ՊqnZy3-'ƺ7lkHPď8-,EH ~w+0ɳUI']^[lU(+CǡE{.6*v >ɒ ,Rn5yK9cPfQw1 ڛH^jhӊ6Eiz[ӹB nMi4|x"`]dZE3Rj:'DUtzi.e&W4$U1q4ĠM[u2f:DCӂAo7 wp ^Jr`JgC sPya|3Fz]2mÔ%,h+TL̓C_L ޝ8(r^njDאE[u4Y,Fszo>a8=Q,H6A c-N;E / >u6bsD^F)K%,DKVq<)ӽ=b޽xER8]/qj3h1@%^ %cctwAx 1\%Tu zJ)_ 2!PH?pS) aZf{YW{-ț~#qRݮŭAX`&oH?\hx3QMKn/Sl2[D1)ko.)YZ+i}ӌ 6yr,C;c;}OݞSR.%TPMP"vڥRpטݦT#Ċ?,N@ x/OV$Q}! _ӯެ4U~):֦LYH rܕ6.xiR^-%! 7wͷT[^%#*-Sk.XGcb Mͯw>*ƏEr󮿹X^"R;Ppfl&U"'HVCoe4eRϠJO7p{-s0 Ɏt}ccxٱ+LĔn6N|7]b4L Wb%D7#p)`op=뵙bT"ɿɌ&le 3}TXX\ ڱc] o)7\&=&7x.;FvG-&0D|-R`m CLQ!x|N6)-g!"Olq90>ֶj‘I Lª{SEI_kF,L3"k, % !vHOs+A_YƠ]|ݾjP2`ۛڹ'v#o[A>YV)jH:}O^X|2b}QJX?|. ~ܮH| A,hzUrT:&bN *%wm՜Pmˈ؈D0 *s)Q1myw  X(ȓuXr ϛ6-|٨-sxv3ʡr ϪeA}+7]q;:Yn㿮o+0dn7Yx^Mo˲V$tpy\rP~]ߍ` 0d´E7\fYV#тC1쁇|CQtX. $f']hOjh_E:HNټg!b`GS:^W;b]h@j!q\47_yNV-W'I35Ⱥ>!@ը=+m43YRLǞ鼵s={ok ձ^pfvfHsxF[.}f;~eg[,qQnF^toRRЅT]9ޛ"%:#3L^Vl!X]b[˔V]Ǖ^cb%/ /9H鈩c j׀e -b%_^*=;Mݻ[#ש{y_k#_F4ڀy"3uT؜zjlO2~~c^<\ ~{fiD"}R.$u1Q~e8LN@gA.l5j\&t˺~wVҠvްAHjLvfujEܶ'\{kWI@*vŸ\S1` =-n^ҭI^D= [W pl=B E œo s6dQw ]ƭj@5HB"zGoUF_/-!v3&ВؓҦg`*̡HWu Z)8I.bV&n_I#o>+]d)y9ui9|zٍC*. jٸ~WkC6~eaK]|59Tn.L:ϑ&";cDby%I#&&F*( :V(D@RbOaق(z2ϿrE_`$Ai7^ S0cڑ7F[MS3zNC4]ۯ[W L']g#[穕@gvv\d$]{ srma~5@:Voj]/YvZw}cOƼ\״:qcTde寘4 tiڷ'αe깐iɬϒ/h?CHtguK0PRn,݃f-i\;*#h8j@;ڎj6ES2%xA~!׋onQP㾎C9|k`[hI0ҖW=塄`"H/ub 2GpE/Axl"xUnA֪"D&dWn 8r4nZLp$ߘ!OZԣl .-#SHe"{ 6-VF,?7TL,&1A%&iZZypqt$P n[ʹj`2㽽dD2¢)I9uKltVԀ?WB~%`4-TSy(HUNq԰K9}wiwiO{mMާ,lZ[e@jRac^JՏ<`,wwIbs @yDiތјe^ ҰUʢV֝ûX|| 38 Lӥf6Br$lO$nKh^nliօUiS[Ij Hll9j@{!+V@#=3ǀ!P|)AT[8ڷuD%CCbY/>oƃdBɸjCa E%;:#91aCr#~يA}~,i[<} 0>h {abY`ꆟZiގ9ҿw+U%rz9U3:%I}AAn^yNdy߮/jjb54q*HU@~SM_ "{ƜkDO%n[ɵhSț.x^fl%t{E`н;m8հljv#(G-#)@v_AeQjhCq ^|𶶣hYg\cLX|,RoP 0&0?ĐwhjaYp2EN_dUAc0V7@+S W-_WHj Y퐳ζ-P'6YP`<TjnqWSq6g,dGO7AL0aH ,+\i#q-Uc>rd7P7qxMo53`\ߜNgz˖EM+Kc#Pg=ѯHI8qEB= 8AZ(Qkx`SCˌe~ kӱCg+D*8X ~5ç(߶qt (Yڙ!Gn 6vSl|8kE~Y)Z] lU('-|! 1JcL ;i# uS!_ O & IcxZk[!(BW-9:P g3=aG؍2Nt0M72*_elU Gt/*[ NDLDAN RDnTb}I@`A" KB}C|ؚإ&ߌZ20=OwiƽBNN i֖ޯO2gG!(  7tGxxC~-1tİDr}x/F1H0Cb<\֗Z9נoNZJnq~|zjX, *ȥ90QG}Gg;b1 k۳i Gk'-?de Z`RY`}DnO>D><ي W)}R'=o[O @.- \̇ L b/df}RAZ?ڗxynz΂psۢRT oe "$sgdoe_f'(5 NLp:A,@$Z3ӍPiPIVc9k5 Y89\:=ݝ'nvUL|Ҭ he#Oq7~V7g'45Zx4a2kZ}MrHh޶64)|؏OIߚ;"m~l?'Xׂ逩spXo,װJXjpX\w?y/ @@iW֋:K.[脾ӓN!?'PSδ TGސuZ-4LNw6vWUᤈBV$E.OQwwVlE0!41YoBpnxM):o\a(y;gМ\: .8{_z7S%>P۔,MI0֟yz zTTGr<1.e΢X;i q^.鄟gv4g<5ޓ IDT8bi'~ TE8%Ѻ@r׃ Kŏ?R9;_iMBKdÆc7޼Y*+Ǫi-vXd|Do̊p-"%1\?DTr~s(Oӿ+eȩѶttjri(~ xdBΰHZĺU. UZGUS(0-rc %AT(9T.uY$?Bjstlx$g|t*Y Y"NȶGfG:AW} Z;{Stl?sF1jRZWVsgPPk &ՏPu:)4noG("kIZ23D|43ߟZ@< n 1d%glh1IqT${1]#C `ۋܽ[|KreEuYu`dk OO54w 'H&* +Xj.e h3Xmd1:>Y.%!$սjX Ժ@v5CF&$b[B :l@ ZA`?a 1%Ϥ9 X'߶{=AzCN15nʷ-3ݻ!p1L8';ܨ&+}5p[_1uI>۽_xMLBKx%NZ6vJ٧xuR&1Xh0b昴 Y uShW"f"G,j!ehhO!&FL7aO)M$|%Vv]%pw^?rjE hq!ZOL+ (3$V&dx C_o;Ft%|"  bnzמ~pl~qzddڵL>|!/j3>_ByI*]pDGGJY3#Zs}ʌ:NXq+cœJ|OӦT%pI+a֯j`d[lב%됎}`]J1.%Uex1A0Gd$9Q I_8 Ld gM OKw+kf̹bSR;&3Gh9R)>l(Ae̍,2*u*KhGY?옮?ђ}͎&Nr7 :]d(_.:g_6i_a΢GIȰrST~>S{CDx ݐ$2H|+ߣ`V*x1I(yl79ƣT0OQ pI#)˺Y'K \F+-i^M|8T &_&<ۍ  $ǂc8͈\A4`BM;SH~*%qPA2"F7 PAog*F0W61{m8~j1y38VoDV7To6n\̅1,A+%8,H''{49;&^%II^0SČ*z1ߞ#F?j^c)(b\\}A%.Cyaob_`Xsfh,P<ɋ̬RR W͗:ʮ^}ZmU; W5 qLF&,WikoZ r^0aAa64+TH= G$7Q{uVawtȨ{>D}]=ޮ}U)78"ܠr2֓\'~aic@V s-XqYx0T(rTOiR%:ׯ/ Ipuͨy'SROׁrvK(dy҃6{QDi߀8B43Z"XђA%[N%ZuQT n2&s>R &.`?eyEE='֗Xe;xy5Ζ {b#wb(9ސ^\q(S l2o9x~M&6 iJT9h+%fUlTGGL"iefuޙ?E@FNu߼G&YYB %(dTy mНvO "*U+e\U?2Hp#rLmJ,?Cp6i7S@቎ҋ A}!h%EhU(Q M>$(%&SL T2<+!#˲f=E` ŸǜR5>' l&.0(h`|5[;~&.y}"dhK"aݢoDH^vl5XCy ڙ&Www&zX %bU*ݵނC)fuD~e9ʧ#ufdik 0gP[OptF5]6> Nޠ۷˴r=\7S 8#:gi0L40t_c p_f@{CHt R𢱉j Kle"M5e6{>?(m]B ?(pȌR\QSS'{t)H\9BK;u,1t:MDӴ%RsYF$8<*yyP@(^_P]op/Z2Ȣ TgV qUDZ! #W{أ; c/b͉[wyuqt;rT]l}NFp͝&h!P)v۵|-&H.ZGwڬ2gHw{Sf !. Md@"4%djT짥૩qRRf.%ՉvfJGG\ӬФƀwI.ҳ.?^JЬf]Emxb;ڲ:ֳOv.@b.NۤC(Rkul\xBdZXo0FukrkRf򝸛BFx'lxc׾ YHEޝqMt/_>"kH;ED3A>v3+])j-ck EOTEQ;>űQ1٭I:dWXZ V| f-Aq(5xF*!GXO$Ւoqrg(c}_rW4$2FrU-΂]vCnoyLPI/^UGws(BYrĆTQY|J.uϾPl0 ճG)͕q[80]P+xu+#(/X]a'!W#8rDo.8`v_y&,M׃ND3]#X_>h!ګ\U^J+j{ |@Q}x~Z[ `}/&Wu].>t+OZoQ 2VNjx`)^|.TXT9*DK9(+%qP9rd٨=!$?M85`wp6`tև ?@]` u*|Z6|qJ;:o6jI FMry0<\6U+J :|G Ejx6ەN^4.NcMuM͠Kk*lC_Ipx DԬsGb# [Жj&1@h C i=5q dD$;le"8 ¸VTЮR{[nS!<Ի.:xLFvqG$lڻCC("s0?N:&j{wf8geC_@T~QW+ФFk(bpMdn&BfXN'da6"t+QYJXMwabv٤׻yzm0eNVH8l\A4%6`LH L3Z~V"iB %}QfD]/Ǖ@ Hx౧9v[w~}Of9^^7N 4$YlpZTG?rW}Pyڞ䎨v: %:};^pY>]F}$3OfןC%ˌL~g>F+8"$q[K1W.Mg?nƮ)fx怂 + ɇWq  ӛAKpƿϪ5Fs`% J[ZX¾?@cjWBLy~1.bmyF׺fk `4#RO3[3>?eC|{1m~x<ǒ8O _~ .#i `Gw5t;~ns1j|Ƚe'2ME˴NIMq|iqt{Hl=o+׃+#fDȈO: pV^,L6ᜲ CAЭc#u+>1 ,BQ nEp2nn]jC<0o^\pF#Jk WSY`.>s{闱K_B|VLFVS5#[G135U>* mG^J@dN|S"=";#Ie_Ьe 4 %U'%΋Ѩy0aE$ij(.еLsXbZQ2{nN& WX/IIč=;!g:ƞv;Ȼe;!YΖQ$DK>-]+ ul)ۙj,ѓc؊5&3m{0W׹N69cX ViV dbޭo(Daq|pGK~XDx)9~Nm (IV.츚J v4NbV?:{H*, prf d:X89J,ZAD:sI/y^>UF,0t6&V_t&nq.#+ѕj/n2\_,Eݠ]"ca~Wc!Pl߿CG}dn'm$d jVyLou:ӰXI6 *&Bv:UxWT4{A@:9'h^@AJ$2qǗfk~x40kHJJ;%0WK谙rpvb~NP5Ʉr\*x۹'aUtιlo<#A!V_ɃYaAK(i7p.o kTIG&uّՀl[ 7= `-Њ\y ՘퐶S6K*.`LmKl00UpȎoZ9 =Nl' 1G19暮ݍRѧH5dYhyjoZBy $ SV6{{Ќ'Zhnc EB/r՛ = eX?mоfKm|klqDD*Yum%.&bfkFqJ,Fε+~8HTr 0Eܒ_k`Թ&5"(XBh!u*2+Er|4_T%)HpԲ%;64,"BT53uM3(f2|n.vu3PbĦ:'5@.T@fE: q H,N>qa6ݒ>bP:9 }a?:{,Ĕ$EolRM3P:Pvk? A ut*$\6T"Pd,:WFA+G&^r3nJ9zW:/o,^M6mƇEGƹ%uw8bexRUMw:1zA IVuљ<@RmYw$J`(7H{+qWoWx6l$uʓƘFI:ui]oA T7>'ճb@Bˏ@wޕjv2Wڗ\T\dvcU}܅T 5y=]]~wsWZP_^ zS&Br ί=EzW[15W& En/^ukݥסdHQȒ>h멞$|>#Fw/-ӕȜ$=4Ѽ4kCSCa68d}ï5g> ojWg+*F+{ I$>X8Ŋ-'H5E07&ߏ-|@b? >Ft?#k=1oB;r@\ (QK4wl|cH}NB]SGz^~xתÙ)i^+Y6b`U%TWR*Y<ŽE [K^-edr'VQ!WMNvcdf]/sgzCGs~oxgm'Y\E6gQzM4 n84 kwjOyYwɀN\0H=:;$=+E4X ŔL*&'=7y G)OAH-3S' Ё^|"N3fIGx&Sg 8?m\*Ȳ½9SAJϕ=C)@#zؼN8,, ƅ[8[˄O^P"7h*=C"KUhQ`;oPlR@Εvn[+4f|ncr:TQ)|l;u+z`$rX?[=hѡq!@M}>5 xX5]\lMhc>C_2 b1^p9uW&HoP2ʫդ]nj7?6,"RFd2jkj\i?v)NvCH[ue RFMrr!>IiA gKpI/gXscq‘jY/7,HEx @OXŬJϫi&qs"?N񩡩;fZo^ o1T4=3ƕ$Ѧˍeu87aA9nYzcQ 'C\D>indd?K;8-< ~r5.L_Пݛ29)5fK%B׋qD5C312)q8L)JkI.tZDdPrQ0[3숲(l ֥i_RY GN&QiaK"'RV]b=O :Oz]!pkd9nY?բ#l) >c]aX iV 9+FeHQw{DwFC@7,2y+A3\M t^ =0eژWԺbɲDL^5_c}TB #zKZ쓁]u}TOȎ&G!Mqw͘괜$Ym+ wy iZfwr7@vb|j.rk؜S-eKa׾w>xaIgqRף;$+oB+(AA^aG{P r昮v]o<>J;HXH㹽ŸDzlбHIc$*`~TPBњ0CZK K`DgFEf&rn,U~>Bq}$:=B$ yd# ԫht:t݋-{=gYo2 w†ӁhbyVU5qqiaDAqa3פtpD!e2Sg6&f<ă1Ì+KzHF/bvnݏ!̖OCu܌an[cÏ]PwBj7ֆ3[ AL 믛x*,&^`3oU}̈́ٵn<]hU42@_suc88kʣ]NQa q(6aTnܭ2ɷ&4 ֙ !GiIlOBQM:k#d1p)Ug ԌݸWFݗyڬN(u.4~N6bL< >_`ZGB~}H6MG)VJ2=8R`bIp$;L ɟۿ[0t7l 2#V՜{Vŷbxê|@P(NqpgYp+h3r};VϚlnv`{T#V {3xm{R R6+‹=2tQ`5y*SdUCQA@lxWC*٤1a\YyG'׉D5!_0H=8vIJq]EI`"I_cl]بfJb3eT02N & Ҟ̚hnKmL)6M!zBdOL>]&UFO\HG}ޫ?*q`)̠afvolJ0,0``[hM?*h]cϺSrQԞZFthxkY9~vdC2^^ѣ{ڔS,ӔSI/,UՑ3-_yX Au,ݾM'qFSnw aH䥰onIz-CY30zdJ׎My/T _d+f=) 4GWӜH8-7! ')FS ?4\z(JlXV uBm:B0`Xpp<-sT$~+W-u9޽^l!'zJy]Xih#FtIR 5DODf j49b4+;S*Jә^xw }#7t%|LW݃r0޸POxt36FuKԹ=b'hXyl_5{^eT**/1]3~cϬyXÏW8FCx|D H<;fr5C-FY4V kӿh99H Ht-l62G4IpaJP"࿲*hZńV(0Mi-(RT 6H$ ,5,A`e#u?PuAp}d&yMVԴLiSZ-˲mO3k cs \дѨE8G\[zP!f [ɉ_eg=!'\>H㈞ӄ^icݺ.0|Z.ò3#n̆Syna O42\[OHNgRg\:4Bc1|A~9QΛhw/RQ ܎QgpH?`vebKγF;oQԸY&Qçq~2m mH/" ]Dc㛍Ecy>bU(QM\QgIi Y:LP#^vi4]cPt9mKrLȤ<:DXHjs~:ᐨg&YI琊BniH%?8NGl6&ͷEw/|\WEוQ9?y]J;-xVXM|d|YDh 31-Ei;a2b@'Fe%)9ϹB(:*2JqK() Y Ym$i? =l1'}|EVh BcIi ՂJW|)ߵp@B_Fg]!ưX̘aHD>Wlأ5zJ1p$0WjH1 H}-7[fi "Yׄ9,|@F}okiL~O. hRLC2%Ѣ-UC>#a|/`ZR- J~;$g M=Ay|xcrWQq/|eLH oܴ~F BnCf ~ֵ ]R 0X<Z(*̡ނ`W~{K Z-XS/ہż猤կ]QIp|~|~D$l#Q0B1p/Q+7G>~[So/t|)N4;q8)i&RBPYK*:˺Rr! Ju:^n}DL1XL]2Eҷ#3ꔯ^q .L,zmiLK*3:|*yj9zVj痏[#ag<$=Qm$ T|fi;ao'Ūqg$؀C7K$]g0i֟d}!zH*=yB>?H jӅjyܿbRxvZU7ŴjqpG!_8{j5ŪZN8zD@I̴Q7~nkj"W>Bgٵ ˙YTe .3N/'ÞZ*Ҁ& 1 Q3!5G߇dx UK{xءUﶴIP44VK5y\t`2\Vvp;E-\2EY'Fx4Q)]!'C,eU8|i.Xc}Pl>qJ`GIK8wn? :aY!_Y{1i݂z{y_2=.S+ 9rF\n d=1*}˨T d.*J}(3ٵd*SG:݅CL*4{Nւ(& F$i*{zS܌U:YEBb#[7ia4Avf=LKY[|&8f8 5Wywndb6%,^m'4a+ÐBSA 7zb9m"xJ_J lOΓ|< \Yx'S7 TN\+e۟|?2}>S¾F@ڎ88V>%>= ;y-vbp€U.*"4=c+U ` ߃F!6u?w>5YYި6ٚP=t G b!"XNAD9'+,X #3pPCс/xI'|ĿPTqxNz8",l-78nhz%n82RA^( $TjАɋ$oD-WZkU ojtHC4XkkKj*0FQy0\3ca"]rn>=1k5<텝$U{;ͽ:FM lGD2X;?70(DDq6iFuk751(QNC>cj1su(VŅ(9}w3,=Fʃ%ۼ L_Mt# g(W ^W𕻟3IeO VJR;blְUVQDȲS [HDF# }C]ҩak#h^'aNN=.[F6!y5.Gokݯq|7d)ejf(_FvSRD'6qy~&|H9KqY-w1-DwzZLښJ`pX:mR<؆MC0Le.<tWڥLpu\#S``AE>!_YһrpX|u:S^(b 4 Ғ̀Q;dE6=H hM 05ܒu/!t-?LgnkcTAX9^\$2l)G]yh\򑊳Mp=̲'`g*ŽdԲp$>HGFT $m}~Lo*=-T̐ynᘷ E 4eVovk#Ǡ?M.ڙcDڲi(3YHy+ΕFb+J}M%hYYODu nj ?bKsD7%T2 N8nEr6αgacG}W+":D#iM:KS(rK\jrv5k:1Sh2噹u/ g)/&lPq+($O^ye4{:y,cؿ5%Au8e!uS9ꬖu)g9pykFU&󄛯-l,i~AcY#W1|,Qv-K%B[x;cxXGg-0g1CCNP"tC9ܷA =V)kkOSq 6./4 tj`*b:e£OqUY} Z5TZh6C1 ѲJToxMdGjm^YjC|ؐq xdb@an!Y}muI#Tه_ߧF O+V0?5DD @lǽ^yVĩiT.p.=hVhxM3Uց RN1'5 ,G4&.xGo?R]*QUK0B>򧮂RDa/3ˑ 8Jj9jA,`Yza)A᠋JA396!05 .ƿ^t.\qҕɁO@$=yj.3&D ٽ.FQ;5h(j.J~K}N`5Hi"t )גIVj(qgj%XLtǔ6a[6ˋiNy5r)Жb[>w^ C FQ&b1ɳ9M@)?r@]óT' tv2ێ-;kv8gY}gԶZ% ҫY4=(ff'lc׏@(U3Mn/ڥ+m? ܮ&K5 ^Rںq림vޅ2~6ͷH|DhWӛh:4iV#1p :9w8h\;g'k PbAV(QLR"͐<\2*BR ;0׊Ld!TCI*k\OmsׯV" W'&g?;4RMaO*,CSt>FRk|xVW0g|+ QXMm GʎHkՀPm-P|q`%F¶7 x[UٳhZ>G|>ʈgE>/i%bt۸ j-v\whm-Zg<\H>uaگ[9Xk6P5}^._" g?/Ma ♞lGEfk8ͤ 9r}JfR&XFN%pX.VXgBYHb؃T? ivƶ5 ۢ{g5 t9{DwoZǐ9EVk7ԇ=l xK`r[׊)EBV%,s9"Е|Ų5K)xs +*י `kC944y8VvW&%x6FYKa3sgXR C3.ܶ@NvWnY-0@P3Ա`jaeئpܭ ױ|J =Tf(rc0PIBnXqGx+O}\YvΝ0bH=s:;ogDAƫSTWgv7{:,зOIY/|^!2n0p, Sb%Mm+n!SМ wŸE<_.ī샀ShtئɪUS"_Nȧx/F;o<`E~k?b%1!{EܮDiCU:J=SщK1XF |vx65Z3Rnbk}aY_ݧ!qbRHr\^`8Y 9 4{)YIgyTJb*o&Bl6,ĺDKm~U&x`Cf_wKFۭb"i’4̽{ u\3I%U_^hs/) ?HI<Qhmݏ`B7S,|5[vɁ:|@xœ27v=h5A@ eM0访TE,hB{C{Uf!o>Z.ϔokYBk'2adU6>/*p#1Kry}^qyL28ib(ek?[itdB5'F-vGʋ"GRa0XtvƲq)Y^\Y٭U]w'00WKO"Z˝w#nVgM$Cִѻz(wh'~ãݢάffV:gU!¦G%Z|n9['n)4yȂMeDOqsarmD d!> 6(*sf̃GF7[:ĦjUpl?Yiޜ:pjI8Xy2,p چ EJ{eSLUxk5}}2^Uc8(U{@HAvd`˾>Ω䵃Qvy~ZI4k=`ө VqC3Lzkr@"ys~OTD}EAP ڷkrG?O[5^3ɿ`~ʼ~Vu  QhKA*cLZ̥8TIS/5o-ϸ/4ؙ ^&-'R4iD5]nװۉ邳.*iuڐ "B%&lʨsJyU(5UiU>j8hea`HT]-Z!N&Z(Pփ%+L~՜brlGL6ԹL2c\ BZ,Z7'V f/`SyP. t >U0>_,o-l*h֒J#&d䫳n0V_p&JG˴d]d86`o{ hoa<At#϶Of}S&(FnJPj,m/e_*LY^N{>,$Bt0߯.MQc &\U{wC5̞ m^ RI~?HI GӧJ^TY8͂$500_a@5w xaM#Yٜ[7 q)/=`yVӬ_f}3iOֆx^]pS"+BVG1x%ZOy=| :lGf޼ߣ(囀}c#ee߮5cjJW^ .,b3meiJ9}L\"W^L=p1O\KvnX!cm 3OG.Bנ5YּA>1y'`e(̟|Zp%tgT1E|IsoԜ3Ô3hvB)Bӡ]*7#ɍĝFE|TJuRe[@f:q[l6T +Mkc"7Banen)~{,#/ [2v$;1r4Hz>mV[2џ:P.h%u%8tz"&M2~/# AM7x{zgCxvyTOkx@iK^_x@ LlY}TG֌'t$k滓z/1_CsTU)$9[\ɿ#Eq]VJT B l+CQgQָ3~F\~,ؐ,}3m%a j%-q۲LnQ\/_M,MP Cc?R/ݪT΢y#Y'!;SS8^r7 Ia})_2t_[Ox040bv!\nI TyRbベFqz R>s\ XXnMp突ﳦd?}0WB.j[=o3E9bεv;?5z瀂 :(-.a&|u456HxQNY,|?^cΗe ubeU\_mx>,2~wi*2%g_֕RT9<^ (̤ytμ@ +L5"|QS4~EZpL)kcH\殺K6z#%ϯ2>qdLe8-ʦUYk1 ɥI I+i~e0E~-~>,[r %tHmJk; s`8@qJa e[W9ur6pp%y{&Y]pz ,fe<՛U&qv6}%h()ҏ$Wr,J?: ꎖ'dR׉-.>Vdex2_Q0/Yo #|_6\Ma B}X!tS'ECBtL̫y ee1ZFv,p xeITZjvV{C ]No ,J." (RiGS1;}ia?-M,%}h{NEQ/xD4@[8ĤWUv*YYmtP8~&q识 Z@l(q7W6x)e`؆WCSw5t˻u界STaOP0X?KI1$I&j;`l+Np].ӿV&YU]dsA}qR{D*jvbsp~tT!he("^0nmZ GBLZ+573鑺=HmGIu!XH[ۧ< 2+ ]9cjbuԫ|Q\59V W-'Ⱥ2phR>{I\ixCo5SubF95rzo:F.)?UiqWMSAk{+;CoI?R@e`gN< aҊ5yM܈]6ŽX1_l0x9-|/gk5P&yj4HY; ܌*!&P*.R|e1(y(&-bB/`/fAǠiDN}O*riƻm 9Ƌ"UʷT7 ##"0摒FA7FH̰MD:. :~hyuLFJz4H9o5Ąy)2YPZ8&Hc]K,q+jU e3LAa8myr =5eKWJ7pԐ|e@U[. u*R9'I'|mINF_(zfP*Eq~e::XoQ̋"}jwoŲ~}I]aΙyXI` /k}f;AK c~.ԨueWQ6I aC qkK:" JH{0~&Kȼ H{VS)zlunm'Ŝ0Wfs,t䁆?-1'\C&/*9֥k?g]*{"?H+&vC&֎4,oɬ`Fٚm9T0K[3%ǝ œc ^vh$+qA%Ľ8d/T8'fge]80֮&?#~qN|I^[Ӹ`y*URDɓ(sx"z<#88:5]̌_̚slnOp<;!h3 LMNGo&[y=/Wb,qtD.1}Z 䛺sKؠa"Y)uJ`}b'Eٝፖi;,N6U n(?& gnL<&0g&+0p\+S!8~T k7"fKw{ ePOsqe?1NY[XQQk\(X^f+VSn>Rb˜⑈^ꜞdBiis>SNUGT=a-#srDwܤd|9ι `sVĔ6dq :lBUfiŵ`"gxIp_)uofܜ>'K\{)LY5Vk;ie TA{ m9 Cx ݪ9+C8Vk.H+y cϕ ӕϸo}{Hd#_`ҶiGlL} J Nd|P?dB^cӓujLr*nD|$":,cۑ~Q?҆?)k` ~vn"*+I$!y\+kM"՝L59gdMEi#5=k*THX@j =E|yZXK*=Lu6)(k+BMmYtVu Sg')@eʥ̨o$|WEe>fJ+ !w]yh26*cݧNk~xNOl`F?S5U&38CM`D<~Y^ZZk-%i4 OP#TVn6:'B?Oo錡Gx_Qv8uz1srL۫kR1 [P,BC&4! FoC' Փ+WQ'@ 7zq#Yw?٬s'$uüLhur!jZQLOy(]b%:HĦ{r(Kv%dκ3f)-a/|="0H5aIF\/k튧Y^&EWhR"c& 4VWg,mSWBOFN~`ihX~%*U`EڠIX*!H|dqfm+onqzJmIpv  K9levC^Q+!:{^Aq\o$÷@SXQ;2U>|3tWHl_5r,gV_ڜ6Fx_aR#Y;^?o2_Nt2\3R.$sQ]'F"Qi$pp+KוԹS+jN:89P+EvLއ桰~ʅZ(K3̱Zuptu:C~3O Ihjj]Z󦼪 f'Qx7>T-P uɰٜ \_GWtTM4b6ϝ^Oeh!t|@N 7z)u}]󮹷!Lc~:lE4Ayϵ:#P$܌IG,7_5qEKxM|@Zn(#Zy`y0E=qxs9ْ 6K|ӣb2C˚#mٗy hkFjvA'ZlVmtS~3&+'-@AUU[cw |qĢ{%e6ͣ~ D@Dn=(Z1ȖΙ!*| rShĞuaczj|Я:3Lw$X򧁀*:*Y6ړ}tBX07(pYG^f[rg 1, ЦvZGKM )[t*R:pkkl3X~=@r7-.Fz!"+8+z&ϝKDi0 | -T eo䮬hIyHb ts&Z1mP_؅Φ`gsÙ?>K6{tKy"'<'  qgҁ΋fe--T< s !7Mn*?A9Ox [\&E*Ҹ-œ^{7xUa)X=O1T& Hh*1T(n>0ȁ<|ףj6}б#~H _9GG XD8IKrt44x ә( w`iGإĤ&bc_"(^Ԋ9 Y n~|4s;&` -g{ ɋ)y$j"ޔGa >P*0ajO!<JMlUL XS`W^Hқxdc 7G"܀ v.Acf!*$ut~iy|^ tO'UTGE8H?q{ߖɰ8aCfbIEw}͸ |1KQkd/%$H0bтAByA(`]j-J# #)B}3=cVpA]aK RfC_Gw rA!"uw^`V:1^԰zˈqN5= j c$*c0򭎡 'sf^2۩UV5:Z d=9D"R~tJ6(Y5a~P/!W֩:OohI.Ym z h!lb:ggpuLo o3 Y{+d*mO[҃k ˃P]w(C #vBQt/LE]W Ges^g ڠM }vvZr"E~A BWic*[i /i}zs:rہdwvT%G*JPWw:[S#I)R'j>nB«/ ril贎% +T\bR^FgF%8膠Em_.Ϝ)G{4``$-̄8j?KM튛^TsxQ94׫`Y q~7ѭv?T302ێ)IG`L:Aر͚28{kzZǍʻVy N'~*beg@dus4YE>ӐyѤKAjnqS^(,퇈}:8~㆑: Ҭ#iޓ4u?P̺kAqOR`%&66Q)PCtޢ2.#Ȋ$BkLfMԴ(_9$:K5F ۫N6ÊNтM~H7smI籐V\Z7 DZJŲz[ٿ(e`S=Ŝ'8 -#,B`G'ٯt}vp0Dq!4b49*ȭM̹P3h?֊!բء=(y!F?87nd^oBv  Dg=V~u ․3D`_2~eCjȂ'(m~7rM ـ 7EieӀ>Xl"puPx L'l 6e0ܳ>9$oK<ɀ Va,^(J'Ue X (hXd~iӨ$L*ɂM?,--^_#"뎊[s"'&nFuݓtǩ+~t N QZ$B9 5U%^li[vs I?Q&7<=C"fSEOH.׸~ښ⌅"!c%_e.xAョk|@Z-I} "l.w+8Iuin uYxhv{*S=JV(M&$07_Pϰ( /6+◔7 KCdy$-.>;ZIP-dys3@<]|1*DDe2ceئ"w<15wD(kh @ 4ff3mgKJ9>?ws|uŗ=rOT`=ԹcgFWE0R[`F"vN2_ugjS4msF!M E¤-sE<9A&*2 k(L{} !fo\xs~,5A ֲ@>vq-Р0CmT5~W{T/j'AZIF'2_0tM?z_O|Q1̦_)>+=IYRK[ņ"q),({qG0D"sQT4 Jsi5搛"U^Z ZWJı],M)Ucucx½3۬ ֞y"o F眉;+ޅ. [d3Nh~:`"T@i,f3'_g1D W#4I. "N \qlf LXH*}o1(X`p%v Q-XDpg}utEjHPȗ% >K++HdG)UW[&Bix!%@9p06^-a;SYlDCgL7Q{d{E-PCʨJ`+?8K@`qAI(խ$ i?^p:#a(GgM6s  WO]}U*==2TW/~Ӂ q ɀX3?V BH={7=finR.0['BLh^z ބN 8꩘߄ܷ=2mVJՃtj#]l1a%l#TROm>MVDD{EPB$Ei=n Mv].Io!C"0 _q!>|u=ن/NJNyΣ.Aːȍ zSM+sh4{hRsw.}C-Oz :BP AS~q} $5wUcXW&%ijUQƵxqpH 4hY*x^"XLj+bl%3_V`KH^ ww63KFPF;!p?lq~4h ;ݷ(kɚi3(qF$6}{22ϤcK-p3z3R Z7X A)\/Lfu_) S[ r5zv%xjd,<: 22ǔ[3{ P7WYS2.@in6Ggm`\x!dG*Gx՞Ie2[WN>adϽH &qIwpoՀLvt T"G{G+TP/ۛuM !2Uzͺ!ք9%LHhm\aE+ : wGYS}) LbAP& &%H+c ]#,/#lBD+SXIvGdc!v%M̨en-ϙgZ>H 8ڞOJ7xK fڒ`6ڪjjwGDDcHanltAQ &mZZ3exZ^VzfT;7)8&nay$>6q003*8xE/O~LL0J8{8@ 7WPCs=EԶ҉NE M 2mUWuY 'U;4fk43`B;Uﷲs9^Lsa(1.Rt1:jȒ9ibpTH6̬rw6ph8Ҁ'$<#L~^!Pĝ!w*Jjz7ח8Нl2ZjR)*lcrz l{Jg`RB[{+Ϯ ޅH.U-/VVf]+ʞA?r݆z`0pVZFϙ/t2Jqi#ÐG3 ƜǼPGhN=U<;=+521zǗnX{~<=%~`lyxZb6X55[Kg#SȄMߏˀDZwS%h2)!ĉ_~RR?- t~K8BA {vsAdX ̃0:Ϛɒ192F66gTUPC7rfrccxjhI 3۸Vﶃl;5,Dxi7E|[eh#QTx mX1rH4r#$BՑ:A7[J(|/L^frK#K;8̩Ӑ= &>{̢_U=(D;rw tُt]oҕ@p+;ǙlN<3)]4\FENhoƴ=#MW𶠞Ū1)JP?) 8^ijGV{aND%3g^drG*mTL\'$IW{+yл8 WXcy0iV_&1HI^hN呼cJaݵHLu/)&*sIh|ױN׫CNp#iJ^`}"ĺ]J:{oqW'|1l+dF8C;8߶/6`@ |Crm ~fki^1gZ¤xO`]mۖ Թqy\%n'Mح<5̮B=:Ψ@h!=U2L4g+SkחT)jJ _AdƋk\W"i*_]\nr`Ykj5k/ӑJu6{TSb2b˅}AF9%067[Q LƛgĎ"#^ucK|C4,w:EEҚsoy:+@̶! ɧs ex;YRWS%oI.u| GׯPuAYAJfr0_*j^O=N1<Ȥ iM*3bP<>`2;#o':o [sݛEWN O _}6bt 4R) ]B_5g6R_ZCk`.J!>TKb"\ P+pw9=FvwMEdĕbRZָ Qvw6򠕜j YLQ8dH]v{ޒ 16"BSPa8%=9'$XXBG(:Q_KeW|*W:PXVS̙ت%ݗO[dmƍ,Xa%YqД)M|dxa\g |oVpVބ9LK3*2 pRsi, tψH&LÉ,1J~#˰4rUtF|C{ĕlpݎʬT=bWBrUxu1q 5O&6qj!c)^2DRˆC ; /.fZ<liv?TKɑ#v rcv)yi6W% t="R#z z 3޹3\7 0 qhPFP׽J%kM.ڄ4.m[өUTR/V tu&SD7}<996pyl;01Zv}x&l*mҨECIiA5vͲ3S uJ-HM'ޮ &24lr4CwSSm7hvБ};rv%<6lH Qg5N 6}+ȁqO,g6mtP;NE/ `\Lӗt(JQ%LE0k@dߋO gYrK)SzwR{lP1u*eB732=d4r1QV,8G"DE%VZw _t`jGttV>TfV?Nikaf@QuA9?$1gRx;ofMN_WZ/t\1:9{uj) :ƶ>$Ҫ25:s§5cjY@=85LjN!;}d;.Bf᎔(4O.Z~*L+t?s[t_^1n 7J=pCN\(5`Oi7fVB~Q U8 A]r8P!WUF{j2@$]7"9e` ,YUu0bZqsG Q q?]~wɖ\q~ US[#8(r%z+b,O"'ŽK`-M̔Mvd"J2ElS5ȦI&>?(B&at6@7J,7V9Dr:5P;%ߔ&rzS}28$C[QMu9ZѣBmUhF$+MuNx9X/\9!Cd{@TG8xjE sogCfb Mi7PTu#u~%r< Rpj~^[pL?(jѮ$ nOLʐS;:YW7U{ ;T'@ew?=Q<,9dE-f̀81w犯 nZxm&qHDg^ swO?1rƺα/g4a V穟\lX(jZl&>5ʝX: {· I U(ȡGzcHP)ZEre-"Gr`)YԤ錼l oE 틂I]mxOTQ=㹲#?G^9_7\%K3CKJA?筝XkQpL.]#pYidWgD&^S#:` K6+h 󎟹a;NhXTK1K[r']~3e8xqJiJJ|qRque')5o0jhV؁ū o D 3cye Y^AψzQfvUfjձW4Ow!Z'Dh :dF@{|IJb鄉zM%dnWo!h䭛C^8^sa֍LYl16|+ԫ2}OSIuw>9@8JNj왤Ze$1P) qЬN`*5p cc:Wz;*NyTD%c##@N41dCӬ{u-1+p ~}sYwq] DBfOwBA]W-7s~ıGJa+1/fxt<},:Ō󺽟(K -T͙,}8ALaT=- S،Hd^gba㢘1rbEbI䵈v,UEJ``nhBg@Qϟ\BcGwer'qd> !乷no=*kEX겂 ZQfyɶzc`qq>K%3'% RLbp!(}s< ufv?J\Q36.ywہ0'q*%/ˉ5L`K~֪x$>Pmra<:43YRoI5cHͨ J~ M>qt^R}JrZ: .Ʈ 04%10w=Ή`IGםHo*hE7%ZS D7cϜkxh ADxv(u"_)+]s۬}-$ S_CU8h/ǫݥ3cPmO/A<-߼H(x9qIh=p}`+˷B/y&$fۮG|B Oy1|,I%('>9'5!VcFw9\t[ VQE;lEH|þKCMPhhΖg~2*l^;[ہfXÐ]~hlk~K[އ= x8Om'pή#OaEXЅX;R_d[ԎJpq>c= 6!\T芫]&jU h:mj$kϴ=?{a;cWsKi=Xc{m$?o7UaZWlA _/UDe7Vbr/} %xz-P]ipPhn֋K"UAE26fЁ!֫Bp5U% 8Uoɪsą` m DKIN'^ ܀ڧ^T0t{?<0MH$ۼЉɒ2;ZM[TLo*F"j )RF*L*ѲY18+iX%ugChYL"5CxGW(x`G0#: ]#ˏ|vDڂ{i@37qcgmXPxX[+eи}O|^+8tdۛOf#t-6R(U;Υ~rW^4J^M >Y81[g1BEaK@U']3n夔HFà Q%O{&=*T!+@p~VYR(a@袎UW)E8 E]|w?ۘ"+~]0yGݥ~+&OoBMp}Y@dѸsO8^{}nh~ORhoV|Ebj@w*I5U;l9C8J3PC`Z#o">ej6;{K㰍qYƛcEǯo~/ZeB\ldoi:1 s |{@EW]NocDUW1[{`"]+2d 7Wʈ//pSaJIl5ӈoFCǥD gԣIO^Oyɉ7lOו-hX6Gbze1nsиWbtWZ2pYxt>`#n  ׉ks4~ˌg#1_YbQ'|iF' Tƺbc>C X@Dۮwz`hGu,H鰇$dc'nS^q*#Ks#Y5@D/?ͨ2/ ׊f5;/v{V:a]&Al„> 6o~+lVlhl74y6gb~{m*$˙"iF>׿=H}J|bwj1 zzGQl*uMM@Gr1mُda30i μ_Hթӈ06wksDe9%VSWf4ݗLN9Yr)t?]I^,JRcLD~ VŋgJa"$Z;yG^ ! q`gl]S)"V ~ev4$'IK\m[tr(O9@ﶥ'2Dp&nkܫ%?W!Ut\4x?pl+V%/0(`NdfvhN[q8PN O4|+S@Hn̵ [v|>!ϿL)%+魰k,_!0wr4@Y4N,n ,'4y״l6e3n 5ŵ'5(w5 RtK`Hv42{ wQp-q&Qy7.]ELs[ĞuP$n [5MjKP.pU+N$KaEm&<>ҍ, wxa!a-[|G1_2>UyI{hTW=ã&8h0[ߕ ]Xl"U_>b l9jn"[ÊxkBt>u]̼8rO<>^ršըb;phTNkh!YQIFxݹn4 >]nDDÞډR3Y 3婆^ZT 1ffB?* $qmQXb͢vXCP|;fqx+(IW=|N[6r[VnJSwҜSRa8fB (:q L=qu|5Zw 23.K&2TB'*-Sᴃ2^eOE* 1sdLpз%˓բ#5ò~/wy=\ ߜ-妈G7$$kӗ*Τ Ux'0=+=/d~5o(OvGut|4/ yTxI S5-+nlYΓȒ ˔Eb`25b 9|d-dj9gQ&!%= &hRb;gb~ű 㦸 6rWK/T 5g fV[u0u7^,O%A+SDnezC]T0T0S2 &BUGN+BzhYK zu. 3t4WJVp -sk{'۝%kZDpA xFRnK̥octSӲ"i+f g^Ū ]判QU'{@a<= Ѓb 7`i3p{dqD #=,Zr^W9C{,d?7"7,3 w$Z=-ʹO}E#SI=b#lV[Qr<NG\)׮h'&=ܧeb3?:}up ְJ@)}=3IZ)h=[HQ;Fy*td!Vq2'PU鈗gpR0N:NG Xꨯcb썻k=n^Ex @xXFChshaMQCWNE/W {|o/X̨!8f4N0/|ߌh3B{V 0u9'~^Uq<.p %gĽfȵܶؠ>Y]. ws%<'j>n$W⌽ '[b5"r)Z` wΞ-sdnqUPw|KT:.V1MfUvS\)~v/fBy۹桾CAfmmF!,vHu&$K?MЛU3 p77Ժ :bSryxT#<[mח. p4C~/aǞg6 X<س)6AnuNc4:;e@&X.`+ S(>_p]2AtXAͣS;7'$Gx(/hiu؆{Smkz-q!> z π..^RBI;peMIƫPK/#oTs,GQĀdqV {Мr6 ?9 ьT`!N:?o/HQnoT9A7LƄQÀGn՚sӓpݴ`*DP]|ڪlBN.ꨝÖ<ЇM̸βlYi"dU7Z3^awNٞ9`ԙqؠ3~cibdFulupop&־t03X;'{̖E(<*iD#wsZ~3"8_ERMF>q2Lb >vSޔlB:ϔU>j@×_g$ 펹w/CJ?+EWnRf.ӝ؈yhɝ7.ЛwԻ"j brŽPz"Kc'>ޒF89C{ o{-|(B%c?:mh!~9ev3yK,_YTys&F=3_?U @ <Z{a`L@q͇C\yQ 'C5k8k3?@2ZŒK, 1yQWuSr$%U<f|jlG D!ks)mpL(~2j̡%,Ƹ}ԏ7Y{53%س%L_g'qv<>od ї68P֭pIThQ-L3h~ETuJ&6q`ۘR|P:Ww![%jJ ?W&"H( ,\c?}fԊJ.Tz,g_vKL\^K^2]{ ;_|Z. WBMX]ҞD2_~rhvC򼏬.:_Dls-+[Op't$fHouɿwuiӼ9 ]6JZ\ÛGWv B*>`H{lnՏ-_Kbãk#RU973uL?U7CGeqDNэ~'s τRyʨ~bjJ8qVǥеg?#:'d0/tb5]HxT)jj5Dt.epvp-6uBt]wԪCw馟a9]@;6tOz\W(_N'O5u>;z%)+,͍*=brMY4N6L>Kuƍy*HP -fTa{WYHΝj0P}5(w$&r8(iى]wC֏8V,iڥMb PVT N,9,thKA-;i.#y`9.s&(#3n*?z{@s^7vUմf݅u}6M5o0C9EbC.H;*ʫlh5gPmvE[(U!h0ȅ(z=q.?X{T!B^~Ұs&+>rkQpz rYCl+Nď⚫ō$Ƈh{nw ɣ v[ P~ucXo.`Ɓb pPv˨9ΪΔi0EѵzZY`$C3Do^:λ>lKEE[#iBk];%;)!P솒[۰Eza/ɷMaٜX:5Q R1(U  7=@M` C̯ʔtiҕ83䡏{7.uWw*yG67v1!JX/zJ/Gyh'6.Um?x45O/cr+9ElQSZ[*B a r&0nב(}y&в~ /=U(W~#n7f'oοGsQ\)Eё}!oaPs413$I*u.LLʜuN2e71/u ,N#Wuh%c.Uzu}B,WvBteU"jAURJT"?%cdY g#ۡRlo8ouD# _o?1әCl9baJݚ\s["i0EC+ w~lq)^H1|($'Ep#ʼ]ibAl0DJǘ:fE&bqAbC[/Bp{yU dl쨚0DVu ) Ƴ=hcU j3PQLK#_ü#5py%+ĎwPiionr2ʩyu fBo6]Ʀ_9PQ$*QG+.#ݡU#E|:?r[״NɧQvl*Ǩ'beLMsKخ8+8Un鰸b4KN(eH1Z2#i,%n_FYNGr# }2nXhhhq6eQ%}fD@V 5C$4  c* jFG%y[W K%#lZh |ґ&?ZcB&X3v#"AJ->u=(oEa8)ťtA]q!uD&]&ʪ>qr!:`¡^[N7ҩ<+4Ton3Lj'vaO? NskةA}ы<~h"j1GW3sW6Ptw0 R7#,]&7+,N h3XlBs湢tA; ,%&귳\GZ;ʯ @$~o'PO'f`Eq*NV t衑Q}}hVEd|m50ùl/e6;#^`|eSp*Oq]ҕB$\rWYVb * 1ظ0%~Wwyڐ'Ol~ Pi,Nk>3"/P{D8Y|.MTe /׃9 bH&ڙpjkUչ/iV]̲5KfHqgG 7E!jO 9?Zo<$+efJ!4܁}x7/43ȁs6"KW-7KWCFA բ5<\ 'B@a*Gx?zm 'Й!v 1̘8,,&/6ávY-P]ݠCVG ]ufm]Q}&q@q^N>4F.}aW3RgxPڡ|{}BXnjϒ/\&M[N`0ѕm6ڵ4P܈V@b[19\ -yla ?FoIoOqSH!!K /c{:VZ0*) 3NDvҮh9@`#`:-=hByvJ 8/(<&M;ZCV{NFU+~vыq u|e7moIG&bQ8pQўɎ!d5R!nT,E + b70Zv+0v c43-J{m ȓ-HF]Ԏ?==;0#"S8 &n!x & r~:fj[$c'ƕL%|'놁kjAKW3:w^ل[ă-pf՛xlֳ8s:Dݫ Y/Ec=hbm6 ΅m`TC1ߴ ה PDhuWS%5 SMsaFY(H:fz~:CLIY۵$spM2J=i^S t@1!mE86:G !Pӡ hcFIK}0y f[97_,[ף3vbcefdvT;%rؑ^&TCCܞiON3|7ϫGg9HjUlE_8Y^O`J[[`Xabc PLqf(2ڥB]!aP>&撃;eS,k ,:=-!XlA&聄$c,|Khܰ 8>qDoXB!X2 4 q*3]悋GM)OѰ0LMjآ̓wp 3 CSN#eKqBK25;WANHjTwnYYU#o gu{gyK35ZG+#~Juol2_3gd\=S"v5>#RtY)MKGtul:fO:2wd00q`DT;iRbʶxX?HNǕ߼e_!|?]5j^bKȱ+Ȳ& j1Q9w$M0D“X MX%L11\#!dzwR.v;jB?!sc'vfXr|༊."BГnk( tØB@q# [(`ԢQ;Fk_ؐz6r(!WQcs{",8#H)SBx:0$rpɍHɒrHiaRҗpj~ZB,~i'7WV#4>)ML&? 1(#ԭ9"&!]'q[ _ >caA]PSn懲͢u=|G h^JMoNoQ6Ѿm͝'8t7ổYELLۙdLBv˹ȹ󭟀Tu̵,ʓ*nJ@ڊp* @#տz/dzH5)lJ &hڧXAvBT,w)GD"9 :Es-莬'mE둢 VE,ô*W,[2p4|:K\QE`=h{`[OraЧڊoFTg狭w揻~p ¸A0@l')kuے*I:9* G#Zw?INbʏXIwZVY| Y:X:m/(lc3k`;uʅrs;Q~4#Rp;?UF)JWJ ͜f. X\pl9x ʹU|(%SYh(fwQ7M:ͦ p_5.+ bI4@dMd64M.S@#7QCa. ݒKԥKA%'ƈ$o}Q|^*S~QZ GjBG3<&NeLybD딎TԠ(,ib6k29ܫHqx6GJX]Bb'ŒƁ޷E\RS &VJ0.&`Mxssz|x ~sS6Hi#e>X.Ć] z`H?]t:l$?rCgi`6(fõVKmmnr/''dclatcbLp$BI?4 B_jGQ0'HCyxCEjDŭMmS0e0jy֓~-@]h@-0G@sƵ ܁jUgIym oa[VyTXoۚE#׫`:?0X 00=7]t;ڸ\҆A$+1 TH.)W5CLyNGW&ޑ B?G4=nkzQ@i!n:BU.3!(x@JoվH捄Aw< U/UiC\DhL.Ho8)O+8杉}r;f6{- q$.y*v'?U\GWUԓ1v߄G͌@P&og׻_}ue)l=M[ÞӲJEɤ϶.cNQoL0M ď 0'ltF, ˠHrVˬ_8`oS2~@PHހ69,^Òr0Zb",mOul:7vQؽ^9m`m}ȕ\P.qQMpAWFuji_{ޗHqS`VmU.VwNn|ˬ՘9[g2zKUJ.uyYE+w #UI~.RH!FYL5i"3zXR5j]٤ӬnoM<T_[?lrS&xZҝyĩJP~\H ܈<54(iI6QogOɞ$7i(s>J_[봴>~0tU[P$(]'elWSAjRcP4ykFN!WHr%#WWFSxwALeR}nxz;WZ7ً|sډ`LQ3 5cؑ x 쬄ѩ͢|f++: ~ ZrXnEo!e^f_Vi&jC:3r;J#% ׆B` :GIȍ '/$Um }\2a= #=Z *īw#G$1hc+']xڡB0 E\.3X!ZIƲp r)PN2)>7csS4y7r'F[8QYե._0$!yGY=j]M.N6S|v5;ֶf(cyA [ [,٫R.mA]jYP O{]-=(rQx"^V m=2;I1stN weT)ŧ|u`iyLdj^1.aF[T狱 ô IV͘o}xsUFmQcvaH앓y<nvY %իĉ^ԁ' Z/~V׭*:O3JǁIĴaW2`tF` "t^B*c4{ŜT^wXz*v3R)i3* Fz?aML1?R!@օ-p6|ڷC^szSӡ;Ť`G+' BZ}eaD HDΆ[V ) 2wrϿ\ )w?hlEڭ$no4)6rK})*O{G $H_ P̎ʍ0WHDr!aڄJXl 6Y,\2C P)9.hX{ T-$*f!3**}"] Ɓ: z˽b-ᆤ K#p.u椞;ME>8jݝupFCM`&2)ɞۀ[~&j,:@ +mZfݑw5ƩVIkc߲3JumA{~bĪ[h.X!:=L%Vm#`.REmЗ30kBK<^1\t2Rh>yoh/9iV_gO7-N> cF%x(V ܦ[&ckpfn~$?l`4`*Ei8 ,B3lIsSª.9կ^Jbڤ9En/{%g=)AwQ=lxd%[w+nXG}q#4r[#)ZUb@RkXSLߞxmњ"'lēT>\&-le6:1kY4МE',gU^P܆ ;Tq]I!Ute/<:w&Kh.Bt3qDZ?kSA{5N^>?ROئt! c?p{\8JwYBY+<ю"ÔQbT‘ڶ/"AlR^ КuqR߃m yXrZ O9V(V]9ҫcS s~9Ug CG%Y>nOSX_'F[a[r3ыsI8As">ek)z(ŕU^B7lB~=sI&aΪjު^4zhGd%Y>{qUsk7&iY6|u)MT4B8>+AۿĈWG{v1rzMҾXo*auh`;.IUc3eR*˝{e% Qݧ ve?0m"RclOQ@_OJ<~MCЊfvw<'rsvf}ЎwYZ3QrzL7bB;קQ)/X_\_.7ΓM#)i2 n=0#4#&7˩Zy˚KI0ɨ1&] 3&sϧZQ= 5Ƴ ᦨz^{|q$Bc,? Io]dp}litʒM?{MGͻt6g$M4fݲ{Hn ]pBT -h6 I#!xzgƄ 3_f A%HYPrZ!s\-A.]HEb}(E-Me܂~n"q1YyʶY4ZvuQCNv2S6" ipazΡ9`~_]#P x,&y;ɖfak'<50B"'(Asu`rQm kԁ6u۹VdL?*Jch f2 } /MF HTỉ\ڪߪc%Plq_[>݈Ĺc› %Yog4CRq-|3ÀAk Vf^vӨnA"c \fu.$j1L>\dR(C 7"]O-N" 8X=JBȘ.<ߴU)~><0[`ǘB.&^AVMcew?'Et iяsrʭS(BFkݵ7 8scd|D3>DߥGml.EXqi Sƙ u*Y?rŇ );k.p9"Zw ;م1O* KIu=ܖW#2zr1 1DyJTa䕮fZ&A7nt>>X[\Չze}e0KB"ak:CDf"~נt mWƼC|z4ZZBҿKw8I0YH-IMiң$j|RaeXZlb 65_c\{u"1uOuynߞ7KT˂7@q(~:4Q;w}{ƉqJ%|BQaoB*tQy צꊜ FgM`t~2x3~itnh.hґQ~Ŵ ;ݞFk6R8H9;~Ǣ@;W&NrIEQUa!#Ya)UpHZfq?&yPY8jĉC{X?+X0z?k%b{alYkN2 #tX 讘X& ,\_LzҧBiYl rEpU Dl3uǀ:9~'#_Dii Yƥ8$N4 v&2+s.x%Y0Yt^<5F4%߬{Ԃ\IEGbV YpS 9ñJ=0d֎RMT> 0U.f+,~֑gEfN4Q.ىE؆nؾԷTg0S? 3-݄ `@S58>#U27~zHWwIV79Žr 54U=/4HIĮW2Nb'ϊ3ߺۯ)>vP=Uх(k2gbj}An1+j>U0< 4XʢxTi>Km:v ~V.i,'e;Q  z zai$ *s|{?.R5LRrdz6.1nʈ'"^ن"HE.cZV{d|x*H96VN]?J+`J*s UۨdŦ䄢~䪁Bײ t袣">m]"9ƃӶ!O2g@bҊZNPZR]/DZCU#T`'ۑH"ަ&8j<7B/U.[&oѤ@JH:s[DwS?yX;$K jBq\(Z g~c;ZXqѵV&FF&ы]؍[3*v=L ƿaJ2 'HX WaelR­I+9w> WV6Hcmi"`[ <:ddY?_ZkP;ZWF(Ʀ t#>U7< (9>ͽ!?xI7\|mV  1AӏZg۲A5eUk K\"X?P ?XF])U39m4^da_ g4 {=(u㤂`SX\KxgtWwoߟ+QAg:mۣF<1 \Sh+5b6lo0qUO4˧>jZyEy1YJT<2,Q/.9uGv4BxÏ6?}nYs*mI C%`=] K□|z/UN鄠40]bg܃WA-,MyL<>⍢y;#S|Gi|Ep$v/rZv7"vJϼFv&Ck شp Co|n0#oNA.s⼈+@i( Sܪ j$+aP)bhDz axǡU=+Iϻ>QLM, .yx UW֫[-5^Wkv1 2WAD|YN*M׋h J!ZtCԃ4:w*^~Z lQao lS65,0ަ}:Qrj;>(4)Kr`]S:X+ +z2$׿e4}0}zXHX4TaLq] AY#8c`.uY){8s鶐紖NupX:8}3Nwz|M&+?&@}MHi40_tCt5m@ S rx>;cV;yCWNI)1EeQE颶DسӍGW(sH,?k [Qf31_Y'S^(dPRgF|}]1,71fxJtaGKhz*5.<4Xܓ9 Dc ppHX^f+ (r8#]8_+gʱ1Y$y3fmD Ε̻&r eb^e8X ]z˄/C E`HOU _^.gҎA:9h\{ɽN.kwk2#Knƫn#Qxwu L2U 1:Mz}xZ!T(B(fe@}i-IgF6ƿ/RJx|w@Lf+cu/ȃB4˞N#(u }N7pIUFeuV3V`q4V e aֽrc2-eJmfoÉz^z.Ubzx?|M6уSG8DJU(G:z ѱ,bx&WU#jz[RwΚ۹[4˩Vί:7dC w7&;BްlWU55M%o:xdb5(Cn]RwRfo,3t/irhy(U5L&!][C#/Rk6HHXo²V+k}~qLBQi0q/CE4hzq}]]lI;-!Tr+Yxo[zDEl2!Nx:=e{.>/iwWF#j 0.0]cg>c11~GvSʙZâ+oFwgEЫf[Sr?OiIZ2֦ qi z% Qq| s|y"wSɟ>?I3{\#6X-UXR6^+?{)J҄ Cm$VnO';<2`?+vbЏ>i~YUY idbmb: iY9]lP1Ϻn]e;+ޮR~(`M~h,S`RzD)&B 8L sR1q+1.Yc$דw3bRdZ4 }N%lU][U{n_mVGjjh")#ꡰ2p9>9Lt`Xv޷XF7CaS_d㼂hdmkJ{jvtcmCUW1Aպe~{?JE֭jͿ{>yej9Lƈ"G{l!ÍɤM_SNzUj 119FXh>9> huRLDJ?fW *!iC C/FV|Aót,[hY8"aM1)PɩY|4s]* |7ag XP?mB>4daGxx, d@CjeiYPG v7}|uBSxW`ɾ;yH,h|dTxo'KRpmH\9YaU {%-M|ќZkҌoUH(zTEW@+AB%jô %auk^!͟A$Z5unkb~+m,}Q)?>'9wV_ߍ{~$:B3۴#o>WVQR\ۈ0>dv :1L옶Lt4m"?e`!b*S ^VUjiVVSi(wbtO _e fھͰII:R<^$QDXicgLх.āg'"I?i.z%^Ջ޾T*F::h03&3.UYu[2D]Z`5I@iy:tL"VmCĭ=&  WhY}Ddcrf+*t4%T φnV_pl=\(a#|z&Pj@;٨PNۄC'@+ Gʲ;xW<*-)0[!~ '^"vLeʍc}l-w]L'\bэ# {e|ɇGjZ^jƦ+CՖdDoZK L#JVCc'bKGQ7)moPȝ%jq.4~@w lLv`[!` #ln(*õ! jùh1G~#nH^JVEYuPN4E-/ ɴ [ )~l½7$5H[t_f[6 NK\޲W&a !zrEC7QEn2zJ2mHX!xH4N|ZF4>zhb0,Y=aԻW;煛%zl>w0.ri)riN=6Lk rH~jqac&aq^w#7W$LCÍ:>1g}K1ZE*{˸22kAe-pin CbB-`lRd=4י**?mҵ gUQTv%¸}RU>+lQ㱵V*OB/ ̗?drYzgUOzZM;>k[c:5=)M*u;s"yK1Y#@,hAO3|/{( ̏N;hSv4]D|j'S%RhX ndzΨ 5Q *<(iK[cX!ao )F6?ZRU'3COںS>VD -wjFQS bz:<׮fyJ$?;3=x=4pzBOmC{ut':5p~Pgݖl!nB)T8i~U83$A0cu,2{HSkNnG}䋶J czĥL|J{r]հܱ\O1Y)0?kbSG X^>y0lܜk3Ӊ.99XJ1β;UP ]<7D]$AK-Ʃ2E;Q˴0j{XIg^[`S&+2#-\VɨS$|'r1Ջy js3ͿɲR9I}uMpkDpP|{ o-Zp5G y58А7l ff6?%/T^I0>v) `PD3߸ {E0*i®,,?{Ojᢿ.α/R ܯrUFJ>u9c;C.،mL0] k2,s5L o@:j i5E Le vE*evm}kjJDGU2m͜4GHz 󜝣#*r^Nؐ#9r $pwF^=#:+zY4SO]FO-)_'"6Y76] 3wϺAuEgJ.+ An^u=_%;Z) wSKki)fa񾅅y5F(9mJi˫嶲w<m,2\t?:pCh*70ł=izkU:M46Sw[D_i,!|qRW%OH~\^[Y7 ڲLLKEeMv?lC4lW-u\'BDP(B#8-3֗ ]&Pi@6e֟Ai9Cy|5.;ؠX߆țj>cjn>3Ba|OmXbEz2WA)$g1|J2*ΞdԷ4Ua#CkُV|D@f Ksr'?hsyvQ A DKs*y% R⥆*VokjuqSP!BS!!nq!/yVX9ޙx.:Y {%f) Dg\Br " ifSf$LNh<@+nS}|PV=7+S77uXw3BZa"R,~lOH0D #}}u1n\B!=R~ jSiWN݌tX ׁ?m A;yį"+/;Sb{/z;ib}*.8CHGrZϑ + ҶްWNeQ}aQ=.LB&t;% k6yQ!]PPT! Cdڊx:1]Yg !cfL۶si<e*JPEjV&'&!$Is߃nx/Wp]RջP󛚺pC+_ϐ\N﹗D̡ r,ʫҾ9\2sJ;Ҋ;g/~/EO4toϚnuOH9]sa yt2nFwfh@ w ;CvЃQt+\xG+L³4ȿ . ?/mW^;ÿSH99{8 6%/9;P=m`nTicXM A4g2#B|$|HK,atL(Ua}n "3[\N6A+^vwYSW:e"HR3G^oJb>SY򣋂v`Ԗe7<0ɐx fLr%x2`TXl 98NzSMaQ^05~Nu d,T"#-Ү蝉weA mh_;?"ҒtDz˜wlFzO{WT~.6!j>QVzB3H.mf D7usthxk7q&, ;D`NaII>mмuJo/F>+ɽ= 3@S.nkTrN^X*+) l/=`g~tflÌ٣ܬN^qj K[&`?"6Z^ i<{4/w 2o@đ="l`5eL':gXUF_qBJE9F}FՖ \h6?'p#L1Y\VaD?G#G!& %_Uw٪=)5 ˕ua!Kn)bPqFs%l->{nSǀ!qiШ""7m[1jA @*×O [!Eӭԁ>ܑ=_%PM" xnټT 5S;aqNoxJWx9#۫6rmŸlwKYYZKb}li|DUël38A*#l&Pd?\"WWK#WKà2h˭>ţlRp $h-7@a`C䳹?qA* jbTɋ/&mN 5QC}o=u27Vz*gC+,SOO6B' {M), 8W.1t]cf5Xra@Oh9nÓ7HĊs*O.'ukĸn:3Ҟ?!2.98N9Rm d'UE1!ўxt_(B>ak-=f߸BT=X0* B, "ß d_ǻ1G cpԂ+(+8KXiaFGxdT#7'V*f̉;iMa g|!ll<0Z;b>W7OڪNHM;fm=ЉߍW%zB yQI8mǀ|*܀ɗSo]5f✊õ `(@ʵ/05$x,EGm>ɮ/!ԡ nW8Qא|=O %FM1xR3Bnnjd"L(dQR'qa C筚8A#388.a8(A-eMT"v7Dn mzf2=F3?TtFgh9ŨMcYk8@G o5ehdr:Y:6QZ ]c@u(011o'׃`۲@N̮\6f<<,l{Tp&jم?s?N य़cD&ߊ&D CxEEY`-mDҔSpBue7X(jfq^Q}+S.ԂJhs|*M 5c|AX~mo,v)x":6m\rXO v,s Ƿ\5Y09][tYÕgI&a$9K-ru7V =.aD0d re< HF[T if8̖<[9WNexvx>Et9\5ubrmv=S1w!Q,6 mrW~j]f~Λ\Pm~ݱϸ+/*~^;B<n%S{ݙ6WgdmNXO)aA!j[ 5fN0tn2ÕKtP9@1o;a+Hx6 4} 6II] I+1@uU΢g@dB0£D_N%Zh%~kVJ'RXrqNh_!0EX YU_$ X-:=UYFsG=;9GitQ5L'X!Qfm4@9{gP.\zpGsn tH`v𐝰e]& (sTiᄉ]1P)+Xp_74.)dmwSP/[= )&s>hDޱj$#}-/aX7s2x]CF}LCD-s^ )?-rAor\_>\3*4FZլMf\99[fs~ZȺ4TP=9T)c+2[Wiɜz<WeAaZR]=HV,U Ir[H/+7^͔YeV}9w],_B CXn 7RlU NQLPO͐KvW!ݱ:rũᐺ6Wδ~]?B13JeoCVN{{>3R '9Qz`(>TI'6"o;Jy7 __h=nEǠ]]K@X8^[yXb+w K|z Ǐko@ڔBGa;r˜Q@f?RԽhB%ՒdS3/=~]9f-P ~g1 NTFG[po`X z"̏O=׿u@["`0etQ_Q}tSy%>^ y^  L/@9Bk'hI_us#*IiŘ[҈Hιqwh E˭ 5G~dmQ? '6k?iJBUSħ ^2[cE >CtQhbuF!`ˡRq3A*̜_.>o- \r\FmT[~ YUO#R#z]eԅTzF@ӘFv4PדӁ؎!meЀ.EעԦv+_12UM}FѬ2{&oDka˙8c钼q'$G\s΄1]z]2giǁ hbŰ! Z./NorEn*rMPUZ&)b+̄4)XPLГ J4j8x&%%J#YDGݖ9^>tXJlLQe/!V75Vp1x}KZTlL-tu??&IR'ƅ}Ff:Tu6,sg , J/ԧ)عʮ$Q^)x!o,|6)n OCd w?Ktt2s-.P1t230T'jɼ1C@c܄LR.uG[:٠{R/kLH-8!d+9K{5m@:Wۇ %(̻Upy)@7s1bw4<n:bbHxt'bڼfq5-ElYD~ѡH9$jƔI lDG%d߃X^ybClBu3.mg節&r$p'" Ur#4}깇R+nfRB@~Y| fєKx,/ƭhOȻ eʻ;a8.,8%9C}ٳ&t 1)6@r&x6֣ĢA r*ϣydk9s[ji I_e מ->h?h4 [Qyb$KiT=awS%baS|ԓ[ d4|O$`^K Cq ]{J͗ֆẓo< kt IVd_Tf68̎-0eGiEE'`^Rbg ssYDŽ&% E_mHATk3w"^?+c\ W<- zQm{tu dlgoȾ*fYKp z)G9 su|DPa)m1@*͖k=()Xv76Wh[ ˷)UW*#et%TCW*0ވα jQ%DKߡ|JDJcaGpfS -번d7\ M.nHo4!A0 "=:oaZ"3E8"CB@H>hԗyZ.n-!{&Lgrf-dF! dԪpTƐ*! 0c8.~adII5|FQ!s:ReN*" xz ٪ i*'armX8\5FuBkg;8$/P}9$?Ӝ5[<\j +> g&\6RYBZ.uzu]13-7F~ Q-M /@'sg/bC+0Ey5<qm¥gfm#|Fz%ȍcW]UcXt+k6m<%qd}%&X {*%Zbo(O аY55s?oaep4#U\B˫8NzܹyAʦ6+' Jk-ˊ|<_K;:qN" 񁍃eB&i`<0kYqe\:4j 3bᖐiw0l1")lj!ye%2/rv{jyq%6$.J?r%_T;LT?OOF`k93@,x+Gc&p@e*Ӂԙ1?r;:zLPM׽d ̡h{uh!CwDŊo?Ui}7l!JNb>yB"TP⠾PpXkdՐokUcj)mdlJYC=ૢ1EQ-p ;M3e6q|Pbqk1vdsAr3qv]8@ɯAG+ϧ$ÀaiQf?܈l5! _nIRS:f̝4K3䪎kt)m`Y'mȼŤn%9Gܞ"4cV*HزNM 2m-иٟmu4br9g..ޝx%շ \ViGX>p=g){:"=` dGj{~=82ݨHK #+Y#\Cq+_=X*eWGPM*<t(l_\aCu(Y BA*fASb ^X;V /4v0e~>p{j1t2<#dA+v  %䷾7!!qP9:ߴ1ԬzQ x"Fnk& S=Q^Zj"rO(7 4(ƚ2a q- ,_g9mn|$n1vߘbGTv퇜&XVS9ҍ/'{jawwH<ULAH2LI&QȪSۂ}s4P}OÐ֤k&~.c{5nl[:QH[󯨜&ܩRdU91L#X̥L5S\:픦( ,Ԟ%E_4ЂVqŌ) q@+AoTZZ`޶Nr#jrq̺ !!)|<﹡hm`a̡ʦvlTx~RV0T{L {SS$hsaBCyY;uPsg4^; VS6*N%\lB꤉Y*&+'WeSֶ; % F6xr7Pf?Jm8yYp,khR$E5$AjF*EqRgxI=_ )6 8n4#s1jKZN>;~m.Ub62c4 ?:BF~L z)S! !p2iN0y3|&T 0{4sh2kEC*/kci|NcY<w6:$q] pHbtI ;FʩT^UnP^YEEk@ i胃yIHSVn=5twR DॆriEMscbNUQ1Edoedm ZA_S7`肥S;n!j&kJLڭy\zv; yl 0'w+9`)j'dB%b6VE0ԙ z\͸Vfy)DqMe&J CH4"i O*Ԝ;/XvI3TF-"R ڱ9k~dE릩MD:'WbAks(]ʮf[x0`t^c2e; cz.9/y_ Yꋄ0|:b=>wCGd.n 򟝇d*gr Cq\II>"+ P !oAYVm-,6wdogM*Bfm3bN[m9S]/DPO2 zcCE:1KЎI>u#qH?;\Knŀ ? ڋ19=Ül  9 B8?f).)`;p13q7G~uzxcCˏSrWDy#RL/垺0|/)q.o;-5a'rBbC#ֽzqa[%Q{5Jk&"RGbdݯqף-xA Cܫ՟E䋎"unK(419qݦδJXoD+K>Pc.ו R'2H` `@GpI&2yծ0ʘR,@њ+rd7ֹ`r#5x1xEN]jV^-ңZތ4ѫOz%J1rњCk4fnl_Klx)&to"VjDp2mk{c˾tc8P_ET˘p"q1qci % N X>߆یC:[8Z0_5+L[Õ.ؠJkS<$ҥ's_@JFˣ  <# DP@Vįbik/<08/mz)8BTpN#%sʽq b3/ !H58V,_(~.r = ~~4Cun%eꚔؓQ8FY+룣lsch3ӢL劵"@Z4܃ nl &PüYb-!~: 2dX ;aQ=Y-`$! 8sBMr{LGu$Ӻ|d͋7L^SmNAf/@WiRv)qٌ${l60Irϒyn7JUqSKx?J<c;#K{ć8Xy6]#_Y\:c(:XAnr/V|@\$5n[T18|.m2 K:Igx&|*M}6<}Jzs\KVB(Rۏ}ѫ ̩NU$ӄC/+04)ԴDkc5.1[}Sr!Vӷ$DL+(vy]Tj,-`7`4/{p-+'\a`ݵ{V`yo*/FMi$E UEnKAW})^sRsVVΗi[| *@#,D\<-N2Q)pmY%¹ktM)lBdrU=]2ƌ֨\j^ޱ]`2Ijl js‡A{r4آU{@@iMj2H؊\<]K>pH(!<1ղ2ϱG늟!o@lWj1?o Aڡ6/Y LǪ/G{Lԏ8oO; v%[h*g]yCQ78b5jc;MTӍ@f&X=uZT01n; @2xI4v6> _6)c( Io)BhuzF{{赩ڲ/C@)iƺT^A pW$z̠D(sUHN Q%nnr%rܳIJbV$Ҝ:|!Iય(na7_C(Ӿ9Ws2FdM9.^PM\Ha]Ѣ O'߹8~/zlwֈs23ύl^@p`/q4kS¯QbͳL wsgSi#ߕ2G?L,f V [畖SvqX\.{"U 9?.~uÇYdξNi=EoOJgWiRi/S5lqc-W k#wzT^Λ>R&5ƒB:jCp~pN.I^2ҶouغhD0mg ++NcYô'!Td-(I%m3UhY(wTq>=Щ_Kmk8^@Gǧ_o ,„>6?x2FTiVnCN8>Rː68AR<'g1,n~MY|c:W(^K"?,M\ 02- \0?Dwb a#hq>c^$'tWZR쉠l71lDu.=qݍ[aႇ0vD~7;ޱzwxi] z JRR3Oke@.8أ%`j=1HbOJhD WDB$lg8<$g&;J)+yd0a1 اhI P B^<0\3@*\@~ph&GHaXNrds^Wdڴ6ҽ'^gM[6By4/ֶl,$+ي]*{󳁌R_ǫ^S"Yqux qaR|6 f8=cX{zGJ5^qpliQY&W 03q'"Fpigg[pLmgsAl_O8OCoCm)[RKd_a,m*&E2">1NMbD#vl=0FK55˼EoON(b22Y n8 0)Ymlwk1> Ǹ]!@ >t>G꿪Rk0QC `durK88Jj+y61"vƓ j 29V fU϶JMZPGBG `e xt-DEbSzF/ Yv8 )H;b Zda.2ap`iJ۹h;_7-^ArgCR0/1F{j<C8VW'll5kB(NɋǐNϺ *H& 'R0qXtY7s3 3YyRXv#qSnFLtyc<&ʡt+܉AV Scs\; x{?]{ 0⻪QMfo}0 pml'(OV೉g)s^$|LW7SBjjob/mAG{e 2?dzu<>7UJr@ $8{cCwJ`"se5 %wEMf[#JCeȁO0e;uQ~]G+gSu.5/ۘLþP6YhzP!0[kS>du7VZiQ|W&MHh5( R?ͤ:p]_uA 'IzPtbtz%0\-qNw%R{ y ) JZc rǽ(CJyOʂ`MkHfk <O2=5sRWbzͩsJvԿOyN5^_1*6quȍdd!?X/T/!(ēO~88Deҹ|^G.8&sK2>$Zoe+D,/+޷MXv)gt)D[P&/AɂV=沌k D7LGQߖSc❅Dܟp7s)';@Դ!_RxpR 5 %LN\4u ).MkV/&R*(r([4k6~o/ ¨JifGs!TۥV^f&(4l_b,A:qws7xs^}7_gJx-O$*e)5oˤFTN[*%gD@3k%@$oj'~1"c"`~^F D$%,4F=0+} ,D|okS cC!GP+!QB5Gԗ~rڌ#[dxUH}kHk ZIafdc 9zFd)#Yu?-ݿoi(ۜ[`o| ]9J; AR[&4UWblXУ4b7g4 k.Y^pWH ##Ꚇm 4>$aWoEeNmw0J?]]Ln\PPYwRÞh?S$ ȗYqf 1B◊m W}+oxFeM9Âr즹(w1o|ڄ"&Q6z$:1|ov?jv,ieq- kU; j2y ipro`\҅\B HiDN)o[H*VHmß3?b=j=oF"I>\V8ʁk@LN@mo ]=ż @T #fEjPUv&w%BX&Bl4_0GM~7ҢIW88 Ȑڎ7Gh<%!2b389m:Ņ[^bAqckp $WP;̌~+1{ЙL,_#?``op㐐7"=Hytp@0NV.̘KmMz{N$jdEwA}Y] Ps2sPYm鳶,R K5J`uBm>䣻wA<WX7B*u_^/7L5 =,SO/gg:c$T{{<)vTMKbsyT609=~ކtkHL :J'Orr?Zŷ!fFG=j#a_*gNJTr2'\:R|RKпB,4ݘd8| U=]ޥ)\X`?FN$cLSwĝR2!~-o"G8Zdk5CU׆HbLbZ7q Y4D;#/!@Ey0F<>m̾3O+='a ".DV9fMz{(Aǵ&U:?8IZFX';<&j$C@((GY&:N($%3 "˹)Js?5O ۂ)vUw}U`T Iá":L)W树KrvܯV+Б͕‚[#Pu4@veR D7y t)# r|"͂no*n`bXbx!!8P%"u~&yg fh{鯦Tſ?]Q!Ҋ赅hq[eQJ!sh,΀V=ϊ/p׿|'/߈0Ɨ"$SJl{MB ֮,ǐ{X,5_.B@C;tצOg?l,5~ԂlهM?P!e2ahY_Bo 邖 (I}INd0M&mSi )_&tFvұOAO f:Јa"(];[8#DJf>SyFFDvޚ z k &OdeW0'@quZGmS-Jɏh@tHQGK9o~4g Ffs9 LpKyYD9cQ$ãM][ķH_~` |0)ʛ>נ2kamؤ 3 YZ