sssd-ad-1.14.0-43.el7_3.14$>ЧARГBn>;t?dd   9 &:X^h     2PpHH %H   ( 8 9:eG{4H{LI{dX{lY{x\{]{^|b|d}Ee}Jf}Ml}Ot}hu}v}wxy U`Csssd-ad1.14.043.el7_3.14The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.X%c1bm.rdu2.centos.org&CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64`K(Z8YA큤XXX$W~XX1681f7fa7058926a20c74a4f65686d09120a21277ca8900bc749f3e2df380b1bbd2d9a9f90697979304ba2edb3c14f79e596e88361a8ebf1ede9cb1e445767418ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903396e115cda209347e2af89da76b9dacbf4a606aa41c4258bb587b9c6b0c15b7da7916a271799f0415690d8c995920fa7e62b42c5a97a08167cb40f8c5a4987e2rootrootrootrootrootrootrootrootrootrootrootrootsssd-1.14.0-43.el7_3.14.src.rpmlibsss_ad.so()(64bit)sssd-adsssd-ad(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @ bind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libini_config.so.3(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.3()(64bit)libselinux.so.1()(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libwbclientrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)4.2.3-13.0.4-14.6.0-14.0-11.14.0-43.el7_3.141.14.0-43.el7_3.141.14.0-43.el7_3.145.2-1sssd1.10.0-8.beta24.11.3XBXpXv@XOX8'X6@X5X5X.@X.@X)@X#X!@X lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.14.0-43.14Jakub Hrozek - 1.14.0-43.13Jakub Hrozek - 1.14.0-43.12Jakub Hrozek - 1.14.0-43.11Jakub Hrozek - 1.14.0-43.10Jakub Hrozek - 1.14.0-43.9Jakub Hrozek - 1.14.0-43.8Jakub Hrozek - 1.14.0-43.7Jakub Hrozek - 1.14.0-43.6Jakub Hrozek - 1.14.0-43.5Jakub Hrozek - 1.14.0-43.4Jakub Hrozek - 1.14.0-43.3Jakub Hrozek - 1.14.0-43.2Jakub Hrozek - 1.14.0-43.1Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1422183 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user.- Resolves: rhbz#1418943 - If a long-running task (e.g. enumeration) blocks the sssd_be process, sssd_be can deadlock - Also Require a new-enough version of selinux-policy so that setpgid() by sssd is allowed- Resolves: rhbz#1405584 - SSH: default_domain_suffix is not being used for users' authorized keys- Resolves: rhbz#1404340 - Use-after free in resolver in case the fd is writeable and readable at the same time- Resolves: rhbz#1398673 - autofs map resolution doesn't work offline- Resolves: rhbz#1398169 - sssd fails to start after upgrading to RHEL 7.3- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1393730 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Related: rhbz#1396486 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0- Related: rhbz#1396485 - sssd_be keeps crashing- Revert the fix for ignoring sudoUser case as it breaks processing of rules that completely lack a sudoUser attribute - Related: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392893 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1392896 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.14.0-43.el7_3.141.14.0-43.el7_3.14libsss_ad.sogpo_childsssd-ad-1.14.0COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ad-1.14.0//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ca4b3c1a626bc01a7879a87361b20e1e680f2107, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=d48297b8c3fc41b10811a3401193b534769ef495, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)>>PRRR>RRRRRRRR RR;R'R5R*RRRR)R,R7R8R$RR R!RRR(RRRR+R=a_ O>6"c(6ƿSOlp,/#ا=ht>㷰ʾ8-B ?>Dg\#-J~[C& ѧEִrS617I7߽~U3'pU ^W1t7 r 0AI y1yiunPldb*"H_u4H1fbhn?%O6.b b7cڕ#,P*vS4{,\Gޯ(gX#^DěY]p\byH9b՟ΉP 8 bZ#M6DB;ceYHxT7Tj͂4 ,P6*)~j$Z o;U+_&PX O+>dgߚHK 21H UIA)%ZMA|"mg"ŴAn")2`ZO*炠 co:@(gܵm4Uc5 ^d`,v6j 5.n}םާ0_`E,EvCe~85aVīJ=׵Y18e.1ڤ4n,,ι2dF0vҫ1;Ϋ8q,:pNx2V|VFe׷zCiG ˴r(!?{#u.cOf3 IA;aۺҏ|P7DwdIX$L'nbw6W[ܼ4Ia" '9K%OY_9U>2&b'T|X}3cXQN :5d?ZӋ b%7a6z@!mG1!C[dJIp5 Wʏym%:TA}{QsqzrzFOeZ(gO{(T[ܿyPd֗L(&-uRA5J clHP1{D1N8^/MÌaw#,1| e[C&Hp`D\{8LkګÊwi/r40M\B6 E=Bi^bǧ𢻴5k0UׅwwixN$%JRqj(JVn]6fe@f4FI=I[lp %u@!t>ŜDbE9~w*t3><`>L5R!u@e)J{ hR v6}́fpݾ{Ƅ"̉w+Rs–v3Bz|B[j4Z>& TQ^;sX̎vmzKo6sյdmseOx Tjۙ^#e(6)ĈmSn8bSZ΢_dO}mGЧwq0t5ԝ@m3$\q]"gG_d:>hO#-n |Paz[ U`kA{(4avIˍ*n 7/Ew tq=N`gw@i*#፸e8t@oՌǩ{T1?QO&!Y%јn'̑XT@} (nmyv%200CTs(dmx&`=xa\L^CWqZ-y [BДzo~u Q?mwYܳhBssBk܃ ?F ?ihq@A ?,k$!&5}(%mZ򷆧[ )q2 b5egQ'[z:ޙEt3jB;TLI>`bW%JSd,%ӦbLh(_U/E I@Aع=SP^b8`{VTka^+z؂]ymɭ$s,ܩx4X#;γ5D']RDjINrCmA GX Q73||9|kfR_3Yj0E>wO#JZ0q,{4Y-t5E 1hOMTJoAfE4,8+wAM0u&3@]1/B h3*ܑb1:m*mZEv㐕…"_ 27.tcT|S?<_g^P 8++fAd$\jWgv>qEIc`kyXsHD/ 6|I+1Ќ֌E̸ $3i~Mm'a柽ܻn17CoCc7)G'߁I\ ab`6m9;R4zzm+ tͬ!= -ޜmv#2ic#5es#&  t0d!%dNϙI703WkOϏ *ӒYpa>؃\Ͽ$rnZ3k`N|hX?NvF-1#OR wg!x,.60-,;k?5؅8#ȤH38ڜS9rUM˛fL 6'j1lOSGz3jS ӥ+J$թrߟ:4p,XA%4HQ5v\ekCαH7F06{FNK>.7'^?__iywfPS*p[$ebceh^~H HdVkjU5'+EP HaF{pfiJ\Eu)y~\>\- Vlp^AC7rr _#UVݫ `ݪU^M'CfU;eV{ݻsH~pK-|*^6؋ ^~%xX;n*u@(ҳ_7L`2HX Q_g ]S㿑5^ ,}_:` ΃8 i)cC,^D ;=*qTY;y~UL(F)0 y׬8WF,>m5iuDZ)ct@Am㧵u by%ju}|츙F0vY%{HFB2ᕳZYf=%Lk- ^G!͔&]! T7(3%g4@P Տ6ޅ*k=8$7V&(/Qӄ ,$0dQG!Go*Px@ Js 3I!x]j;&ZPQ4" ضWKZRa&|bSr]p,3gsL m ݙOZx21."Y7eU b?+FJhsQYwP$Ch y_GO\KA^j*]ީ!m9bPRGT1*ea̍HDj( 1t%@\~8$Ƥeі`q.(RW@+ nUi^yGooІWƨlѧWTU>9T9XI6IV9'1Id`4-z*VaVnph6ͼ@ T .\ !=v/l0'i+v )S^##+bj=t|Bnb]lC?NP)2/;{PvJ = `Q~*aSL0?k/ ~T69 uQo)M>ica3k6sC%\P}}B^I4 9P8_Hz&/n \[s t4+LaX"8T#J(%fTq |L'5! 57:?z̵+:a:˷d4aTsCKvol e~pǂF s~-D>28}Fƶ"O>Jú( EʅKN ܬgm( Kg8ũ1gK bNb 㫝hM!)󯑲Q%xWV~>tT]y 5IX3a'< %ʟZ6`0%K7 t7d|O:fDHZUoHD:&&Fq ۭ =O 4*tK A92v9|k抯Ѩ21+P-G [R@2:޷OR!j,r}z~K GLPXW*JtxM_W ڣ w+? ]`N\3-&$=|Л{OػB!Rgؐ`kܽ76˄L:Ф->=vӜT3O@`qlnTv7wR#@@c ~ $iGWf{IJ^{P:BȶPash_qi۶9Q$a5TQTPyLmW/?f x@4,Ȱn;+˗{ l2pIw9b7q=p#5%[(!lD8`2 Efhv"#4xr}KI>įsqBFaq]cGѵTjۢ&̀*xI_uH4j =Jgȑ9܊rz=jӴ)mo)eYp,ȇԠTKGά?&a%n\*AI+)}գ:"OJ-b54Xl*8S 0R.x-RO1j`-f$vq 7'.DЖkb@oNux[يHu4-GbgOADvo52^ kQ$hi ?;BlN7)H,xӐ#hoUӮ7i;^c%b΅ s} .P^jg,(9N*hSȎ7Ѹ뻝ǛgVsIkJ;IovUhGqg\jWlVX;됸VՂFM]p,Θ3sRec: Y.FĨOU3dy uYQhb [fyUN:egA&\;f4ItFrG;lqʢ` 3xcx"3I2O=Q*0 RTrH܀ +"R?:|~bON􆜹:Ϸcב%ܻXǖYN ݛN/G,k ~Qu"ޠ箓"Ľ{EX94~oEWP,b.RXU6ڐpzKdwj B,i3:D5x7{KV0\Ǯ/S|oQ0DD)#^֙6 F5: Tۥ~32_AQㅶwr>8(;fjI] ?eZLvNHrM;tw,-\# IcwH@a̹߄Y|/`E1h@[-ܧX-~/hW˓'\+$ g%\fn*ղc}r-])9QI/'4L!gb\X@aXHbM|HT׈1WfDkPAHx\tjvAۣqH{U1+9\0s qՂ G>'۾X)[;ae^Ç&Zؖ,{*tIč6ׇ912wStF&GȐ/D` Y ;'=bd" s[ޭD2^ EgQz:! ]#,"N8]>ITY䅵{:oˤe4؃cɷOk_-&P:c#>N5}(}RE'>SМ^1E]:FjP#&j1D_0kDmNj=w tv0Cf Z] Ef0``6g':Azk;Wſ2{{6P1sQ")YN˾fGu_NlgOE 7ƿmKg,^l,4ljDױ6>5ұ\)V`CO!I-y(ͬMGh`J_?ZTtҷVK닛W8Lph{TOY8tIU9ksjG*b0I)#ayy'Z>Xlw29i8-{>ֺ!# QqgNoXS]&:KamiPevoJn?ÐB1hKcv4sa/΢E{ &>Wބ L='&lJԙ9R2Nl`}%bٲᒴaw,J(8XfyQtEN&-HU x>ʠr r.K:.2]RRaΣ QFJnޙ C;!I9ȶX α/dD,XR2z:UqgI=z0H daOIUuaeަtr5g[SjF'zȫlWMkϐ2+0[/դQ%ַ$1x0m؊ywwer(#zHyxޓJ]LRR @ˬw4>L+0i#7~?+7b@\^4>x֙@ZyKPS_vBwyhï$5c2`Vj>ɗ6,)bxzu}F7|C# pZ}\p@$UvTg6t {kYo' iYІ6^EP݊]Y&"j#2c8^2 dbi)[\}QAX*D,x0 is.@!2=uBWho"tnjsvZZӍmQD7l3O}MJո?Տ21B%p3gށN3`-.9FRGv& 8q5++8[caf.x{ cP1Suc"aD'^_4QZ-]*cp@l,]z^#a!)Q]E x2:' |pV4~C.=t!z#G:hcͽ7=׼kYqBYmy{ g o1i$ ҰM[]-83ZvkbGS1OV K/^&*ꔏڗfO'uܔΠ+c IlWV0C7D?7J ҄P7pI|Xor8|1ǂ^^P?87d~;xF`Ԁ;YB_xw_I묤f-W췊B8lyߘ@ߙalLGlͺ_S͍еe:7rT!${mr% G{?eB+^:p~pX IGXѯ7kD x>#[&#g0tD<ÚŨ:)zVWoY3(K|(^L  gn3Q4 sT\1zWPLR\r&q vQ6D@EGshMR \GX@F2P\/?U gm}n0},} eR;ayѸw;tG;͡dkɪH/uEi') h/mD+mZ74dlqqO_anR 1W)Gv W5t́67EA$B$!l -B:O1ptv aȁvbiɉΖ!WFOK<ȳװ#-0myi;G|54XN~e3 & w5UPoB/oƀ],6A,7$87l}xA,E:Wv6Lb%2dfӑ86Nx7EjqZAwkaG!rp2,,R7[xz(5J;sws qΉViKK IA?*ASk\-Ca |^:-_`G 0nWAAKB1i] ܂ n<&Loz벦*f.Gm\cW}` XV^Dk0w<]w]Ssw{hHAkwK&nȞ;lsEFWv0he,lJJ=n-ĚޓBe_@ eF7X\:)&$8Kgnv{rÊKZ;7R͒zCQQyLIo7,jܿ/~Z{9Dde7 6;ep|!U+(0kF<9o~[pB, 91dق=J*(s̃tU5cU+pAkO}y l&VnLD[[G!~r,1wM Hォ>7J4n2h3 ,2i:g;IN,<8n.隍#nص9wny;RdƓuizPoZ)so|v@r`9 2Yymkƈ@IŶD]fJL*51ttq8p89]Bi"5w { ԸN Y|EC4! CFs#6Vһ `x7Kw>eEҁVUKR]$a 9sxF )/< \lԡ,ll[E\YO@0SI"eK8< }%0\)Pj>椮(%h5Qe)E fz39uj+5Ǽ: 8~x/Fy[ޓY<2*n/Cm%@ŏ ɥWf'4ʀȫQlpʆe4}₋L7ϴ8A.5bԛ& `iyOkJBJ U mGWwpޓ_7 4~ )UZ%V2 9Yy.^ Pt[sP6:V\rtbY]S\~:$MM~;FGAPq/#??63ʳ  rn]ۜUc??a?ߢRS$d.uC>cC0-TӮ'k1Z\ Z^{zvv^=_ %ҟwo5Nx6YSgXQl5X1SWp[4L˫5K3(.jdig1P~lPJ:)QlXҽict-ZwNJ_X~45@j7'2?}Л U!nӂt#gTN DСhn5'K uHK*W0.1L1pEGlA2z"ڼ:{ifEk073L?vQ <3Ҥ吆v_O&1J~%Uk lsy"XDap?6"7rwd gH<(4&`4.TX8C@80u>i+Kac3zK. }\IrYODmƛU|YjIg|iӏ]$S;102&F$hqI;.n6a,~,W^.}#{WGkEA3 /tp4i,oŎQUPCCfQxlI8A+";"Ok dbOʚv4a9ZҶ ;%ƢrsS EjhLC,2jo+!UѬ ]tds:#ZHzPώecϪ%|t9 jMyk&9h$W!Z^:3Fy1]hzl@~-2k/xyrS4=EpLP,StԉΛ{o8 cV! *(=z92CHkf17gk\-*E+ D|$D='Q<˃(cD_zMvAm֢ӕV3';"5s[Y,>3%b~_0>\GCW}s.H^x#O{-z?9g$q2 EF-xQmV]EBS1C߶LAfJBѳ.u@H 18 {&ŪnM=eo]ap/EV5\ZY tF@2ȆhLv`x~[H=Y?!aӸ^$iw,N~H9,Epy?滰sn8p`XZ=hXLCd ǟC.9jiө3 Яꛄݼ4fae:F?P{U#RX6ĚL֋"h5AT'ܲb- >졡9I5Cm=t;O(;4(O nJj@6`-B!逘'n$?S2 *>T*({p|n!q'q`c #61x3>%ҸW/}&..hז+p\ПF 9}g#i#˗a_k8 oF&Y~bE*c 'bL8|nE~dhE v<+(.K8{?OBVnɄӚ ϱt`Hύ C`_^KH[pp6-[V(}c<) ~䑄im21)9ŗoii*\{~ xJsłzg@|sAiLEzWHlY9S~"ߡtL%vw9SVߗjX+a-Ud"+tjVZ,eG y1/blzXi/q-ĂrQ! WԠ.^(tX9 |AtPKI/vNe4fE?P8:?4W#qw,(ًɛC{";B-u͡K( U[Fk,h(}ɧ* 4oefs&f=:`i+aXNPv7FoFn7 q*:8`8{G+_m쫨WdbڐW*a*4  !l$Z܊/ 00W{/!oV .>;M-9EGK@r=l>\C^McCr1"%cWes>Gq"{R/ ȞahZK܈ӵK M¯>/4OTw/\~?͢*0L `.jz4NvRB2MŬ)G]-RHG+a+טNުj3YاJTx3KN6 aɲ·iBE!Ã;J/ 0t5Ws j+n䆾h ژK0dQkɌ!@ydջUSrpܾ ,qWQ4HJxn$'B{ETf\&䡫>+weanpBS@nV]r;YBK|j_k0DU3\&4 4|MK ƽS+i.2E G'k,vGS//HϷG#zdPPoCp5k{cۉy~L#RZRlZ) aɽ.|MTO 0ˈԏm*|d-afJ7$]+3:|xnBK{XĻtyݐf3<9cHBp(+9BWI> е\Ѐ5:)ٸ`^퍐,@EK#Bhr_0 E[%HON`WA]rkCrC(G *$\ࡆV+hF:#y:U)4E]r]Vܙ[ILGcTne4p]:>tI P<+-tm×0nBD0qL^Mx1c7+>cV$K T[Ekvker,q5Dgs7Xeю B0t(LxJWqA2oTߓIU?)vؿF_C`%%RUW~9ڐ-H0yWa!Śzx&]y4+r5ytk+Ѐh9\ $w;P?K!O@?ZB1 /Wp.sbWp&>:NL)ҵ,FoI~m3w}(J.G4H&E@MU(qZY0'ܧr`Y>ә/w2KՁ;I,I,ϥv0ɊF.%Rq[QYc11ux5*%sZ)~)"Q,m=T/>Xb&$@>=DTסR'(EqZ?KԩL&0רKvϐ Z!J +$B^~50OF47uQ&r]甋fR7\7fQBVE_^4(7h@&벢v캇Vq 7MY9!8cȃ/C(;UGMZtj6(A#?;Ci3 eBauTWi?|JڧwV+T@{+i#Mm}`dsUJqM/_˩2n%H_x*A+;S:L[KDZ:YAyr$0w%4rP>Z1N]xjЅ'nVl^& 6.y.6u!>\4Ph_h|Lʇi@:f\s$5 m3~..sO"E/rCV=!,bsLN^I$=[񟜏0rfqMnClR:{6OJOIcBr鰱r 2'g FT}T۷xEy?&V_ H^RBO!p!ͻxPc9LnSI+cՠ|a \_ffGeڙi!D M.@n,jީR>myCr.?y'>]4XWz&Z 6v2u6NHN {Л f"NHF+1i$EnZK}˹rbp U. KE?uaj玀wPҢ0unݛ0bٞ҇g6:.npKMe)? f5 bkt'|WJnSuWÌY<~*M 6b4I|3%M!%w;p+rbH)g(vqGY3r,)΂sK`n/+0wڪ1_\[,ѷ$ ;`7pjΣrgq+H] ^Eo@OCsa9B2B*>"PWM*i#TT1ԗq ҾY8'@ܱ{SGOy5+ >1+xmGGC)`[v|SWk_ Ĝ5_;E>$xe \{;94S6:3;^5A!{gjy&F[/`qWŶ섊!i尔}v3Mq`fN9?;k2De|o=J(6PD=89Q,xH,m?b{4ԯDnYJ&(2a:zp=%u2 #PNml^?㦿roq hEtr6 "IӸ@l[M n`u?ƸPEf4h=E&jj>'..q@ !JEBi1pG:M$k7Hy)8pi>q #(L_vJ6D\z.(d˕hWөz [v;kQ| bHӢ24WM!7u-TQoɟ.L3}Ss?:+9V17I§ѽ=]aTOOl: oQ> y\ ՟<ʤ|BL9H`ߛkBq%Vٙگ]M6 XMy0k0{fn(@v^4|=#(ozh9~YAo>]C]kQ3tĪ-! ]/ FMo'|tqǾ*T>H5몲VsmۋK,ٌ;s[ \"srPÑ^Nbq2G'Uq#o$~q];*9[τ^_hVbНN #x3i%xisƄɁp$n;5?C:\`wh8d莏|;>mINOdp=-(׼Z+h$<[aqOb Cs 5Jb_ʄ|Arц][zI zCTh1!󁪺۠V-C'C$tODp0N`T_nJ(>Tw)-1^ Y=-4B&tj@? /FbB@8;:C*N}!Ȁ, O@)qw3OUȗepW}ipbfrB@W)zB h`+,*u[ӕӹ`cfSNF&*FhHVJEr>U$~喅B77DxOE3,/W-^Ta1fTXQ .KCSo:]>O^2mlDc|1x@ V58\n̯[&'-G}Ssh#M3x⣟@'ݬL;> @})d⑖3YNiqZ܃u!O )Acwp*3 {u.;q3_~wŕ>N i9s!7(ԬJta_>p$h1hao{#oc|jmξj|AIg邢V-F6%n'T4ΥIRD.Z2PN% hXt 0:i[mw/\AUJlnDaPȎKy +^h Z9:n MJi5J!q{ wy#\N OVGDgY&q?ΣjGA{uk[;2^Տ?DHL" Aem%5mLc`' "[؇q,1ʛ!-koq0EiIlmdy˩m~t*|Bv Og G]wA#3I7p~g JV^\> Y5Jhc>˃Lϡ_n$"*x<<хWzg{KvרxkZ]L2ص`:/V$:?P#vQA2@Qn~A#>o FD.']}7cs~V"$>੤l{.j5"j #yHu2i,w,s7Jɿ6yZ8\DX nW-^ud(\oe.8L٢ɻT38eݺ.*!YYH14H 4ߺDHz(Z9fMkss]]Uj"P8q%mKE,/Ev#V@O,)W߿ln+!ڷb`j6Λ*?Kv߭ A]%zVm2eozNYhT`dE @ȣ{+s0.W6$anhvc?`- j Mg@Z{inJPXq#Ն 6D7[(T bBV|h_S=>LX%9X$Љ#6nśc5MxAM~`TQt(s@ܯRIKraB ˦h,RF~l 7;e1IYj;_`#5"#w(a5 NZߞz5@_VzAoE*V~ >mSQTnY6t}z3Dg򋙲VO\6=%D}Ƹ\dIі㝤_ .21,bkt8w:!JZ]*qbM1F&kNfVRS!2٬Z~$zu,=6*mͼy~OufX^+s;I&5WT 8 x(TNfu X2寣Em}刭/T~TLڲ."o|mhd4S5U^[eN,a{.|Wݴ}p4#3`"ֻE?T$0Hs:ШzFd#T2d;y8L_=5ZR qԷ=;!p۶J U?4q%㬸RRXa͍B'=Zq&[uK=GZH+ 5\L̑}lU:W@꟤A+Bb+ FP윁F݄;1gNn3CB F8 iS ` $XKJxm_7%>6}!"J. H[(JZXdn_3i s?NML6C 0r_k>\uQ)C HQE<) 8xӊX극"aC%l^a"rO?3Zx=CڧEC#$2bj@:3z=0TC-o^ %W)vfv{4ˎ-qky| 4A7aҽ0E{Z\#|4-G@(>>ysv0$e?SL䝷{eU_jMxrnow]5$`nc1/d}sQe@#ґ:#~6 W,딂Hk:gitQ&5irJP8Gg`~Ւr@^t$eՑI",+1ABJK[R\-:1eEZ,}fbAz F 针,`$-m쮢-ΆzcSp{xM/4Su 0+T2+6.sxE/2<=.~ ku2Q1}2d /fur\&Qv,Nj3`4Z˿(٨ּ{6 Bǚ:eDmԵE]{.~KSدqBLX [Y -ܘж\`,U}D4]gҵy^H`QwX5;L`:a5P!uVӔ.[83Z$И*SVteQi.%ؿ/4[H6Ѿ4lp{jTQ_-W- suIT絶:aC~1e (Ms  }9iTS 7Jn/xϡ̛6#`>zӕVfd]3-+ʳc*$WqɅSH&J4NI:u?ۀ4׼tۧaږй~*露,t1>㶅Ow1TwELg:X$WCY1<'sXJ=/8K+UVN(<˭d qCl)W`77 h1{@>!P) -Je0ǘfr] +W;Nybds *G;eQmQ-Z8W*H$gg^-~VՊㆄ#v ]Z=w+aMU0vq]tFgcu j1břU9tx%^&\D@d0i:P'[UZY'c~y48(F3D3+٘!dR3HC^/c>Iuw'P!pZDVq6Gub`D4&ombjks˟R &Q27j2! "i~q[ 9-TnZerHq-l _ _{RH os#vB%oZU:cϰi:Q./3slefWmQ|JF4#eቑ4e+Y&eچ ƫ .R|?w.7-rV@AėnK4_.e$PcJ؆44)&QCȟ! euJpkic Т#,Iu|etc>]-CpQw17|C\BR͙xbg#oP#x7NGQZ  =;PE%gpWpULPEě9#6pM7G WE %/tCֳ02E@P^9 طZ} 7ՇƲDv7Yt<[Qၪ{[ H=ŢC9o|AZ1f707%XHfe.LҩSvtbQg\//ܠA6ޙlMCpmy DlH |?/ ko'B,xܞ}A{H7T{9m|-z'-z$nX|gjB.Oឣ겱Mo#iS+3 5Ha,'nGh3_׸$*SԚCo FW4\oJ8>ŭ_=F'G&*QRLX5N\& >'0EИkZ 'W"Or~G mB5Q%<@]^|rc\o_Wr ^Ԓj|v$B DK]v&3[R#ax!ZݶY0 **փIg>zs tނ?:(D}iL"΋Uzg|ğ 1v4tmӰةSKoӮEY2z@zʾEMd4ʃ9(Λ~9ƿN\Y2_Ȭ$(*[`g; u {y/%*ϣP*sL-@佈g./9קx4t4^4ZKKmm3GQ#{%NfQKOݤl.HKѓJɞ^bB. 2S2GbU@6 z A$O滔ڨ!? PztMF 1Z |-܄xڇ.UBx#zCm2Ia !. OIȂ=Z/p$F+asڷ*t܅Wǡ o7Iܝm2-,҆]DW5,ݣ3F3sl^e sqWUULOAc6d3&)ۃ#]~4jZ%|PqpcdMt|A_K$)b+Wٍ_ 7,&9=/wIl2GlqJ㶈4:HiD50Ky s]^fkH_74sL&_b5۪rK'+njŪWzb1BQP-;*ѷ4}Iue} 5nѲ Z"$y9GjoGs^6=Ħ~wh Ĵh טw ;j4Ď.-I&Vq.Yq%+:JDOȜrPbk`8s rYߑ[E,$1@L-#]ܟ7_/ U.7\ ^tI ݯF)moS}bߖI"5`1NKȽ*K< 2R E:ox#+E8~ңlKmGԣ<dW 2~蹏[/s`H<^vb2r^j{i(ݵw;RS#GW`TV0&Me"T{%62IqVʎkؘۇR[=,7=jUL. grF|ĹYD2-f UY5mF4쓊b-{Jp"mO~"}|8sUc@l/|-aad☢d,=Kɶ(A 6k}' Avdt,h4X9UH'a~SJb Z \fw+vmcT9}L1 óE" J(*#K@4O1F=b!{y)g?ΈQ^t(z<SFvGq}LP-GEdacBaishx"kN`owdr>%%yNg2:1k,ۨ$rW ESfLxJ9^()^(hb/V}i].WL* ?fՆ zp(z!;Er(=`l?\ C&=+CJRy:)?u7 p5rߘӡ29๭dm4smp--k{E3mh!>T'ninzZ8]"P `a& zg}ivwhh$W#ԌKQ>^ j`|K@ifi˝`eNU1~ = y̟Pȩg{-Q(9kֲhh.|ykL2"(T0HX(`s)ȷ9m(,.qFnDF82 ]+%>5e1<ſu 5JCwP Sŭ'>X^![֤ٽ{J Ud"2/?w fo@HO6{HԦZ:hIk<~?$s;YdbK9d3ys_ŵM~U=KG+#'MlLcNJ:>/nbVx rz+ˈ{&ےk7g+c^VIXBASXDЉd,"!c>`}ɘw{;yKDtuxU(`ckQN`x JG6WkY/%0i`:H*#u]Hʢ6LQnBKt arsPb"Qo TLjm~(cDysndeհu.FF0wB.TW-Ǎ-*h=qn3s qQDIJ:AbK=2!#! ewmX@#eЀ,۪ݬfm. /_rGS@WQao;\iˠVk*!2zg!01_@#{`FMpΰ7r1^]N>J~Ew~ g~x3R8/ 0Gğ <wsA2s77@~u&|ڭcByţ̹py©e bl]HRanWqฬZ6p,S٧{AbaozEz j c.ZE@`(\cFj!Vn͠`~w bWHٵq,]AqnWc@xhs >j &H{r},(TЯim1SW SN|Nue磭!FTN~sX1&2 wOm]A%5qz ֣wppޞƀqs=AK=b|OU]X$m q(Cdt76'h[ߕuk9 'p4"ؤx U֍KEw YEc=|m^zJo Ra9Td"gy oI)Ұc2%zkD~f.]ڶ!EUɏ: < y©T#&Α Lݧ!5b0eS pq+ O:~ ֳ:,x}UTGl7Q4It*}_͊%q@'OW^v 1 YV .;>K>dbeLoSd*HlxsLw-u]Pi}K5.u76 s>9[oqZԱ[kk[p+[%:9jz[Z ,Jl5?:RJ&c^ "A  5nɥOe^-xZV;|f(ie#]V(Z; K!q]cJC_̚쫚ǢnE2M݈g:Om)/j*%fj!ۨn.*C:3KnF2ST<@bϣ*T/ m#lϖ &-3V!lBn<)'BgVU2d|kEld:yB j7=O"4L8>Ei`7w1jێWP|Ŧ\ rc?Fh7 ҽ= ZSmut _)MQ0U( d XUZ-C^o?:(r{C_j/*jk4Ha *~,=I9GJuH$:AC= 3]%_VO . (|Ҝ0 Um/=8&5!ݭ.X~7+-ފREol1Bg=M>?RK(O2 &'b5*ZlH U9)/;T^is%JO:>K'U)K'{#pt8p3zDl>#QDa'ID9Ϣ}Q,`aMٖCmŋ+ѕUy#%rLf[1m Td^X[ Mz* Q7CI\l'|D:!?f9a3K\xߏNV!ÄX->Ax!}2w){a&1!.xh3̅Bw~~+&ᨱ?7j1K@t c\G#׉p AiJ8+^9>YaX`)&`ڬ0,9ʥ:څMR|7Ӳ3;^(IїUu'2l<-0#)5I^+ Dڝ2;Fx#OŎl;`[\Fi43.eG#ЫXtegnLy:4 )WM-ƐYO Ј( 2V WvBxƯ= ~Xrʓ܀FN'e?g&z8Dq-F$QvbmtaX 3pWQVn9,ߨB:3K;'+f)œ!j~@{ 4Av``PNN$Ѥe9=^N|nz}w_]%ًI M{wwZdd=[5Bj~AD4YB69J zרnm*M|4fR{LCӜC+C ^AЂDrA}_MOP5, c~EB_ɱ~W@A#F\OX>tfKbрaL]䆹\OFח'tmAdnp) k,@/$}X1N2pP+KWOںi]wAI.eUP{u9MWEϊ>fUD]v. PL 9!! >hbM%|역0uEeVu'Jl`^8"Q-WF}{;b!jk7zQc}U/F/a~z܆WqBQ !q}$b.V'B;>q11 oٲ~b<3 PYCW/! 6y~?mqu!GRODCn|l9G1Z0fj;aҜ ֿPe.ڭFq#Nb9ۭInp o j "x7`zMQ=[V{/ 9|u<@ܯy{,:[pܸ7ʆņbfij1eQZجOvYmkwPz(\AYP^8LbXq̹UpBj|41dh`xB64Ժ3]5:TK5GJټj6vOt]0$!u.$NVEsXwjZQy+2A\d}zI4Q[F=U񞎺R^KϑPK~Ӱxyh=ůʆ"8͊LXI = d]d! .el=ў;١zHq+Ye=)?yk`# -Fn䠥xPbr22Q{u\#4hê%^8'h$񵷃o0Ҡ8NOnA5Uߗpmȵ49coSfl'jg4u-Ԭ;fܦGW˴*W]nHK[8ĐPZwfm${bXKOu$PGJ$<;n::x≻{]8Ձ%i0h(_;t=>Bsޑu,6v p9_in@l Q: 2W.dCBl_eOg8ύc5`/!Z:Wjx.dhBEkJ(tbv*=pk^I2\0+5s P2D'4 &^^O×\ǩX~OYG^BUo%g"pZ:v_7^s4[ןvWP XyQjzi+v.&<\<ӆ3M\K7AR k&|Z@.U.PYfbEo\ jݸD$8R13굎mB&b?ViHdQH޽Kēj78O X; 2\p?QJU#(^BLnxhl@*({2}l7j'1?AN^m.𨆢V^-=SVt+qPbdr^Dx&QC2*TX.njG|G؟ﶖ$S2^OD!hKqtb|o*t8ɒaehL(ž;BXN1S cr tQ)⥪`k^hF"͑~W8< ob$-[lM>kp}~n@D5gCˠN6(IYupՍ?HNٗ(IՆ1<UD8HXbw:׳0'&̬M TU05eRhlpReօ^ : u*v <- ['o "S%$&9ŦHb+˳EIBM&t Iܿߗ(ϱ{jʂ*P%P!Ĺ&p ox+! xo{=]wF>8G)-6oߵrsOn71LOhw-!m+S/)IOvpGݸ$Ɉ+kEXąi,,l WA{%  ,︦fM R*`P>@r;X}uo y;W)8p\+QP %Y\&pQsGǶc:rs211H(UO`1~y![I R=i-b/4"m2^)5]1fԚH8JvNRr)p'X:&տ'yοKzy|eSN4'4sitd2 M'To[{KQאP[;!(ѯm-1O֭;:Ed2b!;dl67&wWo EoAb$WlX>W1seM9=?89?J=p$ ddJe2uK{xaʂh? 6:,; tF"6aRlaz="W>#҉R\νV3΁LlnY*toŽmXhvni ȑK&v%~W"<[+Wk Q2ǖ MHeM-u(0POCQG&Ϙ+z'.qW݁ǟb8+:6Œ%d<ߢnƍSr\FZL@EF*e(+a8[D1k!u!wesXir4/NÓ"{ o@L/ruUҤUC&A>Ucd\r;`S4qRmӤ"%mOk, "~-\LʆqqGfK"0 t"@xSz._[8JBLw>(rȻ0KEI3 ,P¼Q\T#U,֭^aMjoj;'/DwPfpxX5 p}͎YX nt  vvRAt "s~ -du'ĆkW/[],+4i{[TVdW}u†| $t$&#^Nh!7h:Duo/hSzi_DJ$ 2{_uêZ>4$g \,EG^׬sT;ĻD'}#BS]a:D2A 'z~pqσ1LC{I&^ `&;}5:Kk)'"uucU( lamW*D -{3Z#'0wHo7s[)Dqnycj1 c)}`$Y6v*/kcoOb~Q'9"Tɡ `,A`%e?I'#"ݾmWчP|AqB6{Ibb=@C^[5$£vX:'nW ?}F6L޽HS'`ruO+r'k=OhWWcE0;Yp7jImռA{‘8MC{!ղ0dM9NP>G#(nB*QkqsnAVi:@!8Z]If10UY*PxP q^*J0|{>YV+5G4OZ}(VwwirJu3'9$tܖVP3 (spNZ{Kدe^ o/p>i"`OTPH1*0hLe2jtQohgh4*~fz(\08~K~،RiWIz\5(\#E{kǿ$BtmL3Z'UA6#A5, E-+޴}POi?0M7zVƩ_i} !2d?Q+7被/ej\88,9wu%x#zq8ā~ Ye+̚f:qލW޸/[H&ڸsZVڮzq^О}L0'Hoӹo%SV{و%m,s{d٢bEL#6.UWN(gHu5+k\t붆6!(nF{L7f04L0<1Dˆ?^i/@TBi+l:vv"lRNAuq9PoF|-H6 )9I2Gq`Ijw?-kJ>k%:rgx,lĤ&/kxs57$I[t),}Jʃ|Ɂ sCJދ} የfʒɶ`^*^Rd6n 3xSz+r^Ҡ;=Dyt@\ I$8tW|v-~& ^zh!bפZ:$(A,>v/J,aYX`{(J| .2޵1Jc%+,h-xz],aY /]=,5*Eu<^90^w!$ ؔ~auiYqwoQasX>m+(( A,wz7Dn+ɣ!Q),zѭ,*>.v- "-:Y%nEtzj%180Od Ntjg# @SH|7'%&9`^ ZD3oMoz0W9$%'/0ecUmIjIUHkk2X T DL^ro.N"7)xȿD:JjlF}1HxH90LUP_wL'=ᑮn$Z¡%۴GqheSȶ>~'{C\;jm<0.C jF݀$çz3 3ZQWEjg]tywfmkt5;J;%KbMB&0*f™Ҹq~ DI>.poUK|Fp"ON_S VooiS/|ENT5 w~~-js³Zz9ϞQ\}(N/4fC;b.:P`CyėGk75m6z< ytE+Sm|8] lRXg`8jE"\NId͸9i)} -GJ>C|ڨp[%իyӏѮ-f .dSLhWK5Ue =~VonTdu{XxX鰾K6?Ddmq 9wyJk@0P} |Oo`AFv:ep 1Q;2T?d$m5]ŠoSqJʗT\+br-z~ eD)KlVDM e84|\ :4jb{X,Ǥu:wv4tz]c0'^ ?~ IQE,vmo8>=g-\H}%mN[t<#?~FRQR4 9"%4oeN\ ZG!j4y[S5) h]nno:8)&Vu?4zsT )2㸔P)좋Bsh~traNK5ϦfDU~2L|禤>Z@FrP;YE$Cy޹D*\.tKtk%bS Bzwޛ\Î- T)s|os o7sV,Tp/eʱ̽^,`MVBtJU*J?*7@Vv?uSBLO2IҮGWKbǀWie 3#MO\q#t`mht\ɇck bڣ[$ڇp /ymTi>L#}r'z( T֠H<)/^<񡲰3S1+ꁙ*<둹qa_`Mp*Ifr;U6P[^+m+T}{{VKk_~ taՂ!{;6d^XӁ ?{kIϖ3--o</f AXYf(cK7$|mw5|rvdjaV"b{^r*iI=J0/J- ]и1\g`jl3*?w_†%rΝr agx/ B}w> ].;,!^ 2rOs{o"g =nTmcgJ8Dl_]e4m}Zɶl: D\i\Zq{˰rtj~A)jw xu?3%f!Xjc1ʧfDg$dHHթ&?.F/LLOjS CPg] Hc;6>b{γyĞ2_:J>YH7;l'!a "AUn耝򚎕C𧈐RNu^ tP,֚Tނ.(ߦnW+Փt le`!ӓJ< e7NvҨ̀umR>/?|OkD]jkEҏǯk\5mtu][k ZP Y9=Yl6N0ӊ#l@,1.oD̲IȰcCJ*k&.s9%5Lއ4|/i*l*uߊRQI= gQuXeg-X M4Z R}9<]7ɎUɭ) E=TNK'/s<1m| qJ E 0Uա턪)`U3p1N;GUِusMϧR R<-̝$kZfRqyg -ƵDK ㍶pv6 <jp \?FK:δ0:uѵ*(%TaҬ%_^!҇!%sv&!գozyw7+fD`!,6G1y6LXc+T uT7h =P~c/e!b"ǹ;68 ?F0hނ+M qh''&v;,u Z[Wcȴ:M/L*TȄp] gXSt2A  ϔC ^X K,$ A&rH@z<$<ocPdc#pl"cEݒ{lB%4H9l$-V*;eȫsXSfaKg 嚨oR!IֆN%DKAզb:VfZzFBi+Qbg'HLf2 eEБ^ .U"KYF 1Hy9OE}7ㅈ]٥k8&gݕ߸įOFbN]_Zt|o!K}"Wֽ /8MqS ;> zOD5sXV 9KH~h~uA=/Ar-1Kuj,˼FZNI@?,{T&rqwz/A׆UnAa{}~2U.6Z)zU:,T;ۨ,P9 YĜM1E䋺,)?qJj)88Hv?[U,1rZ fNYלA0T1;]\#H%(IQ>P? ώM(}NnZzF;۳"}ϋ"sJ!!T@C$;#^}HeSFt&>eOtq"6o+wqsH(MV pvLtwGߣȗu:>n' 'NrBS INV@6&笫@:beMJ_ޟ^0Y/k/}7GJUHcp=i71S$iqؑc+tQVI<[fHMd߰``U/܂nq2 'DC>^lk[w7Q>Ȼ~ϮA P y1{h m]CUKl\ί#w pc)! @^EJ 'P11.,}ѳ4A2*Гġv {N 8&ݶKtncgi  6!cgB'wfe=UqpQWp ; xq.f-=q1ţᏮnaֿ/j|P9ٺ'{Sw[~ ;g.ьS_EAT^j#R>mvKCMo.p"Ӥ=2<.W(8>n[ӳXcb6搜p<|azS|OM3gY>V}k8BfTzPAlސىu/V^m}>AO~SUŌy_3%Pl" RGcB[|D$+˯+`A ~z:|]=h7Ca̹-.*&ݻ)? e3d. ~^sFE RZ/=`QFS~kI~կf_/cDZҿ=kmL&y-ݯFꄵڹ5glU O2RжMkjXAjpDpșFE)q ;!)H:@W͘c43U G p6 TGYqjWLLyTY-N8y 7cmLO;b ;!i&%BlN>P&YYArľK"/1ߟ{yEcvj!pe Y*IXP!=sd`\2,fCEhc3 rP]Jӳ=\R0I@ ám\mzRGRKI!-XRҺVgR.oƦy$hBa27ҁYg7ga;J#ق!R>âW]M[rEEh,6_cwOZu/ $? c\†?B&b&AsuyB;u˨pi =*`u"N]glb"jO@X]>žE6ɴ߿(Jh{'RB"Mi qFպϦ2^sIMF00r|W 7%t?rSM8jt(Sx~ч6Zج Ǖbe+sj Z].G8 fcLtBNӑyl9(nԲvۺ<`_*?W?U8EOJ|"6oڄ`bz?tnx"-'Z̽ctޢ>|uOle3_/fĔa> %&4cvgMNMs@uE/# mI^jGTк/Ҷx+q-h6>{lCVOhk+GSA5Z)6$rW]D,&m"U$g:]֍(MEλ*ʞXmRTAٷ~>QxcYi|Ki{_姡B+&#8}wywBL}*YBy;/KS.Uh$մ TG[ژl fYPv`RޚgWß%6?c9nga0Ǔ q.o?|zOOjxq!#^ZO#R3Q)3 ~HIeL*LFN'[WtNL}-5Pp䈅Lh;*zgBU?(-LRrLTITӶnF`/3sa gxESCK8B>D&&I' ?%h iS:SQAvBioN Jta^;K[kC2{ſ:Ok9L7Ϊm$gyOHΓkd| Q giA.yC Ě\I쪝"/Ewv7C=6*|~+جdrJqup$  Zi˃Ag2x)g+46H)6zO{ob.~!.2:mdܡtnNIPZ.}P`uPɣnvzmS>0@4ɱR]do:'O[܀~z2en/J3==Wr$\H)K#6ڡjгpl ʜnС`t9Dl[d))Sܽ]`آ=_(4]JwTb9FYx0;}M!QXZN C'LΟNr=ZcԸ$p 40&JR״!I SJXW27OQf\[GB{Kt^uimNb7X?0IFjaqQtL'#.!Ant _*ĐwQ3#Γ0Oߜ% >lTFf17,-kCjЄ=f3HEXO+TCSUa8NQ;#Ncm*sNj+7y=ztUgScRn15&% %T|Ck- fkO6ޘt(fY6ܔd 'Ղ.r5_i'Ը8J\"Mis"7AJT}%[S[@_`gp3hf[?qi&ư: =!+Cb oxbz;n?r@8fRP([Ua?jCeW\ȧ.pOHrN[ItXSQ!:N|X7_KoR6T6٘*d\ͣd#5`1#9(2'*kY  D3+ֺMƱ0dmk-C{%֥DԵO3X;m1yZ23 <Co^ڮ>)P OVsM褰fL3$Ǘ4QLhBWg]m8EAAp\\*nގս-2?:ڸ L XOu?t'X_0-FDkS!Nl|m/8ІBi`oH ];?-&3So# &ֈ w3JN(Y 6`^߳`J 6w$Sn0m (rybCA& }DayOv': I\Gs螅f;)H̝alUj)#7us_QnN7+%m-_qxIwJN$ :0sC j(JMF*޷>y_P<cgZ"ä_{vMbCe$JJΛ{Jdc9Pb&LTBӡ@ N~~NM@,zp+̍K%|bZԁ]ū-} ̭stM$?ĦXx]NѮAF&kB$F[^ET;L:AEr =+kyvNӈ ,Hѣd_@!Q\q )RKv"@>{Ap?:AC!F{5qӸSR8!x"Xv+N؟Fz'"j8 f[)E&%}c9*6 i2ǣvt8 bՀ(eM`0eTM DA8"Hxh^V('<ͻKL3;Y9?j|UνƐa %]*TKh%NN!H ~nT Sv4`߂n1uKD'~?@獈6NދWEc9jY年TjZړuΠ`F (}]\RpDzܟ  uiJZLy`(EssLf L A3/?ΉSfrN{ȹ<2 ;dBHM.Hxx-{bKm)Lzb #\ KC9*֍>rm)>0#Uup€_ҍU=t4ҿ|9Ȧ=Iԑ5zOHp**%'6%L]f$\Hd"x~^ ڊ"gJ'w^|f8+0,J;MBz^NYh+Ԕ !`9lf遑w%3< cݮe<mewd4qU.L1֭ V/oM=]*5c{9#CP#E ^"[ōӽP rU_(,Yie^GAH% }V5P%QoCyHC)wף2N5 Rm>J!ּqrHV@h 83<3{>GzcڨQ.WyOR)^&{E Q$rvr9qŸ671c9?jG'jw䙠NVMBWxjR"Gf&Q&,Ul:M y% Lg}'JJ%w;;=9稜'+z㧽R.!#9xǺ >ͿRVU'#hm$DQ B "-R${~giDF~"T3΀I\X ?go&LhX3# )ng&v9eNmP|'a)Qp֋FU݈16(s ަ*G& * &g{y y.[*ug(|6*!jo@|>J4vhw&we}m'M,f$y17Y@zQwNP^z[EU~%35yMM|;(,S`XJu} xU6s{!w P &Syhi >D?b`0_@сF|({ `-PIOJGʡ}A@^lE`ќg+(LǙ!gT67ohT1jLgna:'q:$Ɉt|ϸ}|u@CT[R#uF#["͕thn*wI=*w"sH~'x]Yvd>TL {^Qjo 2&㎹fIxI ;I"SwVaVI hrŌUԘOzڧLP J۰SFfV>',*/x?3Z=w߻x߳!=ds>,%&!7~HbksBbIww2c,Lb/`y ^XzB!|"ꐑANUXnA f ^K51f!anB g[7A˗%*v{5)If.KCtVYMvt|€Cjg)VG'zr\s옲%mBÒ̾f}cC人Sl >jRp{P~b].1KLy|2A0}(݄c Q?S'=#/L飳_gP@Z"۝w csuv^Ӳ5&)ln2`a3:qxm0(]K[c7 |9# h$kV(=[پVX+yjCb-WKiC Lbr&}QP`e6pfө"sna_ŭ.{1bqx*[¥0 i321(r`LjNÁļ>G:s#q[}A4:ܬ5"jy7sp8kެWÓs!Zᇟ^RU=k~ըHt-ǥ\t`BR V}.~cl+GP=D,DX c!tr!U`ъJ(1 Jujժֆq_0+Ōh_[ |}?Is/t$a%/=XVMʊ̜ͩF=k{0;Yzk ȷd+v X|Z1aAf~̢Hڪm0 q/]t݆Wa͹|4/( v'2h{[Sxk;`JGd9 :tH qȕ?Bê$xa3cFAj BUhS3{ؗwhIGg!^\ݺWHYkT"0^ Ob s-v3ʜ z+Nv%D x=*'83"ֺ2W5u/uJ2Nol\ױ]rq˼!/lO? \wGS X:K{];~qQ퍀*, K?Ub[$yqJ~SZXu|e0 X=ɹaP|2sI[uNqc:|2}'F}?I-=-Qδ|)QGLڊp[y:;sF".ؙa&g}±*煚^ЛW[ZWC,CÑH#ɖBqe;C({Ƙ>%N5-_0U Ie" Q(2tp߄3$`(X|*/uk}18[/!0}m7mQ<,<y\s^X)~_a?(WM7c$Q1XWp5WS"y0nFڵuO|4$xrq[GA6Э}$Dce->U6^pgGw,oѓD^ ) H[J͍6H"bU sV6,hTΝHfsڴUBN:l`e<џJ^_:L B|6Lxs?L|cxX/D~\|$`RfrY>`sޙR eÍ<ZI}S\7Nh%v, ',7e2l!_=@YMnM;>8LK/ZQ"HT *o `v.NOJ8՞OěN!r&VyOs]1gsQT&BVC~c\AT5>yV+VرN a$zE>Nc (Ce+$'ua5XVʜՄ R8V.:'X"[VkM8ٳ Sm\W^}#ˑU][G$tRc# 8uz91@y%$xX RB Z-ZN~єH6/Y\3(x8EABoPN\gId)~il> 7`;F ur$/.EI40Ÿ JV+(W$/J1DYRij<| ϥ%iq ҭj1pǡ l=f P^dPnEe"}pqsOu'!Wu{d6;\FzlB e)Jh=\bnpO6G-$ଢNiyU)PnH :8DA'B'V ڌ&ZcXc!G)[|FVS]I@J40-PT5 V4CRJ1P̮aYr|솛4!p\o~mք ܥF3`sю5Ůzb J DLzd&+ZPCFCw22EFtzY4Ea+q"]}?u:HUv5ãݑgedJ!._'_%L-QˇcK>2mwe+*DO7SSӷ'g&jyWR #уR=FK4:<4'^`amʆu?'&U!ꯋ<(({WZw>Hʟb-rߍc(r8>JXh9~u?9G*e8(xmGYy̡M[?Ie$ ڍAPmɰƯZy-F2ul1R<t{@oMB0sw^ؖd\ `!߫&䛔_vjAk-_2U]@KP@ټ ?J4 -&:F[^?z緕GBDk^Sc6فqI=6T4T@O"~) MfTGμ|u&D^4ϒP)la }¤?uY,p0ਛxХ Mx5 @L[< gC@eTAaZ`2e?6i" |: ƨjM2qKĈv"9BV\kmD)1Sju8J ލf,lEx=X+o99D( ]&4ow>ZyR)GRE 60xϛƫk?Q7>P{V1_}Af'נ7p_\}= ]ix"!Sh*Ny-/,pP%i?浣vlaA^u~vo%&M)A1=&o^!L*R'r5S̝~CO14,ib$o,I[ˊ wby1ژP6,lZ&jG &N?գs~67픵_Ad6fJMbkU=L_t̏7vP[=전36(W \ =Jݼ[ 8*I S"<<75e+w}O@-?@A3$Qu- üTxͣ0y{,9)^74YiLN@At2W䡛-856v{:=,KTK}<m1#U} RizJ-5 ]TYw;0BԘvl`Ԯ.nϻ Ms~ҷZRٹɖbB"Doݸr)sQ2ߖЁi15qT3w^~8p5sKJ\%bN 6o>ċ_$tU}v$7~EbVeZUC͏Gz\?hy8]9 [Zlά@{;o@F\ʈ=<1lp+T{qӖKvS}eJ{ DHW)?=a:3P\OI_:eWA!q>z(la|04&g*\ʵ}+TKP\%mr|;f)]>9/9n9afG6j1KU^rK(L/?GUނVfx^*6Akr[B2Јh,+h*#}B$T]LX=1/NOd]ÅE "Tn]R${Е7t0cNz݈-sMV򢢂zCw̦2' 1  c/ Lhlyc7ӛE\Ӂg*Kv!Qoz{ OauYs0(S+f`$>'I^2NVc|{8Aw!6PnKs[=Uu{b*W8v);\[qw ! L FxP=~9kz[.׵PGא5c!M$N&ybΜ.}= އȍ:9s@t9:Fڥrwi,T[-({Ed/{Hb:*ki|[*θt jHE'0]6r GT>9Eмr5VT9$xl_!r$+#@f"+jz4}&Wŧ3l*|4yiS)AcK+q%Еjz]}gs=@AT.$kLG٨SܣSq3t TyՏk.%7  VV9X9My j֣{U{G59EYVOGnd|:9!ψVE,WjWr*hV dӖ[fˋ[Nb) |.X4 -P %>xK|s>C.v&O3t$bd^ף0x13ȫɓ=c-< v6?F݁\cWpNj.UZR8BoM1 "59Bҝ%m<)x%y\w/^344^{,J)k" U$¸y GD[O &>Uj7a2-3 ~Ca\) DPM4.,'-6[HO l8Y_Y5BA\ymqŎ2m@l bl[2Ahf L,$p7Ca9Jp/]VRqK BΚ}VK7'a]6ɮ:gQ6leWȴS&sg|+9șcfqQ@ChHMɑ%@n=P@Y˧m4i6Jkϥ5~G0п-[P/.ˑcHORfS$8lJ2öT)`Ub$_^;ha2u9+]}8mK 06AȪ@o|/ӱmYĥl¶ "C1'>Ue6'ɺԱXA;oq;?!@vI,oj+};FrV')O-Vd IRi{b;_kBA׿Wls\S5͸=/\gZQ)ܱS`;P 7m04b{TЕQ$YoW0וLLKrяm[\>;49CLƈ yc:?5:mКw;8tkTGZ,$&zPq{(|l9dTX%SxhPW>)p B0M]w)S Tq=q:;kcra:)`aJ^}QidXQ.3t @Z0˝)C{y^ZwXI=*"f:$ P>u3[l-v];ϡ1_|i;<r.4 7D5>2IqzܥȍHιHp6_1u5hY@5]/VmqJFa KB0_M|n'w9*q*h3[bpUju<(N=߄0yR3FjwZ[\t#ӽ('@8XhsycLj93^0N9 n ?;~g%1t'WOFr?k^k%yL0!Q %5{_(!z-6ZcBUjXzʗ} C.U}> t~ɼK? 7䢲ޛMޙ3νZ=n[~}}HQȔ-=ЀK͛^$!_:X&`^8pgA..sq}*8lmO ר)9|PN;q Ǫe*:/59L KIN_CM/X(䰙DMWC[HOe>2 pf9XX =pt  NX\f޻zŁT%}Eg4M7Ԃ\m4T-śYKi4b}❛3>LÏg!DwqM~ɷ)㙺a|o_9 [{kW]MkOŒ09VIJ+ʿXz[9=|ANR}RDLhJ o/MYy:ޓihyvL\[ǍQo_jjgY<[^՗9&Y/sAab'N naw-ɑk@շ##`Ȏܾ'0Ag k=? ^ B3|#_=vF!TZb1EM4-8*Yyq=\Mc>2J ؟vڳӂ̧ >ccsU5j4w$=2 PXGC/cD݌9ao\y41.vHe~['u8dᗙ1('O06s>Ew?WH$$|X]3)X5AM?:TENgp=9 )2X#<]ԞF,54($X9W*wyxxQw"d<] )S M;όS֡7$\E\D!(" ?;Z`C |^ DE,'DUc5 Wb]/kt0 jdv ׹ WV@*[e&fn ۔c&ll1}4b>6Q!}[L9XZ; 6,]'Ю5)nLF0\.wX5KwڇS=Oy'k~qR3 G~I XωDվ=D>쾻#fKX,fh'BKeV!Ŏދ;)o+m@^P鉫y<BMZ"S7'g߃`9i' Wiu* )uծbWeFio.q}BJTXKpL6qI$Mft SI:Fah"WT3K&i~ێm e YQ`4EYӝ4(6o+,AbLZm\(:[ӀOFz`Y3w,^I͕rȚ]lƲ/)!g*:RhzL INvEuyJ8{w  na^oR#, NK1h@?3b(S žw0ʀ#"' "@yUBA)~uH빜!)1ΥI 450W =I,j5Q [نunz.QksO/;duʏA _A1k̎HUwTŬd`;XGbϵjЇ.o'pD%:ZY S<,4޿{g.|.mG E;^sd`R@{qRwUk팱?=|{1!%G׶bcFN inif PL:7"ӐC&# ;"g`ޮzcq6>h#%f^Q4ȓ,Cd`rÄt:AY `!Yz']&?2|önKyo61wΝo' 4y'峖7c<W22=!n,O$ 5@@>xjHeX{0zvn, 2'u%ڤTZEOn|>Ij5g-M1ɷ'ty/ H#K٭KUٝ,vqSsEp\L-/!^ElYLI'FDS-$OG8um =j \;+o)`IUt!LהZH/\쥼_l@pz({lMIQfK񸝋fKs\ iXS~K\pf)LIevBOJo E4@\UN}A Dqzv[HtK/H9&;ݭ)S\ i [A<\LӐּneLx2j&j(<x:-S a\dhWئYw$+uSR xbtA9B*y==)KLhK˼fm::-`a5T`%F}A5mzVR~Sj3y֢h;cgbKЍ[dX0s+uίvBH*={Y-/ŊB=׆O'``&n1+o-hs 4sFU%4#lA0`Hf"q== j ߏ,'ʗZ]Vuh^C>m-ժ/7pr?el:8XjT?3XUp!ŔM KےcY  ;X \IY vO*Gl00úKn sU/ !1s4UTw8a{=֤hH)`.CO&;- )ƺ|SaÊ=-ËO]00:S{ +HS $I;Oi>4}rI08/)]84_{d6$^JZ"Pi` P<7Y|ɛ]"sB53)ɶyOca:"Z>ϳ|*(% c#4 !Y M b vrNYlm65 IvSm/.̙yʵc,Z&eAUMb5IrL_ϟ@Y,cSَj N!ԎYN\f`ll>U3p2t3]%zc of>: yEگhTR geL6=C=qD$VI|/( -WY)Y/` 1@*uP.0jLCy7,VuD{Oi/6][Q\ۺP뿐&e"b옜j,xU<v|:e[74\jw1s~Wxx!c7}ֽOĵj*dJ.4KF| ]N9>v6!uVB9{Rd-*CmihOHz,pGtȓuc>r,$Ƨ4Mj1r Veh}>_ޱu5CiсdʍA=IkRsٔGnPzpȹ$9^Cu=VbbIjw8XV:<hgR[l8@/T^E3q[e-2a,[=L߱Ś=΂/o| 2GEǍvrcK7"c9t|ok8Ǥ\ـK0C yT&vIA熆 msqůIthM3\8] ;V1Z+ݓP#Z@WcYd) %6M@gl fcάCvbm:;YK/ ]h wNgHk ׊OSQm' a_'D8 ZFg^5uYK~*YI§ ,>q7XlsZ'q@ȹ$5yqF3W5-ӄcˤ uӀMjUV|\[(V:$eo83bT[kyNZzl΅pi\Azv3*-0S6rcYJ9d1yr8b2w+B $v uw:ʸj֜_u0g.j;RNV]u;h٘æzO_H0h 5Vm{LD_Lw?qJʴX Dkqg&Q]%mGHNNT l8nf.WGv9Kȯ!d ԶV3ܲtuAB:x_|H(PGK)C2lyA2%j[͵'/zIp_ޠOJ*(Aњss((R+dⲠod3ĎG}1 V[jyʺ >烚)w*1dt"sީ3~@R|x0˧6d߃cސAS^QxqaӮ kL*\1hpurmRqt1R|v[$UFnxڼcǞ~,Wvj_n~{"˲-A651e{[ ?|0܉mdrg-%?GeH>$=*g)͸+pw2eX F-+K{sɊρ!fp ?_-#DCˮOymo-+`ETD$&[׮=PiULNXޘ]ckٵ`wuw+t8 0m~@|9md4W&`yڣ <5Vm-* ִPRn ]Žr|ɒZSk4x@gND9Fӧ& n`@C+ H63:>}A꠳pJH5˩F 4n71>=z9=!5}RCaYl y igPrBoK&սK!R6ecxkX_\&='5 mJ~ cGJlM`YȓQ:Qe-?! #ϒ>,9Yvp%Nof^Xd uj;f7Ү2^}RVk\Y-F}k@ O٦/jD8oQN_}8 Vhp &.\AEyMϊ:_P Gbz- ~r{s i'pedwAG`,9=»–XU2٬j3o/߽ ~(r.{ҏ/ExXcQ ۓՖ59blES Qv->U1Gue &$<(T6W QoAv[f^]󎒘h^|G󵺹iE_ ~koNS+M2#*$ؠcɭ̦׭{*rrYzLv髏TXͨ,p[Ju=NM=>{žu*iLX,ۚmb !mjYW{z8`o,ވYBNYPD"4Ķ8R6/Wy-CIVbs0#ëcqK-B%%isdbWů&_4Mv t:!Y AB@i3Kщ- 4D4_M;I KtmwID4uVAs"X4 >xԽDRriH_뱑~.,;>2F=(x<7{m zUA'|AU<įd`m: XmA)cXy SXisLsF)^'pD484 Y9c0Xs$N8 .xPn2aJ|T=k0mk>b{UpeG#L}a?'5s_q- O-VNJAenID䵢g|}Εs/l 1>@(מ+E$/d![΢],|GLJTrFH '`bqcޟ}q47Ez__yCP#_:=?])bl)ofMއVO4 *اdӜsf);cC{{a;:J_{z@U%tuՈב)S܃Cju7@QlTkMn%iLP,`h4XpuwqF,@*v&0VjY&Tld!?Sp|b},*Ts"Hy5LxRy$-k:2=Z?"1zhV< -$ȯ]  4貽b.Ȳo)3US` 4or[kJn:?һ>ĭ*/R"1(hIL4gm*]4\0.!7DHvN_{]/4ڑSɾUjB𖞫L҈!ⶣ""1A۪Z"]Q"|<lo=U q"ȳG։!LPIՆky*il mɮՈ,i` 1-PR]@% fn }fO9Lo|g՞oj%HhCrE s/69~>*%ue,ɵ H"+2yG_l֦LR=[gɞ Fgu' (bܦ59Z^z$ӵlew %J96YN87v@DLN] q@Ps|ld| @9خB{VGD  b 8ޣo-¢84BXb"<mM=^uMenNm8V>hrٿ ZˢU.]L@wEb'HGr,$@.w$44۽ޙ.q?tKtwFYaiz0Áxso[hGBZy$_Im:jyR@zl;JɑJ%QE&jxs-%DHsz~YRvLL&#[y] =G*Y,d˒O:` PD1UKDz3LjG~L)KqYzxc^IrsϦa0 fe 2p=Qɗw|oL]1/7,Vk@I>6s-$HӲa 6P4O '^\MMh@6u<Зwo]#/LEўr (֬2 hE.WM^L)WګzpNg=~/.CR=8sO&#ojaC.j'RG[ C {$?8_BL4*Iܶ2mY>4(閯1!aX?q9_GKάsyh9}jqkzzsR_-r[`R;(,BwSVNgVfԠVǜ/&H-o'M\c(zqep4yd"[BGF0Jox.&PmPWi|:(:V2 f|=xh(u}[SBoԦg` `W{ ;,QfYLw5l"Zy8'CvNѰH'(~ŌOϘDg(@Urv4bᤑ@ NrώQЊXRpGA{.&(>XWW]W/@ XIGw,1i#VeD>h/R4Z:~3=Z'gg{+_Csux_sb}^JV~fq΅vt:^mG1 HyزMJ-ݩOjO_ylmȯНtLogK:Lyhp*o˸,E?Kw`bZ G;eɇslPT/L%G)1vC^g[pp[/:3-2FZtpA DdAaR96L3>; L-}6G?ٶ/VMp#uGSZ$oWA!&on?$ 폷Qmu>e s8]uO##sVQ aG96BXNJ"wsn+aim!I +xn@(cφ lGsҔǗ)wb._ ӗ<=`G™pbԴ3;Wxg^B>8 tRhl&A|En_8ug$UՕ_)B7Lam?K=NVGHk JKNS5k:h E&w@EF@+CTEl1&E2?n{B#ZHs4'3MM*!}/d,"戨.G&]ʳS{L@h2Q;YY\YDn4~0lFH.&l&O`*ek ʦ5+(fLyLP<.H]G?xֵL7 oqEDQQR.0Xh,Μ@w5?A:|z /%0P&HNa Ao`C0*Kcy:uƬs#^;ґŦZjyU 0;4V&6c"5m䙻А7w$gEn76mp<#(=kyr>v^n3[~9Y$\$_j>][Ӊ yk/z _j3wCDu}W*(*Q{vF`{lq,05kN~8"kuu}i!Cv=œϛ0[&>y/+4جn~5:84.gߴxbMdQwKBB7ojR|I(nkUQ'TsҐ`u"U:PJ= N*)8σ `T P4sㄑY lSX/Ik3Pc/rZ4s0GH:ՇQ<ݩ !V&_Q / ^!]ufC8Uxדnm16O>"G={ɥqN &Fy|?+hD`58p!oPZӼttVA=ԃ!q ^!"#܉W?i?ߺ|NOKDZPڛWUne"C kyKŦ+Ƿi*kQNINc~13-GW n-Ehc5Tb,zw*#Wx{[(T_@G*YN.`壵D6+{ QpWm)4qzl`lM`3!6탡g QJ`7})k5z|:j H) Na]3CZ@OXuP/Ly:xqY˄@9̔:y[$ Ѭw:G[PiGE*#Te?lěJɿNhlKӻ^a?:hK#& EtOgRc}sXoUYP쑓Clo1mkG(ҒzG߽8j׮ߎwm0® ~kI?J{٧}lARCt\)lF -#CZNshi 7/{9xFmv-o~}*L![D%@80KHy^NUt2IhYˑ i( zYIr=\L͙ *BhQGVyq+>C ]¸۱܁$_DmHFc/aTRL&yhEQ-\ #O6+W:@1c U?I}[ f: )G؛b1)lwj4%(}kJ MI>a`K^Mg:z?AkN^:Dw}쟭##~ %e}%2j󴍺ZJL؈ZfDD5Y*QW])}st`kzw!I3gc←@j*FB1V J<0m>+$p ݏM?0k$$ Z%MAEdnr68d7 VaeĢ.hPc?G8;涉Nqd*Y3hs5o<6Vaތ}Ʉm .f ~aLh$wV(_Qk<9:zR[dSJGVvlS"!)JUsչ@B &#Ti4V0q)bPpެ~>ݦ4RvͮnjâEp b:Rc<9y“U+fZh@x\@z"BTGI?],vJ@A 3ni$8 .WλgL({sS넝=zW$[4,"+2h8Qؤ ;ODU߆AIH#q؏NE =td["-[C?̙  H #WxL/GYखϋ6h>: 'Ac!ݡQ`d|qI[ `Aff߶I>Uzi 8 %[K #uf%;Xe9v#Ϟ;[cc&O?:z;MAk)eEMCH5%(M}wטPsj@,;@UCCM)z#h[gvvh cnUJ|'_jFl3F@ީ yӊ}>nj[H nwdX"S'~e"W_Q˜W !|~[H5 ]¾ 3;/+Jo4"Π)2SlU>LeyuDIm/m"RI0;' @riHz_Opʼ"8Z<ϸ;WV4iIlQd ~/o /ehӡLi|g(}OPqy3~u'in;v6pu9\6 N֙P}%j첉3x|HA~kؒXq&wQԇoNڂ>ɬO̹KHXl#Mn{k .!ST;Npd+vl[C +mTkc#ŏF.U[M$BkC^y|ns:{CWXN>1=hy\t~~?xH+ؑk\ƿΝ@ca FNl =~[5a*1ua!1tr 3˴e,0h[, CꢇT+6IBsfPw>E,`ph6Pdv\kdjV~ CL?N酽_8‚@y`1:l}. 6Gyt} RC,i.#B'_E6!-e߰Q;y08hE8Tsoݒ%l̴ ^&֟܁`(B'H'>)1BbAAW GY+ՍJ`!}q b"J=fnx0H[&N;_a(YH#-.c*$(abk[/"Ѣ|ժF;*=w(L ݽm.&OI%A@=o9p`=a%5D _;4kEoK?/<ӗf=GOM}P#xhcL 7]䈰8Š"Soj\ZH&0M{xbFמs4,!Ts\bH̞10fܿ>3 $dfZW=ډSh}8 q+ Rp έtHBPxMu? kb鏽+j'ʊY=l x+e#K,CmE"c.<#"}}) R>7o#Q9:=*z_}t[N/ ^R# 4wyg fGyjPC()y]h::^UyƈR'1uŸ9!UҌ+v)3FbRRo^Y@nf⌎V%g}ͳL"]= ;ܮN>i(*Um_oZ?#/A@+Qί08 l=|%Ӆ~ BDB7#" byd!Q1?55dzRբxZA,a%HýCֿWǬn]axn:a} 1 "\I `V"X+]IjM\)i"1hLP^523MHM,5C=I_SVLM@Wؿ~ݍww8YÐRAL`@rLl.>7H6ꂀd.*3뎼M2!Km :kc뉞m%qt3B`S5jpw(mJsGD8qˌ{xd3+r<(!:\v!-U0}[{d&iIOTq# ׁ.=7lw;Ee>/ }a[`ѫ3!rGiViWYQZ<"j!k[$7i]< &sm + TBՏ$Fܕs"g[g/On"6B H#d)EB"ŏø82٣v~Uet @v@D6ӂk0Csѐx`$d5,{K j_E=,$r,6VtqP^BRn^݁3cqcZZVv OnR&>)YeAwB-ؤ(g&0Y.V %.ߴy<bRra @Ue:(]*Z{Բxn5]ы@Wu3I?szFUsW,w fq# G(GTk/[ #9}\8 >[8K}f$&ȕhWE!,[/u2RPA>3|W!UI\oOnUsu?nDr:ޖnyO{blZV/|תS=qeU?aڮk)Nt0ɗSfp`W8D$ҫ t=l0]+O$Td}oMt&%R G*Zٔd,,?}hָ gӹKNFȜ0)ez- PJwxJbp)>>m5{tzn79Y^[A\\sқǜ[w4s~ѪUr xT 4…S{ܦ6 'NHZPbQ*}R Y%}A@vTxs#/ w`8-/ہ?y-= H?ᑳ{Y$O2a.nU47hE͙Rr|%jW4[_hdY56 g lB#Ot = c1& PWeQLLk7Ho1To^ hE NX}}xhEۍ'K[IKW6grN N&*p7 [,wbjf',Ɍ2z@ 2 +'5@i>*xkZ,^eOajJpyV+iD!Q6F+y`[@vd0wW$'ğˀAU'rec 豞$*ǩvrS*DۮSmB_,]=*}=@4!|"D]rtD9쨃Ņ\]a3c.@EꁽI|bdH';ϧYZ 4WI/Z4TlYeh"ϓCy WN4, ~{`tdUЍ<ֳN<s%BbyIT/]1-vp\l('<@fn)tz.R.ؗ1k&&Y@aswʀ&E$B Y(_WW"ik&8o#,|!eqvq,k.TmkpvU =H95-d1te{gVW2 < [\k^;L݃H9æ$h:zh@Ŧ(`5E5Y+AnYKyyF%Csh-n{ *6@o#u_~DdeD{}ֈWhpqAd}{G$t-7%]~?h%oyMq VkӟNz3} ]q ffZ"Re7Q·I7@X"<n/T$~@X@'|oܝ*"P"E-vT( HmG׺˗"w4T]G\SfOoXf(\5L ͂QԗXs\v/>%<" š4 ~t ]hVxhBJ8 Kεޯ/L7-tb.x-t/ )&N!.ݴbӴ C웭чͷsk U V ~vGO4g3$ܙm(N/-}%]V|:^dʹZ[̓ΪFr $M=hgy#hϠ>}Qc„Ӏ_QbA'iM^@Ѡ.M@bqzctOY~^_f*ʴsi/nD\52jLx˝@}e f#g[=AePō;WX3R>aD0]hUWzf0XĐ4J ea.fkC` 9Eg̒#-V+:|XYa⃉eoK)iLFPܬ\d/} 2I<78QY$ҵau5VMP_`=Gd1BZ2 \ߘ#]i3e_7#Dbr|ylյ d46K,bX+b͹%:#?[bY;Zڻ>AM?GÔ@CQoF+j2ZFGCP*CIrPzo^6\1.# h$jyEF RF^\f)Ikn63fTB T)uKI:²*#OREoqR5ő:&X{O⎟< y%|bJLX(I†C#HKN\p-=q> Wsۭe>xCk+D* ІGYyB_+l#+];(@12}΢v8vdg)nup4V;$ޛAf,T&g~wNzEe'~.q4}H$2t`#{Ȅs*GHKuE$Hrŵ%l Kӡ*_La9Pe3W9 M#%i _Q똢2t"W<+_I?5~T~UԺjlJj Ԁm _[;; QM@!(Nr>f`Vt )|8vl 2ƲK&Jz'(V)lBi"&5 Oخ9֨4&%o\<FKmxU3m/ `^0ϲ+@Syk0&,&o:gO֝#9Y/f2}ꜘx6f ʅ*# ZEgK֥ w{!x3dFU{=j1Ӭ<&bI;&vU-^GWWv95˭8fFi!ă Ϊ z_(}oN@Ϗ<•{pngsD!uQyd)"0->]_sߐ^HT,:|PBO>cSk*Fh+ʨF6IϨ!_%"P WueT xEml9/aJh To;D s*O6eT__ŋ -v*j? +W^a~p`v.=\Q=F׹2QUU=~"gle-̨ePNU8q.szf:KZcГO%W33يaL8&!j#QH4]AhSxE$ASn`M!9fґyqU9 !'^ߎT-bZ!C~jKv -ئ{"2ZBxZ%[snbj.y”n(u0S`pdeqQђȹku0[!E:%[8IU7D(qOȌgT_X|놐 Lh%Ⱦakv7A4mX#ImPE5sD0sw3gWS/ŝ)#é&BS&mX,uQDu?qpOv UK~-W-O\SH7qXQ"1+4zFW]K'>hG#܏` z|NPIM[el`SEԢ 2PwcNㆣOwSzd6C{#j?Z"cj}|$zw'Ut7Uq-zż{yItFĄ_6kt !+a*F?@IѥԝLKS]ɿ>p 8#Ƿ,a "43:KbJk͠׏̨± =QR8etYxMyh.T(̶3X}Ve7KCiĻ4C Xz:s{Mwl0C8ԭ "I+ 66ݍۉ?.ixG}<3mFf .U ꣷW},ȗpqܷ{bI`?J!Xycu.@" B<@A'")|KԆՌgVdEm{^u쩋KfJ54ȫٮE|4lO!IՍ(yj#rABB%y}4|9I3k[0#+_m8P[2 egK+Ӛw F[+Hr}`Sa*B\ح g F2wg?)eZS{i;m]q_@Ef܍FMj-s:HnE9h+c@bWW.`rI!mYL-?PP*.nzЅZEEPz9~1D<6/VXݲm^+0oeҧWp?q{yxǟFhߓ~q,vc{ʖY{=rm7gqs=z_Z4ƿ7a ^r19|S-t+kόsްÂ),QL:Sk֍dV(LR.?9tYX]i ܺofPNͰ{12!ZR_.ƈʜn"ǂWn$٣qqD?%<ژ*xՆz|4[9È&89۸Ӡ,v<p" oiĂ2@Յ7xƍ$q֙;Iͯ / җ5df%}f6^<&J%kwsuD''EHGwX_R-V} !G _aw JF5p=[Ηq%'oWlIݸ@g)uy| ZnAVk:];Emo W))XE 6)xɾ\Xy.\p#>qΑ~f7pe1elG7tɣE eK`iܝTWoh~j(SAvхec?kD.MTaԐ` 0+A2`-*#mclvهϒ(c%_ V2L7]mG"[$~`D?BJ^N/~g Waa9Vn]&pkygV57E,D9(>qpT}ͳi-M+;feHLQm?Ժ,@FPEÚH[,Yz_Q};kEqTKKWFI8L:Zp0|o 'gC0ODί& bt!=8Rz_{LWn֌A;Ȥ vAT6lgm4/sɼ+8|Ӵ?ˍbQ*+:(dn[?RGއ bA[S1BNN"=,wn* Q0U`OQEL-8z_j E,ds?i%㲭̬VpƷFiqCq#s Ĥ賊E)naYhY6$AGFqlGE/4XԷEgs&<թCHX0-"0q Wi[7Bkl'V9Ckq/FO"[͐ VliMezyT apRUY+ׁнFNSt&RQCD92"ל@_x*)`3o{ovJXlNφǖs.NQ槁~G2Kh G݁[V,MČR!jK`@O!$(ddÚn,&Bd*BXWVkT%,/Pi &:-^X/<`IMbjjCh>{1m |vj~:[,r)zS ];Ψ dYDCO׆cbmRUZ ?sX )Pjx<_-BqL=;2ct{v­2#qߗn: ԧ5'* ˇy'[R\G^t426v}ĥ_ǮP vi2kx`3;PI ŗ'1EUcDB]>~ڽ-|6ʤUR'\ݚ!K-Z2?x XxZLZ <=bLV>"v#r38ybF)m<+9b:&4giHԴpUh(b^!fZ%9!̛\m&&(2!)_>IΛ6D(E e9tQVA *\i ]{FE3]>9>NUSPEzݰo)2AF6ްd/'Kږ`:!w.('p[Ef]Lhi麤È0݃A%cͬBs^4 83MmQ@cPĝIF EkH$6 KW?+{h}"Q1MwBg*SVd0u~F1{r@6q!J^{!Y*i!In ڦɧ=ɨ_K_Y0@ z`clYO5 ə5`:$ V-=D*{#u^c5;JcVL8aG&GYyfƆ[at]9sa, <rO`*~Ձ )Dp=|b`'"1ڹx3ܞ z*5rMP׉mI9igAk9>hܢ72<Δ#gq)eiizsؠ~ͬM͏u* DnϱP!yBes$,bb]@/xpI:%0`b,w> =5[c+k4 Bځ5XtY 4tfYqa7؏vb KsGG&20x2(O *ӛ<,!.ϸ{WI]#qTሡm!bKid0[vҷ9;/1\=Z@Q-|RyoHL0=W&2">hٔf N D(L`IMF[h][@YBϾ|3Õ!Q%g=yPA;廮izspgJ'ШaS"1jK\(ix$psbe3#rhI~D -+LܶŬdxCh@b(չ5QTVʇЩnku|(>~b"ZY{p4/`н A)"' >{1Ay0Bkr.]WZY5ǖOu'/rrUq!:NÓAW*uPjS\M(AcO$S)&^`u'ا.(9\!DjkAJLƈan.kM2֓S尮f,0=?eΔ`XԉMYؽtDJ+`o|JMX E#ҢZ[fo0i)DzNWו9Sipm%'fpNE*f^|݄9TNanm8[\`n,y~E a ˵+w~(,r6OՇy~IVhg/QBa!V /eǵ])% c$8$]Yr >2<~?H %o/b;&Er!ziOy0`qE IJ%85sCD3t=Iq]RWQQυkfpOJ\Nv}{ j@V~y U,lQ!L Sg5NI=L1V^t^TI_L8#W^](DDC}SBQСzyƚr?xG"5'ޥ4,Mt+$3% ?='(g[I\L̯7й%;Lc@p):ˆQ c)gmM+3 1E"U:HPt\h3o;4] Iq=ܤWҎH#bgdǖiن,tӂmqۦR*LCOCaZ#m@OYd?˓(e0Ez)-%n"9SM_ZXg:Q4:?NjJHq%tJoѲjyܜW[,h7SU^HXF8@8CiBӇ({|NxaV3uć'wA?6<ۣU76X";Y hV(ЂdurI +Gqߒқρ=4?K<^Hܑb xq@`H}ϧh琶 %*,سBV|sf$#$}s,D#eɋS(4·N$4?(zfqz`RQ]m&V|]M7]`zxDQ1L3h BFk|ё?AEw[M;W'1G(|ئ:qe],z܌2jۜ*-2E|>@H׶&^QbaȅEcf`l<*TVleճPUF#)yײ}cy/~sJJz H0 $u5{菮 +B(ntVx-Wʹm[ IJgYȐ] Ѕ_VqIT#L G*5U7殒7-f(e9)*tW$׆`>T^ ڲ'4J8qv+kEg7EpVCҦ`ʫWLT&HSn-k8$c1gV)G RU,wlKHi=N WăX^&(&m y9hxeJ1phxuK~7iv-6"ieW_a9qgcjw^3T$ܟn *Pl޾pظTE<Dc<^y-ϵ󬔧]7R 0O4 YZ