sssd-ipa-1.15.2-50.el7$>q%XHR>=(?d   6  ;AH   0 w POO O049(H8P9:n`=GHIXY\]8^b)defltu,vHwxyTCsssd-ipa1.15.250.el7The IPA back end of the SSSDProvides the IPA back end that the SSSD can utilize to fetch identity data from and authenticate against an IPA server.Yc1bm.rdu2.centos.org |2CentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssdhKA큤AYYYXqYYY7b1689ea44b171e59df435a4d84e7b4930dd1077f499cc5d260166af3e0b518b7f4374271cccdfd64fdcd68d9110fc08daa886cc2fbc4dbd2f2c97a057eb496f8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903af691e8dcad79f12cbd6515ed22f3eb39c3f5b93aa731f0bdf370afa23b4ee0e243a2d191a0e839c2e501fa633f70c7491e66c4ab86faaa7b82b9e06d0e4e3c1rootrootrootrootrootrootsssdrootsssdrootrootrootrootsssdsssd-1.15.2-50.el7.src.rpmlibsss_ipa.so()(64bit)sssd-ipasssd-ipa(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/shbind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libipa_hbac(x86-64)libipa_hbac.so.0()(64bit)libipa_hbac.so.0(IPA_HBAC_0.0.1)(64bit)libipa_hbac.so.0(IPA_HBAC_0.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsemanage.so.1(LIBSEMANAGE_1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_certmap.so.0(SSS_CERTMAP_0.0)(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)shadow-utilssssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)1.15.2-50.el73.0.4-14.6.0-14.0-11.15.2-50.el71.15.2-50.el71.15.2-50.el75.2-1sssd1.10.0-8.beta24.11.3YJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/shuk1.15.2-50.el71.15.2-50.el7libsss_ipa.soselinux_childsssd-ipa-1.15.2COPYINGsssd-ipa.5.gzsssd-ipa.5.gzkeytabs/usr/lib64/sssd//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-ipa-1.15.2//usr/share/man/man5//usr/share/man/uk/man5//var/lib/sss/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e786630a67336f836aecd4a733d54ed65e7e1863, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=ad7b379caa5aea9337b60b7469d887d934b17493, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)BBPR6RRRRR!RRRRRRER RBR+R;RRR R.R=R?R-R(RR R%RRR,R RRR/RCR7RDR4R8R5R3R2R#R$R'R&R"R*RRAR9R@R0RRRIR)R RBRRRRRR1R9R@RAR(R R0RRRI?07zXZ !PH6]"k%f@}|,p35յ4U\w %9ַgOrdO܆Tg튠y.;D•'\ ɯDG#|WO'uu2&`aIQiٟ`)x)=,J<:&KDQShG/{1Y57'QO;ԛXx?Ko={ >D|&~)Ƞ־ )$5c>0* 82S^؟(d'}eSE0m24OmVm& %[C~?~Yӳ! 3]#{5"6+ax[jYq.ָCAy64l,&]󧠉 6\_xMoHp?՟^E)G'pkhuY<tkKi u]w<ſ,֯Z"KČeؒgvTmNd7){;zƫ?A  4 q9olSV@MnuB%@47aB"C؈}=80|CL' T)- QKAG]Kds[⮕_^G7-2% Y$ne,VD+CMbi|`ff'y9<[etپ24/e䴯_D <ޱ, 0ih~ĻF$ȧq L|C{Zkܫ`j 'f"v )u͜BhaB8y+J șuH,qQ$GnzaKnnÕCtQf sNsvw"T1,`2t9%@5&yZ8_H qEjwBhreF+6ڎIP~]V ^4: èa4>$Vvcf-|R<"?gi_'V*GEίO2o\`~"& 8V:w5z$XSm9_-\{U~3 ^⇧pC^%<%Q\Q='n?-_B66h=)&/iE| 19 f5j׵FTEbMeU1UDԫAglJ*3Fދ57=юrֱ§(ppYKF,n2rlgfz?ǪT[Y?O}'9R0 ?(A$B<oG/ ?#igt<ڂ+,AnO_N&W"m щv@';P@~Zd|:~MPpذ^#5ByieWۇimr.Q:IJsZ)r¥ qQ1[Oz""!˵r&C.Q'8 ȋ%!dۋ"DBXcaU<_LN#Jp諅R.M?o}sAUs'o!*VRPUܢW"J,DYH2A=ˤ&ֹS}K5| qZF؋[܋GZ2\%/r`$O[el;5^q,Az T:JHebY '"ѥRg>Ќ*Ƨ?'AqY1Ҷu]uMK*"m`Mբ@6l1j3 ͖KnDgͪmR- G1bnB{{4 U`]zX$g&? >>Q尭R"ie'sghE-&1}ŲҸ =Mn'm-gkx"F|W=|˓Uĵ*W3Echq07/#BUJؕm޾z/<+D R4>]ɰ, npwiL:Y5s*l*t ˛b@^&ͣK/+VLʱ14_|$r}N NtZ(XzJC kX`{z5kqWZ,UJ':=?OW'~V9؊\s{fjit łK$e&Ff";ܔL. alrgq|)LcY90=MLЬU 1)( P} _ `tϭB:Gob 3s*K)&7]A≛$KF"+e`4|̥Tv譥H娀8#` 2q-}pQ7C#_YUш/NMRSysj#et>IyLxdܺɁG]k ?N?Hbd#ѫڻd>1`5$'j "܆(w 7<ɿrR94O$XLIpg;E"T,ߔxaGM|wu !4P_WfG^a]26}m@ f4fy$pcӖM-s#7fH)iC|w߂/7ˇH\eG /:5 &@^ьH¡-aໂӐ3U21OR}&i_ 1Br h# !3KZ 44Z(OT`| =xSلճzQ٥P3< J)b!Vf | cgڎxKW7`.- z#,H9"5~D៏3MXFOu48t=npF_g[ 9ș5F535ڌԫYPn@g[$-:9Z/L f|-P_&J D@!2l1lxtF5o*Ū0y< P EEn)XEm⓻~;#ɦ`{:Ӥgt[ȀX{Tcz%~l Re14MTJׂ;z/C w%GV!a8x|>AE;}IrbQDqO 3v',Dl(N,%CwKJm\XZ4]GAЅl(Ze2ָr~Kw]I`7w<ྑ49_rIiLJ?C늄I+se\!4 U(]gQ>y>tRrqP4x[o13Ygʫ,[GkyC+,Qgr2` .Ռ7| ~_bcǗUWYm@gg&od^k")`4t%6D>ȮgPqepV͔?s>d5αq,O<`ct梆u0RFc{J?= ~ˡ>Fi!7bTo ,J?2D cڬ,^'vNgFbn i!ǠY}tc/vVd@`j/iC3g}5k~}6{tصB6B|U!=h,.HtR O?Af1X 6(Z7X:Py:\0Wm0`i+%FBg?X"iPԥF5*jW`jt:OiQ3nWǪտGi&(;̨&HiLa 0Tb rb9_ˑM.o ӀbMb"{e{;Tws52ӿkj38jDAWo*k:lqpLȯ^=^GAw 0MN8ye ع 9o=cZYO?|IZ|S(":%aj;*PHr^_(,sN6A]]:IuX8?&?ܜwL_l iXhc oLJ±#nߣ+yDwsaor46(r[}@Ć-2T4p7]Nn_{UaRbsSLfG8{G5@uzh$BnUXU) nU7ZNس{"aY! u[{ *aז4-L?`kzϯ;减'ݝ&]$zfFr6 FX"MR4/N;0!KP؏jMg^t~iMuTQPĀO|ƨ<~w)O>6Ѷz"ח~ʝO@6oi%FcUD(Myn [YD,ªW)*'2+ m=Ko/#];po~'bcX)qVe?Mξ#B2b@D ~eCv8rx]vn>Ib9 ҈RRDyو/a*6?RJY'`[Sd\ gJ4XbVo-V w۬Pf1:;%^{І7ӡz5o0M5V K?s}ɞ"q671f9͆x)i^%(ݖxF33Υ4#tNTqx6װw4dsGH=΁_~UtCMe0G҈^0Yأ%,BYʹpy0Ol6k$OPy5*'K0p^1% ,r*o;bFm Kv\ rg<}HwA3>M/dFjypL^?%b/!7 Pb* x-{ހJ^`QD#z~WF!%EK]XWș{FPc3S2&Vg0+*fzq^K.)HPoV,%@bu@1#ݪۋl( UKKVhRdwō$9)Vrޙ N}u0z0,$[6Orbb̌zH4s*xJ'څMXBK Q &~Xkz1c) i`答TLYu<|ۙ^MT5P @+=p}z T׉ȋr߇QZ~&fX0:^1 H TaIy=;s* D!Ȟ$ebѻߩLjҵ) KyKc0C=k_4DdCzq.:a"W /x^]܅ыqSds9MJqVr7lD͍%Nّ%iJoDȾ=oTN [sI9N2ǑMU3`:r-#U [L#í-S(4*T +:'/CpwٮBM2h4W l<OZ‚9.뜼LXpGxJkP/)U3+ |r\4iO׳~/65l-z^VI. {kx=(,2iOY|^owV*سDz:-73Ooj˶1Ea!;.A7`  Q5^u񍘟!p}nR6+tѼ8QV. F К-j9ߐ0ES]Hpq馁Q郩z #gh̓D/Yz<Y/xmpuʬ9' uIL<mhĈ9 |w\issuKn֒ 3k_>"$YJvZ0|^-ULj{wWp?4cһ iIgzR{=KP+`hY3 Rgi]ű$-U>2EnuwjU5tpVhݣM,?k. <kb5t3*@ƄHjK{7T V.Dp$K݁+C"%; %1A aT+j|,q=pp﫛U'"_resM_3%KJo)嚥ц_֬aV>咽. A||̇,-9JZsha{;hP Z!3\o?T 'rQrVv1 r7x>ijɔugauh~ѳI.Od[#wXrœiwLG%LޒU0T}-qPh c_ 3tnDk Q.;!Xi2ôd}/ |?jB@ $٫uq8\!f2O9)e"Q=?nN ɭ/?ϱnT>duUJ4'6˦X7f:O}9OvaMKFS_噁(D~eF 3pUe•kۏTAoŘ"U8TPbHC@ p䞡,c)֨u"Md@THs>9+j2MsZI Ԡ8P*NN(6Ãbn$: Qhfiwӡ*WG*_b؇5è{99A6 Rڵ@W{G(؂lqfckEU^K_0+AtK[y5yp/QtndXCciHLO>gmfEѪ]$U5snǜCKCP](c.CcRʁ<>xG Y򂰅p8<:5vlwi;tĬL֫ {I2*>BizxLn^+^|L іk6fGID7,E;LZǭ4U9`Qz eQT֓WIY>,Zaio煹Q꘣ 9d}T0H#X3zT0-LX-ĒmaRG  lr}EA}AT' oqJ& H$AjB)ABmgIV|v7"^MR̦M(`Qt4Z$:ޡhqPUi4 ZU  9k.oOƋVDM iT.hk( n@%-IZ[39KD:XyuT/9@3%LX8ıp&[ 83DMk"ۖC4N 'T7#ibP2~]QŊ%2_S`VdKI}Ac!ܪS 0/u~ٕ蜎|"K< Uo=IqZuz;rMF_FYP\w(M"ƱNvsRky_)~8$%lߙ?u7)ʭD9<'.7Plhɿʒݐx$ YZUvz\Ĵ5hr Z$8ޫqh}KY*;Ru|+˪ҮlHv)΁ͱIͨXQSc|㣂PWq(8^69e*ɞZ73; C?99JYp0 iTWVc9_ĩҝp#O~l(b'i(9#eՆSzT Q"aGe2gP0aҀ>NbnY K[+;TKU<:ylŽk[NjA}h.$lvT^k,ȗ1]Rq|QdB_ˣ(g;N r])U(fڡT_<_CXնe.ʺk^ ,'ڠyU4ڮ CoʆEtyqt"H~0 5B 5qjP-Tu4=}QJSk6˰%{Wzun+kgբ(k~^v)EJT~;o+{ `-uίr!ō̐`tU @HP$ȾҚxqz^6u鈢oW\mErR4֡lKseDd*(REb iky$,Xz' ǣ:rtXi0:@5 pwl8F2 YPiJ"FA>JkRrb-.]F)M1~c^S:. sڨ+T #3{ 3uxtm$np+E~M}IأP𱆼T/cp&o/2WN۪8"t`ɇgq,>F[-D{2Ps}j4p7K3m%LˆVL^d&TGPf(V4t(}Hj>&ӆCb2Lc,5hVҌŰ2) :qr kL`F>`8Ap:8=F2O|r~ Vx6T7Mݔ򆨅*_)m8=jf⡒v=R:; { y]xvG=z|,nNfYX[ژ_5ġ'E#@4=p[;Q.*leAO^Wng^Ca [33츌^i9[okKS9rd:5[Uא7dG6Z 7wBiYmW ф; (c&:~f ?gCI/o0P(, Ƙ*BF߲ثx3O"nCZR"4݈uQz7O̤h$OEzT3%r H(I4M\$i%$8b \|bn ?F.-4L]n*紱gh $?hvyґOvV$h0eN2NQ`cJykmVÈ =;Ł~d52{D*>=C_HǶ[ioէq7߯?+'>KtC\!a%R4[ ˑFQ\/ wz{֚omDE/vEl$EAX>B bAXwT2eLjF &[x|晭 CAL=Z^Z32#o6 hve7 %ءPZ͚r7b5' z #%T%uxX@a5ڼ(V'I)CIAှ([` 鈂dLjlM%ǣ6yuhZO9Έ*T 90 o >zrY6B~>x,Ϋ8e *2^Ruq#D7ϋ' RE&aVrn*3e = fx։݆9!cnꓵQ TlZn S{g&~; B|Z?A/韾.@ƶ:0ZQ!G]a NZ0 V &1?k*`=UQ7i&}6 R58MzX9=<ܬJkz_c4:ej0VN)0*N~wd\| ֌۰}=iff{%{<-Em2]QDZxlv/i(]a%$F SfCͷNWɥ-HGZK3]'AԸSDW~<2'α֝ޞJS Ɲ8QJ9uFv/\n]ᡌ][/ջ\,ɼ9tԱ A/CWO$aj{I.&ƒ=,]oZƎiKw˺nG뭣 bFJcl(z:mykq#WѢՏo0#*bTaI̥Jf?h+xuIw O@Pt JcRRm uOHjs0 f@V,']rw܁8no*d|Ѹ$~H@D&C߹w+L(^kB bJءo={JFU1]~{F Ynp J:֯';jFV|6,.vB=@W琺FORK)01-.G0b= )[T'sq~DWFw9Y_q nr< FƉAJU%"mvUZBCJ{l1T[}4|` 3 8F&(!SS\ueйٞ@^užlF_fmǼ( ,"9~zKnҒ/SpK\"Jg~J~13>GyX 9 =/򦨀|ё5KRV,U"$NҸ ,Br<[Ecj3}m>Bitkkw-jWsAI\ Bݶ-}ƉN+5:(ev@9[20En*Y`ӎ}W)sW@ 2&l 35ra.4 W  z{"rgMTjWmi%-I jPssXH bp)-;@&0t'kϯ ozJժ3F>voƮ&"!uU@^+=Ȟg*nmESAAY\(#5Ln%wDHQ M (gHԅ8Y6#p >I& 1[q^Ifj׏?A>I ɂZDT%$;9/bgNo0YOs5ga$|~Ʊg> rsۯz bLi'q5N֜ BkNva BP"0dvf e `ͳXHkw D|AN=I7=ud҄Èp\ΤnsD7?e<*dXQXT^QY,RdS'pG(5#N$ ek@HZCB  {BU0W]jjbeh |kYMx[;*fg܉eA&!m TKjDW 1L^Tp' \i~h3 \wshxg3(B[ɐ|\"錜҈c̒@{N)fsVs@(]J@d{8jEB@"j<lz;,4sz<5G1ĭqwbCQ%بg+U:$:ă[4ϒn;Hyۤ-ؿ4FM]kH(elMix#WGחHHV!0cR? &').C ⌷(J`7İ@bmS>ײ4ZZG djtĜ䨒{+|>?ᄃ9)>]ځ$̦sK;LKMUzHNQe hmJ &C0QS'T@b1)[*R$\` {?>md3+cj$@F8tgIy]OuK4Awՙ`^4bRD[F`#osH;m*] ^3ER!iqll񬹶&ћvA8'AE3bqGbSm1Cae*WT͢;\fPgZ.BXeisg&~31}ҤU5HD_tO=}mU5&6,gedrTʅe{׶ą8/[&)j0@Y[ba+[G+y䁚Pẳ( }/@m:g])*&09Ё(%J1 b(HwvirQ" v}c'auj b|)6#lg"\;VB("vNxRTXiR-U l8ٱiQ FX TI{+K<hk;9Zfw(T]33-fC P* /ϒy(Ü|#,?[2=fn@=ԭ{izs cWd,( 85 3я鋫-V8 s ]8'KJibL+YylԍɋK`ϒ*SdE8 vp5_%BC}7-$,5ݻP}*l`k+ CǰZ%e?\i؞ZΣ$۴67ݲm:i|SZ4y:}Tk;J'|)$O6VtcD^jݪGdG>sI@nmdm#Yq1^@'nͣ/L_hMCH'zˆ~drép-E$ jƅ5WvcpnVɡP9E?=ZhJfА0d(F&v7=O npĪ% ǹޙ0b4{qD{[ kUJYoY ,F6^!"A,or/ 3lw@aouN/ԿVOX8ΔלG3L<oHuA7XiN)nZ>f,=br2PH.Ƞeןн~C&~u|, ֆgJ2G\p{8 - ](ϼͭ edDڟI:u?Y 1p`QQ'D&=4d=٢q緛NNi֏5O\?8ٲT;GY50¾~5>o+Ppiq LVsܫ_9ЩSljg+ˑv Zd rC*ߐEmAB+Q[R྽xJ47"V)Kؾzm sB t â*W#.}n{-7̷{|ȇFr*^leDzh#ƤT`䴅^}G 8@מnf\~kӱP@h+W2u\硟7i {8OSvx?G<(=6 ߚB)G# 2WN8?4I$I6<p6 W 69x3SIU臞[ˣye]bh?"V@!NZ͠ht`)z|Ƿ]H#$6./ܳlzòv z/'cة4Ȓk,Ž KoC~[mƑ*qw: =|픤LL.kDʉ40}}[PC.?;%w~0ZA/xnbMM1BAnxA0‮jVS:>֛*,XmNPL@g噟 hn`)gL$ejOtx<ALmk4c懜$J $y=)V9GlDs!mfde#R妅݄=$IzgmU(@ѡ:%r~fR@vp*U$g,S-Dts' 49NdގpGUIL-!z1$Y bM<Nj<CԱj3MR|8X|C{)L7R5d_wyù*= t!1GXQj)Ϻ FO ?P;GLyo5j<_`݉'nx8쑠PӛC,[ e᎚h^ L%kyu@z:@]>&!l{u6oxֹoq's[wn()IO?/Ǩ+hVI|ԑi&H) \@:{P49ib#6cY}uݫ[m{TƋ 8Aڗ)jiZ% J!v]WHIm>+N2x<#1ZC#4&QW5mʛq'ǺCі.\ٸ",:X3I dy Յ\=TEڷfwelr Zj8W>(Û̂Jӓ鷼A1+4^r/pqwDV4lrfDNuPCo[Wς_-Pe `~,Zju?"saq=r) \F,O0#0ʶв!aGݵ/ BS>5yaZW:e ]}]Ѩ=+e-7H0_ ;bGS\gxni적sBxѱE,Hq+5Cv&I('"χH8 ; VD'{Sl+OS4*z2oX˺<] S=)/Ē0e-Oup(ՔoC2,7.;*eq-{d|p&I^% f71j ^ʛz[C]tvDvVuaN efYjJn`Wi%R)s_J.Gsk)&ZQUY534Kfc8ϼ[=%ɾ||~K3gKO2$L–؆~ wnC@ }ѵ[ epp^R$.md-FɅi=P0.GR :^i  ܼ SezJP(PYP*ޚ &Nʈ48ݪ-ҚP=ߡ.iɃx:٭ SJRojinzN)׻PvC~Xkd?HͤKB<•l:jZĉVLq]]e1*ɇGvOϖ˯(APk7q%.ٔrUI߷hxoAAi Xlw߸A$dP~sݪRDtj,6d^ޑe@Wi96YdTj^épKIGB4+d'8]JuvOmHIoOf{(ɥ=nX'r8PpZB{VME)糲M~$C9c!@5â`׭_6Zq}@.&pŁ8P\ 7_&B];lY3_8Nͼ&9RhԚbdHV$%oDbіR)df $ޢgv8kk;u HI3M(]Iڌ,me$HBI \b+؇i K|xEN\R DіrGd=[DD3$nG# =pd)'HFLnu-b!/Dů>iSpLaEle-rT /T< X{t/w*ERXhUfo;Zw8EJ%hKbίki M2o;IZMCG'7θV,Vd$ϼn g+܊7uI%GywņdO;ZҮ1hFTSZ[3p}IM{:H?Dlxo~*(L#w{T3AWm .GBP4KhRe.:D֧9B1jn6rl꜇Vl:<Efܦ]2} B2C>)kO)KdXAQe]nȫybeF~裱\T-d'Ld?7op̗} kׯǗHG%IdPKbx!m0s!B#Qws!xܩwiƢ -U']S;!:lRrL4dz'>D--Σ2AЊ8ʽ-T1,}۬a `P-x &'0*ݐ^huR/ qp8UN~:udxJ>7 $N͞_#Y:ϸX45Z=2@MRnBF ȜH*]چ7V+* ){q~uN5޼>CľڎVUvE/C8XC2":0"G,W Z[ثBn/ Z qU|ٕST^V+zxa3k+/VhƷ|T6Nƾc$j^]&No䍗!r| ԕq~VV8;Vm6ԩ]mP=x~]G-ϔXx75Wj$b~C:ҖEgu$OYR&U @4kbVH_=I8Ra;e9W_Sڐ4mriDgcq)И>|t;͊9O!P Cق& Mc ST[1XUz&C UB"bUCDrpHh"JEW| 0A ԍ;R42S&/tJitJ?s}{_)d'Yqa ղt+-m/.Ϻ9+67oVkbOLKDFYmV q?kFPT}9<1D0? ZyHr⷗`?z LS;߱*sD~X`g aD`82Pw O̹oV]@b^c|PR^c\5eHa7~.XER \th:M{;it990Rl~w8zqe]]<̒4 m#RK}&K Jp,lnXȄav#G㔎LׄGkXeJTֶ`.]m:s3im yO-[EA?UK)&'ʹK:'+4Qc\8 PP CIw(?]٫SdѼ{zgƟxUj ^=Bp]gQ߮7o +3.XBծo'+gJĐkw_'L)WjĭN@&K`0b(Abk we[?LJ@7.ƺ I7?Fy@[|@f/|bz\d (k`v8X`SS\]S j-(P/u ^ G(.7k2`4Ywz-odJTLVw8 svWS M/ḿB1HD1(dz xH?% E\\'XXdpJל HW•ߟQ \P,!漢쯍#Ϸ:fR3C@B~1V>f>slIBMn @>v -:Fcѫrtd ,Cx բ/VI,W81z ٨mefD%(~?CFM͙= ۀ7.Jާs|)N.Q͙q'E)A!: 3ҚyM&ȟhQq<;EF? ?V8ނ-O%\ mjl{P_ɣi59H.47$o;q!WO:]*Ѳ2y>!eh~bmܼ8<(}_cIc6GG:UG&mַq'|mɣ5Gar*qYВ] b >^ͲGfxJ*)z}⢛džqMcy< EQsj;D{@o]󼶱* Di8yJ!mg=~ m.s Mx")3]҇ᤵ@]5e jaF嶌8mCoſ_(<Ʊ(v i#t8nI"Ђ*ES+f WB)z]^fgVJ2Ӵwc_'R+n8"xT{SϢiC")Jo*kLy8]jr\АJU.`sUj,So5I+np:.nʩ4O̒ F ˗Bm-O36t я͉m;dϱ(oЖx"D{(=r!rZSjJ6V+@&)Oo}hw M'ݳဓ! /Dii [} ϰV@s3"mjJ-\W^U\s9f؃ܫ(gjCz* $ҵ Y+Gfiz\EGcPx8`\irz4\h=ybmW{tSgA0&fH$H4\1D8oY\_ 9< m coT hiv: %tm5v1bBJ3L`}hu{!ا%2p|h+/'ČShK7e5 XXDO4Z$bJ~ײ&S*%+.̈ū!u΋۪~jx; ʼn_Jdn!thjMX Y9ʥJ˷7, <yH\!|KEz@KְXʧ{bjGwݩJ[-?7ʫ+@h˵ 1ber_G;;qFon1t}D $h7J5mxv;8l2G>/Eex i=B %V1cʷ ~*{8K2 ‡eKΞNZ$d-^}1e_o}[}Xq9B;BJpqSq [*S)L:zY=]o4[Yј^!vJ+!]ՔaWWo7=ns8n'F׹{9U-)y^:{S0(Ȟ O%6+ƈd' {=-G j v"G=KJ4kDFZ&]NsTFlb?Ayum)Itr]) EM]'(RviP?5ZqmseXzˆjd\ ٽ OP)|3-ҨcFYeͷA QquڸJ3(XQl>J(JReQf,^i 5BNt^*HW6e""^ 22!Y[^BjD*י+5!^0idE`X.~Dzi3T(.c?(˴8"(2IQiu)h8Vept{40׺Un&?XQrO(V%8ey8 h,ֳLEՈHnl #xcߒ{|4'ee)`<@XZ<_l6[2/b>e2`!V/c[7E>_~ti)*޶ qH=7P%T *5g|ԿU?nL<|7r~!O1?G|dȍ'8Jul^iS#xt:!]: ƹ 2BeYsNK1²@5* <I?d LD_r֚$k|GHcNsV7g = @낁&۝fTE&/sZRb;8 tdžp'bܱskRdT&͙.]>΅ޝga= !ci$އRPM֠lk6C7C9 Z2_~M*mٲ12N+uܟEd?S  YorYN6|d^W&҅#M1Uu^֘r,E?l1 `ln)=9lmgiPc ϟOg'N f8ӆ+ y?_|1+ ܒ'==jxj7yɐ$[" ;C$tQ #GIK{x9J.jEJc?6Pj<=ifH1i\%tc|ѱ=w9?(:A.8#>}ah:cZ #Di7ztc~"|KO}kӤҹIvneJaz[ԙS5rJT7vKޛf?[XZlg QzxK̹\5Z~ E%@,Vo|nb#UaGWKܒq C̙V?8cd ̶#w4!ԢtҹWq\2%~Ksa,z:lP1ux*Wa(m\рA ĀE:EjBbA~=22hu`b]ByqՂۡ"&bjAv]CE`'F?$utš*t^ƂfsG˰kU9d_K9fwSzHOb@ɲ]` Ae"z>AV/ T=M'̄_LtI1J]^.xwI~#ί1"x>7Pn_\V9J|nC4_No&qO498 +/zs/̄?NMBrڌ/ 4zi\)Ix =|JR0 ԬLf̻ts;L:#BHyź{ZVٞYlC@9m\8b,#)N՗/ɗ䰌HYQG䷭*/$n2DGy={0 xFJc~ .A$7Lf~M-1-MfN@:e ?_ %x }fcV\\j%{$( mGoh{i0Sn0AM?b51I/!>#p(gI#bNoTU?޶u5Gv a)d , EpZ{ֻ̈́u` Gڈܙj⺝\iP)wڠȔ )t@D7spKg;zᴁ$xD?8r?#2Z \P3mQ+X[r о; ZߢL_ysˍK΀. GrE͐W:'An0ݵ4b7BgK$"ihwsĝ=lgo &gCj3GL gQPʁY%o RuOX+8˪!0 _"vgHvRq[8lI׎_,3ɋ08 :șw*),୫%c ,=/43zz1]{MA࢓iZ_{^fU,c֑\Xeo sRi%(q1K9d՗ȴW@S.t4>¼N߶^Aȇhձ7韤zUt/j65R^f@q;K]N;COX3GjM]m;[1!1/rqc[[g♚f^aP^˜_ ԩ#83qdh}Ǫni&$xݜݲ#/Ni+KEXVgھy,-6ax |<<0Y_j}hwXq079`-g>r璣:is&yy҅ V/D I9}w 'PWAj4D-W~T/c4n}#gJC(Quyn@1%iw fu{<0XYAC4m7}H湱^Ko_-6'h_)ZmVfNOl] jة0!Tֽ)jt(©i1W|nL31C k9# ZXS}xVP3ѸX6֣j|?yF%kG͖3|+3lD PE\v #r hT}z%1u~L{i标 cS):DJ=Tm؊F-k0[9UOx|U h܄qWѷ ,P0Pm1D׵T,]-|EmywqkJD!$qR)\V7a,Uz#3u ſXKLv2;DkQeOtÀӗÑ""c:Lyzz2h59m) {V*ڱl=UpD߆"V& $O-u41 J:ܘZi֪ӵpuk, &X/A yBtYտFچcvrͣ!T@IX9Y78c E cQ0-l3RR$\bOvR(IvI'TeBb43zi큶kzi!B:qՠg[(w*O=oLinw̪*|x[(T[_:&d{1rig  I%و[X bf)C3.x O991ύR6+KY¦5`줱NZ~(4DW]~  *j/>W51ȂJoգW=3j& jlШ؎N]$dYӻ~SwBE@0}T_醮Dz7)Owy`ܡEt>u'\퓆fGSw%4߇S$w (n/Ҧ# ?ԟDz} >|F]D^ E>c7V%,%&d1ec~O;J%r^N*ڲx&v"NP)vS aHKgr4h*vxPUSa=>[hv=pmٛɊpyf3ՙM v΃mR"}&đHTd֜*\\ jI(tv4:@CcrOUxgu" K.wLkXOYPذar ;eÇ!^e*'BqF UT͔fh &o p";gAZ{AshT~L-AO??*bJ̵MUa+Y엄"ů1 &۱:K O*YNGʧI!J4N~C"QN o{;K9M8@6q,HI34NV$Ʀ}bx ڥ1/^ǶP[mN|5` ('XB!S_R(լ&a( @55ZܘDS{b%qfDKRcNltܴp^w؝$7;}wHonh`2믊s/POIlh{Pt+ptQ c]xvOI%vi*BQlUTR-mOt;1PLHA_^YbcI6ժ/)(P#>¨"^a(dbqP,DDk,٤-oL-/WrjU[&H&L߮<&Jv 4N=m`᳗x5oXYM 4ܗ4"9l翝S?KJ~FS<@gz+ i y3f{;Y~Esc`ԍ;K(BDICAC!prmw1!Wz9eF"W~':mx7Su'~"],)qV Xn ky-͠P)7˿6sl+dATϞQL-.D k#h@kf_i\8tI! Ũb"QqyQHpnQR Iqz) BC3%E?t` KVF`oemS*$)*,Fp0hB>xЙ0FώDF?IF&5|ޯ\H; 7bq8/؃|l(#zNBAӝ% ;N@%S@AE l (Z-;s3Ÿ4%1t[Rʑ(h  kyHaɿ c<%+#!;6a~C5zâE2hSͬiD~3xٯ g|RSzN>M-?58&BX$J&ޏ'䌌2 Iש5.FElF1fFDck)ѐ}25m ^cvˠB=0bs֕PiXmH#reÚx6srxSNbB֭ݪzBBip.T~#{zv1r4X`fE%.#[K 5p=kY.'x*7șGA{G 0P "C6  7YI\V'%܍IbB{AmvdɃ7y5{{a(AzZ!p2Xjb zT baf+yS'e遪/kŅ>=dA-3IqA\;ec3o;Ax-S˜N}ට⹲n'Kj!x/taaot'pf \zQ&uAwtUu@q?NIaݕ2Y0cފߗawF X=Njd_|Dn0"kʐ4NeN&b:3~Ps K eEϠb}V܈%lC`jA-G ؅4FHr-^LT& Z|;/d][.Lg} 6!7&k 2rض7Y Nz0RjĿoւdi-eI%JRf1$MbYm " )?]Lx+ZզW41;o`hmsϢAKZXsTrƆҝAvMBg('%^mmlv ^31Űv_R X8RkDޏRHCjkeipH TGԀ̖ ʫ(]o -)Gbpzgp2xߤV>Nv*'̸;BkX[;:jG Y~]Lv:5A7T4CV_ZD&1[&&P$%Mca3_}FO~5uk ,HǗ[[cV-Q%JX5lW۟S6ݦa>/x=[` r})u1R[QoGЌ]tJ͸H^aicCsV?pJ׊YX2\qm%TZkoTno<;V~T _?{R*R[4EϓpL앰&l,!zEM0-n8 t;)ӜVl9>: ?JTzGFޡ%יJP_'ySTh6".ؾ lmV$!2%(D NҠj^Sa[9ՠJ)fZ$(D]JUoM?5x.j9l;ABp?{ s-Q]r(>0_c7S腃YP/(v;gvAԫ(TPms'%wyNhPI\5~}|jWlj݄Lʀ @LrċrSfL8Zm UT컌Z۶RhedJ'7?ŻSvJ?L"K؁h@">CڧamxJR(gڠByO*r!%J 聜)P8KL.(#[@knx۴vE25ù46EP^e%0joztXG{@zdp0xG ޸R"oM&_ߚގ.#XwoPHE橯o k-E`)Bs teRxf^oΧ2b܇pX H.)wТ 4y#ӎ0G$%lhwW\sx{(2hpd4[wԧFTO z#U8PuTҾ/QħM{;0tVtD`F1xreA`YZo.3 5!6,ju-N(%pI>کTҳ߿+p ǩP߄OZv jCiaffSv9$BGseB8d1_l+-EfjP:ֵT->NNSEW]fO"ui;(t3ו$\M[zJ "m廙R@*Zt_, / 7/k ӿ-5Axk}֨I b<B9 *HW<+{n֘u2JM-){˱71 zݽ:][a|%3t0Zu եzx9+C2hrT!Nt( $#Sf&(\(C$ytd1#B,[~&){IDU?G\ ,웩__0Iೝ#UeU4=7ŒfhݷE(+˒ r*W[mo|Wr.D:-Ӆ3Ǘ`)*7˿T qk J3Qdrضt+^PVĵbfxg(]W[1- }p6!JKKs5znJ JVOE.XzOɳvo؆B+7p ㄩ֫vŚX`3S|[F 9c=BXn9gGB1WۋnUh䅔G+O$ 9zo7;?ΤHi*Bv'2&B\6+?ljrX~ͭP0Ir55Z0;X့0pP48\o F[# &D)U4MQԊAG0lt:%CoUqzMl&>5Fr:6"V_ $F Lp^AGwfו^N;ݑͧ72q hPriɚpF6 I jQϲY'cp]٥ wIn4}?p.iꕐܧW 11ά= aZn2C=J T+7.|hZ7[|9Gt[EB?=(;ڭƀTjP|00,0}?HʝVҸ*̗ dԴlQig_=74ΧS{׎G}bkfg_> ci},Wẽ2+Bu0W*4I%|sD^@o{5C0.ˇ ت j 5SZ5viРC m-)3;uMcq~/Ҿknor;ɏddrŸvOViN?u!gr: l#B-(%1G2M)rJj0{lAw\El{8u'0f5% ^*,%=,]|cMKm$xEVz!i{(wOwݷEw1=YAs3 3(Idq,aYMO8 W۟OYLP BP*4 lSį:f~'tٹb[WtMĐD( u؏4w\Ii$¹Ϩwv<^yzT,DqŘ+R]]  CGɉs'AgVJέq6Xe)6A}Vђ<WSTPD FǵޅFlKenkHtM!Dn[ԭPt&h&`Cej-b{7cU3·SIk =rC5*SU(y杋{c"mvEuvT7BM*|P$pkkKK>F-{ШE< bSۈF$,IkE0 "F1ioű&"UQ!HnQsJ1<_܊F&(%; =#SWy:ʖ9G&3v?4)vکiD62p`SEw ; [JWg:ng$Kf9{OЪvP)9} b[i_B>\wN59ZZ+\T%N9BwktꄱMV/HA+(ѝSOVEڰzlo U5LH0p豨]OOye ¿c LA*@Z"i5XA0~s}ϲ9]: So1̑@Xk||JvZQ@p3bL҂Lxǻw%S&`?Hylxb)0A2CH`7f]kj!N" j]rDIըpph?cQhGP {s҉';ĉSd 6KfI hq2wU^\K~a .$Zݧ+QqߛsmLvSn9N ҂[[)Omw8>ck z~tq qdgto~=`4'2+ʉ7d)%!uToM$\g"*OFWĔ[f ^rU=0Պ  MS}Aj"M*j* 6RjZM+F׮hAxE*Zjq=] \$ZI L+P=QI]9gl`i}&s)զY wpY-ߑGM^g < ?g; 1Bҝe/l\Z57;.#=,/1j5\y??<*;ja;GWۛ%#Nڃ!.^vYmvcQy9#1egM* %Kay]rƧJ|WUo(چJi֘v&Za׬"/lMr]tf˚}m .yxL!fBiNR]iLT4߈Skwl{ 5\!}熹cq#ܬH%Rn=o5_;7ZbmJ6dKc!<-8k!IH6kw1@T|M=ISgYcB;D_o8yR0*t*Ļǔ\:{k]Wݪav[m7 B @ *ʊhsP!kJQx q58YU|'mQyXE M2+òjyd?4%$+V 4)3a>#j%CaY_}׆)1xEw]#顺tfTO |,C#y jsB(bz٘&|䰯x,RS3,<$9O1esi_> ?sm;vl{+q(eG5ܔvw )Q ˯}x Ds@Y%lFD߆Jcqt){fXYR-#|_'NJ K{-%=&RVL幺w`fՃ]7t|cq49Eˑ*DN `j~A.roȖw@;g`w % hZ+ۀEzf+ ܬߊ)kUhb/ӰCcmwtk`jkʬ@./zPj__ 8 K8]dp(:N_VU}AY,m &. >?= huxF"d7+!G49ջL789ἕT#}߷?0a`o 5h*.D~9 9DhƊ 7lTQS~ y^/LkB7Zs40W|[`( ./>k_ *|opw|fa@oœVp:7khIxb= GUȉQagXZ24 ͠lǂسߥCYjvT5ӴsMwbvm!g9UMQ|4V@4SVC-ӈ~EvmYA5:S<9 饹9fȳ>`8#^qAJRo5k^*W6 չS0zzWǪ\ F% .K@Ks*Lr3ɋD;2WYS56w1i2W79z2#H||ʌ;b"*򠲖t޴ a֛1A줢^bٔR =)M dLdD"Lw`1eGpw؉[uwE>(#7±lJP)`3O=|Xp- ʂ G&00A:6&kk:oTD.6w?u;\uq۰&ycgT 2*Gt~z% :bQ3)t vWo/R>=E)$K'=>+@5 'V: #ljw^yk~)=PLctyTґ]&7JU!r^bmn5%z듳bAQX"sPeS$VnY8lR;ʸ>r6ٟ UZ|ĕǮCgR=ÖS1LI *. I6.'s[Y/p4ڧ_ 6,4~y1A1|D(߸%B` RpX2UY^(fGi}=xYue60摇 J@ zB"X& ) ,eݔEOg)^?leШG -5ucH't&d0~wX,GƆwZא;7 נe}\~2! ZH֞)ؿ3}LкE( P.γ9IilOz댒Ocݕ//q'`:FG(-ug6k5jD *I)L%Hp5Wph]aͫtu 5Yz],H{81Sǰ7 |*홬Ofp\:M-P~q >IjtXR](iWJ`xۿα~b-?4)WOܓ> c\cE6>u7}R˸yȄ@/\?$Ds Z-Q閱P]'t{ʼn>;l؛삹с肉=fpeָZؤ(4/@K.*8 IM!pe Щ.x5͟a,b2p@%ȏ!~pw@ SݹճC];0 97VX6,bSu(9Y|M,ٍ1 fi'EBvgX.scЛ e묩ccXJFʼnS68:^E'81 8jLdEUMm*aڦвϘA@E`7N2 BBpӵq/,z 1{յhv3,H3&I@L:6H6O4m$dݯ[b4B~n+o)@ím3ԏWxUc,,n# YgkkEdo ʮzJq:(~ԯ$+0RsZN@r"'+x/bU<{f ]*'J )9VF*At1Bi^X5@M5P^Z6i caxδ=+U6> N.Zb:,^W9>#-eZ~']9Z޲V<̲ZVd}nBu79ϐ%br(<C'7\I`{u*( L ΰy{6!!F4>әBxֈ܃ǑB&ݡJ "9| lЌ@ϱfa' jpBlԛr2זj.4bjt"(a'Ρa"ե,\REg] "ϨRDNd_gEA^bJ؀$?XC/JaL/w{׮0-4N`<(tzuRW;3ɀ&-^'xt#g6syuJjApz9HR%be9v_=8r`Qa}]?Eb0&EEr&V:rgo賿gq e?6"?/NTB9hЖ@QY(h:k$mO756iCzp@w.'GzkVY+?=;Nښ31p n3FU,dan61g.<9+GOha_5:xwi!xF[dylWt >G08p٧ȦSiQK1}? . fKj)VyYVӂ& \n5UQMV`C 0n00#,4T -2.Ī)|>M#xg&!hz&G+I7γ\HWSR߮z~HFj=8ZwsOt#kK. Q\Opj>S,18 ?fKRg:ߙU2%W{pO*i<2 ܲ*:#vR' ܥ&奘teBʚ#T}!lُʩ;n+|q\DB9Rs.VoY[s3:bHY^,\ ^#Y[!z yϫ[ip>M^[dmJ*<H^>}YKB.LcStifvg՘@yj]F"5 ś+S#"ʵꏯr9Bfk;_ҥ 7lx nVxWPa9kjBU##! rg}ބؔщU 9_ U`rW h7L"iC 'YGNͲu4zecGqVr=N#ŏzKR$5g ?ʺ!'h#epirjn{[ ُA}* a ߠbb /S>"5ʔP(෫(V;[ \,.ȡ24Q=v[n;ymx&wt**`eS?Q\L=n SkM9꺖`ӤQ¯[bN橶 Wl뒩{(42tKU)c3^c2cQ:?LJLu3IPǬ47FX^&a@m! o|/ "4,CHfu g)~'nĐ9XY9(7XzHqՀد3Qcw il238+TC &iCEQP 'ad" Z2wP>L)Ɩ1w1Hdcxd oAxn̶nlnf;dY^IUQKEr".F(9pV0[F[}>޴뉺zW3aێ݅,AP'2Lʛ#`_K Id*8?MewP_A\ԁ* QЋ9WBB)gMٗXnKa;07Y3]d.OC@p jz[hHv|b,&jPѧ|mռi`-G4WH윲BU&?_ um—UlXKQ|m47 !Q:U;.%s`퐠hVc̊"L9%'eZA|OjصK v/~=;ݩ Uy6&FaWxotA žpJ̒ ̀i{[V2mlFێMM~*бʣ.,:"A >=՞%CVZjè2e^_fOT#PHJiXЕ[$"KlWZ}! EO͹R43s5KQSZDE]CAϑ{y>h])5o(Eb(B9QkN1 5p+ alpA/@j}9FTADҿⓑ:)|δJg!18ӅI#lAL$ӔkZH/? `JŬ<99V|x?d!0ZLjN(dMqvVq ԸiBׅ[ 9^%J?",!M>mɻ2+hcD^5J҈L{Dh;e ]B8fqqbi69>T3?| ` &=%"V徭ЦCwD:/#yt<[Ԏ~AzIa2/%t&W[8_aoцX(e +'y2ru=RHStOKMMg|Qa]Hx*#P$0bq4fzfXUs:e]5Ra` ƆAn‚spbJ|K} aο%߬;]Ymf='Nr2c{}gOԑ[h6B#8C1,ac[47\؂u6¤Q5d)R#h6GDoP-1 G.-j_w} uq7 :c\Z?7YŋP`9MyȷٖT֐!1gO {ʆ6N& hP Eݙ)87L]zG l.TcFl h6Ё(pEMH\ɈVY 6!u˰&޿b y #99=`8p`z(kϦn!Z"ڎTi<|aT.ײ@cOp̦;S4Y.kq.KcI5&ȉ5vߔTf?_ VǝL>Aـ.:1jd1E5sC݄ߣXlܬN̕Pu{Cyw}9^z:=('d*ȁT]^]\CT N0 x.f=Y"b:r7"؍`{;⥿?[1͂ OB PWbx[ ~ՐxylHTqYNDL0ZJ&A鵷䢳k=ZpSL4 SJ𗨇j~yjz zV2?k'oT&ڗdo_3 > -srr\U OՏبC2X':Aƀ@;~=JE`y"VBgu,=W(I@PE0*+Δ!V[YLX8 V _G IecZgCPocU %z{#wX=\ַηDa1ݛN4j) 1P>e8peq3 .?76^"T @,!Z@Dő_Ŷ0c3. xvՇa{!r"R45E$(S+Gvrwk|2; ]aX2: ^0,1֓N5,~E y~YI7%*Jz]_8WnrNBr٢_}86KNԌ,&:`ky mֱ֫ ɦ؋|h J۰X[Muբk]azzr , fXfg7c#\5ro$~o?M =/$, ,=K!sfcf)DcZۻG12Nyr +\V^} cq0Z!:XIʈpRB[fOƺBZ҃UsmO͖ağE,g?wg?iTW9ZC-noV9!rV5eS ?A̕ufaf[0J)oTpnӘg &\U}u%n^axnȧ pV H.'ѥVvuTܥx,uJAs2 M,r1<| ͫ 'Ge*etXYɅR?_{.Z?U}SR/ymڴɸŢ#d_p`ߎ/L\skS[Lh*]un(^$͗5Y3-zՅ{bQ UOkkm'Ǒ ]]LS{}"i<بːkղS "#9LY0@`l*"\l} o>$ޱXZLz7Vo.lqba>Oě].I@ ?a~n⛠&;.tdHlB8 9(nB+ѶPqWq>EMhA'b 4c5}m8ʪ۲4N>4opt,\S0{033oALPw7vD)9#gJK9K0V{Rin3`-E@ۼ4mSs76G2AS8/ !U;O,vɧumfHʙ*S@ w׮03}7K}z2Y VU߫޸_eM&EHi'0{v-18 WkD W<Pvȴ ݉ڤOA`M$vatUxTڋl˫V+]+X,KE s/% 0> x/ y.%8Zj>`8l?Pg% 5v:FEu %f+(sR23{"%$S 'Ĝ>v,_9ˑuI:Ф%߃~6Km#(l<2]L3eb-"$ SV!Ki hV5t*N?%lBVdӑ9.Zp2gǞ>EN C‚IbY{U.&=b #o0nHrb\: ;Mf8 hBos1Q7z [Np:n!*IH3tO7KֱYV6eד۰]4 O•)o3Q %{ BI(W]Ճf)m7o= $I8Sd3SC%s?r:H)ZfLl׉u3T":NLx v4Y Brw牱Jb`M+nan}nH$KСUV+[S| #^!ca܉:`޻ghVկd+PN};KyZeJ kVCPq)$ eq %==0<ʎ9} 5@T}\ƺ]"GKqN !d"i:袧 :ڿx jQ;X1#pX-!5d`}oT Z_ȯV5($tby?Ɵ$RGP?\M~y$Pȳh 7ӄ})鐖C:[X4a1ES~kFXD\0etL|k,Nijo%wRٸq T"[3V3Z{sM3<= iţ+,,:D u0i]E Pnҍ<3ܲuq?-Tt53-REmA]Ӊ9FVPgG<~ʬC!5Dw.+< f̎z_FeO9$4yď&:v-):$u,Ϙ+iBҍ-g<Įn&fdA\fQQ%zrSE/B ,[(leSxXQ]?A(C,T^4Biׅ,.2NH7&Nd~~hAW5r~vZBtiPx֪y@,ă 棷}+o c@婫!ʸ6пӑ/RМ yڦ7> h2Y``v>RV*|p.-T E3|"ü'GA&eE&n\='EtyA DsNIxj$G++Q/aT{j;8$Pq XRX{Ĭ}hd"^CԜS(]-#]4͑5cxu =%/ !EID<(b OCRK `1NIPۘLݝvo";BBQ6KNPXR;OCB W3d+zKb:7 j[wt5~NiGE;UfrZn8A {%J?̮02>at&YH$].9-Gs6 ~>|+\HdT&aB)H~HRᛧH$58'Gm;ȡ @$yU_s[:c(@=8]>?hJĜ.aWFN6ݵΝo TZ `e2?̤ ,tkp2V_2ΔL-3=`n[1x=22O*]CaMt(bqqߪ'T&mXw`M +aSR.d:>6"efz-I*N|ThW^(s@U`-12etH ppUMývzXHfK*{ )s['!ƩlEA_d'N=|7-uᠿ%s:T/?/!yHL3cطn?P}r ˑGA &/Ss>]%3~d+Ԃ ޾!T "? T~  vhF6풳k9PRSհ^ӾkK(BNՆH *O;F8w By½ܧg糑3"=V&5 1Λ64(Y3J+xEt8~jp@LG1ߗ5|pSB؅& RK6SU8rUqi6(M)Q]gfVŔ֚i+ns,KI {eY 3 Og{JJx3fNA.{p b@R6tއfcJQܫN}]&Eؕ83s>a[ʘ^:U& U:Ε5Jqql׳&!޾M$>c"BrpUy?4e%bZӲ%>nAt5qOJS/݆xVum:37#ڈnz [ԝ(pЀY â2_vJB=ӜGvļ }ᝣj1 2*Z(F6&ܣ&;?F3>X6S[hάSVgtW)$0(đO202!wq4S|(i=~E90ƪϩC{sX/nH Oܒ<ï:,ɹ cp[8X? ֣\&@)hIg+kыkU'YBWJS7W(w@|4x5047Tݏa^v1X=KFEћ5zHcli:ZrA3o2-|S,uN/8}=J ,I?һrCZ[S!\%τJ$(4?F|;iޚ+q ;pIvܰ/ *?H\Kt 񨙜oR'yP57|2Nvֹ_ݮI$Hvx:A%Ka RhBl[xJ1=!62eZX3ARĴ̮eK5;!F.'tN(pG?KOcOSUae$~i"Z(JwqJ}LajPQ[|;L=6z?0;|H3'~A==>2[l2 68*@)Ӈhz9g'9?^: >7݅Cr VH9)ܕϒR# c`40+9fv <˦X9sB3&2_ȯ%M"`̀h19+saW}*3$b ֦]q3agqo`}m%?]Y3?>JL~Wm  mul{]?RiP+ uO jr0=p"dĹ",R{e" "ǴDl"gȸ2̨2&@j;SB 5Z`O.AC޿뾲Vrxܲ{RYZy̷] 1%KaWyݬ&a ơDhu4*4=-4F -GXJj@9\ɢUˀie|@JpX\kEcg$Cŀ?|,kvau$c\#I#J]edwQOUִ,% :1grWG*y6b=j/w '}[~Lݛ_8ޜbhˠ $D(3lae| wDDy4{-Z: ss}} /.ՀѢso?b?twK^rǏ* dz4/:P,۸w??D|mz| vcLAf1a"nZQ}h>JxK lx^Ek})yj0w喰ݰsh'# xJt^t8u; /Y6E"i ڴAoI՜UC-˟q2he"ɰ0o`ti%QQk}cs$[@Ns#Y >CӅF#11?]q~pu7eSe# \m20;B4ˆڰheZ xc[G?#<nJV36tdpugW^8J*WZ\[{dTmNG{aĈƭ旎A l0:D01n!0#p d& d\HUJdS°nqmEs$= 5(l ԹZzf):] cJ}2r\j50h#TZa7Vn"e.U"LGT>#3_)}J~_VYN1I%eS^ƘTfV?nIlk{4\A{r/]C cLHi.)bv;NeCPeFe?Oi9KжP!oΦ=/CܱN#HdbG^@uI8mS4mSA?_Yt V^n4A>j^|!Ta-Z^=rjN˂mD''U~V,V"X'ٴ%[;O}Yi;^G-vcM' F59;:y$)ՂT$ݤp\c(&}]kqJywzjt&K.16;į”1.Ba oUπS5՛+[O x*a7ܗ@uh ¼+mR \>m-85D:jk軫SBgfK| !w03\?OM ^ 6 P[0c%z0:I"H,s5U=> ۓEGN 4 Z> .>;3ƗtH#fΫ!ɫ1|h;9%/nMy]BϿV QZXJ&5y3[ n l+0q)2EK'nD5kYs%/TV x tK{X~є=>ҖFD C݉-.9^nÖ4LA#+d;^fuկiiL~ 6b>hk! H'U}ToL#) '9q$+j`ɧg{Z=i󕛎B50 zD餪`fp Ȫe6}u-{]P@tŻ+IvӤh]H}Vyh?bVOn\۽֊[ 5g1pSl%3Yjrwb@GXUoR|6/GSEP\vC$(2g2)@n;3@^&jz.tsc4'?7p?e Q.xCLBSi۹⋘`[H}%(,8WOFYuU7.Rרa% ڔ( wk~뷷4cM1EJ-[vǾױ_Yy'qXϏ|="C$J!^d!B_.^Lf`(tψ\ /̪>fz& ?Zhesp7E15hb|P7a"TK| lS!`wqC^vdS Y-GJu^r+"/xed(@h>,܁T5U #tdO|&1Nu+%a8ڳ架K,/a.Yv`Q-Zy W^J1qxmB9D,Zd%)9(bcD5zI `țImf>>Zj_KMu-T.=e9iHC%aHz"ONrl+`V(r8u*1D*y`T(fU"7ӵ{$Tv7[Fnw0WP|)M.o\|Sx|YiȿM2FAYє~y>؂̩YY~؍Raj5l0=-Ib uHteYEy# Edr/Qlj8|ykĆwl{A7Hp~jo'H}*>B[!A3WS̆J%Gˇ&O,D[XY-ިa9pҷ 2nשVZs, n5Y=Z!yQq~W x-_ح:Rw$ؖGu:8W9sN-,bP,]u:Pń:oT äa J6הU}> y nG!J s eR:jt 6;s# L!ކ-GDW6f{&[E4UbC}YSýVN@6"m>@TYvy C^Ƨk6(Cm8&#icj" Q>MIKS[4'~Urթ֋@eraT"bAb~&)r2D!c6lIB_;|u$"7}W.*/oUnEL⧿g+sn$FZ:`;׬YǴI@ՙg3g_3J"JnHA`tdSjDL#PNgV\<7pi_{'XT{ {^A\+ + ib^|C|@츑y\NI+O4b (uI~hw !گS.kEH7 vvq쫛JA l8dgN7>a5zlI V!G#Y|) ,pDgg^j5?|8?2h*e)}kԂ+?aG3r,r{oGRfI 2^AfN [%Ca'Nw۸ =?q\)8bcDH yVS r#Zd^[} >'[-hҿ4.ćo10VB\d{n ;]!:ju#qW5)Mtu'sC8 lLX Ž ]SL[.Ϥjl*Dy9 hz {W,> ҒI$3.+j\մjJ07,ԧ YfƮ>$mҬeVJ׸FTpq(\:[ U!oi\x XN(i~I.4%gdTĔI NXYBH{TL1ΥH?WSXgHEZl:/W/iDKV[":{"b\=Wugi6Q+3DyGC۱n[_}:^!<[toQ,aaƇ<ҹad>c~tV"QǙX.,y̜'hQ=@V^y!r ^N&;ey3m{=X9#]J *.ȶ&n)X!8OqH7d>#^X~0S #K# ї޲&3:6ۊK^|̼)arХ=p GDoeYV>Ssam*Zʥ3cȕLފ0ds# @A%V86;`\ w{π@\1Wdlu; +?K!tXH#4 NW9aqDTDx9*Ք 4sa:>z27dSM*u7@tj~[HS2ǥؤke"8n_NF"*1xDm&iId3xZߺW`ᩬGɿ>kQ^[ 6ӛbe{^g?[ȟ/=S3 "Ç24MȔ`>M`c?"Jİ%%>L#qHSp,Ěa*SNT< Sކ!IU S。[3||Bg}҄l l0ywVL}Wa(B{q$.貢B+\6%m[4 Ǻ05V x;u (P,e8ZxLTRz.9ņH$9?8YMhjw3qEN|k -fvJT-xޚ䤁\nqG'E{t4^~5 ؐqZOD:&}y9ku.^ &"#[Gp]&Ejc40dפtAOc 䓳lȒ)|Lc.r})xtjlm")r$C,CҮUC@lea2Aי ^kn- 5o@f p T! pjQh*޻rᥫ 儋cnsfZS;o2f\~I2c{ M9O@~sɄ7Q0&{`&j)VE N;7-dǾXIrlX ^,*b^K"jq1ߔٍƢ{ciaSd>龏"6Pi.uq,6_`V(nj0tMNyF{n3Sa.cV|`͇/ݏ^'iїʨC"6MƞY<P< PO ?(w1DdHp.*ڗ+^t*Yˀ'Lg"ҿG[:|lg,23Nmo e} sX>V軷r,A3fW4$nGK.C +/SAȠp8#`a[@q#gPX*1ɵ!j&(ּ=NQ)qMl%$VMkl~w=TJ&x{{868WdeZX 6?rZ&_d~j ~/hZJm%AS͍麽=C0 )( 1Yy]sbqcvQQfN>V6Kkpi s5+sH$RjWOjV AgHz1wMͭ3_[-,-OMX`TN@E\ƙ;*:ss(e/vާR2p=`gea7ݠnwJ!xhjw "?W6٢}EdԞ]zަ].&ؖddάҫV۟{'5T 5y4M)T?F \zXb4M!hM>L7c_΍)# ߼ LR[,h0~a*):XœÇ!k /g\,L [+^{p6h0@*?wf8m'TmU MS~OR/lZZ-4kl)1Ŏ>؊HO!1MCyzOT؟',ȯ+Uq"|Z3#%r<0 f} `'sFfFڪ,nʿ[h>xfaWXWdy)(lNs_օr'ȥ؛\q-l<9TO ::vVq&O}O^+)bM4JCiy) ^xUF8A=rq#7G0F0-+woĝ7ySNn"V#RcHB)^9S4]hC$4\4e~CK !2c ?FA͊`]lu #*mf 8e+)XX [J gY !.ўnfPHHBޖ8~Y'H(cv&2cNiՔ7^3 y~CB^|ei&J;'G[k /tX߯ʤ3Բ&}ُƯ÷|._d &0s /yms|QԅAAUBcmY'g}N $(O3g]̕~ XT^?JKQ hyJ9JLgi@7F3!l ;"5", ̨{UZ4do,VsYcG(AAܕη㏡תK$;FP$(汐7[N!^NXC3j̦Dނ}/C-{f/\[%Gǝ|j[جGt7 Nt?8.aXN vİf9I'S}fw [(beXI^vKA 1ٽ%ư$׸_{\| iCO6pY(Oyv<98%̬(E̐v :FmN,}<_,7 U^e-I6"Il#gNz4~@;!  $@w{ꇀB4d]EU)_@ќQr~k~}Ys(2ʟ⩞u\Ci&Nh{n}WGHoJ:Ŋs$CDPé2({eS\g}Ơʓm<> h/CO Z'40e*/ W1c ߵ Q*+?!&x *DItI >L,>$I*o 4($;>s0}ޮG+_q<cJ}Ja刷ၰÙlk`z,Cj"Ǐ$n0bq1`c;c-]Hغv zN© U5Yn/:{vx@9ƷwJh}2ec! Qԗν,r4{=Wa^2P<مBQokIΑ#1} xt ?"Cavϗix7zA9{hoxE ,K^ݎ!rN&z~\6Jʩ /CP76I1axu^קlT*4.qe\/Sp* $$"X\g*+5G!:p*^{Gfz6%2~9ƕgN\9te0߲%j0ڬ(  uV,' !*5w+.ZVK0EbX cEV8OМ /^{I+'U2NC/voK:6UщS}3ùPLaM=xFt%*iFw Np0KM-J1&G7A"O|Z6 \} giS^ŵ*QV* KC}Fc*gnO{#{}˴pi=\c&GxP1S"/#uT>rx]8N/ c5п}lk|JSra ا(qhtV0:%ő,t̷DŽ`P98%~]q#o+Xh:[D["IEC;d#͵a_2r(X~ON$fQEk?M$~hj1bX;^@qNB} a3o:.uǨ"A1KgSJGI0\m"h!bx J$~.d:aC9_uA#T_8]н:}r4+ mZ7KSXx7x]=ԕA3YϿŮ_6/(9`A5WW 5԰/ݦ샰CnjrARS״1jb΃`_vOue&XhڗVlʟA-c9lqmCܮdⓚ7^0/T~f& [@sh!w{TrPp:A'~O.dމWR_M%trw6FJi4kp{UݕY.N-'䄪ZFx5^OMxkV qSr왾Pr{PN“f,NUA-UэԳޑH,`6Ė<׶>d@ HokVAc!՛J/>xIJ |K6_2\] K&2Hn8/ܴCڲ2!ݧkʤ#*{? 6Ym4dieH5,qP#ob/V, wգJ_P1Xz1_uq a E-,t;0 -IRBOg!wWV&UxZ{f ]Y"e n>%=B_Vٳ^P7`M@97u2dM!oPʇv]--'6sd2.8KKL{Auv` MlfRiu![ՠ2S[~= ]?J^Kb'SM?+e7Yoawͫn3SE1 Ԟy'x!ԩF uҮpʈ+S_J;QWfSGFm%"*(lEXݹ?.A"ƣ..͛h,X~EҔO- Ix;їzyH[ C'>JD@^F:z Tr=쮽8iK- C6+`L^u"\ dW&ZTl'"-:8Yܬ$qꃎ3'GkIC+< qoX\QLjn2;(kv|:g{cy [M kآ' rDf`x9/Z1T,Hq$I۽sߢAYJF=q{bNWJ"õ+nгLboZ;FwvU[풞TZBnPLd/(m:h.-׭\x$0MW0 @n 2﫶4,/Ѧh'aLVlZiOA)b HT5_EAaj[\Vf8OaXl6b<Ұ'%;8_|.9tGzgO'n[1 g: }/,^Ta O(HcwZ٪^s` #Bh=ly,mfuNIZ8D2Ra~}&XwgغQ-gtLa(QA#BE> 5'%(baqMTI&H&ǿX g̋Xq{(Pa=("8AO:QD" &0-.v}tc Cդ^Cr汢WpAחfzk\nuP C  Դݪ7eZHqlŻULf;TzV~_ Lvg\ f~C\۳WJ63DA%Lp28h^3;,ρQVupr54 Ql0\ELG%G ` 7sA<ύO½N6 #p_(W!h'n8Z^tEN0NΡ ^ T! #31%~7%QXF3k@=fnPeTT AO,殍.sOOOg#Oڏ, ĽD?s(]5~N 9@Ր>pߕ~ѱS>RGMAA |2?>8ɝk7JorAגc (2J3#1REm7X(H,)H3?׷`1<8*pwTg6`Hrr0ZIVaF ݘ#K|5TXb8Z+̖);ٝP)zjH;weU*{5$w߽3&]a>~LYz>'pvU-)0~hB#6//5m^ɆHǴX%:Y]L+VW@L)x R" %L DR:4xKUDTXGRNXbc䊤S%q<jhN!o8s~#f o3(s5 /@SKhqKJZ@`c{,9{S mI.0ō18}b "Pqp.ALDK9l @B^%jް`QTaȚD0p. wdj%t*zlJ=i ѽ@l-"ԕHhtoxF6:RO*w"d5ؗ#ni*pV/^(7+ktʛ2$Y*M0륶HrWw*Mq f&ieĚٗd(%(a0E"|=apKa)@ᣢ΀0J W.ԴWITq~V-Ji|vuKR W5'杶5É;QT7lZ8pВ}A|k|.aтvڸkm|n#9p ̋Wa)pa1=J hHӑ-m Ifxӭ''?`M0},LljZsjƔ6Sd$;)NZDD1,IjcZt vUYK]>ѹ '#(~:BkDWB܄/tvζ,ToGi)( 8(Qk?^U~*}U7"ߟ*d8IC,(ùR.x C&}';Ҟ1CaE:=(8V8ۃ̀n""e,MEi䭦">*'u [}qxnd`[8@QQLȐb?rkQF|0! G0c74@EwS_]G} 97gH`k\tD*& = r:?I=7k !qگDH'L;ok H]RK,?cú'Yd=PA1)8]tbV&G0_zNؗQ *ij٪,;ͳ6-u¯0R&cj0Yϼ#Ю:LN.*$t+{[d~ٹq@As$MFx`vj|i :w\^+t \d("x_*w:~84݋Źl WHKjo*1#$reQu "\tM}wTSƮS>Kw~N#k9.f`V2{$Ԩ _RV obwvs甿R6߫1sq}; >*xMb }Aca'v;T~ 9! I/9*/fxkecr6 ⸪|r ‘mc}wЫq&Oz~H[M8\|5n2Y\rR 'ƥ,^DoAߙez^nٺ0D!ƻVWK}9ąIᲦ̙1PA kXHi]#%Z2cr*Wg/M> n2Ԗ˱ ώb{1ҔX KB`==t6Қ)nMV!>Wȫl95 u(J?{ZJߥ7Y9 &Oa-@:(BzxWG6oY.-._gCoPz)_N͙"RXWj<QfHVM`N0={4:H_*g'^d16яaռRcA%GĊ @`KnrT Қ:n[7= }Q̾mTUdW}yAB˟ +hŴ\'ˀ/YJUh3S|2fC$3Bϻ%q/H>>ڼ]3 _fymA3#٠@ Nqt5Z=gD |vk K4d& 6yՎfc[2ޏ8~o^ }]4O΋SupaPސo"Wvu^oA@l0ƐơL9&BU1WnRPhr/L׌۟;\ӕr.H $Bn\{u++6r(t6$dh5?x E14dc$:U[cr|3ts_X&4=G.hAfe`:ۛ2㜭W|/O*#bA`)48 0 mlK_f>,Yt$*)26}2b oV}P: $#mL)hyq&Ӛ> A,pQpʊG(Ÿ)TLl`u+x“(%rđEK25֟V=rȲ7bSɠ.QFPlPc~368ήU0V]U:SR]l:7;gXOQ|־T9Lb5 | $o7%fqE.R@|-ߵ$ 0V*9Ȳh15< zMS\Y7 g؍ҹs@K qj1p*މLѴ`D|¯Ŷm]l}sJɎѹUOn2u ƫo\wSp'{ICx/P^ Q, hŇ+ _ҍRǑ;J֛6ӵ掖\F\O9Wc#xqlx6[^0ܹ:$$E[.9+">B Vy~Ht=w2U$Za}O$c;6ژaQ"tICjkjZ7oV1cՒ4[M|G,5`3+>5}~ұ?(c1p|D]֗y͔#MZRD8^ K5h,y#cq*dg*UP6Na]IU:.]=ލŧ1\ל@\[k-)8]S#a+VYCDw@:*ۥWcҎ ^; $4?7=RTi$?@b z=mU9 `w:vZ’;ft4Hc.^uxp;k^O+aCD:X_YW3e*EK*=ڄ6F^˴ 13Cd8XQ ii3 ;ߍh&L]k9uCjd|4=eF"Nͣ &QěRv>&QVȏY ސr Ye&|d@<虿A UwZ-90M!N2x5cQ:J9i] jzi+x(9`[@UFIgZ -->8V "6T$rp_JXx$AR Qj%.pX*ڡ@'@{ϋըXb> SB6l1AVF_@SvfIX>>rwSP;Rc94Nn<_"v7 䫉cCZ +`X7j{0DvN{?U⑙h>slڍsJ |jTk'C~[3.t֧~Rcj҃i)5ziZ;4|N |>)lՅ FsJuvsi}&4kfi6! \V,dN)1\1d )#gƆ Gц;`*.4|j-,1G%^Sd>Q5^52_NXBE5yCQX1IOk;_<˞-;c`hhXߐ_v s{yT'5\^{(u^6AC6Fln|geH-ȕ.d~Xft%A~ %k(&DQ8J)>$D&qb'{Z3 u#>na\r  `ᓸSU#!ݳ;|(uFEQ]ݹQeD(v J,rLW 14\怜W@x8f]]ίƤiy"'=Eҹ8{5qLaFi=ƒwRş2qEA4[)ܘJO tFD]O8fyjI¤Oa`LYWAr1' rg[fn.} 1?#-HVyኞ=_i=nUHNwY <,޸=WM4)vµ5eꙈ׵=/g@U:B,9<]iE)fv oǖG! ]s-)+碣}DSP+\!wP˃j_G~P>4e9pfeWX9,"^IĪn1P52Gt ƨ|_ŷLVkpFn`~ȿXc[ԌGMQl`{7B)ljFO .ű}ӊ뽂ISex/_0D¡ qݟ̆5^5iy4k[o(iqf(_[W^U@k+)`huTHvB5Gxc5qI& Q'Jt;Q KYVre uOFˠ6_p$RK>Ocgelߛ$NxVq7r*Y}.]m:8\Ć4GM狝6Ş5HoG^-S2c*/]*Q'jd9yHw7em|!adTݠXW'_"ȪFb$_ٳVhWxHi}`*ˬ.6̪)fHQ̩..!25{ k֪Jk P k{}X̟EͼݿsfvA>:(#V3`~ FL ^j=Y0y =flVIFY;$<1)<HtנƟx!|.ժtGCra`h ma}Iؖ R)Z3hOvI|ϤrMnw[LGǿ {ukbbÀStVd2k >nyvV)КLJgΘrB$CTGӋTPzʢF~ruA:F%pJal˸ j+ eI؃]'0V &=*P*H$%;LZSg3=vyӞSL&K⭏r|m;)OZ0)NWꨊC|ݪ0yHo%Ɏf(q I[(![C;x&p?̗Hj\ɯ]tʊF3Þ C ~{4B 7R1P"^{)UnMjZژaf4+Ɣ&Lp!h( G.R\ܧ`[QMZYȻg`?\a7 "L^وz6fT¥*niCHC6.(>w[ZdYv_ utXbNH8h`HK'Hh#oF 1 =^D[4ԮWhHt籒>!2ZѶ½kV>2NjU"fGA{{T|zO՝M"sh?|L'8z" G+S8 ~}o\̼~Ď{*iѺ`"; :0sjŔ]rE~ǐɠZGRBr1&sgn.rJHDy>u=JL e:Ӓ̊\Qw¨ͦD~&1] CkC &QudF*dTNx`EeaцD18@W3<䁞Vn 8,*U>2g+brZqBan%1p([^ebJiyؐ5c%bZZ+\BoJjgg0Xat`'غISuqE5[^)073zqZ炤78ht;v )z,E>]W.\|/lWlel;i)wQ`)-{t"mikqUXma#EPK}'\oaH,@:K}K-uJGZn C6iZx.V5(|<\m%X.qX\U%=4'@1(WjFB!)gKmK_ ^q'>cm萴imN7"`PԔTQɭ[zsR>JABE@ FΓ6AՒ'ܦe*?X8&M{.sh|=(e08dtȼkKc?d=lO1ۙ/ZI # % \5˰0l)Ӹ#"`[Is#Oeu¨X+fK;[9 +1I̮MwxVKđsH(um2k)K쿛}Va܊"8A4(0N[ 54 Ìkb)ґD_HQqHŰ[3:˩K>yO۳ޔ`2_G!@ERpZ]sW'Cxު*rhZYe[`9@$[^Xp%:8 r#Hʣ0cԐL໬ Fq%6CmJúd'XKnQ3rReM%ҥ8עL se~(HpmUC=$X5MAJSp 2):Za?peZ@(<MG)LݿR~.Sѓh=Xsv.2}XCxv~p+ or12Mm;n⠫G ?:(#S=VV YL1ݮ'_2E>}5HN)s) IDuHM  2:Ӊu3t}gg&ၺN/ BPJxq 3Vjݳ FE L{ Q{M5fS_m LLݪh 9 nr `7c}Ѱ^OFIBsb(J.e|B)vj65W3Ӗ41)`%v !4ܩH:TGmV(/RGJl'#= ]Su?GUvf߀=MhS⡗ęA78lo[8s'8lBvZ9h)5. nm׊6A:K.s'=R 9,ج,ugj+50_|>򚌿*8zLg뒄g~,T Oi7`h-,xu i]1j$cwcQ+߇-5[NgdP70%%Ri>l*F?pɶ,o!51ŵcI||wmpubLǁ`S+@?wsX"*!`6=oj#P͝t+7aKz&kQţ9%4gS6>; C|t[1P%f/@rUP<ֳ&q 6瀱*qeG*0FojZ8| ItuʰI.O?\U6!~aG%S+q1% |̐mfw7SfI<^7H:ǡ'AUpg/>W_P1x?ɼuS`~$ǝd͔l>ɍH4>4vESد r?PwADV*N bژw|e;-Vo8a:$x7ر0]Eg$.zh+aGu.R#n[%̏i̐+3R^Wӆ{eY"ݠ"ʜ6玳;{+M8RBǣ*]".)mB AܳޭJSaqjC`PKga)s6dbg7^sA13؝W\no&Ƀ{V]d7 Њ6k/V3SȢ46鞷 [ClڭMdkܔ%-lnjTBFMZ2/5q@HlKM!0^X 2=STj-)'/I#H(IwӛuZ.ś qxLj,,:Lz$A56LiǤtj){: S?x\>qD/]A5ڞ.dUn+j< `gB򾱂WXۙtVH&ru"6QV^U@`UԲÁ ]>0)7jǷ)Viz\E〪~#ntyݤM6/w~y d{bԍc+6g_ĕȗ't:z|Ku K;8Mpۭ/""' Xʅ˕sWflB%/&a&B$81O~y2&*dsoc&̏ Н/Xx,Gα #/Ȗ%r3A.pC Ri()j彆Ԧ/tm/ N7=I[)V`rh2RA+)9f+p>_;8W:? {INLƁƴ^8 `mM]xhra` h shԮMNAԹASu9|H ~*#L1/fvݼtۖ_*l߄a +CK=Cc&RKGFt|,'ie 2Md5)7*y2!>$PءM#K#Qx"` ȱ7ѸzP#.KH6W4X肉貊4D"Z}Է&>.KE1U+>還X A}[:aO Py2b5+LchLfи$M%a}fsBeOw4 h(KDdj҈:"; 9oͶ[,0/1ءR2+ήqlD7.,`H+ s~JaA]]IB[Ằ?dlzG kñaT늿5̅l\x[#Wd9ʘN4G9}i#9 %?~S Hn0x(%.aJ(W[r= 28SJ5>>e# aRf/@Y 2Z1ޣp~L [v~T' _L}!`>dǰ~VfܦRzFxL TaIMK3Z( {RciL& =v#_Q%XpD?=EIW\ZH?FBQzW5N̿XLY2! ) o>=@X;ͽƼ0xTݟ{etc%̛6`/@պf{mG_vS(1'u Sջ{?ϏQǻfLGxখȦA)% sT=6(.u#vkYUi}p`ȑ!z;Uҹd݆޲ WBh;?/阒mdk qB a{>-~wjY@UGkMy mzR'Kb7p+pZ"rO&Zx|~:8~KzviU*1N;!ۢ Rw]`sXop/m^k8% c`%EdL|.:Tt*p5*I"A`.J\̯ jt3)ŗU J6Gf]!ֶƂZ^Ϋ)H2u{J9}N4Ȩ bx[ OO䠤 Ot>!] /f;'q9@I6QBe+D#!( r-ltjBՓ7:݈ ƀ6[[gN/ZQ3Df@qo^$%#K'~IJ y ^,tn VA wٴipՑl x7h̰aJF_'5}FWI2^X}YEWRjEA;rKf IXWVQ5FEO6I!ڼQ[gii.UlC ЀΊ'&ѻI\;F؇-ctt&.j s)H7p'oES \q c4"@|"_aڜw1C+ qջT`;4霤].A]{Ѻ\g6R\M T U4{K"ʫJ=vgIZ5.!I""OV8 H@}Ѩ ]D/BZL_O]Du]#h;͋O *^Ls+]Z]3R0d+x!tXSfvۨ6qwfI!!L!Wu4 PCcxĂSfCޡصK\fʶS,=Dts yũV\`KsP\%J>:"aݍqEpN[!bumIXS7yDl/ƿTAY$I!"ҽqբ7'[b E=nl"&|Hm r,'"h;&樲aFUUrzH\%&T̩7v@r7M;!Pa9W\'"LD#eԯ`wSg=HcqjR 07'?f$CDCF|_4Kɑb[' 9Ms9-5NJGX}TW-zeߡϖ<Κ' *40'5[h{t~ך|ea-L484x<~DT^~h%1%N+5xq̟<߲dS}TF9ο %ln`2"C͑W:j,&ݛr&ij٢AW[]i"L3:͟48;j%~$0^;P 5 :1O#cvN,o @e]BTMFGFVmz&3SO`4ydܬ:ZH„R?p3ۘlwy HH5%DMD~WV-l|hMfo9Fr!w+UsWa¥ےw d "ً ;yᣦ6%Ő .@c7PL$5Nbb8E,^I! :GXiVɤn!jke|Nh` !}Lf9# D3#"4k Kؿ/OT43mP#  ڂ{kߣ#z4t]mzj֢H~J|b^:a%h=J Ch4alIϗнw-/Y5GxT>.7@ @ŏCd7KkcvKǢW TzC< -Fd,=f3 ~i3T0p kP Ɠ"84ߜxJZ IDꁙ86vd,g"F^iHnY@4Ԡػ;H֚*[GwR\MDn쏮I@PP{̣52LG_ǮAm#Ob~†Ff1 1'ǛLXF񼌰8)x47ѩ2ը<`!lrG>ݵa9*Fi ӍeY]Stx>*4q8og7tvUuF'ch,GNaBŗUcD W 0HR;zPCvÌAE#V24L4_Sj8t;-J]T(چ 45N&X, PWeI6Ol|2y&Q}1B~>bz[37MT6 6_дlvKK7^,:}n*WIɒ4cJ[{.Җ~B#-R.a]FТBJAhDo(RFh,'p! I'dg=^O/u*(f?Ŭ r7%rE[H6 !3ΤEϛw畽rȼb}nWuϩZ{D̨שq4_CcHnlE9l{h/R f~]"Vء.\!0QZo,0!":eeTD:z-r:O $ziOoh / +rfC:YUNy ivY[޻hMuzխXI/ ] hgHK[Mg3-R]㊼M=_;ޗ[qVWI[}(lܟeܪ6<V"?j>sr8(X WѴc62Sa#ZEF\feIp~~ =vHI5ArR)l0[_sڀ|1w/Gkgmx\.z{܀#nmbўqNEMWɁۮ~ @6팣P.@v u*WĢx5"KA<}Uũ[6CDFG fЙ1w0,yE6@. l:YMXDHl^$8B94?Z4 J$Zb?׋D߰jQ4]gs&][9ݠߞ~!>W̩.vEZ0Beojt(6vaV1A+Y&^KsEg"952նnuBX3dhT[ fƿs!?QZ(-gPvD+hQ5. * yJܫiy}y^ d^1?A"C>or2:6ň2]+bMk 2X%nLM09O 삃TBo7+;ѯOeMt8y(@l A 'UӺV[^jۀ5bMٵ6pO8 ubXOO O#޴wD#mzxS"QOĂ8lxqZE}prU"1NMvZE{Xh+O:WtU%ƘJ}֚Asv8,+~g O,$k.vvXj? NԞP*7h>Zƣc,%-.fNx?d ,\325H/@-W v6Zi+u+>_'y"%̽x(Mgx_qEhX$;vсLs_Ih%};?:fzi'nWli }T2xx휱|'F Uަx@^:F  <a͈jPtD3Bi¢J\xKB]I FHӴ*(mYAEױEwCkݩ?p hQ}yꁙi9M8K* YcӞ{<jaQ8~c}s UC/XI*pAv[0u6vo IATv{86mO.){~9g^Ra.F Щ$,v!XMY%mח "#0@@RQsHIm/_GTJSa%8B1 75aȽžN ǏtrhpdL5YW.Ax$<Ƈ 7%6\r%+}ƘPw/^%c sv NĈf25X6Y0FAwp=3rٖ<0)I!^@,r8ި͂O W%W^Q*j'*rm=y~Q 8* ^.MhS;((fcF.b (k[n9m-["0C]~uݾ4SEOEq26=˨ܺԓNyQԢU#Q]7WOvB\'t/6e747mv_Z'8hNG;kk:j`W"__Ps*+gv4;eܑuNAK.h[ P=FI{ܼn|b8-1 rπv "=FFwߞ d/vtISR[C KS_ i/R&7MGEʤ!ՙV| }IRoؒp07668y+n֡ <04+RyN=O~x6)+ݒQ7px1;rӓ!iAm9SL#ܔ Uλqgn41wfj"pkyQȐ p&4k^s~TH31- iǓfJ &M$ifҿD4LЫ꘿55OȾ-0KS30wQІN_ٞ$WKu)>C]Fe\$ [*ψ>QV) %gY&w51(%r4 _ͨ+RҤ(9kH(H|uCSP@?_(xv WU0eє7Hl5浴^B%-O4BA.RAV7`h#1]2őBX]9X}Yj<:kQ4l OO 4D*w[ʫՋ] HT>"LtFX=)mY-O$'kzvq7>]sB <5p@ |͉d2<+sĞ?9WkE>{q!Q $ֿK5 )CˆÌ}L$;s'_ 30+A^%^H(jz_k.) c#Tۜ9$QWubޗ5a5[tx<**B+K|=<hs-qfGޣ'jɅѨ.dj~ө9/jg_0$v{,ޢFk~ @`&hENf=2SxA䲛;c* ؅5Lr8BLy* O)Vj"&4A17 yO ] L:+'*k2˔V<9mJL?t<}Ճ=Dj;[;N@NzS .R Cn䥝 Wc CF 586LCͱ#``f %{6ܚnl#ZA>+7}UƽPOlqMuS!xLZSM!,& w%X!9h~}ؒ\li.Or%!\.jg(\N2`vLZ~yڨT>}(Jag+l3}>hNr1rWf.OSoݭĈmX!ⴂ"$`0[_̣hQv;#xJߝ|Ҩk6N>cL%`ݟ1O>|eSF4N̺G)u 04Ff HҰ\("~A\.BKNQ2/Pm#ԦFa:h1'8]Z % L.q.QBSwOQ8>Ģa3FőYȲKShWxG^C_MFY8 C& ܆IҢlL!W 4.㑘 X9{ɇ' vz@UGð[5 ct1V_Om4S'AobRvT+:; #"gBpC ^`e0wOfۃvQR.ٷ"Ĉ= +j@d*m %MFWdzH@-"kqL &Lop/ldKTԸŌ϶x~hwo^f!72^k1FT w(Fzsk9X`vtT7f̂D#AFǵ6n9Ni$H~\O̊ő٘tj1;8N¼m)aGm8*¯lA RxtJr,ق۞*nԏ3^:n=څsvK쁁axa.Ū%Nl-ւyGk*:ZwlڈuI`5c?A0. k0}-!t+[c]锏edim)gc{?Y'Pm= pIM#wv%\2FϷm3ycW&\WIJx*9!J2N25vb^>;Ò=y" UitnPXm#8m{`v%pvI9-c"[thL?\ I Z)-??(CF>w"~0]l>^4`Ί$"W|*Kh#(FӁ=L4P?EmNU|]XEnZiF))4>t"#=[eky=e>]"Q'6PV H1/iZ!!p;{^R{&N`"n!wTUk㍰TGЕԂ`VyMK`ݍ[tsSx/?ô6q!>H;L2xx4%Ke;  ࡁ]=I1OR)b]'J)Ӕo`-ߒ>VҎ5Ha4Y8Py9.f5# (ڡWX=扬C!g}hh)qX3UfIH_2jN޸ goh+S]s Ֆa5[m8XZi( ]իUSڢݲf8Yʠ/O!0A ּCN|qnnNdJiYՃ_"e\_(H?T^6Zsk&~n@`y ju["mٚ6~,h¯~k,J󅃫]J4#h߼ߠ=$XDL$(XoNθ͗dٔDԜ [IiQ;Xσu\)V2u/1fW@JKEK`yB9ہʂ~SͲox.,miji]<:;Q~Π(a ɧb]c`j?3YL%H2@p4T_ktv6C#]4l]U+ew0'syc}WdmHq. /& vv~Ele/C7}pɁRCYW jW:c2xu6 ꧈-~ v1U͊j469XBj I d{4vNpg=EڃtPӠ i՜4|ZYuՙ@nAB0'S.0?`TGohe-<N!C`5!\ .~+@Keqqff궭S#H0j6eHr3X1 tAp~H+@b88B뾐T~#8䡛-wBo&g`n5L8mifwljBX8Dl& Wҡ {qA+~6=$@!yӁ/nG2[]ˡ(obslGj3cSޘ墭_q3$mSbVQt_Ah ~|t6񣆏k8[b U,~0 )f>wՍHWl,1rKz WB +uWH6cͅn/OPfɠ'fCvPJnl}:1tз;{Xv }kc؄=i,$/60r5W=JU5۹>D*ẓw%巢$1 0K8$4>-d;L%wǩկAKITmSX gMW[T{o:(~u|H,K?-lGZ[l{@xM2R4`b_Bw,A|euw*0@" >~MD.PF6~EOjx@P%AƦ R:N\ 5bm.YE]Nb_>MgQ/΢ZYNCFHfT( m!(m<0OQ#gʐa%s{`ݥXU-VƘo& g o+" .HmᥫP ȍSC%BDX'#C7Mv#2fV2U K֊:{K[Ǥ5k_x)nIz=,S.7tLǢpWisbT}Pv@8'!~6]U-53K4jjPiF; )nե=#Er7,*yɱ8#+hNtsȪ[ҧ\E|>cWdR>.Zvi'F![=?e fnv]|EEd5 CtO2^ %0`XΣd2nZ$FJB[ *eۻGEN!wYvhq b,=zy{w{lgͦlA#fjD* TRC w58MR.^xZ+ѓ@dzDBЖY :09iЧyH;_aN) fV!Q4YP~izZC_"c:hP PL:%j{`o2aUg2. ~;vg.|cew ERܢ.c< L%B-:$X^9 Lieq^¦Bջ₈`ip;řDh&}We{ADo'+u,t+B Vҥ8[RB_n}6>fS HegI&Pku_M[<%ϱ0=0S ]R0%d.W x,W.1I;D(*YU5>83ǎMEra?C`Ec]l1G,)bu,`*k2$ؑK C۩[}!jH 7d{[o P1ᬘ{!;uV ~i"/׌JfRI IħUn)X۫I~ ]A`QYp!1i:@=2KWF,%1s No;+mΜ%c 犟^7@Qͯl%sxMwR*® \76V^> sp/_)Uq Σy]xC ?kti 1Tæ#lg]R(w4 JULjc}hɼ cDlFu{3}5$I\+>y&/Uô&kNQJQD^rFߘ轘 1ar|1FPɊ n.mn{鉘zpFK\A=xooLXu^53]ϝnNOѨ`tEkn]Jl]vpQD@j/._;}qsgVI>TjH$غ[-nDY [ǩ%fI r_9 E푻 A2c_,~~%(,O!@WRMᝀ<} 9w(6B[8i`3k6K<'kgFLRۇL%}E:~T,:"UbQ%,1xQt3 Aw$i_ PumiJ4x1'9;NRvX,kj#n {d^vӋ6`ĚQWl#Moa}c G\=N&IsNgam?.eiLXĪ[:׹C~ 5QZ¸&/BZ)  ;T'7fm3t:g0N4wDȶ$-)-Mc"$Oe*ij"2-p>ii< >v'N)wC*GGJvhy )PSIRP5|Cjd'4<8/8RjRYKrj«Gqj&&E`- uk!O+Ad}xTzQsm1E-1AҚUl۲[ʳ9kV,(e` |?nxkA|{1G~\6=smٽր,XC}Y[^@Gg˜{`)Q# 37)CJދhF ;{B#χ2O$~pn9dMyhxdCԯZhV@uU2S# ~/;>NHY[k+ځ ON1,8GT"0s#f&ō;l:T8x0wH d< a/)zyF_E*J!;5!ʷJ^ [cz'i9Nyw%|XF>${;+ឋ֖ 9u5Qy%Rtlo?BD/J}r,J'_,b4'IyOZajF] @Y8G|oZ719ݾ_{Џ{nD@V^ڧuVZw KsEHvO,ylOݻl ’['l} ATiLaoGL`PB2)[{VF~nLuQ yN:زufh\D]#Br<,М "&(!HDVBp+k>}VwAdIV$`^$u][\ң=WN?):}G b02o{0Ub&1EB t,5:Iyp7x~7K >Gs9걉B8-RH>3r}{; ȣ%09=U^x>m1]ft?磕a6Oе".8L&|kA4g7D.mY'ەt9 ɅK-Dط#^2a╲X| oS_cMۊ(*tK2:}$̧gdޥ_P&ZH;96zv88h"JEJ4inWvYf}33DU 1ZEP,kf .\~6+U@>U'SRq@cB"/FH-xtI]&:CJSÚ5ONq'ms(7*}}:*zʫ;a$b$x([} <}Wf.|Z2gQs,ꞿ!?D&g/Snm5A3 q T; lEE/Gc-THӟ! "# 9C7SK"ejI OINhψVL1R6B[$x_YֈM_hqMת>(Op{n<{ sd $G`Y^Q3GW7}dMC ]槹q4u drX5,>0dAߚ?51[k [){ieǷi3u>," =UhraVw9JF lJ'_M4ت\{x1(8Sc&zc*:\&~:UL۷bݎEhܕjiLx#޽l9NĶ;98)Y}_SzE=vXC lry,i]eyM?`O,O547xM}FTF0tmM o :S .nt!T(.$1J_׏*T \L8WXEmAz?MuP=!vW0:9೨hCzq5 B=2cH)}Hɀ~9׊6P3e^)P+- a4:Co6iF4ֲk=pS)0E,?"O|mkL΄'x w/钣UxؼXOܮ|B&g?%|4ϕ-m A3ߏ-wt\± öQ^,v! 'HrCZg+M3YxۻhX\TϨM}iRC9 _mJHbBd\̎w51 a.횯iXǾ"VFΟ?ڳU? 7Ϛ+mo*/x`xp4m1ZR !3z버e(OU挘jzCzQЩd#Iӑ]R4IcgC{*˅B^Ǿ a'zBtdG1AKZc0DY-oAnJkX D*A&UBN 8W dh^B ֪F5mi/늓J In ;->*g{ M]G~"F,P~\VULG.-2Tu~\n- FsWSBUSla۹Kb\##a\S}'])LӧnP^{[XD [jp:g@ww||wQr/ jG_xgfTPGۚA1+C =2CȘchShߢsBNc{Ћk*Q.SI`XY_+Hij鹾n(--\ݎ8>h׮-rwEZ L%-V9ָ#2+XA x$smu\3Bral|a&r9/ʑqrvj6s+`a@qn'Py76}i!1Jh*Yk_YBQ/6"p1@ߙUOnO;0I+k;$BlAVq':~c.͛ Z$&$r ?Z{2t:'*-"o=8 J[cH xLb"JD\Z,6wB"޻bǴ*l|V a?gXM`$ܕFUW6q>#TIpd2 tq/ut|H,n͋C')9/ 5uB. w̾zhz)A%& 쩲rjGm[Q)D~o3å6pD҈.h9M;#&C_D,*1}-}8Ӏ_~P]oRG؛TBEˡ*Y3f5q27?~=$kuᐥ:* ~w+87