sssd-ad-1.14.0-43.el7_3.11$> رp%,!zJ>;~?~d   9 &:X^h     2PpHH %H   ( 8 9:d{GxpHxIxXxYx\x]x^y<bydzezfzlztzuzvzw}x}0y}HU~Csssd-ad1.14.043.el7_3.11The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.X~oc1bm.rdu2.centos.org&CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64`K(Z8YA큤X~oX~oX~oW~X~oX~o4286371c411fc7feaac96faf4f098ebd63bf6c30b31e0dfbca0cb1dff8c9217d423d9b760bb59ddc3ebe0e7549357bd06ff74fb9184edc2d12236421ea4e2bb98ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9034ea2d53cd525a6092b59e2af427468180bb8950acb4eb1da43a2d3069cad202273990af16f335405aef09c28afa67a6a0143f2d495cc48bb62fec159c6cbfd38rootrootrootrootrootrootrootrootrootrootrootrootsssd-1.14.0-43.el7_3.11.src.rpmlibsss_ad.so()(64bit)sssd-adsssd-ad(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @ bind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libini_config.so.3(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.3()(64bit)libselinux.so.1()(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libwbclientrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)4.2.3-13.0.4-14.6.0-14.0-11.14.0-43.el7_3.111.14.0-43.el7_3.111.14.0-43.el7_3.115.2-1sssd1.10.0-8.beta24.11.3XOX8'X6@X5X5X.@X.@X)@X#X!@X lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.14.0-43.11Jakub Hrozek - 1.14.0-43.10Jakub Hrozek - 1.14.0-43.9Jakub Hrozek - 1.14.0-43.8Jakub Hrozek - 1.14.0-43.7Jakub Hrozek - 1.14.0-43.6Jakub Hrozek - 1.14.0-43.5Jakub Hrozek - 1.14.0-43.4Jakub Hrozek - 1.14.0-43.3Jakub Hrozek - 1.14.0-43.2Jakub Hrozek - 1.14.0-43.1Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1404340 - Use-after free in resolver in case the fd is writeable and readable at the same time- Resolves: rhbz#1398673 - autofs map resolution doesn't work offline- Resolves: rhbz#1398169 - sssd fails to start after upgrading to RHEL 7.3- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1393730 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Related: rhbz#1396486 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0- Related: rhbz#1396485 - sssd_be keeps crashing- Revert the fix for ignoring sudoUser case as it breaks processing of rules that completely lack a sudoUser attribute - Related: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392893 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1392896 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.14.0-43.el7_3.111.14.0-43.el7_3.11libsss_ad.sogpo_childsssd-ad-1.14.0COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ad-1.14.0//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ca4b3c1a626bc01a7879a87361b20e1e680f2107, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=d48297b8c3fc41b10811a3401193b534769ef495, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)>>PRRR>RRRRRRRR RR;R'R5R*RRRR)R,R7R8R$RR R!RRR(RRRR+Ry-d&D#T )SӋrMB?&χ x.YaENg]aO./٫> @BCp [9dŖ^ -JRmZ}ش(ʮH5\eܴ>fvu(Ǭ/YȚ({:D7R%YџPcGšHVI4 o1kQ61m*pE&휸Qf>3yf׹{PGt? .U퉵QCAWiZb~7$uءsw׮cOXEF`;ʩ@@fO =r'R9NpNc-8zܲo۞4zFč8dO1_b.N4V5")ry3O/9ަ7z'RKZuak~"|a527Rnc"X9t M,Eͤ4 V@4AwxbBԀ|xìRb |kkDˣ)px׵޺3 Q(|xEvʘ4AQZP)b6&jK'~o:i6_U @YȪl>d`Ru~nø3+OQT@Ce^ @@/"r%I I%\do( ,안T;t+*yiH{yꈸMU='ЇB@({&iɧqmjFRRx'<0Jo$=/##X/!|uO>ab 1+|UXsj6Jr,}[,8E- \Wp+.V˭]fZ E[ aGS ;9hR{̼}Uϋ "QڕMh4"[E N ATTKt&#u?Yٗ_u`ݟAѼY&,zŪ17DD>hUn~pa}rGYj$tXrP{(Kv@ঢ়: ^_,3Y[%S+ԌjE#_W[Jbh@izt~:ʷ OB?3 `H n; _{'F)Wo:/]/O3W/ONeta]m;BGopyy}=pWl;Rڀ\mܑP|wź*j<צ_}|mZ{qzS\d4u{M(EQ<$bp'aTGL(kZct {nj{|B;zi|ܓi;gܤ&@X:Iŗ#B&Oح@-/k7Fq"D/k9C3eݩD"mJɮ7>e# O Yv7d)iIn&vh9@A):]b/*6|B4hya^Jf#Mi$R{ mf,Xn}QHXNo!Ģ(6q*$" :Cbg S̀b_*JyEÑ%v\Rch!`bv.IFICgz P"Q!zKL|W Y?/m;r{+onB;$xoOS;hב۲IN݇4==U)BGKtk94UCLXmMxvr8_ZXShk&2~ źMO|';V@qG\mnEu'0b5?E]Ӷ8!,餌Ƽ*wi(=]BuDz(e,*U4mHzkm1E2KvK4Aޏ{tM.C\"My_wĬS4/mORrE"ͽڹ-9#Ihf/<]Y`9<^O,~$=*^u'8kj9{YӚx_c.ZIOu râ~}4{(Jn,X""Dda.H j0Hr2D -VZù"kyJP2RcA Jz8b{%T|y d^\v9wA# ϖ d:Hvs,?^?)~8L"v&K\NͶa+ܻMuĮuDbdt"Q|.B/,Yr!tU\_`!KMҽ@>_$lF0Jdg4GphY4 sh,t `PO(W4KJK(-Tf.m2rHkRktsC&T2Yb>T)7+-*]`\T4 <ٻQ ^UQ&&[6F5UT7ZaůM.lRxQ 9'ޓ tε6%r5W90؟,oy@NDjqUqHrLUk%PRVv*gI?4s;8F7=-;+Uica7xl Ej‰۴ OhtQ K }J||/oz?yBkbKӣUu7/UJa>Ӻ-ա_v A i!>\\)Fsxą~*ԄuDȼ3"oS@In%ϠE0|dUp;{fԦN4qTBӡ(|-R8,;dj jUv/7rt g'W@ߪct+#]aIW sZk ?pc {'M3#5q_E`: RͧǷh[ ̽R[ø3TD##x˫YG`{qWh<&palJEH3,/8xVaNj /3zRs5V~iS|{ۭ*c݋3Z[_ .n$CKB Trr+Q>cz}cu_@U͹0 m''o1(|bIl8#.: PJ}-Ayc`VK9cs7lqgͤ|Nm|`僩GJ4f>;'pz4wtCgS.WR-h;cvαkn:L1 !n_ O:4\'w%K3yFm qqІ*tbQ c騰| K!ܸfڤ/QAd9~y d~QFB/F+3u?z}n pQp N)~.b Fɉ_< JbqȮ΀~[G?d=͙M w,q_͑}a!Ikͦq17IقVufmA5$d4zIrqGFH Ɏ>moD:tswhӫ@7!c-'o;i2/`u=>Zg 3IWN0D15܊9#mпK yǴ 3Fkb6H&+8['N N9 S-r2gms珨W)գ&bH!f\<^8x;k^)n̄oQ:qŶȊMJ \ _+D*y-]wXw{JHyP`6I*?Tt3I-NJ w#:A`}c/YvP7꨼PK+dze_Vӏ*̛gշyly~R\a 0R7p)RJnИ=V!UG3db<ߤ DWaTX*\9e*˱7<-B|t߹=[=}|]5SYބ/aZVݔSzeC7ع !бUt͒ub+Ļ7L-c ,,**NyD-sz,w'1b:I"&,`dpyu#Ɛ@hTюh ^`ymo5ʅj{KН&~PŽ a)O7ݽ*Y_](QRL; ^|_o QYX%״fD dr舊4sz5 8_ ;F"O~ꖅ͂QW"oO S*.G$ߛ$0N .7߯Xm che`HKEReפDH*Nwb~0+G.s:,+5+Jgn_̙\-U9mm!F7X4S[{lqwge'[?*f!6fGW:Yc;zTuL w[6fܻg[OJo75Fzu%$8^pf|K @aZڸ6@nsEҰP&;]!UlnYiKF7Jۏ 䪺U}Grv 5$NuN'e`h#y -}nXt iG r瞞G@dB1O<9'7 qB/=2t-KB{ftQ8kk]2 Vq^Dv~ʣ3WX A4Kz:NM]G_ܘ im8a5(aW3 ;;g~s %TԼIw41Ǝ)ub[&f.q Zo8\zjw=|!lsߩTۼeilQ&5:ii`> %9 k-1P((hHm;6(uřQDzCvʜ၊nz \) =ahf+䈸z{Bʏyt bD:0U#9KB̈۸G8Rfo<ջXi$͈k_Ӕ;ٌPUZw+Şt1=Z }N;zmij6wQnQۧwjQ-Nj$j)aTQ^:2/^OP0\[Dg9R8n*^#% Ǫ/: <[6-ݭ#''f\^pa0x`}0%T\>]#P A/vd㣛l>%д{G~7N860|>hY{fAfjԽD- HSYaGWT3V=o\ "LȦ1~`G˅ܑ2R5π@{R4a%UE:OgHB&^w.6uY#,s#R%BȊWM=IՅԾMF} 33uWD{ d"#Vsue^/cNՆ;1 ,} $Yd4垙W#6M6 /WAWh ,"q5WӔ陻 ˯u.s0Xm:(yC)'~O99Iҕ˩ڥӇ?&Ŝ|١` &S@p>hob_:Ɇucd \*afpdZ'y|69є XrqOO=vgiTZlznVTPN[/2O>!P[9$9J\m.}݃<]IcF~)d_].9Š5Xݰ1|%sIKzW0Qz5h(FAei_8J抣{p-ܐȒ/cZ>?ȸA->E{3O+ } }!hjy޲ `/ZR0$.0oSO0 ̈1-%_Sgk=۠Ւ_qI O5jy'pԋ.|"R_ VҒvsD9GvY`*o1](8ۂc~U{hBq;vZz}<Pl9Ga^G؃bZ Kky4"% RջRQgsʕ Лub10qk43cWV' h 7<ӔsV\J*}q0e>5NI8ȉSӧAvM2iWg& ԅ6GOn57.%Ӧ3x&P͡D:q2"O'w6B×!G0DyH9(]$ 5K9Er?'rrwV&Oj*^lX4r%Bh5[DFgK-1MktGLqLy= >) )*#%4,{&Z*nařpkt؉j -le[]x>Ղ,bh 2:t |>i$ ҈~QT!Ż_$k8J)UfN3& ~:Wx ]749%!eh; ӃU@ DNJIȱnnPT:N^oyO %Hr~Nő- 4=Odo"#L)Q#l88є`){ķ2 RS|FHr ylvaݙ-miuU=cQ Qg ClW)|NžH *.䵷&kN) ֚ؼ#a.s*17C+ﰙ';lTW[>t2 3g}ՇЭ.z7Eri:s P Ɠ=$`2HNݜ vkp-WTi9vu^]$9 5+HbӖ8Lά$G\}xjʞDigN|x9e?% - {M(rd[[6p[56fhx#f^AE{*G+SkLHռƜ'3WPR"Im\nP3z$27_\&y4fk] MA=5ahzs Y7P}Ps԰/eki~!n3},@@iʘ ) }):rO %șKk87`n"{ \d^/ %×gVU({0fC-1VC.2 { i)i= HUhւ̅uDlZSږ#~hW̝]4 hr*.Ĭ !g|+9[xBVR0@JQ>SI(O,b͎B_5UZ^7]8 ͈qS:-~1(BK;Z=.~9WÆeh34 ߸-.r^(`Ŗzpo} SqRP܃Ƴh<1;NpDc,V X'c][UTkiN7.j[19Uf d.H8jBA& ]N)u>yX4CU.FqrvfGN D [A'I-KA|[S<(wi,Oix(~$f䌠lWoEifVkroS,/feb0w5v?jL350޶Ad e=0ZO.hw^M>юs"c@1\u; 6@IVna9eQ$63X32<+URu68)N^iSmM[k"ޖ|}$)OE8R*@ՌF)Tk- )btZɸ2jNbvưd0WýSexm+ >q #ڤ]Z*|YgT i]wQMYDc vp7qn>5I%?v^0])_B|3'3;Os=p" 亇+6'' hh)̖~GO È.P m}qE9NrQ_g=.Lr+*ΌQ-}+G; *!ͽ-MP`ܽ/~_k0nx: #b_J#ryYMK `)3jU3±^I6\ p=_,(w5Y[]:=/?Qa7໳'3aU7-6+n .K/X{%XUs&}1DM]?%aԙh15FEe,'J$D?*"d3_J @o@zs#x,.3QD}րhɴU6^ֺI<z"S& k9/"\Jaj3F?toUNi҃e&vzUL 'ݛjg-` 1U`CGkÙ2֍&FStu` *UXuvoPYNkќ:{K9tEENn0];/D `VMcCSGHYWJ6oO}9-уf#Z#"WWK|o{{3 d .P$_ujX9q \p'jSF|+06`#*dK# #Vh S\񕛄Euq }gVv!'%n 'ϓVGg*Yqԁ'AͯO;|_ЛKeC^|y3]X1(~_ݣ頿q1I &W('Fv Lk[^MW+$Esvn Mp͵/gFԒbL 6[$E?$oiE%ԧ5+DzuI 4]%\jwczV>3TBԛ=]X PEtXS䌥Ҁb,ڒM : kd(ڞ =cXM=u~6cImVP4lfl+bKtǾ.kSnѯcas;Tu.>PTr;tr_3Ha6bQf 3)F"əS9~ LH4WWjzi$yԲ-ٟE Xpac-}Zy<4iaYR#)\6}8%' ivJ:;%5Uq=+&$g-p}!%E+6:P6+BIi,=O2'? ;u噳)W4ٖB!JoZ O`0cC _Wÿ,o@o`U]jV['Q1'N,g$ܙ[wCg2 \iuLw48ӊI_1[RbREȬ\@0Tl[T:p@4/0P.9 G Zyk/փZwC̫cŰ>GUz= !@hw7ѵ /JXLybx؅ie&2-m W̶ĺTt5of]O}QP4k U+OIo#%5݌|+LhZX_mSCǑË/Sc=Ok@lR׊ǨĠ`KM;xvA 3xzɀ;ܦ~k2HvgOiBPތ!t=4RD}Ƥn2U5L+pDKH\h_[L("7HGHnc7b岐qSzhb,AKT "+Gk~Cj5~Hf,Oevg\<[>q&&[!IҘ'e35"9d"[r_ 0r&t'8q\eW9@؃15|v|Mߩ^e:h0zD2-je*#S4̲:X /G_rLjcda3ȳn6n=r3lWgޗɱ;^٥jb꫽ψ-ޞ.m,[žkgPV"S =]vi {7&u txi qZv O"" +g_h]hqNZ  mS^w yFEop _溊vtK+  {q#,!u7x~0|F.C`7 nx"NHI5r1Ur(4 ]!'-]SYw=Gp:n]niT际::o?JQ_g=Çė%*BKRICc霎mxJ<}BG9S10}c[Ș @u"),m:LVbQf؟%>&ZC6"+S:Tdb>QL{`b͒EFa %%Q%GtsHI+v<#;$GiQ042u$D7~B5ǝ<"8p7oڬz@s1n)K<"X@ծzZLr% qv(Cip䄑*Y^.G'l*4tշ*MJ`H˼*{¢X5oFcn, =F3~yYLs'%evYkgh@u3% ށs&vDͣԽXa33Pg Wrr\yOy&@+OaYom۱R)3]QFt6~2s9 I2N[8d 6z^6ǥߞ~tU-"侮"J?ڨo!zN>Μ怖b*uBG1뚣3`JlH* u̶4ڢ3( 4VKH_ܾ=U64WO#KwĖDU4ir~ ,gtHA gm >NJQ}ړ\I%:U+n=DhQ@8I Z!Y!طRRT]3+fw;=<.Q18YF;3a%H̎0yڳ}7+LSzeئ[ Aׄ`Y2+ے~+~a Nٖ8_$>(US1zc3451VfQBC $Z)N Bd샨z^K߾+mnyyXf N_5r.76ÃwsNņ!WOOP;iտֳzο7AzɚtZh4kF{[@buR4 m0?>.M`䞷 9my 4\]9%+LXu- YǤ!uP썞MhKMFHDuʫF9 f5 F#L# Sf7}=QwvC",X/% e'n]芜 Q7 ե<&47һ}pX8^%( G_A,d*ey MC0휹 $3-sOi濟[LlXrӉ{wl !kJ`{2VDT>(#._Z750l[Fuq^#fkz9^9զ{dQ& `ߣ›9%L5Ưp5+[PhD[YWWVzuia_SL4Jh{$&G91Fnfv% Js0 ?=jRݛcZ]35^:+ UʀVzm7È$[db32mdFKi-ܼ i&+lR6ɰp % '=+rX0u݋L4fbt`ޒBIr89'! S%HjRkL+A*s^i+`xhF,9[]=o5n=Yo큓{ꟀvqCgMQ܈2/ԗ}ޯ.Y s[vmez9GIMaMo@@XG#ssF<D9xڜq*΋Aa'% -qb=/z;Mob(S?Eɻ^E6V<tl8bg5QPBձ(SQBeߓG=嬏nĊY+;оk؝uFINj]9k xTWk"`jÖ)| 4F>PgܗdcGD7^=,6֚[r,SykpKtxtD8.YlͩgůSFPdA°Bv{Sֺ9N ۜZlwZjM\5_ QIe<70as<Տ࠸1of` 9nC[j ,A(BVRQ~_P UU iZqBazs6s1Zߴ}G&#~u|2TCks e׼GOFy|e2m@5nvb6iL)GUKIЄX0[ێ]]覧꺬mI3 ЄHDrEK +k$řZB7"nw ,؅܆ŝizlA4VHK$ Mx]uw!wm: v~h<-m,lOrQڡ)~/>U}Mo؍ڸ#Q\jG˟:@vΊ h{\; 0؇9v9[Ĩ* E5Ѳ@N'Т!x#[KFe  X-4VV ٜ_ D`V??89ƢwUMy!u<~=s __{ uqQGz2#zŎ#q-(ckp_ڬ% KWӸ=<5Ĩ^i[G-\~' VLgƔOv<;_,h7.M5:y{H?{MJ.kmQ W8 aԢ |iDhk2J#H_I4ݖH6.,ˆ8ûTgzZJ CbLтEֱH=bμdDpt SE˜ov/j&1jɂdyк$[|xmwk"S(oLF<,k=Zb[„7͆#tҘBhעekv e>O wVmc#n,覴Q\oE XѥhBKT*g7vѮF+΋ls)4E?t."2+g;\LtB]ο"tKCiG⥩ kR"OkULX  /gI5^뗅ͺ`M6">$?b~˾C0߃pAYʶ҆'›7II{ v?Iڇ=}̡sL9Be[vsEki(Lz!d}vvGe9)=N\t]냭H#@M~{leXM,ѡ<,c,P̃w}m}=YY^G̵TFJs²w/dgB aEvx\\l_ ddPE5C;Bg4m\TV])X佄tX ɔ85/4&ھlE~D^6̐蛯ۙ?r󟼆òF%je$+5Aج"H rpO<VqB=_1jgB[*eW4σ"WD [sDuU)u0vۏpo.ma@9bIu%%uk~U^d{ pvlVPJצ6ZȪe1Tx飬8rdPEՌk Nv(6IݳDQ^bH2ߌ~%7'^Y:NKt d0v}EW/L3:ʦ/aJ0#22h-׀MKg #Rhk oSEhB+_?z59e!vP>6?$C!j!YM3xmxA][E]vw!1%;i~pMg~ۜ}uD%h^^ g~wI)JqDto?YAcoFI_'. " a Zg^NI\L!Fx89xjZP" e: =P!̜#\ |yRDŽؠƭ!Fa%˿CJ61kk PX !MD \{q;;ZdSk-} xwEJ540jjUkNրr~ή< sPy%|yPk:Vҋ]]qsFsڰZjl(-w|?O<𥁒gTb: i:,SWJ|H`{UIHQFMEzYJzM& twZ'IDC@ҊD@S7n{>1x*:me㹨 ;aFzv"AH6K^x\~:6?rD`lE=DkrwAp7p_z!Z|T .YPЫeQ=.gA H︜3IV{nJÄ*)U[%ebߊ_ J C2U}W"BIJ̥&E,GKЯL9OcNrC\|;wP'gـ8 .-{}VF/۵%-bZQ;I풋Zңh9̒t28Olk$ynظ3*BASp4y}VjR[ᱻ\uiױ` ⲹގi߃M! @c̿ך#j*A G?kُ=]1|xf/^HAJ B~tVR8țdk)!/BE "C/k# PYF/?U2s_x'FӀTnzno?1\iѬ]xٓ"CL£ _uR:HP}Y!eaVuPt2BW ۰I d;A|` KCO"KFg>܌v|XͯUy,-^鳙у;埆T,]?Mu´ϧ Q."juI[LtŠeE0g?[sxѾBZѶy$bpF6>tr4LԱm(+I=a4[|Y 8E"([1r=' 2_š-QvM2G\{a /]j!9%(#ɞRm'2+>o`ko;/2KH`mlttNSܾN U *،gz1xDSkFz R NO0X;wE'w.!pY"`K@̥'u9ˎbpps..A`[+2nܹ1ʍza8uEC 7 M[^Hqn{deQ d=z>deyqWpOjky4NQOafw`^ ucC@$~FB+ľǵf$M}qLK7֏SSEX911~=/Qbm&4+ oyHJĢ# Ѩkt}9TG\>`}9uגJ1@"U:*w(Qՙ on.$lZ;÷t؜:<~?ېbɵ06b)}F5Ǵ^0؜.SM*^_Bd٥\mRe-naw` ?;ut;)Io 1k GŚ´\`%od$6LZt3+& 5ڒo\DyKLr(+ WG ǘ>vM3m:{lAi'ן!iII}_؇{)PAK9شCUSHy',|8ɠi pb ҆f:@T`@RiG$Uj= -_]wijDY%]hFͅMBI/~4:} ;S:8#/DU*I0df?B|zٮ[4Ѫ whambpY8R928WK膵BS<0ؽ3*4f㓾xx>vCWt+VZG"+ J=0Ric^`iB*ilZdaYҞ3)iF-8hzwn Td)D>.8 ?o܍}zdu.ṋq84O$~.ӭ%oQqNd;>8oa*±UcQo7hS[̏(izl{Ęt >Ȫ#sњy'ʦblh-Ga"T%Of#j'-#TC `o&lX #aB2FZ?e*q(4S駈"6%=Mhr}~2 GDq-ڥ|b\fC~}J#iU&`IFi$ʷWY(Xh\rZ,R;#ǠY0R <a[ʈUQƈŵZ/uGT+i޳͌ؤrGO75|%B\>ڍ;= O:-[܃>\=;˧S/ uwպ0 t!0-C?XE4 k}G^dx_~hߡnиp$j{QK+0nԖWΧ[T{`Ԕ'DѠ6Q!H"I;"Y IWwiz#VplT=%wl._–Y W߸}jP&pa>'KBNk뤪ccLx`'!bɄcV{xl)V#Z,NOp axw5V'A]QP4B*qe赂o/APd|ۻa 'e{Cms'wh֘6Ц!JvXZk6%”p-XDD^ca*S٩v2ay$1:c<,὞{OЅSv!HGIpZeў~O<6ƯaX(؊s_01Dyg!m֖9бc[_Z 5Wq=Po eI&fv#5V(龂 Ʉ?j*{ȿxR^<֟|~]2\!cժŽC%Qۅ D _V8TG8:K|1̆C捂6"Mk@SuHCooGA'D/B3u3;wZTLl10%;јML>4I83oGNubc6IgKuΡ,yqFNza06%Op|n\\BF 14slMn?KC+gƎll0scuq~% 7B=,^^zzqꢝc\sJayiI&r 6X3n7F+h"Q>_j vR;(M-lB_/ eA &t }㻙 Mnq5ۨarzGb#T%jT wq8u˖]0~t +["fzUo[gRh$PYǏ|"y℅ge4XDc@ m[O̮ 1D5UP\j8KgK'`(M4A8o q!q {jsWkmDڛ!qse[f[Ѵ_~V{&^ MYۀ Zv`љRVƑk87"a+Z)McCqMZ_fu\r2(0җ\2$gIe)+%V+dj$Ay0 r-eAbg,S .jj9̀?BQ8NyϠҋr 7)Ta).'X^zZ!4o Q?jZ=bGY{3do9mhDȐ7A=>!C RJ]!4 AtDF'* E}{CX索~*2{")U r~KAeK3©iKiz s"2М,}t}+ +SҔ"9e{h6>R9gT؀j eZvSg[_"b@m5hK*{ڳX\WAk|؞8nC3T;(-2\O4{~F0L첂7itR$9qL*DDt"TuY6 E88j66.ʞ^ϕg }vW;Lꂋ1a=<%G߅rfAu{T}ѭ#cޣ1 tKP}PW!yU>6YOsv܌eۚ\B,2 4k'V:ZlKu-f*3U?Ʌ 2`f,jٲvCzՌ{4T9ju)LЊFF X;`q?‡_y+?sZ`7gh#8α%wlii[HʈA荥Cnc xIVYJc=t)LSIsKZ/K?n'ԄU;~n> [c t kk/-f2'J'+ㆲ}^۵Y\"*Cojv~PrwmO2 sM.οb ꗲ]>hϊu?6$Z9=Sըo[^ o#TB&t 챵BM")Lgn)PL:nC1`ۯ%B~3# 8N{2ڻDj 4N {x7łj2,dZ|72]̆HRqߓD;L z}*1*~T2ul PT[%@7#_~C::tFeq 5\[ 껹|Nd([C`zh^%'w\8k A_IeѺ']-n7}' iU?sf&8nڸ0^o!4|Ė)bE`{`/ҍq&i)ׁv^.\J%0zIR*Mr FֱN߭nq0[@sؗm;tʠj߻랎eM1Dben@Nqj=sZ& ^D2 D*D74߮f?׳훒o^gCz-9p B+t)da q f{.Y%O[֪Vy !1qS51q +5856e%mʵi_,HT m Òvi[^s$EsS naz bY̫Ͳ髞g!ÃCݞM*ֲhyJ1Z:`Ki)]_ְLYax]:U>l(JЩZ(74 7VCs eՊvk)3 LC^&qh>oo,Y؟wP0Z=(Ff3XUe62Tfi .aGoef 4 AQÃg Peo=QLQ)-2)H޶mFa'u|{o5 X%<@u*6ҟ4,+vB3" lR֕W#LIО[sofK Qphl6j]? #FE@ZPnInrnpcdv^ލ0)5ׇw!%Mk_f#?( oky$;ZAxR(i"]Kp+lÙ0iBSm /S4F፧XJU0QEh8tw1{ZHŸ(0ҙagZcWFn'&+|VKtBρ#Zy7B{W2eAfUq}@AJ1j9I<&,!ͥO@/`"OƯc sZJ+Ͳ8F= BrRwMpڶQa2LAX=.Ce"*H866;uN&ZR2s-{/ ŚK R X `(lC'(A=,\ ٌX<(, N^lgbBK92K[ OOzNU&Sl _'۳~R`gTqo1cO9W,B3 =a?BG jt6⍘p\49*x*f$3ьaǣ?m7-cFX̳E[ڕ*BDsn}hMxH dÎ3l%EFm5"oh|;h~ψ R (Q˜lvp‰b4;ޖ:4sqLgc\mLpP0TtƧ&I]Xt>'xz./LFt8;̎Q̞rS\QQt PgEwjr B잩z- vsuY7 k"-۞FJ b=BGY}(6!pKnh7VH=o]<2..؎V#'VkU%nj{R[C,9/;P,cv× Y+:ቩV*f\8>9Ka"o^QK'a$fbwN8qQCI l(H90B]1=~gZE+<5M+zX,tft:!^-ǂr[BװTrAGX?Ku+z|w 9ԕ:52kU"!BM6&\8tѳ7s^ -glRNPT=)zAfˆN_g:]LE~z2C.ьb("I1:;?:\R«I%Eg+d}nY-8wt4+>\|GLJ*Us-దz|T[rt?ؔL=o 'LYhA}NU_i@BBׂMLV,h}HLry8;YB*r%I8Cxg 2E_ҁ"[MNva8 DQLf>1&~@[2ų!nAT&(F+)lhn`0mL]8VYT~s7`P޲:Wfwcah̆7w(g|e=dÛ%X!]ZM)Y4~~F w YyZOy12CSĊ(]Y-o;8"|1lo;dUgirRQm nqpIJDH, 5. `p/RUFP5L"Z5 pV,6ˎTrj~ s/y㫄ޑwldwŒB KXuUY~\$VtwqM>ǛX7t4|--vZ 3!vK^A)-iEhdl<'V{'QfՌPB!STf6[vYw-2Mq2q :PPNe/%_GgZDD:Oݡ%el8uE^R  bL}7a#ڮ4 f'~NwE-W4,9efyxҲIފ'e*2Sk$f)p|ts'aI2G8;<^*ZICv{)Zm#7U0fꌹhhHOtBJf#/6 @03f11M= g 9 mFτہ b]='3lOyNa hJ%MAz?!(vifX"ѬrUh ͧT 'Ny~eØ ;EWz3#n|J) ˺W"SBRo)MCAȭ5p[΃82("DohrpbJN'!iwU= w]z'_bIlroE&h;u؍&nwRklx h͚u?]W>`A .vr.Z$|FNb]aV_e>=5H5Ӡ1 Yfyux?<''uxtH?YKQ.%Cj;ig Ҕ%#@XVC+7$. R}ף4j)EKH) )X)ao-0IYE4iLOTE KgԖBQ2IJ6fh%l rDb>> Yq-N JУo>mqt8%WN|Y% x >|S "Cz7V`䣌GD;zݜ% O0R?XFF:[=7=PtY 2+rknOwF&P$jQ\.ʆ'xнM, {*CR,Ol_JQ 0.LLo9Vг1U3СдSp{aXK@/,͸b ^Zdkh|,q̃%}wSv%5D+ٷnYf}g Y S7'~2=#I?N \zĘa5s0(mc"wi{ ZiA5FE|фNwVAkjPU% pPA^v1zL;*yfҙ=BD=9;iv2CL %E\s Q37qL>~,udIg:q_\UPO @,iWJzwf9lTf"+gK[BY$D2VNjr_]WSȥlv]u=q,?^VaUWxJ[ҟ{Mrqr@i^r+Ag"t }nl{dx^@WrXq^>&P}n(ѡ0p= (J^-H)a5fig&AX!]ڶcNҙuՉzi=\ ̡MV*#iB ^cq- 9,̀!uF$U <`x)t.sUEjR`{)|)5YɪyoD3A!My{n\YDs0+o νKPHL(FCVT{$,=<~$k6)* 2D̂)i"b˨rܭ:N>|$;<'hUb0ƽ=h3ESc;'廰tz(_ҡQE\ävrCp>#Sm'ĮET3o^2ޑU q =2۽}c{jwƐЬ61EM".9rY46Ht"t2y50hq82=E>_Tg`MAk {&US9&G3GOч@=Kğ#2B9Dԣ]Nz)C(Ԍ/ Ef7fhpNjx i #$O؈Dչ9),:jeޅE'2 -Ɲ ೻dn6p'R Dj <å } pKc2-fYr1%ܫQkl^wy-)$y%K>gVZSO8"R+Mg E+uꚶcF[A(Bn;w O*ml]; ZuG7׌NMa\_4KyǗ^U\XzKBt^͈0$K,ӚMWl5ɅF~_n?bzKii=$t߃з٭k{ 9&Sv kֆ]r$SY9Z(4|Bl"?@U`\-&ɔ@(X#ߘzT.Xou#_fCTƻ5l͂RrRy?F=׉ }p/ sl  lH6ck`ЄM`kݬ魘&lm=}TF 7)H$ !N(X!L(̞BcPVq?RklqMuC:Iu,^ Tҧ6*s<<гQim,:ʒxA?HnB.Ղwɬfl]RqQ_ <毣K L'0HKuPKێK${MǪP?97Q ˒Ml{LuZO>tpIȻ$X޽- `Zrd1u}~y)[ S_ʼĩN nu KKOI _zwjj&G2bO qb.iBL/FH `,̄6Puг+xrts6H>vޞsOYǬ\gʪtU3lj|y+xI'+o}H MN&'VO9Ŋ[ٗ319T;9EB- ec՘ޏB*adt(4Nji}XKU P5ӜK;UIo zX3evleV^\qÝ7}eNנh_:6>T+wl5n姿3,g''F;( D&î#BRײԾXoWO~iK<AvEk\%X:ƭѮRZw{P$J17F5uޅ&ܗܐ%$CLi'FrB=\O1ksK[~rbEg%ơ 7-W-ឬ sכg]Hl\L67Cq:-j"}_ x\R{Ǜ1 DT< -Oq{̒fV l=y0NtNWtAF]Ynƛ,Fq֎i4ϰR^ω^<2̍=x~kGM[8CkwOe bǙIxUマ¯Ȱ C(nek0l7QiS#aL`~-)7=8yr#|sOOOjN7F/BRe|=-n< *r?{ B ۆp.,YmF30 Ql !jnO9xdkU`+F!ⱖo`5$Z^GT]ĄFH`<_TAε?I0CSqjY Fx7dm]o1}"~Et퐂 $vt=)C%U΄Q=_cTgP̌Z캽:=gN0a߁r_~֣ ɏ=UkU sY&!EfO#Cְ`#:-SU\(^}g0#D.d`f#zrb;%2;idr,-r7Ӝ$LMmƐd3md\Meo++=FtY?STfU^`"l~db{̂)>\?!_p1;wF,,6Wach~//"H28B6 *v _ %щvDԉ+_jVMȿS~sf߷ oH9q"eW{у 92?;H]l}䜫HTzu R%+Uk RH}N)߬?/Zh'' TI^"2nMJf M=u?U񔹕ܐM^cg5iNp\jIN_>[=x }up" XQϥ) ;opmnuOp\ʬ/(v4-<ed>vKzKʀLp tw¿Fˇ޹lb Fr(3g2UM)b@R`n`Bqa+oAyz7p]X  !?0y?:IS\7a$Us0o:"9'fyF{x@!k!%O_&Ȑr1 Zr( qlN(EO9( H‡\=1ZqX&9k3;,ZϕGHdiQ,U5ִ ?c|=sݛ:|nhhp%1l bi0&*[%oƫcԓlVZZc-&{F',&J &EÎ"P1N!n&}3ytF^3ͤ`ꀏo[ # @mdn^3Ҥ9\:E T3Ns&Dbacgl9E-Y_K?KI'`Oͭ䧢?M) tTnQ'І-M[݌f' L~.׊)4bi aix{کNW`0r\j$Mzw xl-&p}YS3u _=yy ~tY,uv$=^rY3|yS{b5hxDoFz#Oo+y5_D}{qaAҡ塄f|2) >z|ºqϠK[^A;L>`J"%Ln'2*jʠ&wFU0c,WҊ5=FǽM([DURc#{Ӑw ωnl>ΣxZ.& gJ[",18=WOl6j !ŗ@E툡!ҰEteO&$LpnS%<Oa='c<3`.?#@#T~s/H8/{YA"ɰ3-,Z P 6!](fc[F"SX KO&5V;$j? ǡi +L|'1 S=*(+P\zRW'n"ZVX\E!$}UW& dFՠĢq)/:D/$[Y?U Dl+t Ѐ!jvB) Ξ*ߧ>54:y&6Q-)ӳT_`L g@[#JOf!{W}nȦ]ט4OђaN,`8lfvF(wW%mʺ /A6QxkZ+nϏJ}o+nNL6vp/,tsTI"lF_cjoe /H- E.L4Աkr]$K᏷Sζ"kRiԕt)E00FBڞMy}ruw K*gr!ys†ZGwi3RNAy/dl7umjQtw'G6v&}ïo$L&*Dt aX'`Աf @;.C6'+-Z9 6GO6ͅ[~0*)~3YۡA!6 M SW>^4T67#nn`͑%+JW}o;F?ȭF|U=hsEj[w^Iܱ6BtlOa!A 5 2#ڮ4 ՏzԿGEU}XS=a Jj+ \4ICiR":l7W_)0xhUj/=w\p)DL|b*M9Tu g"#7D&hWU\E1k=/QƢ@if\Xb{B{F{6pf)K]΢>`*娻ur1j٪9-qAf~tf4R\xer#%(Y$>L}L $Fs"Icou,!K4{9 e8=B惡ԟe\ܪâ81S';E1.־W [!ﭴSCSj2LkTҾҨu:o o|^|R'mݧY7HvL?DVL^(fF4E'tyKƫdz_~=6A:aa%;2, }6-%H6S?mM(\yXfHD$g ٘{smA*5[ 988zMmrA9V,d!)pWZ8bJoL y"/i4υn!zy~cl^c"Q̚c`r6aNh )гn_8+#xv^Q^d˭ayjpX)dO &V7e:oYֳ>1.?sWY>|a&i9D%9IrbEӑvӇe'WS(t9LбQ% A]U- ]eEplj7 ϢA)\I4ݞ~-$@'U˕^TH:rĎ~r~+CE|B#pNZM)&Au!E ")-NE=n S(ׂn  ͨI؍ Ȅnu&+:]I])Nn~Q_^Qub8̳~~0gVQsLoA$ZdWuxH1a>  H͜ 4J?rU[z4!òޛK Ti WqL\8 cgQ]3Gm,{no/;w^_l4'33.}#Sq1 J3fE'k0ǜey_qT0Ji 2| &:R']ruj[u~bBM,o.~'$m=Dl]R ĔPAff@嶮r@nL O6Bm1X[Ԭ]B:2 5W(}fhyue ]<-Q sNQgB]`+83S욠{mRTA2'ع6KT|w{7H邒@=;ތ<:iߊޯ kyAwh}*@9ט'JEGljAu: 7bh^Rt( >t$7Kdy"۰^A]O \FBEkZk6S"MI!KXFqܮ 4s=zͷI,Wky61@f &T.S83VW[L.}%ra,MCw~Uf.3KJ; "/PJޣП P'BXkRGz tR5%LeXR! liDq`:< y\p:4nwFoTGlNzC?e:Ҡwy8Fܜ5GDQ)??>Ԧ6JZLF4ex řQbI3mۿ;CCCc}F]3J 'a9k x\+LSJ=L8jij#:;8 ) ^PLɈ<^ǧA7z> |0s@vม hClo-#Fo"V~+yuC{uіLBE*r$`1<󥹧w)XUOzI]( Ռщ]2dDn Hga؇9%SkEVp 'W &9C՟Id%w#&*+a%2N"Q!#c}yUJ2 W03^!@|vUv-qpOxڪGOg4)Ioz>5#i!xDQJ֟)HrfWJ{~wBc3O%mԻxUSuPG8QpaFm}MƽYFߓrkt`uAV$^Ճ 4{_nvqUӠZQ|Q( HokD, V V; 1t)S9ҍvM5)Z"[ zX}b˵G"tϔsx.W]J,F+kZaK) FhQl5!}Y_o$%t]\@BztA=Wp2 9e (S1=2Wʶ%%K]ODͬmτ4@GA^t^4b/w,hSeF!ru 59÷WG3Ui6U)"Y2K.rBNBVjc =`3˘jqZ [_8MC]|r~~ ,TzĨ-A?ѝW "6~T?.Q_4rT@TOT;b"ܶZa6$g7ۊ-ҧm!DrA}z%7%ݜbƕKfE$O!r%%}<'|HoHVW<Q \8;KSc2-wags!Ջ~qJ|ax['iY7[[B&.|G\5Bx;KQQΗ+h_@z@]AfsXU~;Mjz2.6Mޙ/޼'IN(-> %LJ!88|#W;:RW. Yzez~+Xv$r"pڐWEM2 4 yPy7r'ËPA쒣JuNq;@AuP+Y708/З]`!NC|!Q #=@BJA{4HU~$aBCYb‹|2_i+3sI9mzƮEfJυ~hiZoЪ +_@MЫX+ԩF̢:Dz %]XB~} &q.-͉ةb+A45se/U.uAT/ =o(d|)0z7MKw#@Bi+Xu,̀ 8Ĭn2g@[hk5œA;a+ vde\M_nQ2W䒵 h&q9FZzHQ迢ST)h#=G7d DT2nk;teQ[G!A_${ۂ2n8=na" ,xA3a?ҮԪOPs^{C07njIҲ-R KI`M&V5s¦:U!r9TUZ[Ykq] ]tV Nnme6SǒQC2W/s84Xs"H)\!G\KUKP}|sS%1*&q^/RYuPde|{NPKr*ٖ)=tc%V.YgRH$Zo oTB7aB bDog{] :#dL;kҩK6xR{CQ']9"d+8$\v,#/j:c{7@zDtaЬhzzI95m]khYp{ol)=($'F+G5)wj>?5 @4#Cڲ5ZW,!C !"n'y_l>dA۔pmXc:n}s8[| LGS@fh !;}(Y!4/ 6ףG ΒK,׌w]J&j-Wu R%MJL8ZM#Oz13nӫGxl@N oE!(f\[.w1]9EM,xR󸆀ob=f}+w{ǔRcݧZMJp.2w-/x𕌨YKtq˫N=[RZucj^yH\k.I2~Khp8e'(3~<JWQ?t$c*~jSy {*+C Fљ5cXGeW! OXxH"A :9u!a&6Mܒe)G~QKƋѧz=c}I%B-REVGAɂp:E*52k8RlU-Z^+;pBSjp~C#y1?>Aŕ@;o8]TSСh<:pw7^eĨ/'$ҜӎaŖQ,}V8yjE@t甄GUlc\Zda AcC?K*S64mLP/YcӁ<}1#f{!ZWǡ=9MRYE^Yݟԗ#HZ7B<'Vj0g~`Tr I,f`-B 9B]+Vx*:ݠ PwJI2n!NPdRgϣ\sgz=nzKP*}J7`*C/A-0~w[ %wP`+/l#ާI*o iv)xF;I Yj DnFb1M^%wC ,/U# gч:XDƁ6 bi T@јlx۹Rbi(WɛXЧwt;ݭ8oqg$qr*[$szY)y#(9hS`'JYF\wy!L}&>{ܱK`_hv)XGbܩR0 0'ajOp26\A.j$?c \AtK89sM\qc4A0.Yp%5]q A1WF^<_CBI9T-"$VިޒWqpU~h~?Ne͍?+9gsWPrj%JdyV6A'&F7Gd/#&jxAt%뱱..6W\Ɔʙw, rr>*_B#9Cin2E]d߾+d[7vlF[KC賊 Tgdܜ|: RUA(!Ie1P%fT1n TT a4a 5X*"!9շI * ::dwɏ;NdGܢtogq]JyPmx5-[M]klkEKNċ DkmE;ϰ9&4T=wq>WM2}GBZU4F7Dy[?bh Ct*۞HIIf^L#1:`SV8a)bS_3T-cEpԴ &BC+Ւ} x0 # >+sm<> b0NE?bu{΃||5SSzp[ke5ښwba:0Q*i9W~TDcRCQ.3Ӂxx 䳉xL T9Gf򨵙<.ZXRTKz- 2 A ;RIg?8UDtx;s՗71c|qG `Z]@W3w?5l-<)y䎣=.f,?I4+* [\CTO`E?\zXWn̄'S\ׄ&v\z(Ҧ\hSF,4Chsh_C0K۶o4q ,Aʗ(ץW"0R2'jgLeGi5c!Zf)󨤻8} o;ئcAb[J ^l.`Òя_2~u̅o (fꟲXΟMӧB o}9>ڍ0j_c&zTQ»L 8KZ92yj `4eZ2%U.;*xZwEa7RxH0.s>iG@&vp|2}ucÊɏnG0 )VA־ri=p1. $ӋRn}ۂ^]u<=Vj}D6Z1rtxˏSb|= ie˟:AQ{a8U=/OEss !oP\q+uok$U@7!M)2;4GL?j59:9˃} '?-O O*^JH+jHh^MY 5)޵3}AǸ[Y8$AW K{1lOF̕%L!i n=!;x"=¹ܡҒ5 ˴ZPП*ZC,_:F@՘v'ѕj~y_;ҔXC *cqӓit5h\Or8f1 O|Eh (k0RwAgn*03*)f_BF[:x4vd Obj8~++a p 7"WeJE8@A⣓x:6>6QzR+OQqDfnR% #bvplh&wY"2õFШ](نeV΄z;{!!Z:"|9vK꭛/s0ZrXEc!C3ERjdC*6^ѩMUW@8f>)G:\}^r rǢ$e4#4xd' r-_f>uX31LvYo{:Gi릡y4"Ӏz7eYZhͩcxL3":$olWkoLPN[HNeQZBDFݦY+o~{ɌOdU>RkWT- :_n' 4__moܻ869{SUiɡJih-R] }Se}ȉb<o+?m2n!}MGP&TibfmsA!'As5:y ߗnF9*7M[xЇtgp8ʨ}g Y ܜ.Z.&hw8ycU?S RV;6& 㳕O_"B'F3*ڈC$~l"Z͢[ƣ<$J7#1> 1gX4=bZ5=+X"Rm ܭ12:5į̐O RšqѸc8榸X`o0r_Y[|;a)>C f\2Q}aW ZNVoa@dQ; ٸl>#Ltc5> Uk{N\˭--QiګB_ gJd3m+_ɐq7vb̙[Yf:fxfHOܙ0_KͩzӾXt;1XH7kx[Hdʝ%` ԼkC܊9Ӥ9O) Cc+ՕV_A'E k?sW~Ԝ*68'Dl(QG˄48[؟]hrJV~|,x7 6ddm#e#ug15B+ݭJ}Tvܾ0׫T f{yOP.eM\I(x S#&x(/p :Օ\/Hr+4~qsvܝr^,noo @cyы=*4NsnF?(V*]G-sG/}s?,3<ނ1ƦjkF96`ig @0ғ<XP,s!y $4[_ufLn2,=X_z)ENE_"tsZMmKS]- ͯhڕ3#o87zkFbNgXz5U[*2aመ zM8;jT,BUg@x(1z݋‹溮aCqشHN)C/k_7+YY)z雬Y$jO';V؏NnM:Q!q jJ4j*`hsMu!}ЦcT0aQ^uU 3WI. }>"2_yeDLsj.Z YQS%{7: iީwHI*5؋/TC-6żpV%``OKz4NiaFHZG e]_xo]XmUgteb`0Q"1rSWלO|e@Srh^dh Wr3Sht‹AC>s;A6pf]U.'$t`V :3(*'}C/%qf lj{[Èt׿v"p6E;+*bLX|n?E()F"zeJi54Ρ\ܻXsuFz:1cAD 'X SXkܹ0qN՚(HӀ':rPk)qXDƠ\BOe #SoA#I|FIiI ER Ay>H+8 (E"ݓnZ[v+=]J!躄$S:VmE0]׽ov(e1\QHE|3K2C>Ql`Ę>p2"D'rT[΃'23t*X=*{\-E+hY8[ ?ߋ^1[=ǡ+ˠw RӋ ܴr2LA'sl+Q2'0a,K%h>}ߐ^В/"#8{n^Qi.nt͠o(k|M\ugS6=vo}Ӻh#)'hR %Ƭ}=e=Q9 +*jÇƸVeC]8 &<pVcGD M6ESa5麨qߩ0v |9EyD`weUGCXN}~jhqB2>TP^+K11uWnezB}ƞnߗ#BdS)omhx$4 #SU1k,[`rՅ> V{-zWyvQ e 5͗Te;"&w{_Vd,r ^$9pdT,ePFNeJ@ 7]O#ܜNLV7,+r֨}QEG'?IPe/#ۥ|i `m{ ȯ,|I,(ƘQ]{5BXD \u)SGu-J?Bbb!وL(l>t f(ߝQ' <|^: U;,N+D\}ޱLwCE, 6b>|]sbПO`GJx0{*[o/9*Fir:< Ya \ʪ!ϛY=PP4Ԯ&cEK(KI47+BaC_o VF۫\Yy0r-Zэ'1 Ea #R\3"4@CzxK(5 T.!_ms%b71?btu)hQRkQrsAZ^>6ԬU#ڼeLW 0M^u75Fϡ=6{C猢C pm&/4oB6 Z>ӀPF=FҦO/4i.,o@`em'ߺRבcZ~_R""eAL̴7knǥw,\2,xK?D(MPt]+ qKDoFScPtLõt[ C4 F6.w,c&TSPTQYT.!lQ,O*oϡ<#rc1vd~Q*7`F' U5f_\l qsEaPrbYJ2$-f^9ÖĊX+*"p.i?A4x FR`Z-TFKz%(=ݸۢ6Nf-p"Y8C!{N&W] Ş֤^K@זRy&?˶X){@F?4{"=Jo}jiϢ+*#-8k4j ?(6twq š+u8ϬD;%c!m2_a̭w#_7I1 ~Ă,ɷ1}DQw4X=}~"谛{ d6[ޡ.AS-4LnփP ZxY=sݤ:C48PK2c=,ޘN$Q'J.UFb>)*I˚7ׂhpjD(6:&Rr, J$8=VH)p|{ar$C&פFX$ntk1k֤pk(̢~>6700&>Uٰ̾Lӭdo#A`d€p3CC;0kx]TV,0="T#PϷ}YNN1mVBLyKN1l|5ę"3<)^#,8[HW*{ocp-T4Pca)\H0{ QtFڪ`†c)y9o~R*Heq?Lgw4vc_=trبI _iYO8,}Mf٧6>}Foa0G̎#va..rQSuQnI4L#?W_{B݅O*X.uY9AC9fw FH&C^m֊}T, N#ݔ.X1WH^3bXb$:gc޺{<9G'q3kE_Oj&" /Ճd9u", fo-QpHͽuybZRȥ!w[L C`ZoszV;G7Kҁ%U " &~xm>3ZgF/=0q`Iπ}!3zmeC_B+~م)'x(Y2K-n+;WH\|ԸSG9 d{gR )Lƞl4yz^u%`Ádz{o09g&OT@J rz_xTp.@m  -*Blfb+(oL١9n+!u?/FhLLU`oHjxFHF$C!P}b >K_.N߄.?=5G 52I>ݫP1xh7.u "gq'f*5HVA;qb/;)_k'GD<Z2opJǕ>=ވMZN xȂCZ%\'0ϨdN-W=}c }O~\;ϗċ"pĖþ'Vƚ_6 ӫ7R!:_c}TG0CW'P ( <6f!6g)r&rV?YX޾ljEAn4`HV R$ʨE|4P@MRs%gg i6RWMd܀4ߒES`I^8DCeg S: Wl<U/Pe.S75i&5SVH+#]7BuK|tLnX*v$tY'8c$_ xad95 6lQv0By$#)G]/IIedm7ᣤ ȇa"sdf/3\؟c_fxP'bb@ 4ir_/ @C^gm> ʘ$->WUaC}j(w}_ 6-㶸ggyhݵ̯ॗٞf\cK݊;q:c7HN`"U5ҟ 6=`l- yPH:pUpLoͨHvFtT4 ZP9%ܖ'!kȊd 4_eX6܎P\3N >zwZ;lcJ_GX{5xiS}2w*V6rAS[(n3 ̌O~R:k؄Qv=#HHQzj\sw֧q^KйgD,3AsPzZ5%y2긻~H -N:;~f]#"+U5"4 &wfv>}}98;.gcBXsNk?i )5PAOl odIr\8v{A6䋞eƻU|p@*m43D\x!@$,U)PONu,2Q+,l:0e]lISuOl Z؜( 4.`\Th劲.6_dbҳ̪ ,YF`S7J,m;zrĀzOܤGAnOPQSdujwKOhxQZ{CG|彰 i1[<(@f9̴Tn=:rg,c7ot+!ymʺ[B&@8×*j7=i XcܵP}´?I/w}zN|w[oy]SpxO a # Pr õl⋩9\KA3|%-{kkԦ^ش}0 LC eUZcnvPF'pWv.IXcWݹ0ш ?k vC[qmsWF? 6ha;qmk p]Q G&t6k{gi-pD㼢ZL&#SM}Fp'!!YZքqԕB/sIKDU2ݚJ4tD*sPr[uZM?H4/5n" ݂'~#8Z\0ΈPy?„VGשα8aX*:Bݎ[o% E"1P Om4whez7m,KiZv"\+eRVڤ3_.D@{Froĭ"I2vrs֕~>dI/ ͳ|pg~! NGGbko}U48E0w4Dl ˥vRQ{gNqzK2dd=H&1rߥ]ߤ"~)"BN/҇CGA?USrwt,e'5H*!eauv<=mtv6I :Yr+VPRTΑg5xƕlTɊv4 =#9SsDހNp,Z^H4ĬJ:'D]/;ma,v?*L8FW@&%8D{eK¢\kn^t, +>,{R7p}C%֨J!:(Pw:v0/Da.E@/| iDۑxC<ջC{?Zi>:ހ̙'ȝPg5p%bs:@vVP6HO6' rmv[W{T]JTwCcjnTp7=r1nCZI.!̩xz5Ma W+z )kI :S P4hz\_$gORNk]muP{mh|n8AƦ~߮!G(b67 $s8t:G@:t۞H8ȬvM'"CŦoeWTf"_mV#27}`G+oAtXe#we6gbXLyGq6[ʱDut+D==HG2'Ѻ&̶Y)'6c fTbP>d+$~A>E, g w|6 \=S_i*q-@`4pj~qnˍ\mA$цw(RA. bCLsf=oӡHޢ`[ڏq Z,g2 \~ ,sLuL\1v̟?t$}[e2Inx-옮ɺ1jSCn33ᦜ3$i| 1 Rx%lL81a2pK0& 1+ qc~6Y/OlZ@ZGc*p*JdbkE Oz *l!q"`uA)k1PlHcmI4Y*olP;&^hY]Ya%B HTvN^ͥW66Q)#=8C#Eꕭ֪BkW|HCg"rѦHAeUhDq`u_ŤݦѳNX,CP(?clᇷtl#-*)rq"V:eg oũ7'SoR瞵/H;-;UV*bfdY3KF؎C7%z78.]l"5͍&c֩=AMomxe*bwGyWI ^ l-vf,W`Uo$͵+|M r(bD`~ٖ8^M5~KaA tZ L 7.4szV.ȣsdzEo b/@?3uЩt'"gT뛳hs^zkżFo%l3dUB0d+؂'63n r3w6OMA^@gk#56) Ѱ n׊S@+2 @HMD%Ĕ|Y.[> 4ds4߰廹*ܬH] bc[ؽ.p$,M*o X҇"T<曙E;'"7l:u rFJ`:ܙS'R&-nqe4Q5<e  NVK0|V dh;Ǟ%xzLxʥ,RTOD9Z@) ԍ-& pk= 6rf.sGq*) }%O gH 3y崵B>>~kݥPdjseȂLHQUC{? no2{!Yv#Dd6,T?T^_S>߷u H?bx,vCDW88 o m L5ԓegt>߄Qv+HsU̞Mko\דּyJ-`!FJOy$S}h[xY䚢5F>Xw6c z']䄁(vBveT@i01[LlD HIn9@Weߐss!L.ԣ+,^vNlFLb"~|z}D"B{=vŌx!I-AeP? kNkU\#Q8b/cGQhHbP)s5>:$>@sWbǕzJ?OWqrK6 9 85(X/iXѴ]I;=Dg՗Od@o\f6tʶK^;Ă )ZA3X"wlmFAr343X)}VZҵtEkv/ttȊ\)w3R؊C~IY^6fևFTc ;1DDoJp?NV2ոiMрx.ħ1pu6!x@u@eEt sNgdy(mx9ö깷/VKs؛ :Frs{[zFvWFU>V.UTuNl_cd*ze +\k D]v>{Z]G8hSՑ|ʵ;<ݐcrOJzurV N42 w@IizʎߘadD̫85Jxm%" LzAUЊZ'X0h*D7*U`Ret;( hk2wL%61 VhF?dcli9Z-/7!1;.wM z QZO!wH qYjav>oi!_ ̀2Qj.\Ɲ _SIj%4*հ58h VM,}v}I,=N?(g`7Yx5X2\t=~Ylh=ʩitwB̘8MaAQPJG-h&Zzsp2> ݭD$10-*xjob8l ?Ok>U%muS[)Ii};Se*ߛ󛃌<~&cx==ȧI5k+*;`hK̬udVdv>ȩ/GZ C|Q`^UXJan3^ٔlH]A)Bhiu,C9P7 XaPK6n:q]H sCzwo*_]Up):Zp}VM\ 5 %7bP.pCϕ$Lcf1N`'q(>i.d7=3nEQ C߫ Q?(Xd{Pԥΰ2v&ﭗk.kK KSNEϲ%32uIͳDZo6uJwqv_Bqu R}y 2ƞjnG`͆*nC0=7J e|%Sgl?D' mیy'6RJ+?E(Mwy'G#sgp{xH[ԫM1X% HR^؍K_)<3ݠdJ7fTi@ _o:sw{ȿ ]pReڥmUQU+?[˯B Z|ޡCϖ-;e)Y)dI夢)QhGxwuyȽo*qRAc1'Qq[lk%'籈.IMUj+~6Um"3vп Z(>5?3^B `1:zp9vlQt`S s I+/a7 ZNcATеm᫫Y 6+BrnO֎|CK7"26)6Ծb?ڀ)>X6oz ,ӫ%V [mXjDSC1Vq^Йw_vZLNHnу$"QѼ.ǂCW;66IXK*xgd Oym?5 [ޑ'^GYY㾿*}cSzIu+ 3 vQ}}|xOo$#¹nȓ['cJ}ʊt{|Homm8r.cK*|s-;jz;8y5" K U۔TubFrY1oQe=&iC$pc4qԌZ!rf^k1hr~cW&jujNέY"} Šا~rN+8TlvWR^uPbd@*VS@iO:(?9s4h9qi}+NP`kD0Yp. $(T4IqVƜ<+ khTb>1]FkW>U:|I&% wY.1b#0Mb@[,v۩[ެM!/:4 hqL9x[klPm[<:mogR!,&5A$ELЯT<~ ndw=p!eZO,Ɛ:pK4I)@do(2W+j!%A `YK}q+1c.h 8!Ʋ`\X1okCǴnL;Q 7OA8U/ e=D->h 6#T{øc1jW|Tc3m8ڱ1'P`,ᱎ~ 1zДZ-z4\tP?|6O4Z>>?iMxaJfUD F5`2FX^չ<]Bk5 K4x-V$0`3if6+vlQVHFAk&rzPޞXmpc[v~'zĽ!tc ɤgگdhNII?&jT.A4P6K+@RqU'TB*Tʇn%|U1+]E*NIS-J[fBf gr<3".7JLUe%'؞N*dv[|}sˠ\kI(IzYuZ*0 !me'9*i2 3\Xb|YH>U9q*-W# x,]8.7!U+6mpRiM M?nRnF䌪 O-kRfZyNï1?8BU1£)mT?2mjdP:KݍYs&g-ʥ)Բ)O}ǑhaH,,ƅY"D/|zҸ'~? vvT?%>@n\gdco])h[cw^ p #v3ͿPdB.׃姑P )1W1ڜYiˆ!Z] [;E{fIhKE;yWuV7O| bB7@zx9ܝ mD]+aMJ/܋O1fѭt=zt 3|)R0G>IZW}GtY$sM779U)М,&p+K([/AUQm|ׯ*9h޾A WbHǺ欎U|2I@ke+";===׉ϻz.P jC9nO7VdچĮ-L1n<r/܄; GƆ8=uNR2*( sBA^ e1h) ̻0?[@@oЕԞqi(Adց 񾸼{q,yl{.0Laр욆w`5 kd|y"^Ԣ )hQΆ 9+Zq&Gr'T[)Zuc+ #2uO/URZ[lIM&Ih:MO)tfDH3gQx/kԣrb ӻbˋrà;6PF<6=ݰ%*ȉe?989ĔsA?J { WQlKoF3f;98MUfZp&w`o=pF \\R@vz"(f'CfJ6:REu脆H;hD:VFEJ%#q?>CTr8r_?M4_d/aoDX4^.%e-&~Ehghpىf>ʟqmd%Wѽ4rP %XumΏ/b;؛Xdk02"JĮXT{ռYq/@k=ÒN>6[%| U'&~L8u+E#}J`NYE\9T&P{se/D'*T.VV3}.jQq,;n J3sj8 -·;kW&)\>ɱܽ'W|OuE`ҕ$vDx&]uzۛ-~F֙U0Qޏ|6zDNlCvJDEu,18v\߅,dlY䲬 "+^+D˳_NY#IBwGG]fgE{fi=aeHiHcW:NP' VrHѿ z(H?E)ʅx5QӑyQoRTNTIi/IW;D!j4͖"Go "GI4<9eŸ SlwVM[$%x K(-hf$B•e=LIPjƈߡ`,:>_8_c*~ 7`{KJ[nUtDf-*@Eh-_ u~ e~Px .2#)M?\l=mZ"^0l:dMt+C}a 3Q r@!  őHu2H8*x8m4 9` (<7~L6DhGN(.C#SM8Ƙn}]ɟM.#Jyikoɇ 0i!>֗tV)ILz. Dzk <6ȥ u`whQ_}jHqbMz~C09 PL3z)ҲWi%.h`&(TuUZb*$f %ɻsW͂<7#by\5A7楱;E^abgw3L6@c|to±5D"eTwp!5$wlFP]wyu4_""iCzUʂ^OJ,Z=cvVGG1Rq5%rAPFn >2dʧ,mhI4xBr"o)h%'n\9cu4ntg=NKH]5n]TiN,i`7B觵K YRguMN-ևF#C~Jho=RB7]&4mq7!+^ wYh@HmwB0N[`-gPpFKW2ƂcvOI-ݾm1l-x\)j^:s27{5si5\:yCU7̌RPA,EPrf~^_K_3 ]ATrZ0e8$:٧jykNS*P{1EqzhyAO"t%6= KW%Iˬ }dR% Ȩqu|}87e$ގB>\:9ĺjRxb~2=ZW; ;ĻXӸN및B )%Kka_kayݬ(*Ukbi揓{{ƊNtP A 8R99~j\X0J+q;k[~.ȭ3h 57cSS5%7 )R^z[. 7Gs#jd~7]j,J $H)vSJE]FCe+2焰dsVX;!sZ6L,c˨ `QUDeh au!ͽlv $=S&χ N#!Oh̸2j^.' t=x({ix!,vG3 Kg08ދ@ծ4_QySfoԔ=bCZ, &I 9BۤW(L.׌?- O0 iP`)(+^ѩs%7WoqHSyAڬ~>n]0#b-R D o.qK;X(`&3ӟҋLYNzp^/@ф@+}~O*k<V3O$I a$ A,藃% jB 5nRb3jQ= 8 hCY^l 6wcg0o+:IPŚwZIbђHtSkA Ս 4U"FmlTuW'm˝2N#wxʯxR!ɋ㦍re_\7?9M1"ZM2gSzI,-%1 ߅CxOPl/nE;>Yk>@pf}}0S40O(a0Fh@u!hG>b.K ZX`L/倧ǤZc23KL PODpX鑊eO3!H\lm5r]F9swԴvFv(iz#GEݣv㲨C-cv͖[ӬbKcITSY)dr1hKS*[sy?:WI/ >tWǍ;ERw  XK>퇊ߨq=>˹7Ka0Ha(Ƶbt90tb9$F%19GI8K+vF)1Na𮋓NzoV%4 J Lbc:k uA&xKH܋a uUS4}k…I}޸~;s11\,uBXhHb4Jl!H*'14 Cݟ'De}m!S)jDvkE#Up}T 7d$8r&էoGSg+I]!’ ({//FoR8Tu7M0w -oV /`vrD D cA{Rfh)hNn84cwd%H}k.xh_+^" 8,l$ Bppí=B;+4aBpwiNveq ~%f ă_=^gY @7Qk}ʂ@)Hm=Ś@!tTWudEq\G78>G_w{o̪g&d.u'ata7`DJnVͰI DC0Nj7uʮAϗ>˹dG8$ N\wZ<3@+wcY 1EȒK*<$s2H۳]_yƵKap;|t(R  ]'{ ӉtHQ}&Q|d"Ĵ+ԕPmB=vס &Xe-Xb:EM7jL-CaXf2q;J&Օ?1VgsC ")@&jCϕ4jebxkFSK$6Rbt~e <[q4u (/_E!tlq'[w5|~(֒jmE'ZJД]l,(. s /ft~eGR$ Ѻ$7i 5΄i9ywoG eD$Se<ʑ8@c8 %oǎ)ے (=`\_ZsSYti<;i CVS |BrndGrh.N O[ZȐM! kg|WqK&M"PV [ϿFԮza*sLα+?i;[aHwFN0"бh|Q:(c̻m(U:ӄZCؓ]1"v?+rdԌ> 2 JuueחO Yjc37b>h;}Cf ~t:A5QMʇVZxm^[nZW>\RX0SzC8# ѢI=3+m_FX0f5 aaiUyp"!BIT{ HKy4ԕ[`xoq]wڴcЙJ 8Z&:x }$+]< 6+K9Q̘4}_ ۚ”oQ \RTPPT*@eU\' ,k*HIGdHLԵ+*3vٮ/9({&CM}) ۏ]w-lo+'Mϥ1-ZqX Bmk~1ֹ2yv.2A:pQ˳X@B<(Ä=s(v;uFq۠/[HVGdX{-xh87F}8OX׀<x8jL#$ 5,o}AQΟEZ`@ޗ)zsSz?8nGkm$4'lwR< 9Ihuz^%U,Zů)ZiI ܻ)S;gz^F֒r?)'\K mJ'_4j |`Uȸϩ@T4J :͐n GkFR?^(x3CK:{'D4:Ԕg4vP?@WfUV]25}nX$Va˒GB9f;'g ]k]4af5gZڡ3=\hx0".*ΒJbU!8)/J 4 I+JɄ&T f9=V P^ OGC-0 XP%1>kdwb/X6 '&pX^0g3If;b50A"tK18VAtǎ0B'gD}_ nC]7XéP'w>WePv&' ^)˚M> M|OE3Ti7Olhs^§w8?]Xx(O;E:4mG3nż  moNlwB[R0We }Ag3пom耨"cL7~w|k%)Ϊ- AXj0HrO6&֢AD2ClݞD"ͺY2ƱTSF_mhH|A::AUJ[ؖqy8=9ɳCzBr+*(3 p yHk`Y*<Ȯec ^M"Ѿ>gvuM(Wh3^pprf  ,U fUVZ7WZ'? F`GQ1/\ +;9((Z,+]Z;m^=|<,Y6P}wb h'b#ɠ;0~R:=Da9Ww_4XO?4.}6bA-AYykI.iqv{-aAJAK_ _u?^vYOحG+cTg|NT $$V"^}yfDM]\!,VIM${J = 1g٬^i뱆nna$U 8nR%O[Bu* r|`ޫwENtL|vN5ܱW7aq A1W99 ~Ρ!qR7H{`'Bhfe?!+9544tZN7~䪻 sTfLەBJ\TuyuaLF^; 6u9Aqu{1,[짒\N΅p#Ӛ栘"܅LF9R4AR-"8J6]\rddMĥTjJW*ia%Nv$( +"/:PRdRwqjhH4[ҕwk*.`ڞHp`E.gh Y,6,hS؏"?5oAqR֥<| Y~|%P - g.wD:%OSI O*xЏ<<+ m*,߆eZrfcX5[qh6sq $9C>fOU9Ζ  .W̆yE E_^,~_6[0?PiF}ߪ`c/((Lӭ O6ᕉ SX-{׳sGtM7nZ{ᅝT1,HEEݙ4cAeUI2KZ\Պ!0f+!o&P)/!| @ns~Z 'VzJrLYSR.7c_ ?355L0yo5W=k +4H^;{d,p+#ق_)Q!\BA)?4omeǮ/ õCZ?1˸wPYq.'s=lc*.$ܯec7jX5c^N':z0-R,#9,P∡gWDfIE%a۫hJXһzo6v~mĎ!Neލ]n aÁ㽵3jؼ Fl\^z=kTbŌX5%FB-0&ڠSNo;Fbϛhʔj]"I;VmNյeuc}PG,8bY'$\W@i8`".; ;P iͤF?mt[B쇜dB=#u4]}ذ "xۊ;e*#ؖ Zmw i==xz5 %%^GA{!诉l<`?qWWk+%C`XUhhFe12-eNؤz [iLSO^FMWx&1Y@Ro{:ԠZ%ITM+>^Z:Z 81`^ xk=ClU,MT%[6XD>1 f1 HPPָ%?3Y?6Б'o/5]:Od*0_q$J4#Fq{ÎѺ%hjz: 1IBz[e ݟGeSOu-| UPRZPE -EL$DSF zoo/&hG 5bdz2TܹB'}ѿ^O%9ͳM՟4OT78"Hovd+ kgN\EjN"Qĥ6QDC(eKҼ%ASԙZvTn+n !ĈZ hsn%XC!;T'׎@FL5]w˺Þf٘$%n-ijX΍h6Q|WD953)ҖqqJvu7~'l1_t^{bry@()ՈΕ}(rZjcFą!@ЬOxw㠷7@B?LF8Q궁U2hb[ZPB/'pIJ4ǛiR4O~ $jn냯)OH, Ju;ALQLϼAZƲŒ^~ \JI>eTB_]}es>l~C!?Ku#ʴxld;W+4vFf;1㑏U>]#楀 t+ϑ؉Wx؅ C? 5$չ+qj9G@ G}%)] $|[M1@YYf7{.]]Jp}UA.wr"l&TRo?Lq{eXӞl!([.[\3/;;4 f|(V y z4@94[5+&pZ יIRK]t^J X!\2e@Ӄ6CԂFɋ} ]˫G{m|BQ-z1WdMi? buL;pN!r%Ϊyy.ȫ?u C> \J ?M*CJ ?jٻƀrWks8Kn#b5t** JFٶ*Ws|w]-4dŧăۋٶfg˶%`~;6{M˂w4$IV-/ڏ:Bb DTBD&U -*jY`{ p\,eU6 1J@N1F ƮB(S\=wˆ2)!65V17R3oBH+=LvT@Z5~u(^NJ-:~h=;`3m\\5]IF)xF3SB*8/ZFڻ*6&XD]m\ -2 aц%Ѕ֎E ]x fvR-? kUr073Wή'UP/9M} M3U?g19Yӿ/B-PEd@x@^x΍h_M!aҬAK* @bTW[eQ[ByC &fLMU٩$vH1S5< f k.h@4۵֢z8u]S̗y9_ynN[xtnu AH^' PIexs8HviTK&;+1a75ya[0N0 [qD %Od~,n6ϟ\S?Ǧ4yONE0l[< RhY-!LSq~ 28&ɍYA~\\k/5#: 1MxuQK [(߽y=p^I|Ո:lb7Ȉo'NY92IQ&( 6C%(cwvO~Z8l 3ǑCc7d8z:*_N:febw&ysA?6W~kAaԍW%B0HL4S!gy+EIï<8 D(,z9 gx+`g>qTv|| |ug!DN tbT4_xQ]=[tX^ x4DKghsQ'^9zL^Qk~c,{i%g'|ۓC˨f*6K.=7+EδlgSbT"S<ᯧNFHi{(3&Q3,Dəa1gPpvq񱼌U;nRnqBuqu< G}Kc Zۧ\MZI\1aM+Z#m97hJT'"2~O>&~/of)'(?!CcY+XQCq2zO(/Y6#nS[\/xU&AfPTox 7 va;[[@WKl>I*&c ,S"1;| i3z棩^'`%L/%VMUfQzm˱|iHd&xCw$B~/BME = 9?gVXPrzÃ>m[J22 jgo k՝ ^^Sy[[.蔯SxYd T%M>љkj '8s#dT62)jGJяEʪ(W[CEԎrfVwbɕ`NZAFuICdF /k ͔' 7nnCUY>key(Rѷ7Whz#a(Ea&M 9D*p+՛;ȉÇ|3>+Bv5IG.lWXV֖oLv䷎̕H M??;5fH(>jܙT%r#r`ucžSR]gGT7%IsӶ<Ԝ1>?#2G͟!zsS V*qw/I/%{8g7r}d|1dk7g S~:̫Q&R7SFcw)=e|a w@ZN7}ِ4-lыIXv'+[ @v)3n׻N4.^*~2fHo+ajivc!nc#0|XKx,,-(gy l[Y'DͥkP9.j-}rjL$8r˟Sϊ|4Z&i_Mi҄dLq:72FsNep9_^( .+;3\qlp߇nɗP(k$/>6<&|=ٍs@n%P+!U3̃KRtX'*b0ڔJQ(3P|leG̒!\Mpa48 f6gNF_/e}P@^Ԏ%s!XQ,j3㟎ϒbV%|{=pd/vr'묢/?)RK4ft*%x4|(@I1s6OL;'J0<=c^;1/bo`x]))=vq pb8gDuF~G]Ў'\Iiq("TtUrIp"o=9z:DwGj kI&$ x?-O[s<48fTȨZ=:"_.̷4v| n1 -ʈAdVC˛ˤMO$- + uvLe8ߍ xsx zO7ގL#L}Aϖ9ꚱkeu$5tMSԏљ fe1uݠJTjcpb*bgrS UVLkLjbl â$ޙZurMד5WND<:P)ed2 _2Tۃ  pB,Q9ϒ.OPlo P O$v󙄅YtoC¥_Ʃ0r 8kkLRdʓ;0ZP`M tbD][Omkɓ Ss93eFcje겖KBVv]@ k"X2,:Hş//w@hC9Z41> GBGwD<o]'f2^W*"dDzݦ7h-H_{˺@7uc 0{U%Rəuf)pvB6sHC9ϓߋwZؽ$ml=-!MDFtdo:c l҃p" r8}~ G@RXYҎz*'ԟ¶!J<$3N:M~]*\y/Bfĕ@39H>Jb@jF \YcjyDAT҉䎠]Hn ѝaMt (:=}1N?i>#7F fa"S+?_)^$d;sHhVm/gF A.>Y!bl*oRBdSZ6 3nW0{2eVC ;X6Yƥ[ؓ Jܥc.;brn}59S6/:p{ XB}*(L5I QK⃿FJRo$UDcz4?5z<7d Jsˆ~!6#_Jt VqۛP, ŸA\[ .³V(C}\͎m0ֿQvÂ;d˫:?q % ,pM6(Qh7f.Ύ)* ;uͮ¹Z}wybx1x;`fřmRy0>܉1Kd"ϔ!~(K,M"^~67sm'+^tuF ,nA @:%S乯Z1Q,Du $ `e^+w3|Jag6Uj0277fϤq\3G(NQ4\i4wߒ|1i}bdyyq'v#'S%2x kx0[O ּ*;FZ40J۝L{"Q,wDb,1F_Kh/ +7w]gJ Npbd=>9fS>:Di5s܂rz#º7Tak?D<a:ߛPPx̆ X~w2["JVx+vm{,lFrok) ZIbG}qqlDY^y{[ WbC@`|zkMZnb@||K bMy0vvHo0ue?L6U`6`J"xp||`Q>)C!^w?!#l >KRdkc=J9Й*Pњ'NغG{s~^" |QD+ CjVI UCt]Ne ݤerɪkP<%bZ5OTc_hh[ꓰe>Ծ,<^WnPN/#FypL.GjI #vZPyh$ht+:)_Kz)zds:'6%S1(;M(J.O%\Icu^6?:7,Rd`IdŹ&KtqIvfD)[jb] (hU)&;?Vo ϔ`g9,k9FfB5^=;ח] X7;M:p#I>#FrtcB~Ҟ7HBmyU>gJËK(KC1tM{eZMj:5w_}|>ݡ_k0;\Pl"6ĬUX"ElUֿ4,‚KfG YriB 1CC`IU{A-19w*~*Ѿ"ct+F}K,_*#H"g+h3ږ`ij5!mp6 tU%\*}rҕl-'>k&C>w%nE}\f<;~ uǧ\ A wHiw_`JlGgY+ )Uyh b h@b6Gj+} 5T0ZME r4t}+ %'0H=g(;,C:gDZh~Gz$/wwr &fvyϡ v O~i,GD*%h 1Q0J%?]")$?TBQK{H&nzޙ086; YxK o:9 ,bmMLFf:%Iz`v*@wDBYʼ7\Y$ ud{ \򈹾bg]CwuD5kit#iP@Ya]Q_L️ivQR d?uj3[ZAQPjC3}^1LL 4򖞥4Α=HNڵ-ڢV[Bc>O' =bw3q[V?h̷+ؿ`sJ@> K-x㳰_1}O)ֶh(*|ʉ`~24WE7(?+D} Ee"֒ LMb#64ÉÔ}.Fȇ i mFtJ'u\C?WH/bq98r:o%kM)KIydB8Hvͫ6th9\apbLe R-^^lj0R rY@{J/Y amzEN?%U^Ip+3UҢhW&,+9:. 2.G3һO^9KI-C:P$tG_2+/&ksdewjPWCMJꁘy46$}"@Lמa%&C]/4ؼSR?w< S]@nd^vuKeS?q _F":ՠs^5Mߚi~ +LA %JG>zi.aVܰFGsct8Dž3<gH4-OuYeXvKNN_.q]\btf_c8t'.}E GjoT}Ϡ0_ݟ}:e>d|Yc^NG3x`?/i޹i*}EΐXcD/׿sI+S^Uh˭:}TXTsrϪ &0lM*b7UER .ZHExr4ZƜ_ʛǛWVk僀 ',c7֨;Q>^eIrYNXr HQ=ވYH"M $_eA !Ш!7iP\+3o-WЅm&Q`GȚ |'8;2-ȵgMVz)ngvT%S "@_oYa“ʄagYլpʨѡ,1pã9ӀxG{@)Ah禞n4bH㘠YL7iSA6R(iL,z!ߺDçl>rùF AWGh:jHuD\KmHӽ@&!ey?<|0ȧ\VѪl@Ѱ7DG<cc# ^P.`4e=.+egqCrջfB+676DӛCNjx  (bsJn.l.HYuM%\X{M0#7@Yy˕X+j3;rE#،wWaTh} {9HPd& G '">c 5aLZABDTU^ΔY0v~/6ޓTvhv<+[@x8r15o)żk'L+gs0<!ǻK\ؔ!8էnFmۏ|b׳U;B^mhͳ1^\ =OMJ[vڒ򓶔@լ:zO|hf6[ ..$Ι .j-U{v3n̚d݂Wb?9G̅CT}m@NGcLv0#i6o,--y.ӟ @dOs-ݙkּI?x;X}yĈ}Lyi%ۻF<3W-#:Hݖ=&p dKUݡ.EU(K ̃<7"qK+$m"]D!5&X\a&KY pxkW~;`Thyuti%P|A%}Sa$hóNRpۮ, T VL5gOq+A|(jgR߈AnMPaW.dk%A-vEaZq ׃ U6 -(_Xt%rM =?hwEg{K.\&9Ї5b]2bs>]Y!Ojه2lsn/3t# 8Rv'Eۋpz):Ԫ}/-ĘDqƁe] CclY,OZLCy0GQ}1puṌ_1e<>ϴ%Y`8pb+hP$Ftm nE;Wy(8,%2C/BN #r'^w5ETݦwEc.rp4wY.-ZY>Nc{d4Jk~LQr[0D-6xivC>bz` u+,2^lqQ@_,z|l0ĞR/xAMId~Yi㰓7B'IIfEǘ"׃tW ҃ݞ_Ujq8L)t>@#cgma44aPC +XKcA&2@ٔG6aB,)D漑 ~ro |]}U`ߥ En_wi4CbLf)_P-FˬFJ?iN=R&mr1sO}~Q7r^u_k) sDC|:]j} Ya3!cEԁL۞x:sד]8=ѺdzG^O|EzH{UՃCk {0P]i4-T'NحӬ1xWשc { .%N#^W{EOBt&kR/OM̠iFYt`D@s:ڶ!+j` ?P@oʏxw\{4bHc ]ް4^]vH",Ȳny>6M|+_Prݔ; b*Ͱg.JT_C߭*#{$e;25CUp=+GMQW]G_?v 4S} -M-82K"u}f 0w*I|}ѭŰN=zF_.“ Y2I`ѵGv?i.anMZ)Hi5t /6}dl!fod>;n`5W)kI_ײh(s` ;AƘ~GFS!CN XiWÂ;^`a߉=4.$,CϨ?ҙ ~4袴ѽ7{B4KoیBbi[/Ƅc:IHB2M;.9+ZBۚkOsb2=OT'(b?ZK:g51mRJ R)\SՌŬW][ mn=SPjPt/\.I~ϡ_ R!Vxb2@p=^iÞTe#Zi#˪ݺbq\|^2>Ae0DZg9f,Y #6,z;W9Z^1E=3ՖTz~rNѧ/ hNpEh<ԖCV Q_2FN^:mTणhsJ u[w/8.jw0RFk ץVɓrf3). |aDa[~ͪYyYoA\i"G5}L0dizU3x>#k`66nv)8;d^Hf2}.~UCT>T]s{Vs[R[nMfBi~3mlm@iz‡m>,(uFsW-f| ׽rڙoVn]B1X(j>lySCԧiBL\РV|+$i{D Z}(s_.l8䴚 Pݒ60E kyY@'k-b]+,'R[;1L?SGʂ3|`7mW;S`༹Ͻ7uW$!n ʾƯIq<@$7 )>J1*w;,C,io:p!bSz7G h~;nzkK#VSK rXNG7uCHC㍦Ull˾ 4b6G?cVig/ĢCnJ.p =>}#wUxc|Z+IwF]g?M#^!ds*]{`\@p45=i44n};1$Ҝlʑ^$?U5-pq{䠃':)y;Nh% 4wf,`>}f̹(-xi.-X0`0U" &hǢ=GcIt/I~>D7+.Brg2eF+̞6;\o #ԁ>Sf6X'Yms^`-Ymގ"LwURx{C"ྃ-Y=N' w^N{u0eCZFO>?ΞtPٟH2E /D5ĎAc m*nW:iǺgUnS|Rx!:}: ! &56[-c]Zcp_YB j7p9rb5sN$ݧXS>YU ۤ~݀EVg`?qoQ 9;y۩x\Ma. YCp">-+['j}̬)Hd1B8&xue ^k\*/M-)@(Nrm:9&2p3M@+co+P۟MH_]7uzF92xj ?Ձ4v ƫf` 'xcNoz53/TٺB ;fAND|J^Ȅx,ϮIlڴ0YL 3(ݳjnl7!P%ܘ`-jhWR#QX?e p,eqD$ѬBa6#ǏE U>faWf$\nl!&W ԛ_Y-0~6(pH`UAKsO@b ÖO-I `9/łns=nE8)Ј CJ7".kY*qEzczEn'&;.,ݭS _'r~#pXB]4bOO?Z}zDwzЀVVve$+pM9[Y{-f#p$DVDVL47DgNUMu:v7%!w\`p>|<ۖ󷪖7%q8Wt`D9lO@LA"f$%9$8b̖ޭ } ƏKlth0I[E~y'͂r=)0J2ֈ s~`N•-,+^/V͉k g1E>k$m\Ğkt* 7X ESykֽr,%s4v;S* !l~y7d^gvqBbyѦ,]A@ eN=fz&p\BÅ%~q}c[TC]5݊[xT$ 0WCbxNj4T*B~Wےŗ*OYHfj4I~$ (ᓀ~vVs/z߱FAAwkz f $KNe̚a/_%%B 7]x֘qhcj7P:`z$ CV e6p?m hNhҰҽ` 3:[ 6^pC tS YZ