sssd-ad-1.14.0-43.el7_3.18$>'_n{2z>X>;`?Pd   9 &:X^h     2PpHH %H   ( 8 9:eG~ H~8I~PX~XY~d\~]~^~bld1e6f9l;tTulvwxyULCsssd-ad1.14.043.el7_3.18The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.YTEpc1bm.rdu2.centos.org&CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64`K(Z8YA큤YTE_YTE_YTEoW~YTEMYTELb5940459da666c85f5f0d4a451edc6e0466543978ed21f9f9761d1431db1bc8e14d5c5f62a97955489900af3471acd04b151b5051b9c37b8b0a073cd11f06b258ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90334199c7170fae14acfe145597cbf22f1fe5da70cf9d04def1af63b869f23f7fc6ea05ab82abded83b37a7733d4465521b8b7bebb732eb430cc27e16fef296d23rootrootrootrootrootrootrootrootrootrootrootrootsssd-1.14.0-43.el7_3.18.src.rpmlibsss_ad.so()(64bit)sssd-adsssd-ad(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @ bind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libini_config.so.3(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.3()(64bit)libselinux.so.1()(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libwbclientrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)4.2.3-13.0.4-14.6.0-14.0-11.14.0-43.el7_3.181.14.0-43.el7_3.181.14.0-43.el7_3.185.2-1sssd1.10.0-8.beta24.11.3Y(YYtYXBXpXv@XOX8'X6@X5X5X.@X.@X)@X#X!@X lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.14.0-43.18Jakub Hrozek - 1.14.0-43.17Jakub Hrozek - 1.14.0-43.16Jakub Hrozek - 1.14.0-43.15Jakub Hrozek - 1.14.0-43.14Jakub Hrozek - 1.14.0-43.13Jakub Hrozek - 1.14.0-43.12Jakub Hrozek - 1.14.0-43.11Jakub Hrozek - 1.14.0-43.10Jakub Hrozek - 1.14.0-43.9Jakub Hrozek - 1.14.0-43.8Jakub Hrozek - 1.14.0-43.7Jakub Hrozek - 1.14.0-43.6Jakub Hrozek - 1.14.0-43.5Jakub Hrozek - 1.14.0-43.4Jakub Hrozek - 1.14.0-43.3Jakub Hrozek - 1.14.0-43.2Jakub Hrozek - 1.14.0-43.1Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1456013 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1450125 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1446085 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1445821 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1422183 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user.- Resolves: rhbz#1418943 - If a long-running task (e.g. enumeration) blocks the sssd_be process, sssd_be can deadlock - Also Require a new-enough version of selinux-policy so that setpgid() by sssd is allowed- Resolves: rhbz#1405584 - SSH: default_domain_suffix is not being used for users' authorized keys- Resolves: rhbz#1404340 - Use-after free in resolver in case the fd is writeable and readable at the same time- Resolves: rhbz#1398673 - autofs map resolution doesn't work offline- Resolves: rhbz#1398169 - sssd fails to start after upgrading to RHEL 7.3- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1393730 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Related: rhbz#1396486 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0- Related: rhbz#1396485 - sssd_be keeps crashing- Revert the fix for ignoring sudoUser case as it breaks processing of rules that completely lack a sudoUser attribute - Related: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392893 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1392896 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.14.0-43.el7_3.181.14.0-43.el7_3.18libsss_ad.sogpo_childsssd-ad-1.14.0COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ad-1.14.0//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ca4b3c1a626bc01a7879a87361b20e1e680f2107, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=d48297b8c3fc41b10811a3401193b534769ef495, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)>>PRRR>RRRRRRRR RR;R'R5R*RRRR)R,R7R8R$RR R!RRR(RRRR+R5@^swձŔgGtʰ*Tyr0뢏5AAÊW7ӌ_"FE\BZ}ݚ1 m(x) "hR9SoPs4i_@AbMEJ?Ll7+05 b/I\dcvA`OHh؟/ Lz*hWx,PŏB/u>ү R#@u۠ň9YۃZuVjBt>ǩXD/GQq^K3a tq3}Ez vP\{"O"Qz;*<.5j6ŭڏ!aaX7Wʃa4^1cjГ[V3\ү&Њ?j7'M,kQ|гvhqP0wt_tz#wzQ&_Y'f{Ɗ_ ib9M=q_X3{7P-V @Aԛ$q-}Vt$?mAҊt&S? _hTj<𜺲Rjg= Az&l@y݌]m@VPVy!%V fD>?;A=Fȟ,߻28חZi|73^rNGpµ dڑcvh5\mfQyyaw L]nJ+S>B PPZ; DCtѓrfOMi -XƢlDNin'WoQ A~} w=,/K惘y(dޛd-NB;oSkxehc<#Mb܋pUځ&g50KQiwܞKlR#HF=ۈV3,iA4w΄$!IC;(wO0Av.߿IV%R\4MQeDaƭ&/Xri0 n,ݝGsMP<`31m7O64a1od~4Xo[ޔwnR &\ y"?&5#Ǯ%^^aq\FqQ>O2rpp[W|>WX[cTqgO`lkM~©DvW0Sa Hણ.뒳jqlR2+&PJmLO]r="X:X"xԲQJ&Afnx#k  ׭Ud!GVaV̔-d{!3%e6Yy9]tD-9HGrv.21s/_d+aGFFDܴ{SƢNg'2ԕa |.;Rm]ۜ0A)twaP j<6?v0\aqִK ӝfK;6uuLQT&aB"|i]RKDu's w&;#"N5A>buAH&Zާ=> |ࡖwZz d7-?˥:W5M7M̀2I`dҷѰ/SlތWHQ)r4 t߆S23jtQho q5>*$8)DAe,UgRmOC[tgCFR*ngd 9":\ƒU蔂Vm:aIʸ 6.?T:h­UЕzIoi;>A@:78n!:( nHxWFtOlj9\ *n@Mt#=7Ps%АʣQڵxj1p28% ҝ{y&ߺ'ɓ׷{tFa Cr OFfB0hkbVѾ{AF6gЇO?k8U^~˲±¦ Elr[3Ӫ`.aڿD-T4nL)5܏EPIKdByx>5p~PHz7M~%-ځ/(<Ǜ'Q/,wqΌgW;1o>Qu`MlWETzp(4=:z8@ίlVa4ZQ9wW3o=A^Z%ء#5B$ r{ETV=2☗" PYH;;qḄR!1d-SYs*&48H OxBߌ Y^ Px5<;Йs%̥ebjW=@"5sL4C$'03›)pi巖\k/ә.9lC1c2e; UdG3S!I2QYv_auQGCkm7d-``EBYzI?FL>B18ggwep7.ݱxc0$t6YUp{+@'U2x6)N|Nãi]S3L{N,6e goGZD%2NuSՀߕ`:Wt(s-Frrm|͝N% "%u`vrx}LPg*3R@I<{&jZ53Ԑmo/-3G:;[w pt:2*hSAm&C5WmAs{B^Y1 (Xܜ&L%k/2x&85epaPXk﹦Y àZ6z¤|y>d'ZDĦP^ܠWa]Y+X(}ZL b&Tɍȟ͡ 7K/sf8G\+#HesvA*#W~<nJ 6IOOz [Ҁ.@qu}*Hjބ/Fb5D-w5Q;rWPs5Mt@CԹtR]ew{t\e+$Ҙcvf^AdW"+vb҅$;B XRq()s!OR T#/y`Ԣ (¥5< kNgbt/ -׹|W`6U?RӊqerYX̟ !^*2JExh+\b>]yow7{Qm4Y_̾h—ia =Ueڢx( 5 J)$i3=ZVQLmunTN`.IYScYXKB;0(pYYd82*I?I2/OGiRf4܎ːD$R*J'odJ!؉Ic{9EIS<5UIfaUknZ1a٬E:/.%bgC +E1婍]:K(C#:`)1:jOйby8PZ&ЂT wPk^L]Hmz:b݉JWw[!!SsP9O'4!6HWf֛#r4n{J xITBYv/(;"D/OUE an9T _W^@J>ྲ DGJrO%Q&z8&2Tj#htgr~n`>]{L5ӰWH9Ia'.a0ն1LW8 t).R.QgC PQ2..j2+qSJ!=7*fUTщ-6SvpbkG>*qNl=6P3}ͦ0.[b bȐWD雷F\l\@+ݦdeG;Xm+p$4f6+=}Xl}~$<9H YD=VGU<֟͝szJ2%!9={x|?ꠄ>!ξƀ O$K~(Q̎bm9{vOtuɮBn_H;Kd6T(Zߢ&O^Wӭ)|Τumd]vqAyBL7#Ҋ+rv_1YAQ2+FTh)+׏āRjMZFPC)^KnvRT|e*LK<V{6+-+iD+*)w܎ذ /FΛ?JX;Q˧VJN12$.e6 RM17d)JV8$ EV TEBjrP9]<r/YDҺ]PT-b‡=[̭-jf7mzqy2Fyޱ`+1UѱѰr05JHXmRQus^^OЩWj0v 8 ֐u>חV:k5&߰]N'I @UbX''p| l%LVŲ_UcS ]UnND\F6Ll+'5"Ε86 uƿ'Kn mqS0G ґ+Xmz7%᩷lb1U@mI|)-rDeiXCx 93g_hev ü ΅#h2IN/S .WQ%-<Ĝ]@V8GlР#ҳ)>ؓU"BV"/a|y~V8L߬e/lĉ6t8 ]EړOqylU&qQW/9t:U+ GçRb13찶"HCO:9F }"Qw D`=794MhA>\n&q2M٭r]fW\,K{̈́<{<_n⑙mCD9p5?h~ :!A󙯟46uv 9wmp#- ~*WԖ?-:^q@VeNdANoZAymJ|I~ \ӹ?ş\ǽTkGȘ$m-zm2;Ό"\R xN.{|(}HK3ݟK#_}ZvsfvfQ?OvG4ڼɎe1:ǴKmk p^aBtҐSBkQCH(p5gc ﳓOLskHFAO9X(, SX,=%œ{eBwv**gDG ,ݟr\;#oG:$?:ŶmUZnKΖ,O, G-*!h$WI>Hy,a㸆ppp@N2X06I R8Èt̕JWR"p.剻$3{e|ECWZr9!V5Y;[ԌBqzbxg ) 9Pv/)u@|A{gP#nb5B`dTX.{5~'sˁ~X49C:_7Ӓْ.{rɝk[ l5EKA$:ߞX Ԟanøsw7ى!ZTǫ/ԝpk$_yEcAev,o -}CU4\Y]e5;HLd}Y#ۖC`OQ]WwtW/ Lq_ob.n'擳FP/GC^a Ոnv]T?@ 8w< ;O+ɇEnJ_&\$șt4(-r|qhokЄ:h{JaIDUa/ކ12=vI.$}HzXӇZ @_abԩpG[OHTs:)x Ʃd;{Y[wx0pjcU!S$OoV V8%: ,R0~Lq$߃d3ˡT=|-gϷWp`x֞F׎d\"[=rMcم[m޹p!fc;uYeZJǾ%tGv35pgUD6QںtCF@Fiso:}B@ a[?.5DX U^ Mtm'> !@џn * }LvaTY%* #$"Pt2=TladL]{υE.?> xs\F~zXmܩ x{aҫ~X~9ZDH˥{ KiF.sU >ZisÁ 88zhC8zV, \Gp 2U %y0[#WD.<"v3}XQ̗ѕNNa:f}yԹ閈GQU O?u}.u@fyiUM2>*/_ռ>nId0^c'(\&I ZR7CX Q[^u cd8i(̃<C+j YaΨtȣAy%?5f1*t+.`S;vh>;6D}r"̞ӇQX&),PthvL"{y*4<1ڧI; lI-7H`4}7Os}gkj!$z1mҴiGJ׾ԑ`!ʷ}oE){Wf_d!v_ iw Hy^ J$>uF L04A6.Ĝ޶<x|}?w.\~cE50"W[mq!3 n'ms؂> (9fQ F6 <ѫJ`E^;VˍZA^O@ʅv[e ~J*AMq(NѶ]ۓgtxdIUqV;i&Vzdџfr(FS{rP ;I^ir#1@s>XzՐY' 3䄞6;[|n=NVPY,*ffg4ZK>,ZJOy{DںF ܢ`'GZjF=WR0˦N1qxsF*#_Et"ߓ WyeTŽSSf3B!uܡ;6:ieC9%Z>[!fU)z~.UX\a_># `ƴA7$}(aP JKW] ]Lńi1-u 0̭kw7 }FqٵN?N6kNgiJ"-l/|ÜI#lg$)վ,4-ۼ[2LiM!7&M βᄑ\TWjs8)UN$qDn %CkMkb#]4EDK"+`\}D5ڷ lX@BcvA} TKp_8"KX;g*ZNYy9ԇFip,j$|vIB7>\P;-0g6 »ݺ_90$'nM[PI'x:g|N7!f_VՁo h3URizї$acOpktUp¦]'&K* Chѕ X"6|EfA[$dr{zr7E?K~XȦV}& 8^JJbyh(ɸaΐcFfYO[j l^"@S媘 ӌ| x|a.yڲuVA*$$phVK@ B/ oBB~Vt\Vъ،N. SYYcP}e6\:=.eןaz&Sdc N :a)9)B.`D 1wR lYGш 0 u嬋aE,GK 3FT :ru?wt44ir#0˘_zB=x l@X֣=:Fr! \؍TӊnK0kўNQCCW{ܼ4 wb3vioI H&ZŰxvR <f")#:S'(V997w  ,yN{f&np+!pv%xTxg)쉰ֱ N_ 0|ݞ`yA MpΈxTX3J1*Lx8HY2Hk{i_[dD= $}9,; ơ~0:\:^aOM F~!ZY}ɉ {W h-# ܉bWii[=||9јo=1QϊZP=j Sqp.Cė:s,m# k 7>%E60Xc\nnof)ö́M.~c KBye(8EsحP,  ''+lsU,(ZZ;6 B/~{mo" f&h [F Ǔ}m$ZRR#vƤ|zf)4nNˉW?Ԍt>%L4bK@65?2_x?~6X=y6w"ϳЏnmu;c%n,Ɏ3 m:Ҁ[Oz.FMUzu@nY硭4BaUlu%fs >8WZlh$u:.#bjE8FiLR9t+51:vj:5ˊȽ.s;9G\Sߐcy6⫹qNC&_7s֖BJm3K 2Qrk5(/~?,m`+n0L~)É 4T0RVj-^Ϝ D#~iJW:NI)"PLRk]%՚5ge.M^%%ŘQGdB*7WNWbR!@g GFui1o l a>?=m .V׉Ȼ#CumtȧY?WW=l8_4|cfFoV&Y'6[|7X*hUDĤ֠v!c]F|nNτ(K !~vJ%* .Y:_xTV +nQO5aR՜wŦUKB3G5#RӺZ򔒖c M˹he kH|< ud ŜyzSwZ[ڊTԑp{J]6I`$^d'r\%@: tO]rJ#xž`l8bcǨﴄNXL OHWW's,76'p/K}2v6U;%-%:8& L͸xd ZBuf(R:diz0YF .n~4kڊaP:TN~t}K64M3 ; Na€f~k>Y^!Kಮ3 H) +{OR؃#a~ڪiQÝl$mVr(AYøOok@INPd:*8kZA}%4g1ҷFCEzdԨ} eψES M@Sn!-j?(Sd{ n JMD>^)'sMOC f<~|׃^S 8.‚hO6r0 )2'U!ՏlVxFL+5S~ ]nͧ%u*a)Y/aQTr<?E.s;~=]\EgBv?e-+>1~.~FGטNīaDPI_׬P\r_܊x :!Fo$Jk}e#B-_j~ x֛ݪv=e)?@LXO{Ɉ_]+.S<k6ОAoiahGZe6q/)L# d.]TFG rKe &%q;vJ~Id:$!;u^Bs,yL IGK'*Qv&r|ѫ4RSO:l=܂-((Dzw b81o1N/%&\٣$4VYiEJ-0P0ޚBDG%AzݠO9ސ1re9h0bjkoL%Z2ffw\@]*{"W5{S˒o%DaL@ص^31﫨z0;ւO?G ^S ok԰(\oFJTjlH@/ K\wɗUU忒&$gؙ:@6lNe=C jj72m=_QkW5;O!~=ၣu@uyWz6r.:ɵIïkb]=bH|#M67a[iG|J+ ?lRm݂eN% 4ŶUL~H3ԏ&: Ϭd!8 {Yka3I<]t ]:&5h#?訢 J[ .]ap&CQTmU:T3wꓵJ,`%J&*7t1T!҆mǾl] WzQ4 %cTGb1&A.cy!m)E0irSؽ_vÈz]~ӥ Tl5Q`+{sNVQ;Њ` #͵=FIkٶ(ud`yK2P(ܑAӴ?Yi ҟ- ݽr]1 [rvE;x:?Mn]֞,nj&לȒt=MȔ&g\G_DS^5I T.\5v"<sX/KgΫoCowVXlk0Bݬ1\yF*m>#U "x>d\ ;1CwM&D8l$ n5!="Y(dwFi?s~Shn"Fx]2svؒm\KGɌ6rd|CSoe3 \-X)e1{-Gl_AN(3h~]tH{ţIȯ-y i^ň 1" ̿S),+XPs1yųo:\j$$EP,̟ǡNe!ѤPUr4Fh L֬bOŤ_nbɪ)`}jzBKGP䣽ᦞ@c$q9hh6ena fc{fൕ%?eftœ&o~@-w¡2Rqa\A^)aXʀLT̅XFjjTsk+J̅Uś>WtN,f5.Xey Y?P_`֝8&frַRC5>.TD?N| +i~P5uݸSiڝP6qĪ0o.3knaȓ%Q*ėIpk[?h}g.~ެ(=bMJ؏8.SS0Pc\YquCUtqb-Iox$xqND鋋UA70`g+$o}4ɪNșr )v@&éwC >դQ:Dӈ_Fw$ՂfSNu[[7c:ho U cj @M\l,AYy2p}5Q~d V*1ބ=54*~HRA3 CsIgaNEC/kQ0c)-ۏ2L<_z"0=0+k׸-oyDPXO|2u?uҡyRrғ`KL1Yۘ0_ԅaAke2*R_ hXiިmUk1oڡMĊme[a&ݨN(s^ުk\u3df8>~aF"Κ--1w[-YʹNsI\s[r w]s}gLD5A$בnfQ1,1S}MI ؓ:,E*oΆm΀ό#w9ȥiXJxmn$:&'#=w1 z#t8G&9󯱪m[bTr2Uk'm"ꐜ{ȁrKz%M˽CHz-hw~jm jF߯Ъ/o=Ao媕$?_[Z=AkΛKCZea^),]VwCt1(1PԃX458CnjP ❖ja~D?<"앢Z9XMZI5ZȆדE,aڃoᰆ4M y D]Od4BU.S?w~tD٭g VO1l2o {HqT+ppzBg. :b'G'hpz$fPк]C/>wcPb'p`6Vd>e[*#`ϯx׋~.iy ,- .gEJXQF ʐAZN!"ij6 ^f/lĔŧ?>9U]Ěg?m{)~<"8\!cQjDuc-i}fڜQFBQ}vaOʮy:O-;X,J~{+:-ýۻb$衊=f9i_9i3C?t'r$$Y,ԍ.\4bw+h{VÌV⦡pܜ3l<#)PRkvo s>㯰.lڄz3#Š=’.*}҉*Ezj'|"u[XHsFBo[O[vFof ֍6- >dw4Lv[ nv?Dk5d@3t+Xzh@ll-[3~>> s_y9b]3{(hfq :ޏb<ǥ7x~7no^s\67 So,fg3=#D*Ĝhtx-p.huZֹˈ-R_N =07OK Pt=Al8U;)k Lly>$A<&9!HS“l_/TARd1"4p XY$'VòuZNŏOz%_Bwd#,,QY]@k ,2Yetm7~:3EOw7i~ͱD 0#]0ZI ]uMZTL̎hR#[޳!gM0huUQާ<28,|ԜyW,/| e>ͻa>̰k_KwСa(*f\)8#ٰMϲP)PSMS$GoR+IY>ŕ(В[UIiRr~\&+(*^*2AWN[w2}Cx"bO%4!, !9h%q}(oK"ɦ GQ/ '[\"yZP$4:>"ׇe崏QAo̒v$|CPK!chsCpj[c]+m4z^,RO)6g3]I:Rl8L}/?>e8HߏKa/h na?LXĒ7$/gTtױ*cfK_7[ LyeIB3Zn.P^8Tm]Xl5:D5}|,n$fԻ {Cj3S#Bk$:&"rl,Up4rK Y.~Šٸٽ N lO>'ٓmlu=X)iE&D2mVjQzA*~9J0$CmS: -3ݺ娭`Ń+B0^(Ѓ^HqP*X(alZ&! DZy!H,H^kߴ"GAzIgIV0Smi80?()o<>mpYAU>e0@g=@aԷ_\^S4Ʉ  >Ӕ. =f5ch=9 }PZ'xc+caoY'>4N`mK4#%55h ChWm>9 -+3h+ 8W9Sm^znf)ɒ1{6-#0YE}|ZґbԜ#OeG^ǏG,ibi=m,!/6+I (^k A)H1 :էňelED`1Wp/٩!|F|Pp-e?}KttSO ߮"-w9% /M,la.-j<(bș6=1˸8ۢ'B`@qxH^q ձ0Nn@D/?GWZN98S2 a\BJ f2!L@g<d6f܀^`~o\Lzf_y3;Y quI!oqA: V/;%]DNmތKohwZ)&g7ϗԜS 3XLzxo3%ui׸e] 6ӎț3]S,JH \R`>c M„|tb'Jh@z1g^?ȔxJy3˙qE>OS ~*q<%AK<_>0Jт6y}=8$ oꦵy:Fqs8%-m$"m%zJGS AF\ 8d&"E ӌIld76*an}p|EN}05g#@0b,ZgsA$x<&Ԁ2o? w''~1f#1|K劂.z pޜj,A.v@+j7(uPwg5&(#u'1Gk~:8 }ZfG'#ÅچYUD!fɽz=M폤u0O65/B N+z%:cq2U@Mde򺖿V1+^SWRKtpDJnD# Fwu@.*n2؍r{  9'ZyГ8ȟ5h%P>ҕgvGtv|tg?鎹K@MZ8 AT#LJ&_HcҲ+rRApWL d˷o&0)! ayYq(Yqcg/&G Rjdk²} #_rU^KO˚^o9>rEu~c4 Զ-B`J)z=AWo*-`B"#h{js1[tLx;ʍXpKl{q~4n0>2)3嘸J4n]|9R?z\b5mw\QW /1`-ι``A-Y}ݔ[.[|Ka߿"Ncd Ū2bv.+DIímU鑼!glYDɽbzRt'ΟB++eݽ" -M(ڠ?"#~H_T #QJ!O;&O GLC.{,JXRnkl%Vݎ3NT(iٛmg ߶]L9'i' S6nXY1Nߡbݝ%`SkxIt<8]ޞ˼:>Da.}ìlRĚ iyks8/93lhŸtSd: :# 7#6\](*"f:/ZOGӒCa V[vrd˧dH; L]3?TdűiwTν8| iQnǾA* H/&I|Q&[C oBI ΆS&.d;KXnԾ!qK(c5lG-2.W%ߐ Cj%FT*?\{CpUyOXfu >Iv ?iT<91$='= 8<$\ڷdRJzkzG`ݑ9N@:)ī]~Q":jP9h VT8 O{dA1qg8};G4qx;<կV3la 鶗)X΍团nye9V!ۗ#p?&~&XDch /2n [W[c||| &-O%oҒ ۫pet qzeo.b_Ը;}=;Qs!! G)i_nEAL3].%T>AՋ1p,Wa\XvTtdꯂ+4EzۤlMW@x5s&I|x'xB"#jWszPH[Hr:} #u2" fQ˝%d} ;%lyjXt0h.;QK+L֟A&da:բ=Kr, pJgrSju}^96x!si{!K@7% &FITbcNw:SUw0u~IzR\_+NU~m7^]0h2&i=^Qy  ğ>̫p=9y:ΊֺY)T>kLԬǃK #n1.y*Yf <~}kxf?@}=jV>,y҂|>!<vv8ڷ?ݖcHaMq/cMYt(C;>2EE 63ZVK,qa$ׄIH!ŲSҌ`b t>meh':*Ħpj}|:BtFTU@$fM-.*e\+rHz-Qt AR4m}|?48'{&U.OC{s3DbX'NX&JвNrөCE;01ϮH<41Q,ut1=Zb@9Q@jռ58,tJW]2π,:GE+RAv $=1]£<)`.,WȋN  Zl]=E9NjWl=ɱ+ĵFw mxľw!ToQ"ճCWZ Q 5օHHѯZ-m<ѯ!cnc OdOW$$ܹ*Hѥ֪IE!=iv˺<ȹߌi d+$ӃwASD)38 K/N,3E~=rAwKS5A8).XwV C$1XKp U pƏpC`=ЕvY{害D_l8MpCX[p5p ˻.Ix_Kvrs+hPY, Wɥ+4;7I,-)-vo!7MEC oP+P+{J cyѶz{aq>oY?9`cϐ{E0\Zsz .3*f^\N[$<2Ly4wcy-cPWcۈh}6~'bZU." pxYbx/ziAՌcPirJ(M&kEv,63KI.| O6mR?;{E'QL|΃`+)}̃ E=͜ FYl1F na5 bq^."@Wp+U*fjyw7s =# bl>r$R-@vDGIh-\_| A]DxS+tc^{CVBfPGnΔd臘B$?5Z?I\P˶CHtny6AGd6ߊrIF;P\fQkP*i'd/L*'xI~'r؁CWgwsvz4 r{~wB Ú 48{=;:N)mGx#"H y-@*. BGXz-ZO$èP5KdK6ݐo n7-\Nʋ,a)?Ut.Zw$Xd{U߹Y'yŀUa C!L"Rt QǸ{d9Jv_< `@xNԔzrZ{Lm{~ ff;+H*k1/3HzI-znlΰ5`c }#͟z(<՞0*UOcܥ{Bꓸ,ͤ@jD3fU$4aKRIjt` y"5jf\olBgoyJ4'%HYyl^ Ĺ#)$h0D*ԫ7xz,8=HV%E+%c+OH T&=~r"SIySJ>{!pV6vBTTpHH>ho-(z{6˸H$ n49Cq4+{7jcVG5?zUQ ˧X1&z7T+Db=/ݫF +9vF0U:M*ݢcp>5Fuf=3nWig>Q-p1 5`p>f1??H*+A8)WiQ7_" %I_*LI$z\ԤM}mF4(P,DCe7~],TU(OPP>9(,3ݍ  ~o/}$ Brg7E[t [9$\J@d0Yu2c5GC AEamv+gl:iD!^ppA'2Wq=AHؾHRƶQ_.{m,٩ brx Т[W"r.A^_R)S Jr~fZa!hW i0gU OWY$ fvW0A$rтLߒ;gt@Lu9WsWi@^ Dj y63 b@_ aԵ}0R&"h _d62)wNNVuudg]? 9.ŷ>߆=Ml 5/=d)K^a0j1bS%ʢhs(*mvwV鄦 zXܢ_KqFpv3/d_="1fɆ)%0g;GijEq Ʈ̤jV$-YD$ vGS#0a5nW 0ٻ)úY GB: [փx htjIbnl,k*eN!q聍x&u^%M!D!bCꗞG~;S$ⵊ؋ca̐DVM!P密vm>c&6{. iڲM=5~QWFkѮ{>(,1xK9ElDH@}YĖ@J PRv"~ꍝѨ(g$㒩*Q :ݟ'RSNB2󃒝"X zKp5%}a# Ok+. K++}_eȡ 9dبÜ0dvXةB2ѣ $P!ĩ!oET!&{qd Ei K: V( Y w%Yy$RdG-Էsf܂>7ֽرγ;|8J2$)>CqeT8u?Ŭ?/bI]``4_L] &^ht[(;@yd0vxҧR`B>=T3Oأ Vy۰2Lش=k֍Y:$#Jp#DJ1dE{8F1LyG2zԸL#gd;vC淋 uBIRW<Y?{%'XuedJ6F9:fF U;u 9>ue@ $:a➍7$Ū/RyX㭈o[1_9:,=5\ +y}Ni|š{5LX&\]nV0s;SJR% a2eX ԹkRe+=Y7 7D'a+2c]%fld zx ^[q u T7B+!OAqvxt_ `5=eJ|s]tsJ(8W!}heWb+-ZW5Y)TUlb,|52@ᎁ?pl릐,b3&$$]B?HT*^/8s!HBӳ]߆+scqV5|FeG,Ҧ\u9;QׂjvYh{qB<ETD*_>VPAMٟMs؝GdXƸI?6G0gAhdDZ$ccM-& >,zBl:'U:,ItS8T 'oMu}f{纘bJ!3/M׍WA,ޫhoEIk$ٝ{!f `.T;bOح*EpCe[ޑK^6WYO:Y㨻HBeT@@My]BƢl#,.,M }3r&{RpgdASV>ogC& : tGۉwF, ~:֘K mxM8#PL_B a_G~]-E?&uUiɤ,Z93[5ZHwu$ yKw_2+= <zj*׎5|A2&_:^-ZvKO`寺%OYap¸o<f/\1 T6S_9 $ ]nm9w(JZHK K_k&H皧]z}[Y}'DTU~WIao24$sZhP@8$3rGw xЮ, 1zs !3ojΊ_+H&vu>HdvF\ i,/E+MkW8 XG؊ rJ7fs?o1F5)69upE2TRF"'VXܑ[Yttp#"/tZ}/ (gHōeyiC*)r}$G[;K\棩;JxXbG&] &.W@\X7P/RSYTeM=(6בhJ-+%ae8F޾߲%s2\_ . A%m3C$ =FN 8szV>N 5 Zwez[[B@Mo.FLobʏM0"Y8ȹ_AL8d:ƳX/+`'"y@̡rg$lFoNoOqh܀I"b*TR jv!L~/a+ʊ*.UWxGŏ.$VEFpS\dE^`<(QK@Q 2P/>Xv /uS (9@5OR޸W.N"n p}|i$~ C]"  .~+SOٽ́w"7Gn D:H|.ƜMs9ErB埂'bhxIn~fPPBa{Xw]GR{YA`Ɣ'ÚBj#z%$4l;D\U\hC0O;,(V"q_-Ow!& :Qp:Cy_$̕8qɿPK5A{!-VN] +`Wh!MS3mp)SWg=/Xx/ZSw6!QvqծW!]ԚkyͳTJDX`4\j{3FA]~jOP14"7]U@z#B|/$*]"17+YKVRjIk'a.iʖ޽rXlKa Ė{DT(N/X@%(Tcd:sf;0 #F%QMu@nJ Iz%)r9+Ջ(~;8MAr xgū䆇Rm. ~S=@kB9yNTA:L[~q335q^ ,й8XD0ei߻Fuux)] t]`5.]Ԍ%{f-KӉvkP k <)[ F]a m|3°K>v .FC'_Mk`*0Gr5' aȭY_Gݪ_Q=~:^g'mdeQ?҃/ 5B8t}C)ɠ)waH51nhX q\ VvE{D0X0fڬ!5%T˒'H[X9aWL+w:i,- z/s4+t̕w 2<<>d9VM]Kq[/pK> bAUu~p)w#*o W0ǜ6e`?̗tO, lg[[~bE5kI=1[1^v2kZލ<IԺR9y _uB1S7'}V\G83sv3 Y֨\zK%V]Y0f<_؞=Ҟ#{fA@tHh}Xӄ%}я~Qkt`bG[_Z䖁}DQ4b gh׾'jFw@jrk'!r擶1e@W-4Sqj0ԃm":KG]qǴPqO>P 8|A{qόٙZjae$S,Xk}>M5) ,9ֆ-I8Y+8))Bs/5~ʅzC2$6cZ>"\򏷗v>R!j#xΪ 6ITgp<+wo~?MФnGB[ #y(k͂Alԇtaf5xSdtykl[g4Uh5*+e"Up?kN'H8x}kăտtuC#n:"Ӏ{vGâN5+42[~UZYT wn dHAK5e3f\:~tDQHr2C[%bQJ#ʭ-$iu߳_uϭ"YtsH@,wŜ}̶B򺀯V_qpGU%P1K. l47mGś=x3wyŲI.Ti0:0DV>"~Lo{KΠJց(TÉWHz旕צ5}|3~Muwis>]$yBd`Cx+X,Im)<ɯ?W"= !{=D1(*]? cP[o"x'Ʉy[{NCEcyBB>R;]TAm! 7/Q삞 :`tCee##Yp*mŅzWRa^ iY-|hu?JsŶ=h#ZVBE ~ƒk|x# !H?K& )Z&B><dm*~&z%iSZ/q@=ٚc\չJƊHeJVh/~.WG,V<"YЌlnZ8-hӿ8rPƗd^b.ǻ}^%'2PS9ikuCM,eV$M,KMC١ ]>|p'XID2rSA_.$qa;5kfO ޣ4.u ) ̼Ab(("M[᎑KX.^-#Bԑ 'rDG!h`x/5=wN'FvN^82?JaIPG^mP },ue=HMSbV:hRK.;NԚh!Cx/XEo-JǑxI>\qgwkHنwK-=YlYD1sHFpL}dK~OvyOuZb|Ozgm|lШDw&aR{cRQ2cf; |z Cral{ =m%ԆM}!5:n0U/}ha(Ag! R6-db=j x.Y"\Yo԰KLL6w1bYfÌ=U衠xW֩Q1 *t璅.f #VfEJx/ޙA;˹;9̙'Q~E#߾PZϼ]!eB~[*q*q &O, )ړ KD%Ɯ9%ɫWSN\ ;**W7qEvR}9-E}R믯jT*- lXjB)0BEXч~ %ei;̾Lsif2L$ qF- w<םIC?58=fZW N#+J!*@& }0mU6%I*LZ]d3jg<0L<=]\ *ay4AHtՈx{͙zmWݪjWUݍͪ/c8_^8R[/ ٻO$M1\*}:EEϭ>X2\';5"Vȋ=2:iuhG}ڛ:rDž]?N;.X\G@Z =i(4!gOV#-CUB,q>b*EHAiit Gԓ/H }%_m}9_u10l"B<Ȉ%S?aK2H(Hb;m8qO6ey^J4I@^vi+Q'ƄRE@ҠY PZrkK0qW7mkG `%9uXqFnS8`Mk4 FfoL W5#Î`h_SN}F|͵व (Э*Q3RNȷs,Rk'X\_}%RV.[1Tǂ")0 :_>Ebonp3}4KF&9MC M"bOX'ouVTmA2e\q=x3dz3TZ%.fq4~U: iz]n\J. e%[KZWL +9i񆥐>0ONǃEIj\ KD19#.X|7@ j4rIfGM嵠gοϛwD=x}:aU˱lj-639@Fͩ-4yYf0{bM,Ԡ|`= vH;&ԙwhea ?b>*l/ 7^-i9G3#y OW*` a3@(Ů.pmCD)gbjVq_q`G*RzmU"A[a L bb*^0Q53Qd7߳@j2:3җ ?OEFẢ6[GE꠆kdw!1gM3u= d)xՇ@z,ܳJ-^ L%u@j8h<ٟ]q̔B I`!sJ}\JDCU3"BXO[M$58[hRІ,xsSY6"E`SNK gZs=Mg36%k2:X6J}|,I=1.@s7A-rY `œ]ć^r/s[~Kb K{粀BSQOby:wvmn)1-P*D%n-66F\y&mfIͷ\?O1A] 'jָexYTm*f`h3}g䄑u4ɕk.De_(fC& +sf6(5#FRpIMwHU%Yc%lr!`BHO(-$̢Bew)%RaދN<96Jo$/ʵuMtRie#,כ~!(N6T'Eo׷.J]Dp skePj:1^s!/E7jsOBܰR-=y艦y0$_7OFg2I?`y_N =dmrsT9JIЃN|̢A^Ո2,$h%K32MHh9@$po869蝀pThr9(dg\q4w  ;wa|üo K5LI-tL;)6H1X&F]xK(بjfv&@F֏)_*ͣwwˍ{4?0~!Ŋ^4++ ) ÿɻ-{Tq3ċk􇙊'y8$FQ2xiafu6j~[4y(YڤnVP?A7AsZA Ǐ_$dz şc^K|t\Dj1#u6i6'\%B|was(6TTҘssFm} A@Lú%k+S/wg"aiofJCf4^.eT'W-SP\ 4M P\ o wh+L˝PS=1#pCZH-u<==BSN]q^"r_/؍~ v*|~8Ԗ!&\g:V4_zXke?0; PFN-ed,u^MJК a g#T#j#^Ô! `C-6C.Io{Q0ӦNdm-xH5{ᑮ6ܭT `R-* :g{%vdQa)|x@7Z8[( G0jRXo+;EBCo@];(џ{p fHdbjNZ尐h V=-2ZRB60&*%J%cXf-.%$u~zB``T$8 dhn7U,2B+ {;;i3՚ ݝgʹ7٠~r"S}k0Nc?1su^G5N(-Qj@ľjpoT8F|v:(tpum1k|GWa~Mkɛ}ooװne4O6a1t#$|aNSarvEW. Hyqj /8+|Dvg/N+p5g"5+ՖTבz$Z-M.6"u 5H})EX[4 )XR7o>s2 hp 3:}$-nK@-]g,"pNk[1盤ހ'KiU(ҽʧ\DNv;Q#&N̾D/AÇGgxO_ƆO Z@_m:4n>H&1=5?0*=G`Y>A hk n`46,_ujuȻjՍOX#ċv6ۓ@!N`}L{eyzF4µR|wkoĹ4 .3_QL&|S:lZz|~w8YCőVyqCNj˵fa”0n]"vc2vbm@+2j^joN(L"8W$2䚨-?Os^0<7/ v&A a _뽲݂rtK&BS * %k{S%'6R?%-ܕu-CعPisI"PqGm-S#W2W; Z#xHAh-\Ƶx,*D1#4 Hˠwc XgtK]|3 Ff%2Eh!\IyyXh`"EjvJ邤WYյ3e~">U{e2j=ڬ+1qS<7 'ˌA Qê[8@MH*T&`gIz?@-ym,HwuLu]jkNT<>-jrC\.zEk{0l;?q{([߫Qn:+ӡx)t2}o%b^ԏˤ6#=Fu6^xkQ" T' 41谶B,.uOn!T3^2mrekl%k-%PgU~79 fZYg<[ʭx[l v@j EXh&%$*@}gFGaVgZ[oюl˾'ٵJo,.WmÌFN dq1Ms-w_a<O\BVw9M6}XL&;ˬMA^;t`FC7*NchMhXHaq*iɵ /s-1SJ~P*$%',ݥ}_48YYb) ֖W8k]0H|\5B|1:pm?G ^]vtqT^zXQ G]N''/$ޣ)3*6}Ck/ܾ =\b=8{szv6 F-{9վ/F2iOUB¢+˦h'(H/j %ITN _ [:LG==9X;\xKwKFf.mN3 %[=.AnAђ*"WeF!Ft  BW`kI6G'SKptٺ!_S7Ʃ9d}ǽY7,L2#Baj)ekw]TUBǧk0X!eo47M7PBi5ŗ́J(9DRak۠qYFcYedrVnp%/hؒ@2,=rۯ;*$_I,+Y6\YJPD\m @Zd{^Z_3VĴ+MV(\(.ׇtmcv3?iN%f{s;c^*^&!LHpT$(ܜ'2KϨ++@' RO_q 8=8fAj2& ;&~u╗a8%|gur?Fgmj@]n%;xnd("!Ĕ 5'GZG=[\"އ(9%l3O)F?bMm-˱+,g0K {-R@II[Pk7?FwW/i[WA{b:%C*1\bbԊ: 9#ޤg|crD V-Nib fF+vj'R1u~)g)v{eqGzk$т;Lw?37vITV0^*U"hIg3OOA5`$`Cжw;Pͽ{$ϺpP, WQ/NzyA0 vSGt:pY\=CL?*pBhʼM9'*Mm9ӄQ>#_%MSñlC'p? aCBuUn'W- &fzב>'$Y!h e:Z@~d hCRhOk7/:fͶ^-ҕ ' _LG(*dwgp,pUu;P^7;xa`Y{"tgt}0.7,mcK}^7`>"pVMaQ${sA9& '%vᤫs!j֑d=U Gq9Dc#Xm^tt5@k1;R*cˍ7%POg C T wTnnr߇n'.ۘ:0nq,paiL" s\~*̈ɍ嘾1e$ hٿMJA,1؃ /Ww?f|QWAوgg.ν=~z'-("h:%:M֕7_f-1&"[ z<`a"7Gmވ\<(UIfk\GFbٶuqx,L1胙*p6FsnG>d gYr{<ڪreBO*8B^f!gTYZ0~T;߫YI 8ɻ_/2(whi*JPݵ|JY%M/#feSC짬J[ U~*Ldv+I )/YڅnӾ7y03@jz0"cVg?pJx}`C3oȗoƧ"j*[gfO$_eJu8M~wfE58.͆٨7XSKe:V"y<xevp08iTHbq{^Hld0[ ީ4Ll~ LUx^;t<־OYH@)ߺ]lVl[lp;p >gYpӗ?W{[8JTIΧp )2ۭ,-^/F2ؽ#3Q?9tߌO6LuK$*HzsǨQp9PWhXS~- FNƌ3?$vU8[%IGx=uXEaO~d1ߕv^m>(ܖ4~IBk&u;ky6sf}D.E!5fe/L$+3r`eʁ;R\}Zw`OeߎEK&AWwvTsRvF)5 4~ʡ_iZ@o+[\T iqmБL!smz`^$Dž8\mwAGJ)vn @%r#lf"1NiĖ4w!h}QZWf7=4f** :J@,2N@{FidJ[ [XW"w Ap﵁)nɲ,5VSBҡ[odEav5=Uٜ&P:?;݋%ݿw9V !0ٺ|h{>yv;#@A~lJF>4y]5'FmKb5p}x `]s5aE3muVIί<C]&v'~ ل&@z+٥hT"u<^l]\`mB%!@UG~eNwJH7e!@)xlIv"ڒ{l lD:b_DjmClQg4`k( ;.wL`[;a -lkҷahjuU*샯^3,]gV1TOLЧw^^"C ~D(eu2C\:4+ aOɼ)Txp*}Cv#tKӞ= ;2!{€Mg[C0=9[$f)R=1, WGNkN j2.y4ъYhbLl1DnШA duK̲!dE ̭`[ Y׋X 4v+"C|׺Qd$B⻆Ŝhfc]0QnbCg;m2py-\xHo(xFeOo2}U~͔?Vx~Za̜E /]j8^PKFRlR}΍:02&CA x5>Nq,lBHQum;&Li="h"}YUk5w%KZn4}"~WF+X*"D,zPGz֊Q sYU'fH%JoUЩ&qulG8G*g4KsGGHsxCQs PJ{dH.xƅ`F&3|7o9`O~eh^/hJR"5蘩q̼qo{,yoDRx%KzU:hg݀-Yj2 d̅=~8(nP݀gءi+C<{LRmK ^I8͜Q;;N!sǽ,d0߶YVH8(u Rv>;%  ý3Ă Dt 9'[ 0:mKX"i1?4тֽsO`Fk@"xG 徶Ws! ԗUӨlP!Qә "F -[EI.5y6u"fo PqlqMcF.4/^LTw3gg1i** /L]_DFbNQId362?.L?!+!uDMd!Ɲ|`(8hq DRjG _Nlx}(#ThO$9~uw4rn+C,ՀZ'~Ȗ`KN=?m,=)9߸~*ѴHyEige'5<]WD&2I/]5z<_n2PϹ\{cY n3ofd"Hּ׹rn(dֺ {0!] u1yc>-fǎ8E-yai(IJի)r%;j* Ci* %SsnutEdux{b~aCY_~x:+vDDjS!SOSҌгU:I{O`6õF߂ rlٹKE17شnN># 40km8_D/-Љ~8!6VQ[ 錗i؎4 CgATSZ Gb -ücyϤ´`9)NjL_,]Eڍ_d\om)VIvmU-8) dd_5%TO%sY\ng?0i.öͥS0s-rC6;C{)|r}GN "c/7:QN]BEXpya S ᆻ$u[cpNTL`T6pKoХ#Zz@J#*{y$$xEB5J0?=lnjninQ{oz;^(%mؠdc]K 9(b UR QmYE1bڟ,nG? !, !Of.PHL/}A10IQEo=ϸ5{ƊV= IKxFP\-o.It(zɢR[kJ^%Jux I֦߷x˰Նm)u`țNך/\:&Gf'Hx`"RlԸ&ֹ-h#8"gtrPwF`,|T/5T$]ƌ咄8Ҥ?f)r@WC6K:AK`jw5Owƨ(*}\:%xy}.Qx d쾂{{S0p4'{- 'tڽg|$? ̂ūğdtɿ60lk*i''F+}hy6:8}ٛr*!GuS8ѥz(n(ιi7wOf4*˵ol]g&&&K5OsŒ֌vѣR!.hPlaS 0 "c+,NLԮ m=/\-Lf$70`{" v(=BrqQ0JR_Ce'FM*no }}Dڣi3ތﻌu1fϺdΚGHgM C#u}K$! x%KɊXl}b?&T֣aN:OdUƺ5&ShW*8]"4 y8zhY3G(0KN0tP?\!jengxc } ajӿQo  d4dN-IL v`RZ*v)^kgͼw3$2C/֜_2>ޝ\2b5 ơR>0{9UR'@>8-lyHPQ33lVxm傎 i}, JGB)L;+P|F٨q% |@UH H)<J^-8uL~ݞ.~[r#[V&eoTp0(x>;Jҝ[Jx8mf[/oւG%jvځ %mKCܼF7ɞ="R= Uw15щDo;*!*{K0O8y;}r\|OKXᰖwK24vn 7T=),Q5꺘d@GB?V)jT.ݱ5]8ԯ dP"D ݫvjo&( f.Kcq/V70({EImX鱈;0ksS٩ 8 ; R + !: xpZ*$t?jS-CQMqʶsǫ)Thyy:$]xm< R|Ë -Z uxXmT`nhF/ŝo/22~NPM s˰j-ym)\ĥ0NE8Ǭ :0w*/짲k#-KsX7i:sA $e5Qɞ8&usl_PK&iFI^u߽cIёi*nP}bM݈鈈36_gj{v(,(P<]vpr^ُ>n5M{ .⫹} ?=0+2?/w$"Y_?X CmzpYzS" aRٸ,veuut^ *)}׺hNׅb5?yRD\r=~Ipa$2L,(V9t@YǼuv:JlKRSwsco"{zJ„knu&<%n!Tb1$+ZG IuҎ,D{(&iOS]VV7 skفV#C![O{M ՖX ia(kxd(o~L/o4Pq'ܹ08<^zV0216wGx5;ئߒF9 TK6ُG:gw % k/r M/DLD Nxx V2A0 :s-`pxgEk\w/ځ_Ͷ"3l];slogr۟Knw؉[8Bhg|F#nd Y+3[Bbd‹pj.q(B1{V,hW-3h29كL"gcp\ @~ |¹Io790&؟¬;(Q7Sհ @[# h ţ?j]|#pf|϶b}/\|&%zHe4 ry5 dWí*1m&@} .mg)P6J_N>oᠴ{xjPE _ߴ _Z>9+O{~Ep K"e(xuDlGuK4Wj1 )`L1|Yqa(&.T7Y(:pbUm:e&/ۊ[rKTZ#}(.Dzթ|k>zF_*+f| 8kQ'A~zs{'d[f'fc=|W[bbw#60-0ӏ =iÙ`P20$Rjky\TԖJ=s#.ftsyz4-M K0նnq#Ivl inWaQIJPyzsQ:qԑvK9u!B́”>5>kiU.kanB&2 Bאa:ht*7؉3 ]3z=z0`7&sAvƙd5WSP!lRUQ]I .vN0 $/Dvr!eo p9vWm̔MD>v~yb}mQ#G(uA|Co3u Uar`hl R|/:IU1X~oJt{Y?Jh>SٮU_b-T7Oe| Hw-Z@DA+"AZ JO",%ΐ9@܏Lid. a-A `,#ppA7oLDZ4U]a-Mӱh wjB8Kn(ڧRJ%ZDL&V(VDŎyG]&q " UlP?O?3Ys`E۸ 0x;$*ڥb"?t:+m4I0vZ4y^$(E? |\Jk|CC U>͚@Ĕ H?*xQ,d_Q(O#4ފt!ueK;k( 8˻xrvŧoop^L"WͬC(rZ@17ه1kmvD7CUlY  A)+fWD#A# &且_G?nq ow9 \]nM0e{w-,1J\<Z+ӯxo4Юd-Ph$<ӻBP,Q#[ [tݲa:$st:Fup)p !֌rqء-A"N @_i˨8cBYaI5C[[d3i9N >!W(ʅ v^j 3rN `4Ʃ`z<<+K?hxVH,|7P]Υ}"JTr`4>EQe{Kѭ+lf 93.pޡMANw"\w1p wZbO9t/ ƫ}[ϛtP=1$0k+pgx&Aŏޓz]IOEE0}RqJg?K/ӉQkǘF^[gJ⌂җ5Txqcf2k2%@~Q6񍵙Be~.Tj fJcQMح\0 e"MCgw|"zG8`QpO)_B !"q?=l" `jC"L?:.ihl(7nO7ǒĥ]UyW. {4OٵiVùGRg3i5"ef "z/D &; I=/kM/yG@~F` 0z)\U>cfˣtP-vbD߮(>#=eUejrq$!%-.+Cef>ш48QW GBnN8XA.<j<^F9|vz3PB:slS}x"yD_ƠLx'<{Cs4^օ*p >/L@c#n;'>qt]PӃU#i]( /Kw F2PVr*ߍ9[W5^-Ռ`|Vr-)VPAm*Y6J!9sjfg@avE`dm}:v΋t8wTZ29|b9PB⍝f@80[56Mؤ5?0ͧ'x.5{q)ϿWa\l,vJvِr ^py(®b.zFҋY@\!5ƻ-P"20{O񩌾HwQ [rGNbRH)_2 a.;_toAEh"axŸUSiR(>b=U|V;IM@|g~A/3*&uo]UR~lp36h#9L4OȔ׫O7dO{e3o2׹JV5z^D͟X@~OlI}W,hw Sˈ+ ^X;%S)"cص| 6kEi*Ha>;OdĪ!݄B[ԏkQMsN-E5_y<< _7FD/HD4T7V(wY\Z6cN.Cp ($ %}/'|Z.6e;,+}0ұ5ć5+|߱E;S%ٟWs.S 4M# ^>xrǻOR @4Y?b&$NW}ii<@ Z-  4ƮK=vBk9ixW{T m;zx5 V.LE,#Ғh /7@' lXyhJrf%gDѣk.ͬ_,>2J^Fl$=Bv >}S0J5LB Vk ZLQz/TB-mH,{| 1$(*1Jx8d1EoO0r1 *[= 栁CI6BEx8F;IS5ąTL c-e:H;EXslz앗<coNK$ V ߠb+|$OAzKAY@ WMPj~S Pp]6v;銊5E|#9-gA^?mi<Ž!eLwrX>Z}`OXH ޓ{ݸvLӛ_zijh&Ssq)`;B8 ,%?7JZ~mQ|UK?;DQ]cjKR2S vd$ƋD6.Υp XWq}NCGZ a1٘8R:ݞ/sjF?$wy.?f->y&В93By-\4H2_$n'Ӎ"Ƣ[=3kTdc+؃F='Ɨ0 adžBGZ @Z˄*/&2n1ļg{;.L~qPZTJ_B r=~/l(ٲ|KU>s%ϘaƳ[..9 ߩxE<@v\fx**޼7dyz n5Uɺ^%SJ7/Pwn Ľ1 Ӽe8>~|y8v{-jw5y} G t@X]GZ;j*)d1-W8; 2:z z~1sH=həJ 4Q['_I+#94BoԝKcTjus2/=@SO$5r S^KZ0dR-"#F m7zmg~$́Rpb&܀3b5.}@%n!*z0DS̀n׽ 'п3- qe<:.|| -MUEzQnYK̶'?iڢ\JNq)c y-/HUg>CN 3FB C:).sb.L"4m mVN; rBN1g]}QF費(^sdSvY s֌\,^CtS.~c@ Qǰ5HKÿ-%$| %䳸MN9Gk< ~[6tp5ZEXSp]&V4>w׳~)Ozb$c\:<"3D}9lJ¹O%Gݻ`}UYiUChg{1-p.ټ3j?Y*{VTxB\J3<Ԍ>̓s H9u+0 ]>W@hE'$بyNXÉHaU͎ث0`F l}N'>>n9FSMЬRyrdж:, eŨ8B۞rTAG-FC]&l '%$Be/ iaWQ@$016a EF9 TXY:H)XS@0a,`2L3G3ޏH:EP#:e|ihi@ YF~4Dq,Qwhݻ%/̾#5& mm &BL,>`f_||VLt _~;!LS|·cm:)=c|"t&z {؃~Gaoh# HuU@4Á?P0!G*Hl=(ͨ*.5b3nTغ?`lqhuxBM6-yʄTEUdQҙW5;>jjˁ* R3}?7N~SvF>qZʁ ӹ}(:(u,ԉa]80D&!81UoS sq4Zdj %=%B<| tBC 0LuD0وK&O+-U$9TE@eMp!5.N۬oF+Ij *UcR[!K܄jV2693B`SVCi $M佟۪ކwE!–@S.V?W?%O{4( |95;psN3E .)F_Z'و7epˋ8'DVH#H] Jl )4KJ>~MjVާqLyew+KўPڑ9~,!?]@| fwRW,pi"Y.&gZiP%m^*YgLhd$i8|C~Xqג?50?agvIF#AF/-8H) =BM߄Deg*o^ |HkBN1(8uU>-7j{ӮJ,0gm({'UW ݫcA+ΨJ  Zv†3OKn mgU@mucS2z(<'-tIfEv9\-&yP5 :$ .lk}~D}RH@( ['` jxg%P(g[d:kSr}U%ՃhHofДM6lcLN4%h6N{v#@Z<:>B| |,ʏռsxeѨ¤ueƆwaP,nʎoyS<$h%W k&Xb a@0F]^\S+LOlp7<@Xw/ ف@8%`yw2CߢHJi+ꁷo]!ٮ0J

?/A HAߣ?.xDx.-S]lcZ9t> 3uK(u_ Fy>+ybk oG/;|yƢ zbE:D9!,X-v}J"9{}X.Aq*ܡ\`V(U.Q.?~wj^?%^ae_=!+_$:! E,j]#i2QAXd&@p&T@ŬXg5,10+ i>g1jF7O^wwRno:M^G$5DMrU۵ESF!ʓH<Sܶn'`u|xNm0Zt hpLSn jئf7Y _!XvUSԃmFBBBxfD'Rf`{`-OdbJ7-ojYϖN¦O;u{#UfpoI5aY{gNՐGטkBXӦ~}x/%k'-:WcP(!$tw20Oea;@bh}_?Әu~z\`хCƥdX]-}솝U9mwhݑ2Sm|DJU?6Y) :TjA[IT\?w= #_&&}Ȱ[[{B74=7c=ՙx'%,qEzS*RģBAqΉU!|4ŞnB=&LׂXu| bRZ}Y$ $ʰ@A|/*`G p0=BÉ#%>m dQwJ2ӣ0.^" yf{44 ]\dѭ=?5۰ͫT D%ϭZ|5>]((H K(Vfr\[-XQi0s 8ձuШXœF,[{Ft MYˌ{l_:k_nms8AB⯣i'SԨR#e:4=Iude7a VxºT`h{pkՐɸ2n8E:vގXvB"'^jϮ\q0cK"s&Ni^Tשb-WJrfARx4"?o^q*~:u)ǧ\=,NBvej4BPl'^IN'|zOd\,zLѡ1kO ,G+< m8acOKYg=}y}:nx#H:.1("~߀֟$OkUĢl$_[k6_A=* V((>zRR) hοig CM;"2hCǁU?‡=/0ŬwP Oݡ$bG[i5kyk`80~EͿN]ՃNlJ2^!`d9a06Lt}E6OIShQāqv2N0P#2$!)oNB<ȠCE\|^Ae] 9oS}nHI "GoYR[K7C1 7UΗ~\E@mbRMu'qnLCFQ3+7LL59k,LNoUkoȽW#Q:7M;I.j@~l^S&+pG+Ӊ0{ H-4$B,CRCϧ)0S $==C#m*{vvohtn]<8n$*Y; ?6YPT ^V<{$Aj5\IcZК4g2ZU n; vN|kEhbS2< )#rRg+R0ش\ p*S^ 5),ݬ"F#U(4PNi*uHC&PN-#,J,Os?0;0$)k`P_&Bs'oF]1JѺLeˆ {QyߥQsakcJvl54NFQqWXA:< fAfC0C zpHcTuX!B(W{q.Cax@Yxw~F@yNſ*kb㱊KGd);mJ}Hk Eu9sX\Ю\P4RxRr͛ b;~5ݶ qQ /Enpr?&8z3/?:g2{!fEV _ÛP6nK>nկ2>0 %U:{ i!:܏@{:ଖцHW$#Yyc:~x:[%st!:; 'oOvs壡YL 8M%>Є_4S_O[2cStBX̶Κ3od ?:xsB&%?\+Mҭ^B =M:2c6QvܞHwWVPv:JeH1_/*s(Mˠ7SA5lͳ#[٘xmȒ&r$_B31qlkTl9S.* ~W=2}9|=%:t[1]6 32끓Qtýj]z85{j'lO@Y>sF[߾BZꄐ-P^.Al++‚[4s\DtىoˏU~-?SJ%<9AxZЕH-4k'oZ@j%b ev{y?½X| вEۏaޞ opE[]%H!XG;6GS62_jMϱlNCUF`q6ϒ7,#q5CiDCcH׵s;kqyO%^YUʕ Vhjms9 ] @fZ Us?JRs((@5KKI y80xMl]Iw& rqmjbL #6693B_X e}}]@zv݇HWYXԞ=b[9Cg%Xu $Kz责A.`il Q}K>I>l:4Z4`ojZihmu6ĽJ{9OnB{T b-כ,3Q_52_h.(^'rďgpZzwѻeʎgҏ~ W6t,ĩ2O,ln__U 76|!sO#*L}FWe}S(;sif^۱[]C* 3]⤵zTISJ?},Gi;!ca߮`Oɛn rt0Y#!k?2|L#k E~6-WۀZm~nkZ@z"thqZ.算@PS7I nC$7NGL-&ֺ#ɃE|$Xn^|mkxK*:5=eFb/ JZ0=4n-{ %u5d|'r*P0As6RHN4pmA68 |`Y[{ZA y:IKmc>C(r0nXV\S{Ѕz~{†vzS1{…:jJg$:w0 tl\>?3ai59bɰs.dd1M(+Ҹ )+sz BP4ZBrR儢3k}ozN ӦE6gmAQ2h!a> Q ǛTPlJu|Ee4OwIKDy,pu ɿƿWU fv'B{ >>vk_ԏ,0ih S뺰ͅua3,+d{@ VH4pwr޴W'Sq6$ 2 -'gk;t]}*].> M~ljR gfЉQv)`@(]cxȅ=qH]UuGrEA[&P] 'kOJ]w'o(i6[/ 襚w_O3Cwl(es*ix]Ho=pBGQCHRYT/"+ '9NZ^5[|,|&A`Wth&4%C]mD%(RG件eȭdꞯtUT:>6'yȴhӺfm"~4RDCzIVֈ^$Ŵm \ٺ;| AuFKC/yAEeYHzl|YsfB:XX6L 1=kĝڥE3a\:2/faN8Ime 6F"<-y' }ͺ ~(ǭ:uɵ_~Qyޓe܇Bӵ p^M)4 gW==7:o ]^/|l"tH~Iv_M5`Jy)n[* aA@?ǓG̅` eF$=Hd hfWeC"p=ush0-o|4R|ylfZ ףaR|aȰG&W]/;.fd(0p%>2kŘʳzC8z AD:< LV/nsjJas%ĝDo~ۭn-\u`^ji>h} :ބ\4pNNܮWHwVOaHYk{rik}8vQQҖǃE0H#K&[ V[\ ;\^fa%خ>-u): b{v 64#Veq=><#Ŵ뉍uPNoIb~  "N^9Yu~,dCG~4@I (V1KV p3K29Wy7 J Nޡ,1q[}ޏqIb]`tJWC9}ZcmSD#5UQsgO. rӁԞkJ52 {ܖC8z90Uf|]A`ڭWR! !xf5'C}ɻ.٨&[3]@UF1Y3tr׎Qm l(rݳڌ5VI@zsFypu\WΝ*YdɆtDxgB$V-|oQɣ?v*7"DX/􍘀2s`ޗhk|xOV,f;9^E;\ؙ؊a8CAj6Xm7:R쀃_&2Zޝ@$B}WMbF3S_̓;E¢mk<Wa2S]_"!8!^UL$FsfoI>tpu7jM[wG@0rr#$>:H$(|Kh3+M&"PQhZKܹ)،ԄCn*+`RRX1ըƺ~3짽<SoJm״e 1Rw- C>l5EkZE2Ĭ]9''AVJ'xuMOf刎fm.^Yݥ_; hMxdZN෗mw/h Axo &| bc`?0OY'WT<ӆ ˑeK"5sϔfyBўW2Ȃ EZ'zO^POtt#nJXrqe_&ښ:̙{ s|nYɱ3 he|N"rT#ba7%'tU2% zw X8svS~_|O rr˲lVpmݣ}&_/%k 4\yĖ=_c+ v_vDWpmꁌ6Zz.:wYc=v¯%DgDwW*QNgo /^2^QK͠dqnNRRQ7q?1Nm7DrEU|TXQe`Ͷ188OƦ8z{ @,zZ=J,!n[ ᝊԢcJ,WKEokU3>=5{W~)$z1Hܫ~TՈ?SDB%gS ɵ3.\Zr ӝrW'6(t6mEMKj $,LWi%-GC+?gBNr]pŃfJq ɵѦ0X{stfXټde}\ȰS1K)JBfQ_5ם $Q>E(ӎK.6*le4-Nmny }8!"sb*o5(Dz/j-/4Xe/C؟6i.5l<ѯdRgȩtK]({!!X'Ǵ{)IӂbB>D9$)h6H+2R)m}d7 k'v69XO&{ݘj;f"[Nuhرl0o+83^)qOy40pSWj-7W u$CM2I#?3si ю{C^߆ԇ5i>ČTp;hו{R86yTZ)L쇈H BZKH)$ʢ< 8#V^ kOsdF0EJlָ?3ΠlPzn nӈLF ,{*30BIz#ˎ?Ͱk7Lrs(AC~(CS&Z:@M\gGK&b4ށ$HEhP`[k[?}e϶/8 ,hw;cLJPeAL6X,RD@#$1L'vf0ߛS~6֥ O?dj M,=O}Uw %zti!BM&76ILwk3U-_t%G$_gĚeYb9R̔(z9~TuМ$sL48n5=TB7xmym4:u =r I1 P\5n6M[q+Z#=DEҝUBN^mm,X쐅U6&CxcWrl|K*38 釃G?3NO!;ׂ`wCȦ0^a3cbDM^^PpcOf"6'? (L; W"uH7CBQV @{cGHA$QeEPކVo; azگ2>3xRVGAB BGG# 9dֿ a^NWYdv<6-ZzZէ)2dEFVp8yWm>f B<}=a)Bjqz0 -樅{=5ľ輰1Jj!C)ΑDS-_8zk_pt$#b~T)T?E<4|\OR7"@Rk]Aə[M*mݡSI;~UbR-ta?ƒbDiװ.H]Rh׊@/ :p^Il]d׸@t|lBpi:'Puma EY?rWgĉ& džl/y٘$3%=t&LUXNh"Da 04qÄWBY3ңYG//Gxs𵓅#HSkc^x=F^j$8{`D 3T ^lEtM4aW=L#d{:"N"Di '5zL,,Q/"d1Y03H~.9IL)liO|o u"DRs=.Ie٭-fF)mϿ3ئ/^s'{!fCӎAUQgdt<_վ\ ߍϼg[vPQR_mD TiѲjL_ʯK8dn!\e10 TXBI VR],W*xv\0U;HѐUR<)&fi.uQf]h&@3Dž}kmnxH5+-oN_*0UPn${r;G5O] .u{9H)QobH(OmQMOaM*bj .:uNsڿ7B3CCSqpU$),TG1bw*?-~FF^s}b4/k;ƺoy:qkyմ\D:^>ẗ́(vHFC4݉+De䪙b߂PVQ9 &B<*#(tZc_XWD 7`^(l'$E@^lr}ܠ[XQu^[keRݲ]ʓV\radf{qC 5i&$>E\3p*LyrYgig4աvTxzH}Z]%aBN]'75qJ80I}&yħ.6k:obo/h2ܪ^zu~ċPrVvhhg%v7Hs0CM+\g;]CmTַ ovEC`ߚ>x M.nÕC|K,lQ=AlP>YCjB6t1Q 9 %f-sL۞?_oC#{ YcBw`Ni赞׆-@d6guH'vHL_I!J0̡j:C.Q\_:|uU=JhW-e*zug҆.m??ں p_q0O|Q{WϝPg/[N0* EB{X[%I[w_ףO[4U u1VvvKӟ$"0 i m_xf}] ֤)WF703ߟזC^%=K5 ¸uEvnJ P1ay_׎dJdo:vu,S#MnF(7;{KSœyV=lw6L3Ε|&$χ4rR~R:$C:h϶IK2Y "rϝ͓@hfEh"stQ;O%+BoޛxWw:/@BQ*" T*vU^Z? Nl`Mz,j}/>QzVRI&haދR=Y㴄U)8A)cԥ# P/fCo! KVĒNX}ijч$F!\;0%y5YM7/{.iz &EW4TAj_gN@jjXzAcGgAIa&gےHTvWP 04xW}uTVy $!2kPHw<g'1vJe7Í͙4CѨ5o[y kAu#]6[Z`gR7vL F7TJu?C^FlE?U c5 - Fְ̹J$#:?veII"hΣ9hX"`q>Dkŀ?9j48'*BDaxs]Drƿ^Mu_/-YZ|h6Y-uj7[ xa-]Yu.TU86}KPK|+Hx۱^E ,c[e5v ĵOSy>;2Y5y-=e2cCRh?5MQ)|7V=[B+URaq_+{=2n+'4DH3+5Ai.z5S2d(Zla[L$̝MM wG@I߼7c6:SD p_W"JLu:w0IJKwpX"B;\#5585 >SM˺K['>O/K:6s[  aV_w钓)[UČK+b}S軥=d$S/2;sO=r>z\N?{{( lk2w[{ Փx#e!uvyl[Cf[5ͭޥ]vk1 q6om: %A6kʎLdb~EsX˗c(Dj q%.@%"AkbQaúx 81Vi`S+fd,4LF`8P.D/{Y`%.O2Q0XLroE/!.jRDmTnTxu f4H\]O#( *EM[iÀfN!w)>$亲;c4g[aL)L5M9X7{Ďm)-rh)vyA65n=VXG -fr떲`lpTW=:_ d]$8|9mm;.Sd'hWC@Ѵ- 3#eZѺːx "}VYXnV [Dm\W>,EMnhޕ+B]CWﺻ(ɦhO?KF.E }0tg4pƀ`ڑLtj{s \6s$4Z0{e0 eכR"&?8&{av1u~`ӿ]TYlPzX]V#b.%sB2i?4aNEXӐ% w}ʰChTJe –u7Svӄ4Ѫ5M?iLvgI~)~q[>)^u)96ͽ}X+Ȟ{:dbbooXs]bF-iPUi]C+iIyHᘆU[hJÅǼ3B-$W+h'$1:{vG)1)@F{YdⱫ%9ҠcFQ|-CΫU9 [)&] QM$N_t{E2v3齅L?vZ_YcUp_M<5\# {8gY$3)ԫ2ǂ4EV/E I|zèj$pFો˵CHUEA O+vF/Lse3(}K-=wXgt[pbǒ\XCXs;&^A|Ha5jD ќrwYPb;=zmIlZ|Pi}L߸L{vi: OTrr쟘~2ixY!mo"ԀlY]gQwOq9gj{9曕Zsё#$-snٸڸW5}!\}:lbeYlpί1<;~+6{HĩxI%.̆T;ǁ\ A3gQ<I]P̓j"!r_O gpkkHf7L AuQGΌe}nJ/<.؝ޯJ{w.t}8y +٣"iL(f{z5:__>(KCgE䭥S)%y-smuҀkEuz[߉lq&l=h6/kvnº$,2 >-ٜARn;3B^JԨ)gS?*:i*BUrY_\lK4ZD ^魣~俔] bp2}%*9@7ىDU1 ̵JGB2&G@ԼDt KV`` I3>ReAr^YW0'4>_(Nx)|=ZD24;3&Sԣv&2(3Br<@L;YI03HƓۋLѺpxkÆOJzU ĸ9wUoTElr 08- |8erVشfNBdB'fy} h,u,xLe/)_tov\YM\[)Jv^X-Z y/*uӋa(AOH&桿ucX:Mb|d<*4a%)]6mao= ZU YUz;S'f尻>/V~1QlUWM09U x-DN4t5Iұ"V./_4A<~ 0DD~+M^s𿚵Fl( ȵ$#<%{(eluƖ6z̓ePXKow NVAw!+͔r%bU[}[_ vW$A2[L1[J Vd۠^׿CP"BSIfx. hELFn $A^Z\Om.[nj{/v;EDdžfn^J%tl‚ʨsq u~Jka='>s·$ &H\gs/4'ipF;gU:B0EeuZW͹9]d#-X30 ce7mnXT %Iը`P{[*)!;É?aeۅ=Iɝ|~m s)u+ k^lj(|` #ґvYdP5c_~A7nNz,zBtp%YDͨ%hAEICODxr1<5}ρ%#QR:Q]`]仢T sA?JI¾^ShhYLss@x7Qg%/@7qҺWϞ 0PrYiA/|#M:̫UCr@ ҙ&DYC@vtz8`ŠXK>kWdĮMp%:^Z` t`z#}s 1l^Dש|Dm 'B!7B(:ZhbZv  ?kBCñVK38Jw{xk{q^gX6iA?B 2# ,t߭[8X%xqۄT5({{@D[uߖ.Cn}oV]8pV ]At};l"M)M||SP"P/~nsAq0B\ k!tKK񌚺^ORv[h}HWZKڢexB;a{'Aj|SR"*)+SL,P*2啌%RLcyo~M,mμ:=FIV2Hjd]?։f~]o)YȺpRI3Y͸5Q+ 7Eh'` P u˺8LWe6g<Os<\W=.(**fj9@Y盛˱nD␰ ִʓ,S~v|rl E#~uboog} /ۋt>{wޓ:;!ocZ]Lj$e&Eq2$ SbqvȺ]U--*:f早 ?A6wAmBgh{#xޢ?zyaF]}jrKuK9M/M{"ЅS~klױgTǺ~ &\e[D|Gr/^EL%)4c2 { $0أ4a_aYԑ Tajv&H@=FHp qa -;Ž['Px:)wbV2MqH@T95}R7(ۅ+7Ob\I]2Lr G t[2FjjlE s6g'NYw%Qvk/ V𘑖#υ L`vj욜u`ql% f^(*m}Υز`]SʇLBw ,vL߇^l to MɄu.mޑ6&}ɳ0c9Z}˩WFsB.t3^f]:X@ZFzyY!_Wc7 %bΔnV>ШnX1zr qZ?ш!$bkq6(|,Y6z}Tv\k1֖*92I/-n<ۤV'Fӏv#KEdIY**dP2]NzC |Sy#x5ŊI7T[@9)Q!xꦃ!`1~x`[vTѮWRPKzY~$G+x6+rDœfyqbI~ff[{R/VS]B6rz7>^zFϨ[c(DuQur2S{B/n'z aE+?x͇݃+SI7$'qx" ⠒/Wy*~a „WIkgo.PtgOP!p|ifݽK{%Q~]g1| bMOl*GOXet6ݕlϊГq҅~z<|E.~YAns™}[ySepBe'[#rDnH%<]6H@R"_De=M7g0œnն +nZ5j 'NGu>NtVͅ=lF&>=&cGejPjBhΆQy\ŌE0 9sOݢV6՟ـb&Riǯ^1bsa ?m(;Łȳ #rADj` ^$1zTkq֊Yk~CaZ($p@94Bhdv9M XYѹAY0D'YN0;\ŖX+ cLB܍uT{kZoB>p/D5q-hdK6DP{z ЧXCi (hVGN[ڴb(L(#;6Fm2Amf}bŵO!M.lZH%P__)?׵<v@<3]#`KpFV?U{bs^$DMF64xpX˪>\CQhٝ %(p6d*K 9Y+92!}!M! fwەOD;iP\DD{K/@'Mqᦡ{qB麦9e;eB49u .WQ uj]Eք)BFxKG{JOFI-,#cjWĺuw7,'r-"7l.y_,Up**g|Ax·n A{,Rpi-B#Z#NgyFi1?"Umҍ)_Ĥ_ A(me9*C&n\f% n fz6%rLǰRPcz? ? :zKZu{g; ҍg~֙+g;2D (tg*fka/Ifp?\6s8jL\[PL\7^0ړB '/JVS Gp ?aWH1SyGJa FQ PSf[l_Ҙ.K I!xnaR܈n> p-Tyݻ~&~}]JخOvVPЉ6FȤupk njFzjU0V )6~BeA9N9㠅/>aOض.Vx dYۊQr$5YQ`o ßo,aO}\`xCks|WB%lXv#0uu~yW]s=u< w6jfcnǗ˄n !&?C8 jMoN9hۧߪl3;W* -OV_=N撚=Ta8,AEz:'| phG&O՜(AWirě?LǛ#ܣ[%J}z2\xk sM柸=.m8 `V%} A9oE>ܾ M +}!xݭ1 }#}o|BwoŁX3j(SGou4={4F=kP#D PRNI> }E2| !Ocfh^'4e)>QLA$X<+/8UŜYŠfsCQ0$dQEzWwIR|}6V=(YT)q̦i^PU֩x٫vE$P`lH *#2 s{2nT"`e6x8=le8:҉ ךI{7TgȋI~R+#UT#4<`-,+.Or \yfғte$U\!m  WsZQȬ}Kyqn5Gɬٚc%Ÿ9<l8G2Q"mgy4K@2kހNoѺX-Cm@g:3SgׅcAn@oЛ1ޞm2 ْ6t)E:{]T!*ku_MZǶ-aA+lrՏw=5&#6ETVӇ;zB)TWtqwx?*yYɡx 2{JO B4C `9QĦvOGUʫ$!neg3)C(IHXVdZf4嗓㙋9p8f0Q|QSh|䕃etH#Zaj)yWKVg\P&FǚOcKϴ/uW̓5 ˕/֛ tYHZuKEw{_lz8 .t=@"pc_lڤb{z6:ؗ/ȨW֦t>_'B 6XεS7;Ol|~IR-Su( *3Ͳss!$% ;btJ%4@E:׀]$!\jW)&YC!WaJq©i.qIW@9 !13.z[,,(Tk0A8j}M g_- $W*HjO܊ YƾR* .3z~J\bTmCHoĵrL9wTy\;4a#)T<iyz=)-w3 gb\3=3]RbClv&ԴOE= O+[/G3񠖚vB&z%9:eyDiGln<\oY}x&YT3, ݠCFs*|{2B%8x 6/~>z27;:8́@7n,*Jn)!2՘%MY1Aj6qjq佫|13}=Ka}.8*y? eA-#%B@)oCX;5k \tq3erl1/.|,wnZhaDa*M\i\MrUTfUⱌC2J% 6hД{TyZ2+E:J{g.@ђ slm a! Vd.+ iz"". U>1TEyBȂdNvW`5́  МvC^>e[_rjSjt/fO0Z W%Y;H\T/ PeE{"M3ȬrDJU7Zg×| u^ 1#i^e ڃ"2zQ=|j,Z?}L( d<r`Vf>>QP8A]Km?@5Pe{ZMQ)Bb?J,Jr3Xsb8S! : r5y-I9y=hD.<wM^cO ݘCk}z-*Q uQJxx9=" g6fKiOGBeA+e VM?hOZ%cA]iHloznu.ܮ4fC%o1edXmٸgV[Ylt|pkڌ9%X E'B7в*]%iYȕWi\.nuׂ>|Mt~TveMWŜs :­0ҟu'*2TSEmb\1K͇Ld/Q ]hk pl9:}=/uYyYCUfeN @ ⁖s ͈(EAh]8bU3YrƙGt3&3~88{`SW 5EX7>*6ځuq:h|Sƴr5AR'gb]"xSo${!Iϋo fuG#)wY&ˑ6Vx_l}O7a09UyQhU3.̏wDB/Uy^D6qrD/2Sgv@mH)) TNrYqNFfifb vV{Γu-+{FwxoPrƼ! tQrqJ$j&:/Mbo0s4PTˆX[Z_Jn,ZPź#/%7ub^sHO eY% ;vHW*L$b`7Ȣ"r,w9jlҿ~0ṋw̬Pw<.rsR?;lvsE _%4҉5ȳ'_hr8NZ8riIn͢eubi .m֢dSӼWC:EvBdlbw5ET1ە:J/Mei?-aዪB+0/oAd/+.Ѷ& C U lG =*&O(K>XhJ ݟ]XYWePYcˆ_(yХKf0jy֍~z ҠH0N@QרJ*۪Ak}OZ1A4`k]9[{ӛ !{ uaa>Ǡ<wӡ|w Fװ5?Bv +TSyX{-_))Ɍ75TcX;[$rFIja& <6Np{hE$Sl`+^؍عHfq~\9<4t #kde fÎНX#\y l2I{YAXUG|%YplnTOLAV@[lRі]8#Ķ""OL9 wG*(_pD$ȭ* >7aVJR֭1'X֑1p&7Jb1Lvl|֎WQ)R>7GgoxRT[SvǴl4 D5] 8 `Ѳ\dSleꈅ [)>`"deهA4 չQALxY4&eI?TPVe$oJpjҥuD&QnҶwF;d#HAwCk jѾ.10}+Һk ?_)bx"## ZeŲ1n1nTLdI$+B4y%Iu\ H^P,.#lwl}tɴHXaR۹""=  xa>%L^]i**h ޥqE.Bq9Vܚ⨦09S xFd~ozmǎdSt2 xa:,^ T12@ cQWW09b>|l"nˡzߦv|8Ԓfx~D默;:aoRJoZZ'@[&,%gq^>O)_s;M"68iH1Z;PNmI&TL`h 3tKjD}!wmFTҖ7WШ~uqU|,|-}C@X6N駵5pd>zH:WMpqr?j !:τw3Xg8P@Ј#Фԧ?,lp4h%ux*}.-+#'AX[-m" f-]ұYd>k\.`;:!DV -'i6N<ؗsVGB^''}&҅)Om=;UwEO"I؉WtI\}guJ /OnUQhg1_!OceJ5#"3:2- 172PizXbظC&#D@.Vu]Uk˜zŬ7'd 3;7Ԙh˸1\I췚)93 ds,2KU~v]g t3ؼP蟄vb.1OX]i55״ڲ{u*@wY>}eҟ 4 (Ρx$7-26Kq޾W{tO0*!_8vۅd}-E b7YAg4 Ka,Mm[((T} hR`/^cdJ l# W*z d9I ķi^yP#F 9uwu[A"/T~kLt#h膑ϡ=xdU/uW*AK^ }7E7ʵ2o[֚B}q9#$"ehh*'"Xٿ'@DgڀVID\oaB}IV,]ȵe@`OaGl?6UǢ\HI?J#?zos- ΁ra"UpH#\j±}! Z0ҖaB:}?*i8x5O7w:GZRdLHkSr<#@h~;#sW+; 2VmGcF fu3L%"7}9@Paa/Ҷ$N{Eb-4XSHjWe~:)|ʋd0POBdNKsLJ8!ZRÙՉ908(_n_ ʫ{bG1n?~79rG9r?Rwf;yG U{[\%|LB>:7}5A,ˉfJEq$ *T}m$Gh`O@,g7r˜`/ {HHsbqmAiItby'j7*y;ɚ%eXq-$Y gTdcG!fA^P݌.IS0r9n!l8L1{Q 7< rƃjgp7ldH|(J'D=ߌlXsȐپ2up|0>gʼ?O}X P E.6+Y)Mr.WFWƾGʮe.b,IҎ WZHN*ɐ\TTtqq--bhV8$OXTH=FG_]&UTO~8'8[|8gHPOj2Z9_k\V_5 ݑ%9(9|yng4"3,\M~e!iD),`K+ˍz5:%8 P/*v?D*b^J 4TDum=v2'Ր* < yKSO1aګ)JZ"B N>5KvzO02=9؍Xy_x9}r* qa?r0K)X, Ny=;ԍ[RӀ{6a`D t9ne ɒ. OI(KQˍߥa'snTpMC:ͱ<']/^)dO/{` Nl2h,?-}lS]A%e2Y h`U`Kvة-yz/Č8FDߴ ]<.Re+< >Q,]l}%0+g-G[g p] # 5Bo_սVЅBjYm<##[x%7>n,A^5FĀ_~C8IZWZe2|-zQN3[p#-dH}TWebJ`Ƣ S(-)2D?9ْԵ5u jde{o |@1B*T4vR˙5G%n!cO:a#}< {/cbT( tGqoxSd]rq#⺍FhzW>\ -5;vk-p`9G„?lx^^9kti|m~{uƏbm0 W͘35mVƀz1T">yqBC@"DTѓQ+ɷ3{=0\aØuwփ]A}p Gwms'C(G2Z"J{BZ{7;tk(+ $J )쎉ŃJW٦GjI,sNnǏСny9"2t.RS~M\aOj<-uLqhcmM1IPMGWëo+&DОs.fnEuj|sKk337zAp$%q&P糄*Vie(#XQT!x' ֠Jr ﳫ5#3xp;ءtjTѩERU'tc13\ݖ˦9JhUTtD}iCkZtfvZO|)Tm+ ok|.?Vyhݷ+5BBij}OUu=_* ׸ĉ% ʿAboFێ%*]][=?D<;/Rnz8T)2w7(Z*"^a쎴o%RsBKB_s0Srz&(P`ϼZ  Aw]h5uO5tjS q۪̕ޯG-i/蒋r9~Y%KGs`hdKXA0 pkE„u~sEFk?pAT:\ VL8GX60Yj7e4S}R[ct=rK7Nx5[A|&U [""#CSdUAHsiIJD)jbf|q} ۴~nuׁw =CS@G&28=_PHK3]/ ݬki96q/nK8seJ@|OD,mo!nKh%~dLߺl")EfT$GA9unT.J-{6YfI_vU+Ʌa' zۋQ֞@:$^_~8 3mq[2Yhvz%n#DnֆoK ҋ[O'UKFa.]dy&[GJ(8$l˳dYѢW_JP%z(G0v)P=,8 0]q BuO~̬hAbwϱ/p%1H>zӉ%xgs{GW҄6te$!'_NpF3r;7nhĭOeCZ(VŹWr,p H1H|s,Pg-ٳc)bN@ }IpH 7%`ϟ@q(W ZT.Ci_*"@PG {O *Ţ]Wgvj=>{ (4p^Ln$BZN)8<8%m0nujzG+f;~-'p|a毛bFНvqAa:MwGovAX1u-2cqq aJ&SAT鉕= * ܉2cf#7#>A6עCrĐ@Q?0>ƕ{VdT{Xo~Z}e0n6cv( Z30l"`y&jrBj%a\NX 3wP㉬Q6i *c沘qGK cZrk3s!R#.S,1@V[{RWDBGR{ejpı?&h|՞ߥc§?+M=IL'3…F5 YN = 4nqZ. ݟ݆#VTsUj] u{lgAۏBG<~7M6 Vا8-g >wgK3cG<| +ݬ~mP#ou1*8Us+4C'Y#Wj]2IJ ag² yB7RV* K3^.6B0Y$Gcw(\7[ORtNї[=xB5oDqp;S2(Or۰@{܌Z3s(?Ӌ7 QLbQc=`,\J)!E4;NfNu덁3u󙽫xFwJ}i;g!_wSIo+'ldTZi`6j?!h(i(zB"^a{5t?AfAJWDEu%dB5E5|ƙ_>VEJ9!5Y總+-U~hie[C:2~ f%TDє8jP5w hҾ^AT^Qt0zqDJ7W._ : YZ