sssd-ipa-1.15.2-50.el7$>s0thP"7Y!c>=(?d   6  ;AH   0 w POO O049(H8P9:n`=GHIXY\]8^b)defltu,vHwxyTCsssd-ipa1.15.250.el7The IPA back end of the SSSDProvides the IPA back end that the SSSD can utilize to fetch identity data from and authenticate against an IPA server.Yc1bm.rdu2.centos.org |2CentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssdhKA큤AYYYXqYYY7b1689ea44b171e59df435a4d84e7b4930dd1077f499cc5d260166af3e0b518b7f4374271cccdfd64fdcd68d9110fc08daa886cc2fbc4dbd2f2c97a057eb496f8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903af691e8dcad79f12cbd6515ed22f3eb39c3f5b93aa731f0bdf370afa23b4ee0e243a2d191a0e839c2e501fa633f70c7491e66c4ab86faaa7b82b9e06d0e4e3c1rootrootrootrootrootrootsssdrootsssdrootrootrootrootsssdsssd-1.15.2-50.el7.src.rpmlibsss_ipa.so()(64bit)sssd-ipasssd-ipa(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/shbind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libipa_hbac(x86-64)libipa_hbac.so.0()(64bit)libipa_hbac.so.0(IPA_HBAC_0.0.1)(64bit)libipa_hbac.so.0(IPA_HBAC_0.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsemanage.so.1(LIBSEMANAGE_1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_certmap.so.0(SSS_CERTMAP_0.0)(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)shadow-utilssssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)1.15.2-50.el73.0.4-14.6.0-14.0-11.15.2-50.el71.15.2-50.el71.15.2-50.el75.2-1sssd1.10.0-8.beta24.11.3YJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/shuk1.15.2-50.el71.15.2-50.el7libsss_ipa.soselinux_childsssd-ipa-1.15.2COPYINGsssd-ipa.5.gzsssd-ipa.5.gzkeytabs/usr/lib64/sssd//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-ipa-1.15.2//usr/share/man/man5//usr/share/man/uk/man5//var/lib/sss/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e786630a67336f836aecd4a733d54ed65e7e1863, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=ad7b379caa5aea9337b60b7469d887d934b17493, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)BBPR6RRRRR!RRRRRRER RBR+R;RRR R.R=R?R-R(RR R%RRR,R RRR/RCR7RDR4R8R5R3R2R#R$R'R&R"R*RRAR9R@R0RRRIR)R RBRRRRRR1R9R@RAR(R R0RRRI?07zXZ !PH6]"k%{f}|,p35յ4Bv4wmbհ|Cq?+.fTÜXoVڧ9bI_WŦDz'#}N%0J~AES{:gXחvI4 %̓3}).!z?7߆>=+H sFD^k3L`P7mA&7/Ƥkfѕlէ-pZ|Xx~fI8xد13m0s~Jͫd-c3 s?~fL|2OtvBftƟЗ_%M:N۠MƉ7sw (t|<#fU(R;nZ;_e|m"s=4 iott+ǘU(AIYYi65s-'GGd{?[:A8Q~:pa.|lu^dnTYeu$`> h)8f:[0ϔ>sV}ZőAќDBCG?-~hI]p*GM,FsTԦ_V95z샕J))[[ y{{(pX{Pb#ߣ ebv^ԪWR@va$4)V} zaЖj֒'5PϏTjlJoiC8@͖04 v [abɔ5"+jHK)r4l"~6(q ⏺fAMX*c {[KBc|*=7} /#4gդEdF]!Kv0liսF ڂo9n2$*l*K1^~@|^J(AuY!ό,hjİqSqZZިB"R2MGIQ?nw_Q\=ѯCV#R>[- pa2)^_'NCHFY82>W ""ڐVA?(#;'w %ܶ)}~/%Bl*O"6Kj2az옌l>ӘPB]DVрg:eMM]̻۔&C:2`gFaS~kEo(ӚMbp[ rJxvx?D\%OP)>Xߍ5"6S϶gbY-[c]U2Nl O#0[@y&O2EaۢHC8$r;/98yf^ ÃM^K6cd mtq_O6waws&m"%ֱgyPZ aH~UhF۵]=`j/gQ!CAurl I;0!Wde`.&p8WaJ=ڼ\כ ft%7oDG)Q憻JoNPwX~g\x& 4PE!ꝀSK,Xp-b?E QϔފriAٯ_ܜ\bhZ d& L;&2R>WRZ^̠Ni$Mnae:twB@o\V# Bb-]a/șLSc0w} cJ=0"Yֱ@ޚkðP^Ni&ljUʬOM "3_(߰*t\Va; çؙ\/ ~b6,-qv[EbIKVл4Dyq.">!Ǻ72+Kg3xM Xݕ T-#P #eyO!>-Z{8R[ww)YuekZC4z"ZdpHc,T?dr-Pk+,F+B"vH"q˞0nɀs *۷nm5O>,gYoBg}BNeqԘp-yj[Z5׹OCZɞtߘ3 :w:mEB`ZB8NzN'ysA,^ )F W+a5FSh+ 41rdH^ZzC0W׫ \~}(CFnLjD-u`|\^y/H脗i, *~>e9$x~4k QЯ+ns IBBM#Y$plͬo3mYjOѠmM}=I[dЭYB.yyz/T >F,e[ړ`"FܣAjP):Ъ1f}6tKl ymO. rGݕٲ؛F,"Zg|@uic/gW %WhNCbrp5WuAQm;]mnBo7s+m~{в ؜mSgVNRޫ9K=O.b0Xt'嫟9-yk]mTl!yWae ٸfBjx&YՕ$_dq5NÿyG뼀}7ݞl3'Oܷ:.Xevd˥[4QOK+-1zbH9D]egf^P@UX;б/3M)%\RZvwoef>)jE;IǐZ`_ĉ%#Nvv`9>].f;Rᅥ8,4GiF].x70%Cy BϕA7ECTFfԶh+7L7mQi) OLaū1˹o2OOA l]\@1&%ۦ|cn,L77jf^tc54@NS}}Onu y:xi=ɄJrbk[K>qj Y0[wrjI! s=}AceZԅ4- T |SZ$"r Hd_Z@#kبu4]Xs 7C], a k/el합tsA ƕ%c1V9 HCUȩ\zNOAAL)J,!I}I& Jf`W[&LB5)N)> 8QQ( ,{3A&WXm[ނ+~(laHv" hŚ[Naz@ia\]v4`S9deY=Fq^PKD% W-ߠzf`;x;:o)q=AnZڂ(Ft;BOTwŢF=WPT+W Q>fQ4l‡^@J&)+fJ nQ'}6,.s#^cZiHX=#XƷT3O'j;N+w#2ؗj{ĭ+)0z+"lH7 'c( .XkF"p5OPV TdbOPkO20x O53g`lTnoS/|!D܆~ns|D!̒>YˠChَmהxz"8wCmx547uKpTh-P(quUHg&n? ;l%B&nc-]eğe!ۓ?CG DmMY!>) GyAm~ ]fP6̅Lձ r ֕ YeklɥBx32i&앸& 0Fh}Uw"NZE 7I'Ah_{A5ψ':N)Yd*1"TFmɶUAh̗O[d#XkkH)§\A.d,"|p.!Q"7 BzIK'63N$sňnv^[DdknTYCcX\ֵWk.>}sqi̞[9x<bA{v{i`q#I׈{D֌iY!zؓ҂\BA6u*ATě$x7~o/p̌$gbHmt&V(nʱO-4A>qLdK(OlfAKgY/hk-#:_'2Dy& my8/TML,b ssr7ֱ}< (,zMLHn9 Jo$1l'T 2v&!âK?BӃezJQ[yjzO#zP(_rQeO{?$}Puqc0p,l1: ~ >+3L.Q*'wTS kx*%IQs.4Uε:WzN11l] տ.D=c3E'{i5WtsSlBE"kICfZߺg/"mvW6YOT!7./sͱrjjQ"akݑcϦX+x^Z4F%}tV"ejH x9$yWdR!n%!-zY\6\xx^ [Bnζڝ? oغu}uLkP S/·typĖ.Vd*Yr H` R^qi/enAS NΖ q{0W%Ml͈nY@qJ]#Sg8bU'JlV?fjβ2R >J^.&d$*ggܹ0=LmXYR8wŭ{3թ_<UB$L?rDg9-ÅɺB57D.JI'^{ֶ]QR< 0ؔ-F|**o>jM)LT.ݗnvOR0WtYUawT%-?H}`N #32I'cuP@Ƴ~*+XȾk:`9.>!]rZ{\!a,cuDޓ.ܩ&'EV!k6y\ H4!(T$Yt5(JizcNoF'G#!6Y BӔf̧B2^9#lcD>qr& Vkr`5xX*5k08@>Wml]kG }oZ]?.@UydBoW#w#  !J `u:7I1|M0[٫O2ПQ?^!ďmntf(Sp`,{V7 A"k#?(1*+8%C_V:+3ptDK,<\5WHrZ=X+!Av^AH ̱Iusͯm&&a}L8&H순.U)•,[;uwu߿(uZ,Xw\7\}J{qH_ҤJ紀Ͷ )`^VX㥉\67.UkS Q/`3+vha-B&K]eoę jEL0D;ːws?sV7;LA-4X;eͻz7(%EϪ{Kٰ(+_]ˠ h})Tr6@t+ ҫ,pDx$(ʂTlJWkt4=s/F]$|X,1!WB0-n8A}yB*YC?%_JƲ}NV{M^~š3U.ѕEBYPs o!irg6庚}#sB+^o6eyɶs5s 4*a`=\7*?Sނ|*|`g֞lu ~fA~aj+@uoV";:jSL m?-X RY#`L']yc+Fv!ߘ?9wh[LB!I^{!Ɗj˾u(t9+` "܍1}'5S*mN27T*KaKM~ݵQȁ>ZlT$6CUr z>ĘǝZ($R5}CtL ?4&B5r^ʔiE0uT&=~bPEnΤ6 Jiw!ƋgDGm둀-%mQ{Vi=lH Km"@g1'?v-y}(U"w}ܛI^WG'E1-;m@i2@sIVi&f9bKIյ XXԂXj̀.+zųI *<q<`G ng-t$@9kuQ[c\{BOg b2791OK4$B/8'ieOr t Rh6rDim}hatF.7}3ٱG<+FV?C+%&|=gL썐E\y\Z #yf1 8 GB5D&ӱF w6bnNvl_SǗ Er!1عbȌ40yftތ](:jpvڤ=DS@Ζ^mɢPaUV}=MyykuFrb(@ÒP`xMj Rt,TL9,ӟ\JCHMbFWR:nɄ {#166ũGN7M&&XJU\t쏽-ݻ{ N 7kf{dձ-26'kNoGQ߸,0K^SHQ بadJ!@t"vհvJipBL! ipNJCa|߳d&7$l:Uv9ݛŠgkD{Vy×qcV\20夾RS1QZM}*m(}BL4@뼲\E?yil]4+8ĥU%e3 'ְ WbDU)Hc2KJS,#fvjܫg@4$6XI}nWk"62o)!֏E} .¨F eNJצe !hTt,-Q[CdxSBرVn[ZIaJ ),})o CjͿd-=cUTf^YbV < !R0iI4t{Ԁ GaO*v2JƷ*Fq!zJ0CPEO~lJ)=Rߓ8/!\[nݰx8}H st/3[14">ANMFOķE>LRSiD3RmVQ_U_%2LJ\Z (:&m~{kW'r&8-:6țfhTm+\Z06 /5kWvgwFG~֪;41)@I.Oi)Pz,cVNh6-z@>G>W uLQvA»~G0e<68=5 I%IWIGk2vOF'-V{}2?h-S6Q!sgw49ե[ dX*a1f^vE IQvb* ۺxm"wA&EaİR+riT֧sN\}7ۭ”&6s &Q1.ɄӛReW[y}DisDL+_Na~:DI"dW]@a Mɝ#4Ӑ~  ex ՟H1YQ\LdLkXmN+=B[ʫjW*̴A,M֝ 48 Or7r}c~/3 ]=aed_CTC&<3*`wNtI].C8'sx$U| DO^G$I7t ޣn[U2ϮdgiIb XLP3ԢgǝT}9YC?'T9Kf )qCH01}rL[C28εz?: x03o'G' ֯ &Lf;j\:<NTMLf- /'=CcE~UҝkG>eQ ِg4l6yQw6:7wD閼aA= ؎edjMZ|=+bPB%w.,3L)=8rCkDcsەӷxL,M6yMg>B  Bk&lר@ |>kWJ+܌ur9$t9O>(:74 B8ڡ[? Le ջ%dS$8褭"L|(L,Ƨ"O UBM#&5* HeU<*/L'yP@ɖţE9ACK u.sҍReĀԏ #A"~h}nmg9-) r-,f(31;X4jcDm棜oI1&wm~EKcy&*%uoC!o Qwa;KI,qYaÃ$@ (.Mh/M@M`_R%[X%c;H[dC]32:zKUpW5 R O X!P:̀WдM:Ə~C '&?wm@n{sdc2է1m2{7&Jad WDPfze 87 /k*~ bڨAǀ^֞i~e&;uʆ 4/\ 6Ppq FOWQ 7pZ8Y:23pܳϤZ%$CXxԼSb!\0D@` 2 oKuliʯ8@ĥ50-V }Yl)K*t{B3#՘-@$̠+x2@l^?: 0i5PvY[fvDIڗ^6_{r&o1;48>7wswq;ůHx2=ee>)Y$t[Rs>ȫ|gkgؒ&ZLu_2Bհ™/&t>?(? 2[^[w!1hDR!ʟ=-s_OwI@8-2-.6CT/Vgю)r`%npjWs sug~:<E$ pADUj?FJB |b^~nL!ٟg`mXmыT M۔(3hFfg«-3ko"wډdT\ګԋSnpTMoP'?J{0W Dq򨘞|쮕:2ڷV߰Obr~-R.>|lQeP"םcvd:m(I/LW^0hMq{5llۂ~ٛl=W Će` 3|~ 9IwGv^oFBe8$T„wnzh'g2Xx#vzR+$GbF1Mkbg9,5M!ݗ_P-cc?e}{R`*^Aၞ>R_LPh}屸ѫ)0W4a:bˆڑ{vJ:_y>ڬ9 TyI~ LpV9 w#뱝 b *G)E8POv_[>$F b/ {ڣ ]<0HNHw+nMZJ-$t7Kqnf 'Z՛D";'M=0<8ׇd851\{TRkq']]7q[fH? LOh @e_Y63v ( jsLC`"ֆ W /s50!@&w4IW"F<ۻ٥dG**ggoq7SUhmGiCB=Q9~ʼnMj +gӱMlńC5E;$tN1KE 曐BamQ~ޑ1UXLڔȈ.jd"'DX' p˓pF4#'> Hʲ^A3= +DDaQJhEh$-{C2W|$݃Q e)d]3 cuDHgl_%]< lQ1uop{,Ԛ?@b]"!-{6)uOme=́ ˈY6rёϢ$BpWJ Oml ^@DTt%O `2P\x*!`>NWq\ k{hϻhQ`:}7QD@2n(FXXkA@ĝBiqB_T᭳1~hBh *TR cV/vհIi˓KГs7mg'cUF9V YJM<4CE %/[W^XT EG-d1/eZ#@l{0W!\w-YɖKN%Enc@>|2ds7zΠMGQ'[@ Xl}4WM~?1'=u9ߝ.FoPѦbAU@Cc1|>oXhUZ3>ფ4*PkyOtULip?~ GNlXPcr ¥\ogkr8Y U0:6#yQ\3[dXX+-}E#Zҥs:uqd:vH4-[t=׫\$>aFM/}AWOYz&("}WL= *:XKy{[J *ۍtBK jNB|#lRSߎTK(C(XfDq&?Md>(qߋYo"l˦QE?[!}9J*cg(O4Q !m'`I9!L[#EG-B-{ޕʍJ`eˇM1Arhi(]SpBY~E-'װ'10zX7#&W>k"9W'&@>6;}%㲍3þZ=,{Nnx6TW͆Gqu;:yoc ;%PH+NPɖ :sC]*V`IG|[+[t+vP4mY [zՔhE)U< I1 " #2E5zmTȮG}] Lo>#U+Ve<ծMr@IoG(Fp6ՓaEq W.낕 Jg0\TUg/TJ˜27#-XxH)F}'}CA;a׃xR塮>׀b.|F0Ўs&4MC.WB$AypKl&aK/7Ez%iߦyhކ( }:  i3' >}WWQb>n)ee|UX0F!>?aƺWt]8l;ڡ!n"ǎ4W'iq/Pg eߣ9l}1z`6Rv3&蘏(LX7})POۂ5YfzrPD3*3V25 m'Ѐu:ݗB x'x}# o^nGG#KR0^C-7 8rej=@xB 4WBl.a"ҷOĀD[ UI6lq# 0t.TX8\5sDXs/|w4cܴԾ~0dp4C 2웍+M1Nvi,w</ED|k'O)@GʇXQP=5|浏EA^5W ЛRtC/iqd,BX H&i[1H3_[WÔGn7J1Asag 07\oU~_hd.xBrqYxDl@4MK-+ް$Ip+5D+9_n_? /%7mU6,ocXU:6HJ)QG). K7(@izl kg 9ՈîU\:a&* ՞t2VX󌞊j*@ǔ1!IÎjVŸz<K3aJ%ZmtŸ߁<4ot#tRj7y9odwZRoC>;}9UUdZ9}{c)Qvu4} x!).NȲ HYȂ@\m҃Efd^-x!Ji!2&G:^y'ɚ7O~Xvx:@mC}D-q;<{WYx_^Ӎ_ϖBgG12{텧 nCyhmVظJr,}Ezg&ypo>z /dn,m(@*4cr'f\;#Y2t_cX]V W1\R&7&O_A|@$zuKJxx&<sЭ"y=0 'Ehڀ L@MOǮU1RMOf=H% KeWس2eQ=_H tW l]TݏVָF!-)C5D#XYkW7u8{vR { XnRk3E DnVa xgR65 bH'Ы0Mc929%0j:9L=pRG"2nteلq˻(84v"~H&}(Q{֕).mqj`Kpi^/$.AN)N4,wCvE&]Iݑ5LfF, bJYl}(lIL/=8IDgcTu MtR6h xJtEA.ɽ[CK_J[`_GӷZ I=!R!MB<W, rӃ]\r : D ^2.&}G*, ۫pW7"Rh19Y!Z4^yy496̠6"e]0х`0L"CFA+V~Hj7ʤ7h [T IUHE#@݃*%7R0=RwG*uO]L"~CU<q<ȐVyLI$?XlOG+.m/blm LM5Ow,\q <~𣭥S=nq3 Vd,GHO{m̱W/2dɈBzxQm= %eHFՆ7-|Gb:2,B[@!ZҧL2e$S.sY4 1=>=9јJu`gqC5bGoG|%ԣ1/p@OAz*5ƮF!_%_H6ݰOxRh VNNhͦ;N-:ؼ5Η8i68/If-NHIp8}\($>Uĵ%I ѱ<ܒl3y'L&0 S foU+C<(0&fzޥ$ioc1p._t?dӿvى嘷'/<7Է~ SKsG8?`kU`rRIPe)m3O)3G+z86#~cVhLc4%=pSwaJC `E䥨ׂKBa3E)ܐZ.,s?s~ @%8*b0Oppq0DZhB p~9oF#}x H3L7vD+l!*uZfXkg0TWH|llN4[0:K]%{*W(=Mn뀾܊A~Q* g$82'Ě4Py!ֱK*#ș#趀`Q0XjXvL:Jf /"L*$KdJViÄvFtMf)g'J;evϚ5j.T>P~6lɀyP|i}zsmygΤuiO̷x\cMv!ոV5NߕQd[L.{iNV(fWM6uD`fX~7 %I.8Vn #N'y|1-7afPr:`vyp r*PQ{CF$#6bGl?2 M5E_M2%䁞ߥOta f*Imj%eUm&G&cn)".?@^28k8sxb9^Q@_̳0]F¬y}~rڟh|ѪMC.Ax|zLrW 꽒9p,2l?qRF?/J 'ۄe`"#GL_Ä,Yv6 6ĶxT^g)bME5*xH*fUNSc&C (wO !+nJn3vCD}$ ͻ!lU2/~?N`heT{h zlf,T[GBJ-D!pV8 PV-!R<&UHQڗ<Įw-~V",r ;70qʐ+j>?{L Hn3 1(4m#zSFhj(ڲ$BG/GebNhä>-$Jp ᕪN܇1r Lq|>n­ibش>0JZk FCgw4s,܀z2aq1+$ث { H%RRRK޸ ӤFIT诵\ HPNNњ_zYK!E]WoGO[u;ZKE:[ĺӤqJL!ԎvI`DeoL }?I"SvB Xw.s[γ' *6ivϵ͘09B7n)ff[o-:EC F$5^`4(Jo~|Ix(0ǂ]d Uȍ7倆5՗oWj]_-`+.7fg*f2d{`[$4Zb} =X^ DRj_֢jݸ%HYrfdmDP A#4jys}<ɶνCy9d,9[<lek9ԓeI3:l^T>/=eiMFe>qT]Fo^i4;rxfP>I͹CNKU@ƘѰ|/I5WEQr9$=H]o;C8՛^l+5~%rHgxz^OO;;V&-EsmR=Pm V'3Jo=׮ig蔌a ktnn\\Y^K%-cx%Ǵxh 70NH% *BDppAEZ3To-jxBh7MQXz׫/.ԥCJM^[K< =Ò4l%A!1~jq'gS8s^%[>(Eja-[$;mzxa :mY1!"EF}ҫjf-90-FUYl7IFwzv]seHv.NjD}=JB?a3U1g>\p{!ij"(duv *]jy-g딞noayFX&hC06k\rЙRn ;:څt)%%K0?<=ІALSz ČʶLcEc[X'2՜tscq*&Eǿ l,s1u}ZXv75t?9f D`7rKH O ƨVܬ6$Zڞy9?.&JW1Ou5qo{U:F,dQ^QlJ.d vanIH}X8%7n*: <;VVa(ԺVFspw;Tqk=zGӢy`@i˰O; `:_l̗©Sp8?sdtO"4r4'B,gEHlMq;Z\`tC]-HV x=zboC"ƭsxjۉ3w;E;bOr_~ea$zEF\N# fQU_tuD䎝W_+ W#r mc^\Sc˕,$N5hG:lpZ}+?Pz\ϴjk{|p@ gӣE] (0d!UqM-b=(U ]ӣ I%@F >VMČ0 ؀f_Sz85Yuv3A51>+ @ ǨTFmBJ?(FEŪ( oźT}»w+Qs˃ѣ(ם?^x],fL\z;HL%U`rv;N @4)*l7ѺqfwEg[xn{ Sԛ:P8̘+ a[*R# C7ѡ㺎{}bWQ>}l)n&ڄpK[HaM7C2I0Oy"2\#Z6]quc﹪9ճm@)jtL* wќc%2Jz:db%JºA ,#}ɄoC 6aAy.*B/ At"|g|Þ-`kV/w!g>i%X}[_Ym,66P\|;s؟1qlqnuoʌC8:iomVRIQ_MQŲc #88tWcs){hT ?|= /sߞO04t+?{o J5v% >8{'C5"RaR#@B~D+ q,^C.0u C-W 1OaڢpVўg:e`\nXg´j[7]Y6{7l)fY,׃T+pT}B':Qփ31i!i횡XsqnR0qg8;yCQ决YSݐP{=>j)-!9c+ ɝ ?TmnRy#8hշ*(-"~#lhoFF(kr- J.0*F_Y kQ!һ9ǩXj4\%f=rqiͅx퐩m3{,qa5UI'JE0b_ӑ~EkUM t4q ,z>- ؔO|*"b}m|cD8[ ~pjOctT?c"W:y;s o[[7p3^/p=*JS m~ ckhV;mSVo{izZ mΤeG{'We}_nBI#1%w'2 !>^]N;PWU/(ZsF?Ph a27Mkӣ(^ʓv; ȗٯ"@ 7 :lu@Ϭ/fc6 ̟L=,RNK/_fB @ 113}Տje]NtD eLI鯙_K :0v|#T;0בe."O-#֒}>BQfyP&WJƺi{,Zn ߠ"/aG.\[ ZV1ߟl[B"~i"\&8R9y6}38D{o r_:@(DUYyJTQw(&vQJ3=aw;) 6Z: Rz ȉ*׬t>u[IB[hD=]@>7b )A  ] PBf9Lʖ rnԕn4҃=ܚ2_#q _]Za\O[^"a=o=*]-B,9wzX.k"wȷڸ'`D*^kR(Ҧ:$E2S?U[ʰGMH[\`Qri+\@'X%nS92ysB`7cqd/F"%чAGu\<%a^-7+&z=ϴVUPfeYUs+wݱ-\8e#0v[^/kq.'1kX58ȡP @p9 H: ̄Hw5-~ii@1*Xa$ ^VaUSj POX6 W[IgTZ#_YIQ:Qף̓rn5Z")d< Q@!F|ͳpkp %r +DGJj@KK0?W11ܣ,*:x2ꊠ䪶K!oSx?񣘖[m*o (ݞz Zɠmyi)gפHdѱ$7tq MwX+Ož3^pu5?(IU:|u?rʽmܺ1EDjXW<)E_ ޝE_  \aNSQ[lOH|2|F`y8$`SZw[}@iAĔWQ{%!x?]sve>;znC!FD^]husrM>'2b82!#[.&K2jK*d#Drx2&A&OR,cDwL~7bDuBkc+LpfyqqJ'_X/n LAR[D5ik915G=NR/k:j(DCqb{%NhEpzj 59m[ I!v?'>Iiफ़ G^Fn9Fٓ 1(WHmo7"b$x/ÛӐ[b $8N%| CɦSX1kfo"x#/XtC)L4nh9.#JwK=b)Dt{f~%ʚv@h1XZuvtUa3K GuTL0N9d\*w@@S(ڍm1|8V]\ l4ۧ%$rf#1?Z'K~ߟ=| qRgc ʼIf=+2oHF؄mֆw pK o kn>&ZǪ`d&!Nwe -Apqt3`>ئ,~Oveogfy$-cC`7P%L3Py2MydS˹gk!+&rSqFBYY#RHۖcȗ@@ xY`yo\+ZA5NNS0KPm,DK=IE8Ն8X4 Q:;_]NuV4!^Qo&h;Ӕ=5DY7\Y=\N4kb&S+K Oȥ[ӖXt阽B,n\H(Uox 3ukTy-Krl37W4Ǽ1LԠ,ee [%! 7ټiAjb۔zMh:~0u6qrJmsPRc=c1g Sx]FS ~xO 'Pw TmD=`'7ƒ *u`MlfI:ü1FUm:lvM*^NZ\^EgEVWyD4[{ 1)Mwy>8l @nj/AjǾUcfTaL.ƩdPF[tYvZU, "9=,&;EJ)vC~-`-lJR-ݾ\q NYTUdVKbЎF#&)&jH|Zy_z2dZ |{h]QCKTd[pȂeW[bflk6nP34_1K>ՙ+6Q [*f8kq6)jOWiqnM<uJ hOK} wsr9^H$ƴ[ JNC6=@L໇r^҂kE|Ké](DlG^?/ٓ<+l֟X_\νmRa89,\&w;վIF ٪>-/Z i94Z6Š״#s*CƨOdՎ}D.5mkdzmC &7vw=H?^'@4ce`8@ .+:ާ F./`4Ϧ¾Pn"@$!d"[ͮaeM-$#rK( 5I6oRB'Xe㭈.K}caTvz$p] M _W aNʁaV p-!Py5,‚PCSÚ; ;R2?inr~71 5[6M]>3r~II6O"h<I.-/WF8Z=x)_' LV,.PDU䋐dK9 bNS)qXI:5I[6&oR/Hhx<~~Qc6G~z[ KWyodS9eF o2hqO'qؠ Y#"D, L5v4zExט#$5&.cO] ʲy4@;2ES ȁNykyxqA(1Αq.D+7qi)]*l+s7X25rjAΰړ?Yp`mk F>R-9 R"~mNxfc^/55+t֜ cRj0 c@Sn#x]+4N/U_$X6@> ,L(W2nA%9SggtO7-ՆQGѧF6ӠNN9Ϻ.{uGƕ1)>J.^Ѱ}f\g$F-q<}eQ'㑹Iެ81]cP.-n<ʱBGmfK+=?,h%WǏI;7x7p BS>HIL%TA1m,~S4>$iw\o9kG=5aN \͵ x:&ء7m-Q.]#wS3 W%XOz1M5L$:gWZq;+lda>"pQ#sa'l-'z .brF"W謙v0Sl-ZKVo6xPoZjBuԔʣ_e]k<7Rm1m,2 [RԞoɥ©$Im\6Uӕm3843F;g5DDe&Z#U ;\8e']Z)v|M닄B`!f0&uC#*׃輁Ӥ#F-v@ dzw'է ⮸[MqLQ fxـ_?Hf€h:jy"[΅=I&TIiJ=V'eKC*v 6MAWlܟw4oZQ[;F mA,ni'?5xt@'oekh#B^[=֕gԛ]ٙA@XjHx]}u]UdL.6ٖua50]K% NDڐ@ѱ-5*#(~A!#{;TKYIlzHuU`X|tvVwu`E ;@JDj.k % .?\v,AO2%0}+FFl*?AJȷHFH|lrك E7xxn_BK-wfՕ!<>Iv#O x|;MsE|Y__*9[l Pyts!Cm`3C|*}\j'>ŝWX< Aw/&HG{X.d/V[1Wo>쁼B_*W!6&%`#im,fM0,CJhym7;Ϊvd뾿>'(2y^#ڢ[}e7ur5 $5Ifp$)=o&>u{/"3%#Q$"ԧS7eT2kLh}TVCSBQ4XWTtF\aPPt@YxD]9dfZ4[Ƞ:0Z fqZ݆Pb!;^I2<Ҍ\ܘK 'yRqb3ȻAހ:URJ_PCp/p;h3fw`3]N jp~|Ϫr<=7$mg)`Ң.XCPz[AHCnorYjGkU ;C\2nlsX7Ki)ϣQY`8 WVR :̪o&IΛ;ɂ؍+Xm1 5{Y1L΂#ާ<}\ȸae]UĚl(␧ k "̘ `Eg(:=5ejLF<{y5Vm9&fؘ3al 8v,fz1 7wή(>X ]uC'm|iM|[u0&܂f$^ $|Kj ֢PAJ~Θ½VMș8؃to?遪Zq,~ʏU6x2[N%v 㭿C:)_.QCCi9ۚ NR]Q8I~PN%(l0s߀".L7BEV܆ ^Ѻ:/ExR7i$Ø8TGz63o,MsN7W0nY̓2"] *y,檀@-9)\!GlSTѳ zF\朘z{7"ӫ!ڞ^$$ /-{y~zWPv/Pq h)a%a ġ'|hq]B5FJ ǻ:Wsc'0\=Z0]b֧Y\9rR13^Q^0q !dd6C"Bf^(*17PZђѺ*.tV"tyPC1?n2}ʉɠ%-򘵿gRaN4qHf,)ޞN>l/J~Db.MC:1ʤP᳜K88-<|`3$ȴ~_4s'#Hʫq.pg#tK o+ #,+H&D& }_cv*c9d)p|jـ=O]U9apI0,a }.| 284|Y^zdDe2Q&c۳ߘ4 (&=y67ƨ-uU =󻭋ʧZ_Oǒ jA΍Qb˪S ɿXØԠ:ɹxtKk ͑uKj;;D<F-,Ig~=wCv)ãGu;7MNgg`;¸χtA8~@R<eH zʍKMfsnHXvU;KG$3eUQR01?WOSs3HeE^oqJօ,rj"FOӸ*Yl#ƤWFi:Dc>Q@9#tFZTZ}b[P3qKE؂f:fg ߵ+#+TDbGCF"jXՋӿV#xo*khC@?Uգy;ѕ<68HS x §vL\?NH/v3nsdǢ+FݜG Ȯ=xu1}EPlv:Os"\zmw:2ޞ";1:yn?[>(*45!/‽6εˁVd"&?Y=~^Ud?0?ux:V?(W7snW~ɶF%sM 'awq4OUܪeCp }#z/578)t*2 s O% ZP1 JAѠX9Iq Am<ԗ)Zq{$ۦ%>34ۑFZ'X7!H>}O.!FO./-BQ WG\H#R˽^|n-YAa0zݣ8I^&`#ɸp۰dVGEZ|3no*p!׏s|vEY@Leݲ#@1 mUyAQ ]oT\r6wsӚAF{ ]~ҧx}4h]Ff1 V"=*~兄 MW`>cr_eްҬ`Ԭ3(hf'fDe]@8rTw prI<̂Vz M5 'mҲ W?uZ)p} SjX]329|.H% ;-9]E ɌK#K! BrHadP7omň5d^ʴ=E-pY ʹo)6Ŗ;k@IBe} E:G[7 1pX"pp^ndJi(JE*^N\Rp|Ə*vd]M2\&Y$g;R706PQ:wsGwȗ-d<"0D%YS!b0.s٥N"O78+&RݣGR|%VUD녗cGpbMB7bRUNuAM]=][?c7w&VZ!Ѭkq 8~_ViК$ы :b#,W66qI3H<.*4 h*=4?KryCZCpj*^LeG9XZ͸)i]ؗrV$K^X#'5exM+CTW]%B#&_ĩ'1b3[ x7Z33e thsͣ%KD"^DAмp:@]h8gU_ݲK ̂֫Rp@0!R>y4ijaٻ,?\.`nbQ _ߞVEŎJ޵1|XD"4L Ӿg RP풆xs [@TV7k V,p ogXM.W=)oAPGp]!#>6@$[]U殐\CVD1z^xt嚝 _-Tt{3 }O҄kK'>V,8кi捼6+w<=\U?߈8u#^2\[pvXj~`(Op:Ҿ6ideN,l3yb4a1Y/)Z9AFouxkM| K7 J6'-T 멠*6!:xKLA1 uE?-X3ei.M',W˨ZܹPTft'l G +FA[wW]HrWxgA6vPrޭږY[O(Z08_ :o%Eo7UAQ8菼ZIn՘># pO"+J/Zp"o--S;1>rUZKS2s< B@ab9Kjv{ފkK,GߢLLyvUA~ 'EZ&T"r9Fڠ#иWb=޷f+ ID| (oG45|^1sUJ$Yt p0rFGt,AtW.=J2)39a] qd`B RC $!$5Z".\i5UxԗiR'KK>{R,jF+#-}$=VɫxE߬ybȎ|!}x&/Ψnٟl3 (Nn_ZiuFXkS233 j Kꐵ'& es_{"yJQ2{ݬ0Sd;B'\kd|rёnГ)VԹzjhnkȉN _@T?tѾG{_77͇ ֽrj®$;YSB+]lebF; &rx7أ`doC\.bAFQi M7eȖUnγ7N,|>x=+v6,GG U5N,$}󋕌B-6\Vі2{To,@L7 ' kqŃ #$b.p;Ga1Д$>),xmʙڰ2v,*zh13$ Ie"9oܭu ??>:/8(:Wd##l %J* k./}qWYH\n<ŀ[CG %EIqdxf|+'#f.9Bk6Ҹ3WE4$\+gEl1a!ObP<"\VT.yQm&{f(-c9yaRWq6hƛ5hӬīT"Y߹9[Τh2xլ}ψ%\kVMgگ`>c=\wՂ97g 5ЈK6Ze<%nҍ/m-np MbFA=N'x &yh4^z:нeI XQ߱}Uk"/iIr碕> Q4{8| hPN.$H$\"]%1R OB[J=-솽 6%$]R奔\}J h\iFYvyi{t#s^ki]fhsq-Tȵjײzt; @Yfw-;UBlu8@Qik+,gby&:̲o)P⮺|sJxٯ,yMԹfX e +9ǵ󲯘<sD׀Jo^["h Vڋnm=!TK%TSƈ -bDOl.-:WSbiSP̢/$>o0s/ilhi u_Fx\+#.uz&,6(s96bpp|z>0HkxEVQ?zM=1/4VD+p{-%J# ?|FS V>i7c io1E9A'UGXH mRu> /GQMqzylU۞/FIBϪ2`i6!H) *;7Qw!p%5)VZ3, ֦˦oM?J^y3] AޱC>Nyz_W,Ph<F3>١J@O2h*{#o"y?T)@)z8q'<6r@\x1G=>zr?R>R1n |U."eW+R.8Y`c_+$ZbD)QZ`RU f;҄&%#;4 ҂߹j7+H^?:e-D X m+%ޫ+d bp)N8Gdc>|+/"Si "Q$ .iV0yFŚjOKFn$ϛm t>KWLڟn<&.oQWꄟQ`,>)Iu>֛$~ (ǿ*AN )x6ӰL8pԴGC"#6M+D|\.= :c'>9qS6,!ZqL5rOB3@f[|7R? Ci0hWr:Y<k H!}׎c_ $!x֒{l?QD$$퉍(Ve% Gƕ-=d.rdfZ8$< YyJ|'P)CO%,Q9O\pwOs7ro篧p]ir=3lȡ₂Jh`Y_~U*B[я<=kTiTq"A@~De68VhzojSpTo'm 𑃈فۛ5ayELpRP[kl& @+AJP B)e{3`ʌ n@ǯ)6HI1Tw'z:-R缷C# qqąu\k`قBw#7ή U7 FgC]{ezת%)sZc`H`(NUljHK"ً}ΰuln㵐0xmZ(yv6ݜ8xn`X,kK:hY>CJ@!T]a:KN!^.*OGs" tf*8bZo,F}v^ b>8NN~P8-<-`^x:΂RXYY (4>hi|׃&ֻ;:R"HCZ%답0s'ȔlJ]s +>>1#aێMaiFiڨ]'\o [1-׈ ,Y{" OA𱪩"4||H (\3vD9+;]7\ 4_ sv+yUT]V9R_J2ٻ T!ۏK\?6NO+vv|!ٴմD̶!!wݎf>~OKx9r iiar !Lf/o#@DH DޮٛHt C{: ŌwMa\VXqeսi Jc.Ttj;! (cOmwW|O>;4<<[!rvP{w{&a_ "r̀sWFh=meF1cR@p7 0? /DK]"k.(ę$F|Ny TS4"ɡ2U -ZCɖӑ]8̦W% 8\G(ϼjȮU Vy;7֡Q܂ryފTppU$N _ jXp΀ yc˫`DJZ ZSu7bRcE XZ.,2' 0{±c@! ,9'gI` t%,ќPαY^@Xuۀ3[HG?:8(IQ1;8giQ:Լ&!q`LL;$j?(']REqLA`my«o2zNJswcoS/+Jûˀ au(HfJ{_>cDavl[Y됱9@Vf[8 ~ꍌDK1^НGZkje)J8WO^VP򃐻ϥQ|DC7D䡁1sR#۬PZH?R>ޙ8 'egΞ D񳘷j.cR6 IM):wG f+ .t_aўZ.RY4fB:Zl`"%nqT8b5a X'tUCx|=ݸm0^`sŷ)zMhܐ_#trL_!2hdgyUg4$jf^^Mvvk`*a_Nz[@u蘈l.'qJkœ 4,vo]ŬhZ: ey-(c`4u'±d BY :=wӠ/WBy9 F&{)_;d-5>u^[uVo ? j3} Q^5*t%p ~4El%MPf\;4B<@?U |-Tc8eMt5M;_<IW@*0SAg h&4`We=%k8NNG+/REV3w#oFP+#]c)9W{S*bg9zga̵(7įI9qc /;YM"a*4tf: A 5RwC݉I V7~й{xᔓ^K1)]$V+rF_Үgz {`7+p[*&}mUY(:(T"" cd)\_x_X!fg=eSeu ~־.X"B#uk˳|⮰ҍHKթyF`W惃TUsU|3^h) =kB9D݉2kzb."?9&B7r򗯚QJU_*{D,32`YόPlŴ:5#6>hprW{,6"pO$ eΨ#OW\Q2UQ?Fu5yl*N:tՌ—Gԕlb,[X[I>t=5qI:rwz?6J揑o:Yt"רr~iT(oҧyE83*˖Eڬ'vKoj*SfUfDArKA 'K +HȇB@%j͌C\(1S/<̰1iTtgR2 }=&6߲G؁%/m) ,nW<kI] 3vDTO 2uW/€Eaj&)/<"JuD\*Énpuqÿ' zt9.Xt4F͹>8k\jLI"E]NUmU5J +R`ӇXn0w]l&xTMevhp;=&ѩsw~hD\V6ϕyS=喓l{L;gM1|e{6$Gvş=ch3i;Fh[<27v#5'=bƳsn4Zʷ8=qqK7\nLҷb1Ɏ'E—PK!WyC>֕Ro,|;G-rj_P%Gj /@^ndxg]qEiAv@ )Z"_\=̚ :H|R9 HM?Ku%#+9gvb{|wT 6Y^Xa\ܭ,"\ayEָ!ט'Zī s)mAޛ1vQZEZfH>1wD\0Y_IH1`o~ wO6J8 oFA'SyD "dnlu?줛]ID/qFz\8%1۽̳ǂd樲h#`t}:`I]'nJG]-}hJ[(,[:FPRbRs ru?eK `ޠ؀Lxn;.[,l݉ʈ Qv!!.8u/:@?QAj$A ٢h" erLWp(#\c?.TNκZm@F2T X3&zLr4?<6T3}M8@Y7NZJ7C(;%6#ݡHX)y(I|QNNaHR.vSiϰ+;ە~ȕ_pYI:yӏ-n2PSK0Oy,ͷ4[XXc/Ҏ(QokZxw(b%*P،kU3x jeܓޤOQrQs>W5RI9kPuzV:@VկY 'թ Π7=:=3m!WRʋ '?@ 2mNCIbW'Y^گȌ>6e;*۴hsJhf8wª䦔@(w|&Or3fUWf o`ClF5.Twb??~)pp!r-.PX )TG/zü̍F*VvBկCWSzakʢ$A"l^^ƫE] )3̕.ÅOe_x,"ٹ/ _M[o=GD0>P@=NDb9P ǿE!ӫ,N,.~7)wQK @, `iU:-8jE ,d Ԁ C)kڍǂ\3@UѲi֦gX}I` ܲXɻ j kԩOnxJ+. ܖ>PMS))J.yaXu3g&VP8'V-%xjݙN{ `P~8&,fW?ll4/3Ԑ-mh%[-24S?lHi1D\}@$! *<nn ^t˻翾חn3؄_$ޯӨ ЕqS K Hդk3GIM",m>|]Z{zp9ȶ|LF|i !D+5Z˗G*&rjبUT95usa%{l_Hw]E;4Kޒͱ ωnnWơ}>ҡluEVZ1%^>Z$c~?y{ThhwުtnRoĮ ~ 3C 7Oƕr*zhO z -Ф#m>ay<(tg xUq>qկ+K ;:tExAڑ ok&@Lɍu3ec iBv6t~E<~]ܶ$ +ll>]bHԦiAIAK?(?sDI RŒ-#eXz$? LEZ5\mo73UVK-8Pڽ< %tA4e yJHLRjGW||zb#g|,j#A]ʎu{_ 0sJ`qJ"*e a2/7*/|79YzaW9SCL+. hco-,~z|53*$%G*$VjeT:\HZ؍ *l8iXt?(Bmo]-׎ .0aSyF:18doƙANnfz\pud_% T%ڳ([9_;HY1fʋ]Cԕ6>߱dR 5W&'r2ߘZPq pX Ԍ{1FKkwKTo ymyuVD,O,WT^8{Qvc!@7Y:z8QnY5\Ú>b `$9W=ze1hpU!r;&R}k?^EcUlK a%zXbp@ =J߲ǃרޔfYc πfS|XAFq.N%AٱF UAA$s.05ϜxzltAB-"R^AU@ϲ§4'DLֵ2uNDe!5}nқ_{j4!cKzDo)ƎZU1lFd2lB*_=:!lp hE1˿XZ6I3 ji`~w\!L4jhIJ, h ,?:S:Fu#PW_sCOyF7x y)rqg|x7=YZzb] /D,gЧnZiE3c?SW l?9}e=~yf*3HtGk?e>-iE^og^K %f+oҵNr`+OY}!mFO'9x%JlD+H0(Sn!*CQ5ڴ &[Zx&\ƎDJܟ9|Ίnwzs>^%ufX<8̼q:(%b׆L) Pߟ'3,G#&aik |!҅]S.%ǩ~\V|Zlg}aUp0gߙmhP^IJӲqq)^ΗDfCN}^AqF^ |zp)8:%DѰCZ%5jHk0,>d "*v&}wx5%ZS&>-t jm}-BҾ+NUovh^z|@m|%ٛW02j;hàT ͇IJ*ɫ`m{]g Ud1O;}?uҔ΀sD{*}..8˩20JZw MB J gոE8-è}ޅgc畹2Ye6Be֍'6/s 7$`3`6[ɥM=I&YDS{8GhC Nuº5*" 8\D;ZZ󢘠y%hn~=[v#%f] LV2< T? Rú䚺*r n݋vud]̈0̄ězi>`p^)T)>K6v>8)oom5:n9|Aff6 l-*mb^>ܓRinVP>J BiSFNX#Iѷl2 qTaYf"MDnPZȄQD " ^ס/MvX+o9ȒQl* |Cp6B?Inmt[Y( 5d{?#b=<!Lut;:vIK+9H(o+s:ҥ?2iUS:6t tm9¦D(_7ȑKF ;e+ؙ xSƭVSjh@a1!%n!gu\ Y$|gI). T-y?Z ]66"n#]߳8N65ubyȝR4"Eh20| ia'p kh˨Y<{\J=J1ULnqQG7G@FM!I;"VT_ aƆ1){:'ʘ`fЛ >0ٰK8,VWSjnNaG+"-Ićmn2 :-n[V6w2XQ*F1Y0x)(Ue~qtFhPbs6۰"Z| C+QkLr7C!H,\!h lcM9'];Pςs [ڄyu_`ޠfU/^^ęm8`'XOB+@EPK:XQ3s|++d+f2 rWH1fa)/|]N}x9CrPGiJ'`o {FqL+EnqjitF}cvb{򊸡0NuG-R %?}u[NVhSh{-G(:%3E8o!л! J1ƚO?l AЁiUƶ:S3JZr]M°8a\s'Dr3h/iRTeX&WASн5Q4H]PbdVDsyA*'ML±A 4jh}d.8H.b4 ^ɽ<ÚEGоI"jpLMb@י̥ j Ml@p(`5#33ǚќ ))Er&9C1()y3ʮ`&;)p̍d 8A ZwIM; ^9&{ߋ-=\.J:_x;nWiɮ-.D?pi}uP(zAlUFaϝju_e‚7{MSQ̈e21\|XZ8imЃrZ%}Ϟivo'Hq/A!V4Ck)GQ,i6{M H>eSG}tR,@*R;3r$"VѰRM_]hOtwTACF@AN ss2qB[O~' dKz >lmxBDYr[FTj[ B"ăB*wIw=/c:@h]ܞ#OMyzp:"e'U/p7ߣ`'cj_5[R.ax23Հzo~n2sѷ"5ʤLFX<;/![]|%mkJ<-XLi qGF$H\b*0`^4Xf> [m{iǻ̤TI{KbNWso.Z(D`FrM9 0 >p(76.ry!I[՚Q ?u[e7О\%ەEr,%>w՝{Xc <|hV-K_ 'vxR1mvo hBKq`yߏCK.O1F&ǁc0>q$IC D@)Ұ8 KbUxM٢7Lj4;4S,ׂ>1~K[2;MeX1Iyc$+ܤ(Gca׸5jKxVC̶j?_蝀eh?sA-?g̠a3%k[#9DSՌ46u ?ʪ^LI~`wbu8%(V5 TSެsHcrbSN&$ tͷgtL3MN7~eEmeti$HigVé1f:C`}y1tbJ 9ӱS6?fVE].hR yn7|1na{BOm笌KZ Ŕu@O [dJQAYīkv:L1~ rJFWrRSh.}a>O[0X-!-} /Ke+nlF:)va,3=?~0d*'z9: odL=!M r#b:37Rm{,j wYq# yGnul%.ckeR_0g2$^,l"к_jOH-P3pStNFTh T^Y )_U@ ;s4mIՉ,>v8ִ҂KQh7v1ݜEaOXbE^,zejIK(/:;2JH'=""0x-Eߦ5tVF|!8X ~7L%2+V'iXzT{Y&C!oZem<Ƶ‡5QUGe9 ᮫~@Btr@!aIJ?9Na LHUp*Y,yY"=eiEm(  A݇Ɋz̲)GJ 1=@f ZS=a0.>&d.W2rx%l=S萟AIhWx'ң>&V9=j1Vc-PY9$|~܈И3e}L`/SX2 ex=etR^0^a`Pfָܿљ+2b!\g|p 6 B\Z445>.!hƿ~OЩ=B%p\c?FN* $vC.p!F1#d?ZƲOZP%4%A\UѢAIZ5 ;󎔻 O@]eд8D6eG2 BXEhT˧$D乐K} }fzA3*qR$=&Լ-^cZټ@og1ȋ{LfyJv77wr* Ehˡ^?Y#As0ޝ~G Ugj6x *s/76 rjfvACUa,Ǎ= =@x`Twߎ!xˤ(W'Rv/,:7Tʟu川y[> O=.'):i'?) a7AN' FDl] i:^{& X(aa+hhXͨv̍7䢽3O2AzsYX0@峎bꀸ, 6'Ket[sˤ*RC])6Ke8{"Kӎq[jCqEǂDgib傞@ɮn0U<30.5mz)dk:蟋b0IuK !Co~Kne^$' ~':u؈) /DT>3L,K"Vov*ƪrco5+h& CLh(M`bGc u5Lfbo0\bB2 Q@_)Y=rd,,JNȀl^JJx^"vinB x)  ( %fdkNZOKcbM١ׂ^cHކ)[kGɒ+trY`@?Ќ[5åv{ 4}D8c HאH IN4V/_p `scw{<N{,m4k$#xMTJX$ Ut*CSĠWu;y] u*B7ݓM\/ .4E4]_X2`0V m4WvVKP&F8.ݻ xl{&W#RWX=Yt:Vbօþk]b76W*.59ͩ,!%x"Io1 rI xALs?P P!T 77֞Ѣ pmN:ҙ@eY ɜtm6A[QPfJ%/)BYc@ WאcH!;O˿ʓceR J;Ç@Lw+4brcW~QXFaR2[jUnF]P/4^hOOAû.Ka"CɎ룡3?vD=f'x[FRvq* ɫO1ĸ Hጛ`ft(w&dX[At~R4z/A/X\" jj!_P\=#!E .%)0'B 67+ /W&b<҉2+j˒iY,#>1QUgU;0 ChhR$rN9WGUf &YX+mBz'QP=cW81 0N#*0 OfaHpy?nU$jفetw3yB95esR:?*8αo#Ga)QuI|(կ 9!{`^ߙ4*tW?v7saO~୮מ6dl맽v89ڈAz;k -#XHr2Z;t6C`KYw^"1ζ]۾54>P:W^5-ߦ4޺R[Q\vX͗Z}]"^R몯 ҉'bAzQжӔbXPxgTyúI_xպ@M7ZEF`hpݮ!tk[|!1{&,gªu_}&3ڴ# p5gMwDx_FZ&NZ;soƧ~71T!IXɡ[LrA̩D$9Sq}a1L9Ų%@]NO@ʣG%a! mP#MrI q-ZXA:}K J!9[mX hKu XyѿIlWP7Ggup1fr suM>7!OCy \sV֑6[:x?.=[`8+I(]1vua&7^+Wks&!JIXL~FnBXE^^"ޣ->y!-I=O_w,MZ|w3MrɅǯM̴MC*~|bPk~cEmPu.M9JR? è{RpSW#brƥNv9kyxsKќuhx!L q<^k8_s}}mm܋c%B20SC*hV07e{W?>X7|'a7駍a 8IcS c Qs\əQ}LR]^Xc} l@]bW=e\زѤl[xטpxJo4Һ@ϊz%Q9$YAKOW 5C1c#1#/u:û@yt{ggo4W _a?%kP]Eҵ8G;It`Vm}QAߵAbG+@{ɴ,THNtʖGsW*Pցd90Q7+gK|N cB!TNY^qv)l؁*Wja[k$>p4$0I>v\**MlXȅK4 cՏ{}'ec #Ԓ?,[byc&nA96POQsYz;0*0 `54H ,Hܣog,]aØVKgrg*]]U%N3uq 21ڥe0~.jT_s{0"ں. yU+~OZ_ZO*7%iJ]%|iDɂk}lM㢿roX` Ť,&ͰW+HSU >="dNadznOU 3Av)*r)4Ekh WʍvͣZ!H#F8^$oހqP<B JLFk)` #^U,kfkL^ 6t\̄}+JK~ҙș$:UfsiL5jD$ˉ-ILzoVuv{`J_cLaj)Tܵ#vzrQq$PhKFhm?dV "\܇2 Xk<δ/pѸ۳t2Rm"[~KHbx>0zV 3~L/cDW@=O<:\uAQE[}X=YLML%QyjBw)F WW˂ IƯh߅iE1-tdwb:63/*,w -Yiq֑n؎r{;QS%cWզ a(;6ZD{asoں̼{X뽴;%ܬTy,DMе83I1,;ӱalhn]z !+}?rwoب"0@<n[R͛:4s\Iri7C9W)g4g's=J='3%ˎp8Z FFSnO.P]7@}r2d%{WRw0!C]xޔ@r0;vqiM䘌p[ r.)Htnqtf1לdTg2"#5}bʸSȽioVsvx$->;b:,UoY3o"G˷y`Ra`;H)z7GT2iFw<'b6}Zadh ao?gIDcL#zqud]=Jw:Nwu.pr 5czic*6=)'̧'&y?52X׷O_ &%.eGnҲ)U?Ώi;- a7H" oC,F[/R&ec!=2P,kN7M?'rႦ[,TQ QɃ\ײN8P2LjsZ.S6.bSPЯ;jsC+] _gjm1k$@}QOz1'#X\{925#fM~6?]U("q24e;A<)`\F!~;t7$ئ(SiM+*I2OkF-q<S1y> Fg- fڢp`Lk)W@fP\/S Зۮ\N满7TQvClۚ/ o^?v@%?*F=N$&{ [媭a 1Wi?(n9vATjGb|f8*zg35d=eJAuo5y,uK 10עznbWj%A4WC Ϭ<gd($juyq0SK͡b8GgjK؟y w*y25p`mr$4JG{vVxɃΖN }xR:ꫂCvBh- VwrŰo>)Oo I(a HT.EXsR6FY*YhC4ې~/؍Xb`wq i&P<8O l d`?`R Eu\EJuiM r2b|)mƤaGE~E[ds':CS{T ![8ո_]Jh=91(\B0>š6)?[ݒZ%oTˋhMVQ婉QTt gFBX?"UQ 68-@i[7cYJu=Zmf hc<.\ƨ[ڇ6! ޕ􋞂ՍOR76!E X.4IwIIMt˛'V,/1+nm&-QU##̕{b/G`O\90ݚB;=>:~ŭ|xc1fpQ_TF|ܫa<:՛= c*ϫ|6<7ԡjܥhEd|Vj#.::;S,&P^fH3OG@A[CpKw:Z]0zt㬸8SRO.2,f֡o\t:)OUř_+s-c&n^-l S6!+`; ˶ 0*\[쉍JnZe~-,Zlj[Ơ^p}6Yiͺ" ^)*X5LN;6)m$V(:@N@hŎo8`&)B"…|!l[ \- c"ܿx6Ήq DO ݕt{Gd P :LׅG\}lybT^L T߸X%e^񃻹N.jpԭֈgEZ"֛X6Ź&h;շm+aU2%^3H<"GRbqSw4!1lf?-[`msp1hBa'Cb`]yCr睶]0?L[Qg G13,}x/vq>QB|{E*me> n؏敖x\=hB7ﺵJ8KY?^ͩ߻Ҭ0η j7T /r?'Fae{8f@OJ)[lJ8x?i=8ze+d {LYhͻwvt wyllf6 :#&C q}\Rp_yY nC +%R.Z{D}b\U5J.CZ7- ;g;< 6P( ,OjW+]M>0tguPX7tFRuUrqZK{:Ωo9=v+i~o-gٔKhz/QaQ/ s3ܑ"Sk"-+uRpnb7x3}z|4_XrZ8H{& 2YNIUiPnZRyK%'9:.PKpQ1S43"\^ MMWZZ,mV nȩɟr;M]HA+|ʯI9M:/)$b=V;NADJ+zAdzY}uln?5E8q"} i(D3ͷxPw59][FL/f)^7)hAN@Q>p&l1sء_5}4:YMXȊVPyt&fOs[݈8hC+HuKYb"|$&%49P8JU( Eq&S&@Œk7=i2V޺Ko_ (&-iBoKM-. ҦusOHۺ*K>wCm\7y">7e(p~!BQD tRn iň( &=lJgҲip u[h#Y 0I,a5<œ9u a.~D"Q.O<{31r~FN{ OgY]o8nؙ!zb yxGs͹4 Z]b1f8GH_Z=+M"}ݦ7Uddק]0k{ڪd| bÀ}Kb!!5FD{ gW]“ׯ}s.=W1R9UIk u}i5U2+&*7mщ$R ] {4yƾoB1| o"]}6ciy5;eМP[@u8_/j62rrsfM׿-/fr(BqmODxEG_(B4Z n*jtaU܏u8!S#2[VQdKѳ,4Uc>t;{-{­A7n0 XX" -)lG,sb;⽯"w^u5Y'ϫe:eT7x+^V08&M 9lM&dg|Փ 4idQ_IMӣR7Ӎ%kNEue`!rjr_ū,LEJ!^tc!JA&0b # e8e^2ɒTc H.m#1kV9 Y~ >15;"| "w_⊸K "ԯ =ڈ@xDk{%\Y'1^>֔'>Nu[8JVJKd'9jL9ڕWJvbC֍[.S]X{?n,3jT7–6h^$8F挩/[τذi0)u{2:\toMWx˔Y$lu0g8u"n(x`owqj< G CJX]kUHvbgʐw8E>,(g4F\س|d ]skppz;/kFќ@" ^ll 7ỳZGXc x Fl6jT Ka0JK/_m;dX=5;)-"Vd|aVXϊ{q/j(%P!a~]j^gaSߑs{ 'B(2c·?L|CT7ՑZ%TzP&xt (D7  IsV~o@W`ogԡ\mwp}{tNkEE6 ( ǵCmgvYܶ+}2-? "R9SbĄڙ*J,m3`/k"6оk6Cm8CD~Ş%Ĵ%_<U> [үi+ql1_O{3| Fr&Td5wl ^1Ec ;\o*44}[=J_&XJgr!9 \pf 4MBpQe2 o<=W{hw"P!An-0L7ڈo]M3uaxGx %Cm6XPh KX3v'E4_-b+'.?)ި e- ԖoCZ:׃1ׁ/W[bȤZ2#G_$/ r>O2wCfq{$Sx2N;eT궲cl۲SZhzhmL6iBo,4/fyߨ[i vVy5 /G} Q(ڝ$ K ɷB~f|*<^ͳ47Cלtbi]amu6Q >mMya:qԂcʙ@նmЇG*|Hsʩ5<ft8JR>K`x8֎ 2{MUٸ]8xMG>$WvkOa9 |Yp4!ZhRJ&,#R(G2snL[nGɍ֨]{༾9 髝Z o3Ҟز;OaGO$c {RuvuxTi8ؘ G[Do&;r>VM)lZ3[W%ŊH~iz:E*\rD3ԇyHmE5UTn~ed= %ja@Șx2bW5K?Qm#H&S %ݗ`h щMYNbȣ#6B{Eh֚ÂU`Mǚz6';>,׫^䁤ę xvpuVqz 2QI}8y._J 2m]pcoBۿ,ӺY3.,IXdsw`Ъ27bC5!er 5]¼$mWFU#LLTI ݯSd> pێS/a ] & F|79X {~B vW[SY˟!lR`]8Vg!FK"Hi^J 2j(WKZ{orw|o]ڝ.93{Rkl7y-h4>|{BczZln28 ,Zx: y'9n5Sh ;죟Y_fO7+""+m_=L/cP#U+qPU}Y`5 nHiqAE̗z`+(\q|wF0Ƣ6co΋nK.Wb5爭&hVvϔ;6!v5[ peV_0䅓K.X}ɁG)~>8TP[9W%UREV9ÐvR\ԁ]21) u!u\p]IV"t'k@$+c2jS_pVw`''RrɁ*l$<,nX!6sJ'¥HjgV>Bq=0 xTA>D_G4XN-C NZ}"rI 'ΩpkD`<%7uQhdH @5䰄.p{.'kK'{HQ(=5TL } 0 |Y9EV%#k}"X.S;1ބo|b@: :2`L|4/$z+؉/sdAkj<\‰!/P++VHv:6Ϩ跳itSzZ0DY4X1\s\9u@ xhEY tM+*MuζLhX+?/Nh1nJN%}T3+1]ucK!G]K& PHAY̡~VYd ӕ,TON8=w3D] yg,btTxv+hq`}5,nNb?*_~<p iGu.T\dw*6T^GDAѧ\ј[CL"(1!uMs@`d=jZ,tx̓G,1 YT>)Ȫٮ]y!1n^r~W,7H<sX%+5@ Z}UP)y1Pr䷥#|.Cֶ[>6"BKrNhUe5ҵ?躊!'9#{jh a.(J˹'Qf;E9\VNi{ 1+V?ģ4- sW(%{%C# fQԱQ+uԼasㄘBk]dnC xB˱!*d~hWKq Z¦ %+܃B>!57;IKvRIoujv%R/wY d [Cx2N_gUKz'/蝧I7 h<8Sȳiq>/#7E۫cUފ6^ϳw>>sp[`$_ax92V: q ی(6Ҥ7Go %FV"e#Zf-RR&#ֺXAWGDtҭ]wfFp`g|>ms NHs(5W?7=k~{1-fĆʨK{  )ϔ^ޏqN!pODTx0e6jI, 'xPJWF̪ \Ta)p)~i'S/vƾoƫ`)"rWq(dԼlRL쨍BaKbvGn>ќ%-p8bW,[ 2qe/B4\Sc `H"=A 09>мmܦ%BAEW?MjJrbOA6HJM)C[~3Mzb- M Y+,824pV*qPwN=^^*%x9ܧ(w/8_vhx N~c&% "툻Y7lǮyG[γdgɷ!]; K+оB9'wwS|7^[WR<)M/l1[vlz Uf"$y@0jͣ»1XA eh" >}]Cְ차 ՞5ZB^31V4LVVǽl?^See.%ģ bp#flہJ>.Ng*LR#,RU^Q+F#BKsO=:o3e8HGĮ'j}C/^X|=:8uTzC`+LgND}P"eP9/xF3C8={u(+YĒ{(ē-9L3tqlԲ| j) 7GŹqOdh>^Nnn@@T,:W!/>+-wܡP&hvg. %4 _>/OLЯ7v9*A.|~0;( o&1S`oT0#Gaӝ}8Z0ܲZ^q$F@%4d^V*5e֙n1ʇ7`AYO, #փߨ ,&gUgtkԐYm VY"c4_MWg.b-eנ3Esً%Cũ#M"+1s4G{a]Cv4:vq*qc-#YG+>bδ]KUɕo\]AR}0f3 ";M Qz($ww\-۞MLf[Ud##0*`2Uϡ;[5>B!Jgpde8@c;>kЊ\Z9f$0XbT 1`o ʉpԯz%8[DeƎ㟖r7;$.x7Gu4^#aNU!,AxυT=ߗ3Arrc;FXɔ~d.׆DM9yATQR[^]m捋ds7*4 u*N%+Rbؿ9$L8 n~L: dS޺GF }%A?f'Ʋ>DGFt_3ګTUaEۑo\Ϩ}.1ԹCx4QOXTjU)dNK}ɖ[)z8*\̈Gzi$NG ]>зBZ}0 <zjO!$N5$ ϫQ&i-ZZf(1U$d׷L"nm~ڻԲOzeujrgI;Z[~_v99Y*@ً:SL&zՆcm;o)6 .9']\sXlqKJK!SowrZq&x<)S9tO*| zz5>XVgbKoa9,]YZb\%Y?&+d<~J]'mWpbU] S>$8?G+I͌J Q^[2֫V}ПӾT8RWg*96:@h`\BwN7RG^IGAV~K0ߺ6JR#QK5q"<5^0*vtXHO׈i]շ vͺ؊P , 8+P4e0%bѤNuxeh%Z9lUn=P&K!#IP'Vk3~ !L[` Hȳ7xIѣSh8߅;hjdBҴ}${z}[#P:!zm'c$:]! a_# ]k/ ~oXptW;od (Ŧ'^W#y0Dg '="DkRXVV;qvuL\n>{TdXYMHdk+DQ?P#qPP;tI;"ԝنn0[Y4撎DV$ذ9ʞÂcF/,-i̒necM%0,BB=2m!04,@/C"(D/*xՓ7!lv=<ʝ~'o4l*x M5ȢȺ2Alm! G{[3$^KH٩%.?na3^ lG9c|<&rn=Y; 婑e* Vy!&z=cTGe]Wk1^KXLv^ SY:+a;S[/u5" zoiiV' ùvk+Z!MΆ} QUI\T9ã{b[s~sL$9|אvmKJ: 5|;ư\VXIWe*5^L wHX yv3Z4^l샎R[7;ׂмp HEP~ ++ܲ.̲!is$lev "a`HēWrj (׵rՔG.U׌^gk^hg t'պ?V_v| &@RZ/~@R% ([+^⴯sBv}qm%e^?+eL |iznW455iGg7Dzeǖٮ<.Vd@A.bܽse?1_XϠʵ]M$u#P=^^ afpb J[rĦtIϽHђWZ{8-o'Vv?Fxzw/3! sQ(ݾ0;EkCk& ը];l3PJ/?;4ܑsEfD<TLG6sLޞ,v4#-"'}@ۤYO2~p ҁ Gzؾ %T!" ,Ԇ1;Z93-bC㔓"d2c qULNXսȍGVWJ5fWQX2_)FkbX #!h.5=I+N*`S}2?C nZ禯G2t7?0m+sR"U#?2sྡྷ46E 2ef}Omڤl,F|6yM,@N/qܦ@9j$KsC*.hkmU߲g'(P>~9ZI(0_Ϩ!s㱇F.ETlD>U W"<(!>?쥁 `3Hܴ<U"^3BGkFz M/0V-d/lԱxwp4$S1v" 2 bVfթsyqftʫ @ږ4"xgTbHk>iƠ}7ny#tr*_)dj(C) '~\FP`PgL!+V/!-^JZ;G笓 HXOS(xJh5skLxɤUb0xխTλj}Cڸ8 bT܊ i0qLErm2x e3?Öw76lo>`'#FQ(yH@D1|hl8{TؠeMݑ_Nxnle(EZM蘼Ɛ@- R#`t{QI _&"\cۺaBVХ7sex[ǕTUKoPu6Cn^}y)VXvT vBYinqA~>{ h_s ڏ$=Sw93\IŢSe'u 0:PAS7=ݛń#H-=Pg2O!예x3 訋k60C|iD0^P=:gGH Qz^=>fwߧ+]Ƞp<&a ,iEQ*e"Oji^/Xb?CS#HƍGFosŰ$MQT`D;xS9RP=y "MD3P%̶]㓛-EW=u"Hs|#OѵG>a;1 ĄYGi;{?pqrqmв9uFULE0߿z=RQ'/_u =v:Uoc2(S\Fk.51^CaB5$@+ s< H[`ҭ\F>VgвSg:pøx]P8SI.-/ r+1!ṑAKtĉ)ųn#S2kX=e B`VB~d2ϖQi'%2 #^axj;|>~n p'3y7Zy:֧h!u [gKɹk&qb'̌JgI}LW:/LpV,;aU8; h-x:rYYެ \9J_e5w`YXubQ} }Kj0e|O-y{hzdkF O)>@TmMbc%i.hXU8}W$M{VWY^"k1@jetYCVF`_i7lvicw÷L 2L6#Ctʯ1hD;$1*?&HE'~RO^+gLElʳ̋ J&(~ĒS5F?+oL' Lt7c#ʁu;?bt14Ω;sWO?%)vw٦(L jG у Y@g=9=>\R-T$(Q”QS l=fԇoήkiVݯ x j+H˴TS T>5syggޕDIE@ D 4[ -#;ƙj.!r UŢUJ/^Dl\C]5)!nXH] 3(Mt&n:#5wGUN?s9KfY׽ӥ̄<Ŵ' Md7mwK-ԇJzvގ) &tXp+x^} ڹʠ}B퀯!   [ApwJ+ ͼ&{r1>(Hr .W[ G+p?APD+B+Lw/)"-Nn۩3k"Dl?ӈ>!=/PuTK1 ;XK0Eɬj sz]N|B(oX,ܧ vEaJ-S!Jwc!WxP SI| &soެ<6G"Q6x`C;р5|g()Maz hes|DͱƌZȗ\$^ BhSs6. sFpqxo 1Ů0>npwL,/ߜVTKN!%Xt\eB|sVzIH}f$J6v;K"A+}jPWlx-ArS#th:23/CBl ܫߒ C5zh/+'us7pKk̨ߎa3XEr}N]]ߙL{#x`"˹<&9jM |^FQnV}x1acy5 "\VK>V* e1~B'HJ}7RtQ`5Nk\`vLy`SE7m%!o¯aA+9F{*\9Pnw,JrTT9p(Xe-)>6! LG&/hjbZwI eJ>3.hP`}T:X& hVTCTN.lcϥ&*H6Kb:iE! | ΨF)|uFLc!?0 ;}7|?U$o F5DUi7%{*\ӟl+碤HE1 ).vZ>g:0tlO{yUn7%hql ^H$0{]{6ưO*7Zڻ8؜r OO]JH-&I֪#qn̗Mb AMI?&asp9c=Ewa|,N$KT{v]+u18e) '0>!.8zAAl(%GJ@&z9oYkVijb(~tB[BīAb,Gl\?n+I /gEjĢ; Wȍ"E".][AߢuvQ*[} ;6# Aw\$4WV} QA0î dBOOfۧʮZupaR |3CT:( kB+AH[)xv Hx-%KD9~IЙ:$woH%̖L?6MTk,qvAKF7f&IHӻrc_ˍߓnMe1%(˴Ynwj]1iE *ƫ Bb=V?ǗBB@s ywB.cp*-~%|O}DgHazkI)o@Q/wHGۃ`GlC +(E< xec 8LXsk/DŽC3E,fқo[- ʪURz-V7R?3e1op6BI/lQy}occN-1V4FO^KQ3K ib]@O};n /g‚lPg2Nۋ^(_\0Pj ߷A4NuYJ޿[̛_v5Pbg:k'C |jk'GQIY'_$DU Ӻx35Xai>:R J6:%5Ś 02׻˴x6gM{wWEga\:eASwNTO^+M0f8t^Tzk,UeiAf.ud[h-\禠0!MӮl~x(L= 5nφ)Q-kcŪJ[xYY{uF:-[[dg:zq?_P׃˼Nc؂/rrQg*GqCaj:.fΨ7Rrref~@mtA&i,Bt}f gԚǭV3bK`e]WJdbss I"K(R/uӦb|K{I(onblsL9/EYDc 6}sfmQ1ܷrm`L,æ/HG$+_۫} p]$/ׂyIS y߹hH؜Ҙa2Zf lA߅w-i ʉ+*QW0$tK6S;|`_$%xPr:pk.JH([]CxŇMo=ruiW:R[pCkj^^5j,.<ĸuMlG؄}kZGIL&aZ7k&Z.Iwjy__[o|O],m if|9ͷ̠[lڵ@!uF?݉ΎBCtXΦ6/Iqiҭ2Fk3"/@:'#ZC_a8vh\~gq?l7yn砵?Lx0_ pu .jf~aW:,hA8^irW=LU:ܨףڳB|à$ a% F8yF@$Az tF폜SN`ũv,R7m5i%6AjW7=ՅaΨ=åb)W sdVw, 9Qi]C?7e$qJiY8i:L\w7}|`6Mۗg"xCeYcr~iղA'.kȑ8X>lo)Ot b?X@* ̀rNXZ|)RPXͽ)O] c7 #*SOwq8ՉQr;A KFƵK* *P|&g8Ԗ >9^z"кm<twPFŚ d"'Y v6q[o`cYm엇)QDiP`|,1O<1z@U@?-8Ë$A7"h=PvizP.SUi5Vtq _3Q9cV QtV[5 xdKVX9&_Ⱥn?T\r"7˞yOPꎁpn[1gڧ{ w3f,DXBo(1/o4ڿkw< yC'F |枡;=$JP':^T~tx 9Mn}Qۑޛ %Yə*>h;JnXċ7 *'ӥ% P$jGC%]vo[%2󟥧RE mQMdH'䂢q|d<,eP# vL'<| zM )Up]AryV`hȭA]tmԁ+hĆynLA!u"ZjxnÎ{pz@^H%RK<-O BD~rMX/* !Mf)!qO˪$~Î3+6.@z%\MFSPE~&'੕QyYM_r l}$s7ۛPa+D2V]֙qO9H0F[Hבf({0(c=#0H5pFw!@R l_A@;q; jmg, yqgR_,2ܜg`ڼxAojEjd}.orQO'fNVJ/^/P4!ߏtQ+<,-G3ʕbCQ,]䟐Z2BƸkیR dkcSk8P|X07S5NgDf)tsؘjNʮp C^,0C{ƍ0[zUI"EY ܖhKkV^X!;p)MYӒfONp"%d^0/~Y!r=}XUlӈ9VjLIZU!1?곞X5\O;lT_nꀥhwi9/.ʜt "w%Y_2 Pq@6MPwBڇ YRf3tmIP"1m iOR.`$LW`D- Ng_m e".>;,+h:jt `lön4Fܟگ'6Y]ފ\f%~S2qޱOך.B\?юK>VzmhC8ωG3kOpc.sm ,r]2521! j"?.X#fQh鵠L6-cFٷ `o*VVx˧eB"-x8^~gv_ 'U _9sCS\zT98Ȼ*y`̜pImtBRm DzE"u^.v4tFbDg@ H%GuzNrt=QRRho]hjL'+q`5Ym! .ԎYȓţ}"T0ZjWB?\˧Tx(m$gw榹i7 VD=N =Ny 7ȫ !qꩋ픝#Ƞ^FZ_k@]qOy[X7_-Lx)Ĉq2<#wU ª up#r}$iR_]/55~cp*Gӌe<^6x1=.!PGk:: 79gMϷ֤> &b>~b,ğM0gi5)s"!W~2fE 0T@l\˂w Vʼk@ OILv3>6bܑSoչ&Wi=5lTzy&mKh#%/Jq1l;/h '6ja/8_ȴʗ൵Wv#,ۡR rH7 LY՟-˟+Oy#V6YCG;' zY2HKY[$he9i<%r.R%q,ibuvq>\Nq4,& jJn4(@#'ΥtBc堮 JUJq+dFN%5AGG| 7H9uTA.Q &2ngUHYzq+5E)vny# F4l l^M9@*bri0H X9<cXYeF;_+68IW)$G4y.,D)]3gx)w?g ̳ej9Zw ̦XlWz)̘s򁉤A[`&NMo?HnS6ej$E?=.5R^+̆U m15z=3n볰̸Zݦ\1qbg(+3.t>Lf$ Ĵ^O8a/keJoDN'=R(FxC 8x5.Fgy9؟j\.Pګ_u&7OŤ@7;ES \sdU!3҅OƆH|𕲸hbu. MuA<3jnt,?jVApxH_Yt?#uK hi .C.4t:\w^38g[@'̩o!s\B&E 0ϻ?D<]k>WSPpZ%i [%q86 ΐC(h#w=!0iٳdL&Čd0,jfl(d0rND_1DgTO' +H XtSOL;\'D1WHFCƝQĩoxb_I;q[@ʦITHCXƏp0c,)k<#VHIs>˨z/!ċMϦ@_O.TW|읮U)gq`mq̊ nUw [lu k_L7wgJr{9EǠiZr)1WעY :*K6n" +5ud>' …3<>зEI's< 3\U9OM7!2iT9/V}:~/րޜ,FTJS[q_%sCY\6 mj` k2 ,uG~C-Ж?*֙?W 3|NUdȵxCyߴS+d@9:'q߈$HG[x}kieo}HwUrjvr]"Qʖqa:_8'.%~Qqiv[\bv.`ST\]QK\l/k/)cr_%Z)y& k駼M9%S9Y.wN`r= R}|D3M￸G<4MjEx0F,1i2 hF{_a솮҈e*!7ywDW$=1c׉m 2Kjt`936P>WKaX%%rq(b:R\eT+<v1\ռ=vt "yGevPa~̭!Q3 aS/exN+~ 8&l,8 ֦@c7~qrhP!Qb\:P&,I 0EQe1C]589-D*=Anb/UBNߧWr*?Th]TJFH8~/H1u\.Q* ۈCṅ w=9y5uvXO2 +ݐLel"iH\-?Xr 4 !"JnlG٠ =euX6X1> \W$d8`(csL]4.˿0{\Y 2(_0s6G+;CMPSxe͐I>XW46 ){=R+.B,<KO^>/\_gӳzDw !5;~ c@VCRt"G=_f ' /ǰmk> w$m9uvrkHwBVnEMSD. ķOf5UuiԝEzt82`?&0tԍP$"1M ZDC·loİ}%)GCy'|Pö#NVQr;2d?n|^N Wͼ?6%OX)o~4$脉;L/K[Rwd)Ys?KՋ]a> jt{^"I' ?*th#p'lQC OtB$4G{f+C1 ]p=y'Lk'MAŸicW?Vb(vGJ- )"x>LXRi.1pgslHB4psh"'};a-3+d.(s\aA"FbRx>l%-L]k)y (g;y"\ðTL^`4&"!Y ~;-4.D g`C`YM&-yu;ZX^ʱfyIMDKs 439Sm tjo RlY\JnA9Pm4[˾;c7NwQp[\wu)T0 񍭤s.Bԁ:O!I0g9zlUt֙gIݫf!P O.W ̻I*:1*w|jdwU3O ?N-XZi9vθu΍wi uTY/aDŽCCٹz"= l.s{/c8t= / `^DL[e M!4tbG9,Չ VTVyG+uGi8'ey/~l<:*϶Y;џ]vC'zhfs55Z[s|I4&M#D8%@/]/i"O,+ \$whJ4)q'7ӹo5y?Puj윹a #lg1Izؠ 5ӥ'L~6rZ4$~Ԝ{IwlILhZJr*)kF0XڹU 66@byƑ_UYUILqɢ05׷NVSe[(O#c(ylr "Mhj `5 Mr2]8]IArzĝtY`xe,ɜ=Uʒsɔֻ>-m(47c_D1g6kGIx$Mz^h窯j%ŒE;IyqNeT~8![tDe{%p rB"ƂBqML*.)K.3|=d̓b=iB#rPk $}kh^mIuZ8e/K<hR2*y3c2[wIii]Lcii|\YHݛX@w筞PS agD:]HS!S/,PT >R2yXu{OCrJ ޤpfn6G@[]4HZPi8&gP; ]KB˺܎#p9JA}Eb -qhDҥ]s3P ;:.@}rjf??J{u$; hd<⺜pl6w ._MgssF0%~cW٦k+O]BaJÉ4:^]wO} צ7! 4ׇ螰K%,Uٔy=N`ǙV`/&JN.7 (ɘ>ofYnZЍwJ-tUOv4Lx# W8s$?)d V ~vMJlLZ`"S.r(Ɵ+Q0Ÿ} z,Y6kШ>T‘UiƵBv8 'R*KJQ8XyȡiNkrY =V~ V->>e46|DbT eGRrm~bȎzizƐ p}Y4& u<" IRB N'M\7Yo> [daec{Dk/&Wkc)ͻCFBB> |<*zzxeX껲;GjpM2adKrT\[7gi\T6{eKAuG%k0SDny 5SeF&y!WkE:8~$o&)]"!P=mrVOlʬ >TuAnhӰt=c#mԑ1/:^H},tuߓ0g]PI`N~@{{ (~`Љ0JRcoI m*m 1+{ֺԸ#5g_ʄ`vテ {8a.۫60y 0Y594LʌqgS-ǜjm }=pקX|ZKte۾I^>P UK$.["-}ʉlvSFAr "HιK n~óc% RK $ISE䊉(B} ŏVqc\r<+J_(Jd}zC\3uDÏه'-xHbU:,#y@ޭ QL[ihay{6e{cbE6X{p Em`(+KRv?MA:$.LhBgo[,O ,/K@a x$1:#>JYV%֒n~Π#$P1^C#[z*^ 1GVx*(R~?>[h$o. s[ yqv1 NkW0t+=.BU_u9?G|tT \{U!Rr&e SkA \gdNa]Mۮ^pNrK.Zk]?i{3?%Ο$ǘU+$+!TYn%ZdѲ#0*\qQЧ@ִ!ݩ{yD,:QnR(ՂdcA3o)}0fSV_]OE4n'X[#g^(y4`&(u(IO4|eEan%F~UpAct4;-U)`DKv[rj1/L7؋WzN VBqu7fjY҂42m'6bA.dc`T|w^h>>E$Vտx3G͹Yv6BnঌӺg)T4V/TbMUA -pTYi޻<4g}߫Vsr?h'zXbA%>:'-h A )\ۗjۄרQM,`"7S/3ӥpt>!/PmoZv#~YDz5oj?3@A{`GYy1 F_ŜNmM!uQzIy<; D7BЭԬOF1K@ر[eM!I<&@ȧ8K_,GlƢ$c|s0 'wܒ$S%/8>KeQdT$$QF)G}T5߅9V{v_,F-Xއ.>z~=!|Ud(N$6#uid7֤~2Aj l.5$vӥ%k`o稍r*fJ2ɓB&f>'Vi\ZnN _ ĿQCQÖ7&%hD}Bc~O` R1Eet:H\yI*j(&k`€' \! My;01eLƵ %&v#-!'Y&gߩ+t7[ JhrF4r^s>iM}&)V&Uoc;vb-59x;a*@Fޡ]|eȞ1·31 |כ}wx:A1+ & 2 ;-pon`2ɤ{%794񡬲;d| VގYKv;_Ow.s\/,w*P5H"Y_DX@<-JiQȁ~8Nѹ[/v/3|1b51Οl:WиTq)G!F/} c~qXHuf=o)g,&taiD tȧHwޯ|8;E;+P2=l*;$>;0q-%1w+ )H/A"^\?tӬ2dqw&t3&m%ZMUwј+BxʗհrGp#_.K<,&gVh 9^s?frD 74foŹ%DtrgNhC]ŏ G[#qñOqN=*Ko>nTl#i[D ~~f[= `$ʔ)xc-2^>:pCk%10Gy˗u} @)">]Zt>93\^:O^ EcU9` rGgRdSfj^'_hZl%W 0A "!uɭv0{^[ 6i#Cd5;ɦ M`Sb;S;`5N_AЙ2G;.\[5w#2qb8 2o H<%ePe˯gnAB7Փޘр>KږƧ͇s:'JW YgQ9ࢠU]3Qc  42L#V-X07pZ6yuFN9d%]̘cC Ĵ7(+w~^@t+h2X51c.g Jm,$dUC7@"Yh˲}8a0D*#tG7M:;q_i2KCpNnn}l+Xk :p㞵Vz}nh_qȗFdp4"D,oҵ_1:"/!:d2J9IGʏdMnF|K,풷m1O.ԱoNWM9!D1|fˁܐz2č0" @|Db|l8٤ԛY /8w LY?uǚȹ[ g}qeɸBJGNaC)^dgqp5xx9Q|/O]L 4UZa[u5U%KRZRUK o$$S$I.`T%Z}4Hǭ}l͒ Hp VsnZ6?_/8:M:{ǽg[G1R2FF30%^9S﨓{SI\eX>\SaCۀjPbp/f|T⃳QAjvCȜwfG;֬!~R㟈6w檦vTW[Upi ŭ<L/HF}Ȑkw.^}RwKشB! (s V+=iZpe/Pu.u*e&c8[;S(!?"a$f5tCKpC>\173 M~<#v ",mWт*SY+䵁Kȣ:UU[Mʢs1!{)o3GtWo-$ a%kS=\ӂ+*-G^zoZ=f°{dxTܘKdܘ`}΅;cZ9\ y3*uOGFSE˪A3x36GI'nA|X ]˚4JպaN;im421<^ ;[;HjA3P:]I~ I:,`U&FcRR尔?Cel7 ?>AzQ ~S/뜁1W1",g{cLſHչBPz/b;DY·r5Jε{T(t%WŚU=i_EAe<\]+\@QZE7e; 'e {8zU_ UyX&TV> ~&nǼNsg-#ShxLx*+06!aS {AZ&8K+Ǧd9:HLogZ9Η˗$NyTD-RP9,nҰM!vяl+B[%6PanTOa7jcd{9*Oֳ!AەV H8}w#fh'j측/t!$U_YMHJʛ{?)+=9gb EYMX0Nbœ[i%iuEc4 1nE!/3 K`*Z4ZTC.=,%9bhtpH~:sݍ=?DΠQ2Xʃ>2$V#` ~لNK4xӰVz%"d-i]6+9ѝc +(#lBC;.$sƆ&4J(˹q@Q&_)!Ċ1q<~ː?B'sD$ˁDc+BZeo0/; 3^(8)fg1vD\}V Gd9WtcFtݥ?36!Ψ߂7G1o4m, % [:+2$fX J {X"%#Ov SX#^cj<[c8KQ#dePW@NܐhlJp zv`l0 춵#G3ZȿFZH36.cOxŘ0~V}0tҳ۬oO@\):5q vB T24a/OYB`@TX0<3U#w|Kat%^&[Ou#A/70ֺ~i?%sNbIP1Qz; =(V0]<ꖛR6M>VhM'wYXDD$7-ud{v??qSQj QVdRJ sPZɓe\F8v,S۟ch3Z~Iy.H%_,&1 "'|"t1>$YHv-F+fp G7и9](Yp~֩Xf u&5'rssY,#]m829Pd0߭qndQciksXI/ !@ 92pEvq8ar ƱeL9&u Hhy@Nr!{U^;1NT+4;p[:sʦcn_Ek+Zص\CX nc QU0Lv!4m*p˵^dt1FA8M9"ؔ|BXC~Y&>Wf: ;25Gc8>Qោ+]=Sk*(*#'#PDzPN|,o/_5Ws9H Nzc~@bw["` T^NFţlzG2 9Y*ZZ[Km"^ d0sbPY y0qShQ}iňV%SAo8Ak;~:sh.z~ 4‚"~Q۽tRK[y9lzHd&MN3"Lj%!Zk渧裸-'N7M%H$}hPW8]̕( 5:b=DN.RFrck?u,Q,QkI~[}y?Yc]B-`Ȭ"dǝ0놄yv{&Jঝ:pF,"%NQieڃ(5)A%bcͿv/ݥb23AVgV9eiˀPo m!Ngc~L>ž2JpdzMM늁ȩ._hdyr7t_x&} 6^:*JMŤ]&{J(\|᫉8DjU 5Yg SKK%MϹZ 7uO,T11Bư`n<5RRqUp޷Y+w6ec} :7@Ovl6[Gh]q[o@3 |ZVqix?6Fi^Z'&%tc}46J0dCZ.Lnd AZBCzZK" 0b֖YLٯC!$OJX?h; ellHܐYMV"RڒB}$D*ǚb( | F`yMnٖBNF-8s7(KcM?:' `R ] ?&) EeA]G'QpS\Z̛l 33np2ZR*(7"8l!{Y!cyS\fʒ}PI3k+UTr\͟|"ɼP#=[*\*q7Qi &kPPaI_}&,T8C\Q,f{7A2kINEzm?2`,GMG"jvv0Ū"yb*ɀ<04aʸ+:CMd'_irluH[ /eWˇ56&yqXqAK&~sNŝZF}ӌk |n*#V-ї w9RsT, ơ4qlԊcVrغgSH4A FP ,Uk'Cn[GY8 i~ߩa!\Q^]8Є9Ŝ-{'M+?tֹVcН; tsDR@6uJL;v>\T.zaMKv#x;ub䃅['9M /G$b^@tN0g%X42"?ᜧfv<_L >WKlQ}&HDuJV7PR;'%PcT@p`Q{E`+5259P`259 N8 xqMӦ;P ;p }oRx2?8!GBU$ 쪎ݓwR\Q\kf'Qz,\kujTB@H <׆" л>hA^cT!sn{ͭ|_oE fXsC[-N,M4cA`zSF(]^nuQXElEf]pz&*j`9-դ! 86޿sֹ&nڷv#'iA*_ TYeIN+jFγl*+Xrc9a@1|O|K,/rΨ-zc·"Sr?H&KNxWK]f $ӳ7w ,rv~go3aNޏ'v)IAu)bJE]5,AY6',?cR wϯԃuC&Wͧ #qnXCe֣)+OD_;[Bb*.}䓫PS0[WC8 I gP%?JW Y'ж YZ