sssd-dbus-1.16.0-19.el7$>{p-H51D"qiͨD>>$?d   : &:W]dl         .  8 `   $77 H7( 8 9x:r >8?@@HGP Hx IР XаYи\ ] ^Ѱ bҭdrewfzl|tӔ uӼ vw x, yT/Csssd-dbus1.16.019.el7The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.Zϸ"x86-01.bsys.centos.org:CentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64 if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-ifp.service >/dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-ifp.service > /dev/null 2>&1 || : systemctl stop sssd-ifp.service > /dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service >/dev/null 2>&1 || : fieKO ]큤A큤ZϸZϸZϸZϸZϸ!Y ZϸZϸZϸZϸ4601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f1018b8062fec54f73a99b3e6621a491cfd79f1d5cf7a27860d6f3d349c32fb3164a91bb096278f974c810df6d234fbbc77b8c03eb4777b1f6e60ae84d7862724a2631eb70e5cdc8392c97e19924dc9aca4ddcf4b38a44ada079dbfd5f3b5c8738ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903964fc7410c2d249b550db927cf2e627ca9c6d2f994a94c7d8d9d01c341c447c448c43b08e46eeb71810d6356626b03fe927d36b1b70be335031986d9d0e7f520c0e403563ec4f91e37d7225e70bca6716227d45846a8a91853e7aff92330489e14fe0ddb858f5c55d0dd073d4dd65fc062664058d9f1c62f885779c8ed8fb6f1rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.16.0-19.el7.src.rpmsssd-dbussssd-dbus(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.16.0-19.el75.2-14.11.3Z_@Z_@Z@ZyZhu@Z3@Z2gZ.s@Z*~Z'Z!D@ZZ@Z Z @Z7ZNYZ@Y@YYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh cadeuk1.16.0-19.el71.16.0-19.el7 org.freedesktop.sssd.infopipe.confsssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.16.0COPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/licenses//usr/share/licenses/sssd-dbus-1.16.0//usr/share/man/ca/man5//usr/share/man/de/man5//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuXML 1.0 document, ASCII textASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=1510b53dd68eaf7758d549a0fea8e83b3190fc57, strippeddirectorytroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)/R.R*RR RR0RRRR R,RR(RRRR RRRRRRRR R-RR%R#R&R'R/R R)R$R+R"R!RRRRRRR RR4? 7zXZ !#,w]"k%{f}{&-򝍨|C>$?!_ ܭ63TL|3Fu`({Ƽ, 7zMbvOc=2 zrqG(*,ˡKqVV7_(wX]fd5շ7GZ*i trRl#=>a-*1hJK`0 S_aOshH:|ʴ7Wi=زIDz,"\uESP؁)< XiR%F ᒻ&+#@aדks:m cy`a]goRlNv w6Ks;c^'8~ 1o=.PcۥxE?fZᶍ ׋ c%;-؉W^]CH |^t  ']so3G410Xc^#>% NUwi* eQXdS4޷MȄ ؚ]mə ~3pLSk1Uc5.hWL޾!~Zej&|B5X *'[7TVFzdԝhck ɭ9g<㤐9%?ʼîނiKb Й8iq0X`u+W9d%@ Wy;F|P\H @~64dsrQGm]o 4O2s,ڂ1FeNhEAHD?n5H ]E̹ (HJ{*(%۵(Z*}3oI*?3xeaJ^ cu ?,ci-ht-:k㏫wxE&'9B0tJ9@WԮF#G4R.& ! :>Q/ڕks}>Z({MRqCRzK( [VFeÃ_Q~KclF[zyH._%z!{,tfl4qR7n7=0 ո;f=?K.s/;TzãE=eZ4<%u@mـ֛[lvV SgM1:7"jsqgw5T{JWvylŖXro_n(se,s0Bݹg,o.qi cձ{E&W({P;W 7Vxwp`Di 7=G!^Ȇi~_#_cn2=lȸ"&ϐcB y  &,|[+75oД-`(%a>_q>PM&Ȩir"_@;."ڴY) !ZD蜨UxnORs[۷e\8. 128vH(?Z:Uܪ3 V#mg z" u߬12 }"':bNCmWʅ?Z?G E-bE}I<0xI9P^0t;poD4J5NbREV(d' -xܕf)7s @S6}RE`I% }uL+Ei\<*MZBc 2y]6@.sZ$iA7paq)$bcSd24@11JS1L\S.K0D4@sHq,R ˩-g+G ЭF {\ i0*0S1KB7@Hww孅 Mk/;7=0'~eCUbVzTPɡⲛF'4fp(!|ޟ,!n #2e7, r㫩-76b|M1AW6|:ZN³iBտnGҤS\6k$0^yP qi};FC=ABF(^ɐ]PYck}_@vK%hDEor6ߥ5g4>83Cc:(;4Yٷ1:]Fe(R8Ȭ mC(¿<8N^,յލ"OX)o$l7C@; ĎN|:khq19$v'@gv0Lʣ Ui5,:?!r۬3*Ma{ʈl@?j_DM{#v,[g)ѓji-znHVgײ~9~3U.7zc.:M𠭝f W(՘bTc|.|Vm<2iYL`5 S)hZ[ho:D8X󔦾+$;1׆n+Lxh3ڼ׿g AR{Ec ?"cd ]{ ,˻]$}C{GpNQ-+S̈́OuT'w5M zΛoQDyaZ7^6XH!jCJQqk7Ju(^퐅{#g9oG5 )% 0٘vUVtdAsKpD}(!l[qV%j $a߅hL}Dwn$/fJnrX||E_n^iؘIbTeGRQ4*&gFrt."Z`zXIUlL"T 0.9;9n2vQM+`Nə!>zKɕPiNhCtʠ=Qt]B_\aX?M5u{Vܰc7ONZM%}[ZQɹֲT)@@rXY1J\k -ewf3qp1-q0'ru6/Tor9q5@ xV4 LzB܏bg̕SJ.:.^!S-”nr,p 4P nSE˕r QMC~ͺklY@DuIn""y!_> lq z)A2Cs"m%xn5?B T(|%U"s!`a:c&T.Ė*:R KKȹdp[ˢa>Q.?/E723>=;Y,b)aoT, .BG`T?Q0 }-c`hc$Lm-3cn{NuTk 8` ̏omߩl^޼nw%>+q@ީd?~s%HonXkf/獧">k w{!he_ BrŦ~wF$!*C 41Ԡƾ3<1U| ++_b"ԠR;k{k~S4i)w,v~Čǵ-f{ hK\K 9cúI. ڛD-6L@|PVD3K| FΆhs,D￴D1v_)sD;e%'3[saj+ !:k}^.I4ܩoCtSPX'v*m-Y+o}ժ>q7ǵ9*L\ wJ GrU͡/Ԃ}[Cnb^ ;?ML+K@-uChVR阀!_ t+%׮;soOɊ]:chXٍKcY,38E~c}"޼zۭ8bųy:+E5e;둢KG]ϗ0 afZRF5(1~d`<㟦`)MJ8./ԙ{MttNl_Iv &r, {2^]:;=`~]+p_cGmE* k8i ]_Vy6!u5z2Y4=wvޖΦ¡+t/% cjoxC*(c١L}(»Ix+AN|&kIg,= |; (2X\6i`jJ*Eb flDf#VOwٷQŁuS&{.P^D︋U섫8uv- 2I=uyy*OڀEUYۄ˲>pB462gb9(Dʻ$]J|ʔsӕ68C(D;:Sޜ Y% /v4LW JH{O Z.jBj3 /C!E- %aIOpF$/SEpl¶ s695Lxt̾AAHv&8I cnɊ|YC0DH =g[>xwt$՛m+Elw^>aɋ.!1̏zAK%";QlZGZ؛tGQN0$1!:1zh^0NG V;tHv-]C=\U .*\;,d ]k`#BH gVRϛdBRfi7J. cE>w7Ӣ? E#hH(f$ZQɾ9K緣 (^CLK5ye?9#wN9v;`Dg^?pqz0YԼe9w\0P`gլfjv<:Hځ@C/&]¼O~v K[;1j%zi<8}O@nXXPBKI^l~(~ߗ2DާEz]C aMS ї27&e:6f%o)`g_!3AwQsT}d"@#$:QD7Ū[u6@90F 88d.F_u&@/Ŭ(4L֍)U/e:0`WJP7m@~v12KS sŊy N)`M^lt--c580)ڊ Ek#]3%Fp݁4e{$0z}{ٚIwf8>=A}D0B]n3,nRY%!@h 1(CsB3:G(+ѽ\KuYu#ܯ7'7R1/q[xROkv4&V[-bxf$wb  :0*Ը^Ri#뱕$}%(^& !+X:`Qgܑ~!LQCa/DwJe%WDAfp,(+/E*TC<"Yl,;;q$CD,::2_$`;SF$`@,C̹p)Z$›,2In^\3+sz$wF"湕sKfu??c'SR!~O7hMަ][,tiS>@?+&\>tbmu{!*jPD 8kӵJv72o9(!G6pBQ4i(Ixi{R[B 0PL Ffr3@Hzk1>CȈb8ۥ]҇ɭd٣g>h<`vѪ*O EE,I[ )$$*[c -%W bX0ApGTVs-m.ӖڿcQ>d7@lX2 qho=2-?9RI~V9;r2A>ak DYD@^YH|l !>T=[wz+>;/Sпr̠"Qg+QE#Ԛ:lGݯEtbVG8!ùI.MޒetsHN9Z_|Wt*zp zwu[9'AGͨ66N 'Y]d5 AN3vhG|_S,/!KajA.hɓ[>+PY _xn G 3=** */YO~^SscmZN#󇰦+!qrjfm~2YUqpQ7ac{KzxaD1&aT3ۏgIؾXf`jUڼF3-JxIx%T0{:*Ihy\AF|ʄXU :no|`IiCnBJI.y}%નo:(=ߵc=-XڇT1`ozcV,=t4*3 Sd&'7Mn=Zuiг_IH*Of{qm!֏ +W}vP*59c- ,zݝ0֪Q(?M^4V;I7o}@zX/~=HOߞ?($6{@i[zPA&Rg+JK&{6P8lvT~Q:Zmk61d8 A$r7wnNt ڹbժ4EkxX^ߙ\Ňrgx_xjsDŽ>["Po\F臟7$WIl烾"=灒jƪXJecT01j7O0ּ[=(}]*}Wt|VI;& M'̗!L%WH#\+ۚź=9޼Xm - tsQV251wL\O|Rz9{=/ȧ=$r PCrln!fWjcOuv> EꙆ!P!+M_nW5I=,@ "Q+yXodCREοv\CA g^i0@2,7L %IU4 jD¬&t-~u*s˛O9zNGlWԴ- oJL5rl`OkE`4 :rA m9sz<=SR$FĽw|P![[ .iݛ­oծ ૫xn>\^[ ZM` êG|%7GA!rW Shg yQI)IuUJfqOP.|OI950/8u U-EcX߿q8ݾ Aȭ;\lfrw[YFM}62ޑ$ 6GYRwV[:Sz0xwQ<T6DQ»:͇,( S (FtYO~+Z8}qwZv4f/tS EuTph5hIMly]NVt)'1NR].^$~ZVWdiSz6RU3ߴ=*\ bQW"wx׫.5Aφj࣓+ރ8MeBO1UmY_ψ .2JXrA}nP#ܷr|'cex =4 1.,dPx0s/-m~~$:BjGާCgFKv%r"7Ԕ8.S_;sAA}orSM|"1 nYN+^#vΚp;£$y󘻞'j ^:O%$ t٤qߒo[axB\/Jd~վ:2jU@ 7x+ A,_0󊾛_Ξ<|CnNHT]<8^M[؁hn.v>(k+[O dKy_}/Cz"κLoeMOͮjaT |dG`>s~kbwS9!VٟӖūUoc߾H(`bLcHu^ ?O:ܧH3DB]`߭\7y1c@EkcK!# kvƼ 1 udVI~e%=qw,J鬎)ZOA YЉvLȏ"vQXPAQ ֦[jՓ1I{SIZn= VK-F_H*uu\A)6 0Gq*Z@>p?}J?[[XrG1S㘂qtW5Se|pdΤP<_|{/S ' Z|qwME31%?ӟE qc_tm%apF frFzg%Y-^`_ 7ڎˇ<|>Q6*t(_aL 3#e`Q6@-ѠaަD`O=a68Cerr{\ 1l=<+$C{:@ϫόU;|I</J~ ľnwþ JNoFlZL?%ʫµHLQTf*(c@ߖsv*t0_-ԈOCS@U<ҶtCI7[ONIB D̎psp1_Р$X̧/ܶtN#44;O*q$e4 &5BxA=~0,Đ@*cwzQxPYbI$Bɴ%'D Ept.,8kZ?V%Wa\T#9QHGdֳD/0:8~M) 7;H_KP}t^,&׫ii%ip0iO= 4 ;A7)n &7"n,ZZEj7h-2KnҬQآDF\%ZU[!d\T yµOQqЅi80bSY-' Q֠"4 ^ttb*g3{P.;ؿo\g u[!ĩq1=X5eZNðd~o3#l){\X!K[bRÒw*UeqrЕEN >Z4vìc*]L$*H[٭?L9hbt )A+@LI̽ pP~1';}Ȭ꜠Hl>LP_)f0lAʡqbm1֔GGi 9Q&] $տԉq.yl=k^V]{ 4 }h@Nj %ے/Yٴ8Jl "07-y`7&9T0Dtp1 aUXsZxM1n._X˲ 'ĵ |uhH< dPm?LzhK48fӷ9_SIѥ˻U7]G@ l> ғRU_kNW@K'8uFW0H@zź{!CctypVE8,k/0Hx\^pX)6UG2C_EMּ$]bC% [6؝[{r6=)fed ~gRg ՠmN%/ 4) a-b̂anFif۴k傕1|T{T8VF>s8)M%ˏ?{f#G 2B)L!JX`KW)8jr\:ا;_  ze|GjЋ 0ׄfΐ`bNd2Uw/ťqK=I} $s.u~ ΂Z׃.@)~%rn\x]#=z2kжe,dQqOBو=QfS%`apڍX4X€fWF۝5r"l bi pRYF=6@~&LX>_~ϟ|k]vR.$N%LXyy3;p#?B )*G`}g|x5j_ -C[[IL8%07H9PAʣgq8]%*˦db dPzx\P ܨPY'G'v|A]T2< sRQ \$J~P?[04,K'A^gӢ3;;i09lc뉏>٦ 2q1DV٫ Q hS LOLS ^J\L3*TޭrNjSl>+M~>zv0nҿep(K0ՕΠ1n=]"VU[]׹~ ^)ˬ7.فTB{Gͧiz23gGM0\!]J`ثP~ _[ 6wN3,x?31N@&j4 \7YI0pyl,ڧqІLFTƙV^P RAcv7 2šs]jm @rfLPZkI 0 tѥi>@6iSnKUp\EAoя5MMet^{);F1IcD/eL"]cb?]([͔+ն 珁_zrj:kL1i]m/-Y.u,Ѱyͩ+eEZAeT:"rP~0u` 'qH+VOgamds"z#P]E9ޝ-Wh,XP`IXNwE!9{'s!/҃\Ynr4m.K:\;ƀr +3wfE6ʦ {Lzǜ$8<;\wQ={.R־~6l 19bq_FmQ$yXVв\lGw`GqakkHl qNpcN8Pӏ/&LG S9P\~_}ӍP%0F&[0}ͳgzS1G[h'`洅Ѽ^5aO,<<%8T h1qk\V0Vfa[SBKӤ965:437ŧ}ϔY`(|jL^l?_ͳDa$k'(܋nEΑcHrGђvO _f.GLG"P]GPϮҘP;(H$C>^x1̬(`;_A~c*|~/f32VY5$\1nwt)2fկW"V~S]TͳQu Px]i8xv"-JI8>  IXI JrGc]TcO^\?`f} y?jKbKU~'l-%߬2!5\Y8?b'l /+OO2C5fgGwEo(s&kiOf{Nv]ptil_ڔ6ʎЍ|wͦց`q[)-z3K֪'Z;ŕN7[=7bHz 2'ظ:UW76[ol*p蠽{r!s-ph8|W#nf,["eq npb轹8+ ^Zm=u{8P7d_[= TeT+o2xAO S|u4 o=|$/5(yٴD?&)G&w~MWI?o{ǣ0o65%]@B# ">Z.[Z1Xie?M?Xiddtj= ݱ,W e]1pG?=أN!h/*2E\Իy_LO2FLAN L$.F"X3(\2ӦI8i 4tltT[}jKzS?h k >ф|5? hJ25#_Xat5G\'RLۅ+?`~曨nS8TLB &r[`CK9Ap(^w߀\=2Hжʫ8gɜ> +ܡ1UZT=<2۴t^1y^ؒRPeh MUgR2܅ZݞS*!pru eeXV|\Z}l8ce$B-Om5gl`!Wrņ>)Ayf]8ʐ:GD7\"na`\Έbv׈4id rДyJx5LL;Q ټA 0pe@W|nL^о=x.ނ2֢CC\jzzYP4ߛ Qnj}l129ye)?{E=|ј8*7@+(jfR'YW.'RkhOu+ο;}*yۥA]:mƾӴ!03%m7pjgT9OuzƼ4 گX %5 =P athAi[@  {j,mଳshƐ2 +(xgN='AiF$5tNfqz cY.SG ĵBzI4n=ɕu/SΩw(̓3dOJN Zpj}gcMEipieW5;iaWDD] ]( "Dz1R4?#X%iP\ZauQiA 4 lb(:0k⃫p l\:^0b8)wTTdi3_nB4cUE׹ B7ؙ "ԇ4T>f"/UMAbO-%JQgsjQ_²)_ə=H 0'ftKK 8ҝJܻ/1WbFli%!{*swDϨQu aJne0 FCu9xWy_/QaNH.[f s۫z Yp|q/W'c'Xtnǵ&/mPP{[^{IQE,8iYo4k?b0dxm$Gl$\%_Z+ӏE^B3iأl(bDeM]dڐ5g_oYtj+|wPegQC¼㔅T7jQ)}nnʇ+Tm A>PcFA(!Z1\Q<H(m7ͲOWTvlgB*欫*rxxS FvBVic^n)m+<ٮovC+l|a+MF)Qg'N+#QGC?Tyבzxԕ|]L%l'f8kN/DMNߊd:E&zs|f9[0׮WIKT_Z>U -:ȥ'O+=6^lf%ДQ=gi}ζg㚐YSXM#l,Sǡ)Nm#nn$Tż@l=Zylބ°}):g؝LD% >Z!=j\Y`15ѷ0dh?!CvuQ"}z: h^X8?;gQzYID"^hS{_CV! M=:״i)AY]Ggӎ>"V'Ӫ<+?q7*=Dl TҖ"OOt&ViKFpz{ wDvFvkŒ>I p|P.3ÍAS.̙ _#H8B%|CکmC[=ϿK103'LODeJ0EBÌNjqa>L|Tm"7io> Yvbm WZJg6X!}{Z1tcW-"j\ODCӾ>o~ycuc@9F푳ihqN:x3[z輛s.OjHs\É2ǟ?>-U/4 BAk:%NQFc{j]5+j( )`' |oFP0yH 1,ѓ@ƖZ&ro\#J>¦VrVh02K=ýAK,??9ůp s6*htKqD)Iu!}٫~"|9 z>k&s9D̚ufhM ?}ԣ8rmsdkNGCsBB@%~ NWB0S'UEz<Vf.}57΢_Jgu$9X+Y85ޓ|7NΟ.QxfNj|gN6XPG15f/K6M W2=GkxBξUy*?>b.I8T\ 6ŘzHHJoR e7(rڿ1LzLzu+q2㊸6DxLa;v=zlĵW`Kdw*H4=w;RV8MJ!/ s<+6/+OBd sL4B똧=AOUͯIh%ugdu}cf"rBG%^NK=÷V p/`;m`hnNn/RR !znZn`Js- Iw/yR>/:QW nB6o*2.;f*o%}@yoj~b-xn<廛2 $ΘpYHo%.$TJH)Žg7 *5C+\ ?oF=ۭ({ԝ`MA 8^)D2SBnY0'ntxLUoRYr#KϫSt [#"/_<𐹞d[-VdѺVn ,TFK>h dJ(b_s_oFk~3À"s"^F1JMHli_l(⊬w#!4{ `iApͫDb*lWYY27rkD\pnٕ67El"qn]6/h!3B+[L{q ӶL}ٵ͞#lZ܆3A0qre4rdLv"I#Dޞ<0HMi %XP3XKnDcm.*sMbr`?ТoR2Ai܅ ZVH|n1ޱS/Pk9Dy/L >|F#9LhB_s8 6̔=z>WeeMj{*<@H$8b:Yd\Q+&;_9;‹MQT{EaE` `?[Ye@7Rb9Y}6>Q&avEצr&ٍi9GAmࡀP:a0ihX~+0&D3JNPmspꟵ /BP@+qH+wSڱ NnmZ()MN I}}؛oJMsHV=YF^ߏz=V=M^iiqhHGeߜ+'W"a7D;Œm&T<~6:N-p;2<^TuB YhBs%klڤ!WbWCqg ^_ۋ^OrסF:_;yER*jFA'ăa>BJչ r,KZS$WN5 a G ֫M~knd ' 0G#w s6R7B); ;Oj*auataF4 {I?כ+C^ N:o)>XՅKPi.TͻVQrJfqAq=,oy<8hMA} 4 t2p@SNR 9t +s{ KXr=pZ6Af'H¾VPJ7$6k|{fI^g&P˓J&p;E}OU%$4 h*?4K.WͽɸC\p D 06zb0efuY .d(] ;BIc&g됅' 8u[>0JYc? W֗K Q,U`c[n)YΪ[3J2 >nC%|@yp&Raj$w:$ݻO ȨGEsZ.AY&R?x("Z@8p#fZ @oV%3mJ1rv"K=#*A$?%/y X7}G@L``;"ce s?:ݔKvZs*́td/ \4jmBVKpn 1?̒z @,ta0_q1zoqzn|DŽLPj=4jv`z3 68l90^DR/;1m dHQ|q>Tx~c,y{$T({sw6Mמ'#:t0/Ag.f 7]_B3lJ ҹq{ܸ>fugᅢ`34c[ uB+d "`;ȹ}Sq~,G;񐫠J8Ղyr˷-&IS\t?&mWg9YU㦡^BrؽsQjlbQ,8x&Opy->]a.0;!ǽ">WąQ3Y>LM=TD lPR?y>]'lS9|;Cl5v ߇QQ'8m]o~2RK`$yN-`nH\Zb;;3-RV>lRTc{-p2verUH۴ e)( B%%ie=/ֳCklpZ i^[QɭJr#ʙ#W50/*۾4qe%ק8Bd[ e2MU>gY濰A6!Gd{SzH9.nU1L] D˄1'cA%X-wxIz(2笞6 mytGM?H!^HI{xDf1hs0|T]DGLѪLjdODXfRtpdy˰Oc#F3w?*,'g 8X)IVW̷xRMj$ s09M.=-I o-,PU"+Km"u^Ch58?pDeɟ J{Tds\H, ]7݃+$&'R e' O .kHuOxFQ]qYRT;V]c~hoA-$_4x ]($kcKBJ\0ΰUMg,1 BrF,"[gٷ8q@ 1,5hړSޛ0FoNWxl Q ,' Z~_WM+ `4q |@kC#).^DiFo~wV t@ނN(BTcD\¾/.nǦy7?R_8(qfgFRO#QvжvD CbLmzjGyb±-66;@El%N3̺|b=`ъx*cQc}:tZ`[qGdY-OJH {Lppl}3dQDv7 RhPY4tFYtbFP<_E;}B\ch㟻38I-'lf=Ӻ@z jZKlYjU^aֺsЦkJlk3fU<ǧìNzΧGK~ק2fLV+Ȉ/zTDsG⒣U-z$v[ "r͙ XG׊]M:z!]f(=F& ]/*bCdnJo`U! z.hacG~*$x?1'yT$c]B,7%tgh! +YH(/99A<}# ;J7藑QJ3^eBcdƶ5~± omi] LN- =GOp*!Ne2f,tubg d<EREՙ K%緀G,=Neݖ*oQ.|d t++gj6 wV/EDb(%W v򦧁Mq*/̹*STt$2A1;p RBK"VbCD0Wq; aa=nCEurf, |!'bEmdExĝ>%NˊiA$WtkJ;֕HuiPd)d'ON2Mv;B.gHF[d旤sɎv >øhĩ^(lG:D vQȆjk'2*!޹p۟Y/GJZ<ˆ-C0&ǃQc97"{-.}Z~2l|N żjB혓nNQUsSe]K{cN ]ځg m4,0kF MW 9*iM[J5ۘ#yY T3LJ= Lxچ܈ON?ݓX&_3U9bS5 㤣!j[wYm$' Lu+swԧߨrKXPT1.˵xC qEs/RNyHHvJm ע xɌ/ڧBHHo/q*S u9v{2/)q{e֘8ܗ5U^W4_1 U䀰+q!1қ>^VkM_15P0O+-u#,^:9 (ˬ(LǷB=?$ "#Zuu|L#YD{4H́ܮTsrsYxz%ĄV`}s[:/qO*{"RK@oĘt+}W,|2mhf O ]ZM1!Q4!JSMzAx`!4MФ]ɳGÇōeNBg8iaol_g`c!.T} 559{8]5qq,y~5ԥn_f RJy<$rʹ<֠^Sv{')Jj ! d@4|50/%wp_nDni+갃)I*Ŵf~4xptx_!`6^.Ʒ ŭ3~vTTSK6NI,QEJ' J y JkA<y1.=)0tK,9d\d;#tHȪ.l͑{37mɝ2{ Va,͟%::w}~=8[:%/zj27R\ cN 02b$o6XwYTfs0ԭQm4y:7̐K;F0[J)`c!W.WY٪^яU rk| P% }M^34t3A҅!&-V2㎃9Pz 눲>^kCPY\7mڪ41aF(޹99?'k)n4,ZCoYgkb 6ecpX6CQS\~f2RpS(lO \_u;$r|?(tU/al%RX:vv=Jo|a*$l*3\լo \g*͟n1 3<;|l@R"6!߽YԬ)r=Tq #QNijS,sYg@3a~R Etl1v<mZgئB؅HW顧MdhGP^WaOnWvsk1NtV18O5kilJz";\RmgU qZxqsj<ﱖbUw#MI+I1S ,Ӛ1:QDԆH:Ս"iFXeF^퀿ptG\.ykJY>j XJǓꏈ8F1'W.-ȈOPCطYW6 aCAnFL2 Ld `#Mia'I X֑#cu8#Jaiܔˍ_Ld|XaWwiꑷ^? "!vV5/8|nVt=^Py{-{s{b3=džhFHvm:Խ&"2@NRXuP6TQ˩j hkߺÂV> yȍĘVW\_"͆ }C5 kIn \Pc'4xx5&b$a0}`?0fIxp䦊Ĝje(wU5~_RCP-&D;fa%X_OEgc;.=;I`Q$cI?Bm9q*};,roer+mMwƐh5}@?f&L%"7D:n/RXSma)f얭匞IK iN}@(g&7jotu/ F+XRHpҢ;u9չPG%qH}47tף/I"9/׆:F$JyJsS+cHjyא&ʵ+u|$)XJk61'c ).ձ.G13_a,CtE.5aKfA4ܓQ SSnĨkY.W1֤uPP 30Em,k &|Jk􈔏٥_@ [W8]x( $c wH^tPMKw\= :( kbz{0h2I.]Yp熾veP7ĔϚlo2NfeN;Z@A>p𠋜>)H.aa`jnV(0{LuPY(h/k[(CqBbslaȏ*1JmQcߌYnī5 Eew(q(ڹv 5Fp6*fzS]xx b2}>72`iBmKzt'FeCE9l=CB%؊NdTV=- FRqGXD׵^D}cZڥmhҼP T&xAPH;[c+[P`n[U:myHGN_3o&ӂrA?>4d6, Uҵp D: yN t ,~k*;yek<5c)0+3?H<2/";iWdc jH [R`c#emdⷤ GH)8 KeEs^*`$1}rѲ*2=rhܜu76lg) ΑjGgfCa3޵! )3"~oJN$=C ?TNe'2.P\]po'|[/ ՄUbب6"{5lb!$07$;iY=wvZúslYQ&!wk6s_)??*o0)@WvÙ YWް߻VH4 2R@mM[K-.Rm.CaͬL}LÂRb؎^"t%jT-r 07r(;ɰŎ{Ifأ%OwU4+s ~ p؃R߄VǯZ'%:9cǧ>_u:Aw#PUA_BtU:3hEOl,;w . |$մ5atփf4 "n+BнWlGh?U㺗V@? $/$DJ x 삭 Ԯ*̀NM<ø& s x*JLJ"IFh' egf9nC#WCyr0?q >4omLr4|y7F>WEc̭4rV:W :EH:Hx׆)eV e@eBb&E:=j-xTp CD O`RW.5)9e炧눴F1L6O^sA ' 5|C]z?^KdOXpztZbАqm%gx7Ƥ4 mYR QM!K9xAGe4Ct@Ҭ-zs<ݞo``M!EC-/(jg^>Nq&x'@YEZUݙpִ,M2}N!3^@ a}=\^׵)pdP O! y,ΛFw{oM}mmH Ad~Q=7ZAAڗ;օ7̰bE6RrxeP 5Hw[gJ}7Bkg/I+hC350grXٱo#-}2tC:1EEMՋ7=(f aଦOWLM_k<)up{5 pݪG-THH2Z It߀/׶2mdf24gϞBtYzxQ*$ؔ#j;-Z+FǬ/|JqoxHPzu_!&d|f e[V$㠮5(Ke"L/ܠY|ʲ8_ [=j{%%E~e/w&w}(04_qwUIZ T{3eFڊ /%HMmj>ܭS~糺wV@[f3 ڥ{(8h|G_c~;)=Ngb,/91zA| c]ٷb۵f6NwuinVQ Zɀ >>0~L`w..n1W]?G 2`M뻓AMrD&tOKNuHЉM+`7% O慠j-T!FNT(,N@F]ɬʮdĦ=R/ "괘pX#&UPrI"~g(_ }8fvؐhJ*ش'!dDoH^et;(4THÐJ'Zw*Dd*(k?S-uvC =Qd2mdD}KxQLzhh㯅'R#e[&% ,NHqy͆QE 4)j$ܬQ+BdnLhVFj-?wDzbGKE;^~ޜ_A$ 0#fc'LT92\x4Bcv7Z`%Lc.8y.Jl4;8"o҂u?6»z&tB { _l䗚#$~ϣJ}8"1z:WhHDb;bRCc3J /L/Ԁ]|[ tQ9G3d ]H:bs^֦^YfLuOյ~|̧ل z,~J21Ì71 S7o⭳J9>Cjů/ʾf|(^,↏G:u l <ܙ^MHipw *|6cΈܳ qiCHKg2gLU?,1@.po?sח?db'ĹNB=H0&Ld,yE / k/fgVޟ+0 ޳62mTo'Q&ŎDu{Rv*: ȧ3S&=o5Ds)HI2gI+SA?Dch-[/A;DFTk=Q@.+_™C'_ev^GZ63yfɲ!vs9I䒵,#WL|?j@aT7#ëͷ%ᶑLl+|Z) RyB-ФSmӳ%a!IH [ ɓmsOэV *CcgG+;'r%O$6P{[.Zh&I,,+u;A p&T$,^Z^ ˉuj|jOUPczM8d&s&%}6!fs@W޵ @)G|W:qخ Y!/إ9?δOWHq+§A`˫y/-G`&a %xlZWmVŗWc8T Y9Mx q/ =+M5"{O +9*캊~TV~_k)3Wu2PnXslp~y\|U}:RМy(dFl!0ףuk'ybⴍ\os'ʣryVC.%cU]R)6聤\"bQn؃-NEcDTKX7Gs1:/hUV+>Zc {_ױHfB`_JSP7ӚC =^hx_sN {'9J p;^~^aBO)'9s!>& >[< z."Zq8Pt0p (2tM ] ")iip<4զI:Sr880Q_Y?_˾͉H( c.Z2cHB'359)? )N4`~y5՝R;%$j9ӗFEL^7o\dx`Gߞ "A\Jv~̰J4z ^FS :7m ׎a# V@O0A!])꟒0!>7}.ƜYvSgG8;:ݢ%0ˢՀ\/a,;2B.HjcvFTwBZ<0G RyRW~6:X=ⶶtI!Eš/D%(L9 ?Ҫ"9fn+"D -I)OBgꮎ/T ^9ٮlټG?&'fR xj 5@Cˍ|7 @b7>UXA=s'߸*}3s)e;q=I!}Fa5&1O[ C-WEѺXm(@/5PPuBD=- }dPx8J&5eѾj89He]|bǸ͹ZBP$a=h8E`]sWbd B?Ҩ OnAsq~Heۡ80MĜ*68@(r6|%81Qe< &t~x j_]Bɝޮn9Wzjл`s@={M~JA7U[׃DD{ $ ڱU. yWD/ &AJv a[o\xi:}S]yw6CKgU@n&Tux%$.k/Cp儧FD]->ЇfW{2͙%δ~v3? zˌEܓGNٮ\u~hj@5(oGLo~@>P+6"Y*zQ]8ݏ")*yԹ7'궿swo;7݅XAlQ!XYlK4Y &6Mb3Db'RXqȘ~  MS[+uiwh7]w틓SeNTZiÜi@ǂ\X#&PRm|d!1<>Y1dʇ_Iӣf]7)O I^yEtbOCf'1bG֠!@%*on-/G{)fP{o g%<5 mŽX\fa: B{Ct MlD1_@̷ک&BhdEu'p!{ 5 veo$棩hjb=T Ǟ+:בrjդ'!r 3VS!,o"G.rfMlJKK9v [25 buw+`P#SBc.IHΗKMmх+y/1|qEfȭavWNn>K,̸|49>`?2L|Y`Ұ6[4!m󙞀sJb> #X|\cp0!ӌ7Y"yUb NphCFK1ujQr:n.464* $>@&j1vfLy&i3yGA7F')TDž:FmxJ YeSCHV[2O(RŠ漳SïTBJ®CYk->+ފ!nўrQ;|[ i>7E/*"7Sϼ mڃBM3#. -KԳF͕SubB@·8A1qtl4I)թmG d#ZuIdd@`fyehya{&W?XuJ5\ L19 R ZEyؠaRf,EW`ZD>{Fif:OnM HXW "< KELFQ5QUo<[m:t7K?-A80Gs?lpjZZ'6Tx9`.;%m~mdz>!9Up sD͔<왆3E*6Auj^sƸH9OȐ$U@R_؄pl"]=a^(xRbߏ y)*wo!- \J@6VyCxAt,KxZY.]-*N9iyꮾzMKVVUД3ww_J*cl١ Yۀq=aWysg,BTTځ=U-njQS~=^PL::Eَ͖ {)*W]V=rTQ'Y.qMP5;vB;YxAc_Uby_"'s0=I]zާ1cOi0r(Ra, (QG/ @,Y jU|bf>Nj5a6匴-o~?8uS`Wd9צ- @}L&b=tQfx>K[Sat2s9w/*T a':\zK P&]&E{Uj9uW$[{p-^6dgLWE#{ԙj@3[-%؏vHK?p62S׊K_ E:jhO@̴"# n+`bM-E5IDg[qݼ p=hSŬڹ sua`KQ<И@@f$ǭ\ْޱ5@3X6k+҈֖D4Q&l4b%L@?rρKw&( Fg[#jKaatWg0֍s< $D6ɡ43+i2 µ(j#9| ii hwGB~H׬gI5)uvPΑ(CL:_켍Rc09ڞȰAFYF2!oD&UJeH, Q lF@y")^Y0 ec mM,nʑ1'(]AA4ʗ./m j%9l8=ݖL$`hlR3 4MKD1g2f+hit+3B-u NYc4aިv6}m-V.iJI gsPF*ݝ$1Pe2Y FƕBv4hsmw(S;Y,B?.!&.bx~muF=\A%[ 2BP*1T6b*ր:@T6B7I_$q0:z鍈-{nUCCl} ^P%jZBC+$/IJa机*oKY~4>F \a:ΙT_ :N_./?Y_ܥ=7 CG` ~PKeg:(ό?4G:ʹ +2Oe9|x;`d6$raY1q@>Ln{jkᧃyj(_ FfȅxUjYq nOR#`$¢:L+v52ݯLaRD2w l%z`0|YO5spT;&e4[6ϫ/x(k/C&l!)#$H'gТHEڜ (,d]ȅMNx.98gt Ob#7N.&MVyǺX{x?6W93ֵ'-NXh{+I*wqp5q5h_tiҾS\GsV||B1g4һ,BY)-;f`ODS:,\][q|t: ҦӅ_ h5E "\X4x-Rzk^ECӾ|1c+ |!Sp}ڲ&e093q(bzR47vb|R- :=>M5d g1kM'0v>Ϩ10;69? x̤E_{sί\LLU {T% N{Y#853u7cA\c<p-umaKTftf({} S^ܪoO5̮Foz˪(7C+pzW oXrPRuyiӱ"-v4]b5 DM |E?.TƮzʾ:گX =fDñS|F :[ l̒wH2(s]@񓼇Fg'XhòAQ,UKKYqc+BafGTJ_Kuhw>HaaY95q mlGQzb j^_.FCk#B)@oP7iKʯin&Jk")!ʤ S8ų1/XHzM=& e-O{A&H1=xƏih eHx+>oZ~qt{zlf+ܜ| TjYY<.f$~ZBߊ`33ͲWB8V` aZd9A:Hw~+_s+q7}FsAئ?{)/ށQ:ִV DiGN%!LHլeLS'w>_h߬} tQ>~F>Qhd -m\1>kGpb Dv~iX섀t$2'F|-~Xϋ)l˾)Y ܭZ(NvY|>`ss<>ƚshoXv8{ᭊ5\\DveV775Pk[sٙ&U{_L2'٩B^F kݷy}aqRDNx%MhhPo-4W5SqQ?8pO(pXAF0e#muY l#x1 "_~c4kOF; 1ǭ-nK`3- (:#JeGB>FP ێ`/, q۸2kz G5_T@Z!q@tx7ubR:c=$ܰTF͏M$=rKh=l5 Y~߮y4Guf+ّ6r;E<UT73o+эʴɖNrDx'Lޥ薍{rU +Vpik= +Po U(>yAg=9 fY^׵q@b& -kVyoboE"DC+yf7ODӆu^Mw# ކ$huC{NfP- ]ԫ&bLe7]<)H{ދ U(GBMzé!"I!-kɹ=Sa$wߡOC!U߯9P_۳`E=0eyvEJ+}Sϙ v$EkK3K매dFF9uq D R(Ӿk|ޞXSqC!MxS ~b2ojxG0ɬ&&m0@Y  atOJ .ϧm$vҢ9me.NeJ$GV aHe ͅ85LL/:$PwJutȔD+e}Bbd׬' `ǁ.b󽵙{ MI ~G9SCB[QCOKt xسɘA-mjnyZjJsT!(a_?ܗiHAjF։3ѠLOQ~n*c|!i}޹TDX<c^4;=kD/gRjUK~Fpcil<Щ EBHZ@~n l1bΧ_h%"wPq>Pl8_#aww_Q<;砾F\Μ"yrÛr<8b),)+!Ym&0.nI%Dd̪\+3/HZ+?gGMR/d5կi,=/uŏ,^P]FN':+Vc&7Z`r: 7C=DS)MS}zs CT曗׃IzEV8\i3(uP|2}Z$#V/T$|3 }V``rǑx,͊|XD^(\/Lv&!y 0,|*OZn%zhO3~I&KT)!UFmt^ 1+tn Z .@x6t֙#y̑:ĩo*6UE ׅRQʈx?VmA= rLxMl!(2Dz<&[OU8Tts[/iEp+ˏ`TJvC`H]9X߹lDX&PFkL 9SCïs7ph)<:[YTKFg`#//$ofS7ӁZ5ej?*&\9#\1H%#{f):OˆGV՛]$QzؚgjƦXz|˔l(('ӈ'O tWdϦHÞBnVMVdBKC# 9ϭIE͊㊽孷Vr Y1x#Gγ#yn؝[3<6 %WU5҃6GC^uJ@&3r#m >ٲb8V݉EM[&Y_L`EoßO@.Tg̟рZ@n vvʏqʘbn.^Vꜘꯏ$fHclE]tO—1{2ߚ3K->"IY 6f ES`+ 2:Q(Y 9^|;`\}WpJZ@c$̥[#;ZS͎ZL*`ȥ**]㘥3>=y . B&yW(tjn9m,!5mn5@CEC> q~w= :+,`%(P?`O%_7) F *rGEH*Z qnrwJ1ǥ^)CYIbjGdQHR(LA\Vŕ[(bVͲGg"נ6.AB2$ȅ-NPLpۚ;4d8NWk{a A48<ӏ֏#sE$8rEA 58WDt"ܟՊ~N̜٪te/K*O,_2*:zvt]Sk ί\G+,}YS JZʡ @]S/d<\+hGm| |5oS6c^zVqEvtֻ T9V̝|6z:IMP;S@E\˴)(gE=vQòٵ*vjk}ˇOS:Q03GQB@:f=lcD#\G]~"̶yYR-oer9ɤ,1dF5-.+2#GIR*S<\2Gp5HͧFZpGy }G.Zpb=ň&9\Nur n8vGoS&];~#GǯmՌc [r 1aȴK7'1jqfہLq)) / u)K_,##լgFQ:cxkBi"7 Ơ4@}v'Վ-ߺX )~G節qDeO1w7'{}ᶨ!9=a)~b3=S'@IڝjGoX5%@@/_us5X9V^PsUQwOk`Miۃ\;KڣjzŠF!YS$>FѽQ+M_ljZ4SM_}}}kڻ'Iaƣ41L$SO (*l6{[@ gT,Vo e]ZwzTX7[k>]~d4ox˞UtYǫvE$dzC)2S^ մ7?:/t;44 >yjQVI2?&O+7xY;xq"j:{@clЊʽ jwB TJQm^CU|"v#D26T-;U.a$߱ې }r,F@Ҩ3ry0 A9[VUU* EHrZtQ X[3_;:4$mwOdpXG:ʱ*H~;)|4FZ5.]LWyC4^6kU\g Š.`_k2shbFܵÈjvU~mUփUx>nMuK?uGj@.þ"6a(GCKDxg]( ɵ{J@HI '.դڻc0uR=ol xuL7% XQ^a,8VGS bQy>qHJR n{0f(t_yK)nGO1չ9^aj/: B/'p $ ޤ\Vm~K恡;'qn_r}.pD9qp߅qM_`^:{uLǣV5ΌVDN:Ź.19:8ڶe|t計1% ;:`Cg cvgu!:zFM`XCfW>GGix4JC|$ vj285Jr| eegիfU\Ou;t{PiV:ΛDU'0; 3kR+Ɏm~VY/&B/ ](&]eVV$Ky[ + +v8L9Kd#ςh=2 er`]"piIq#B8KO[S sގGȮ)k+"M<P Ӻ<1UV ~v׃8ӓGdN7|]/Fq_AKyoXET_B$Gi+t>Z%#%`+7lwкI ȍ&5w9{Mƃ|lPޕy&ƃB?r5xĘjkc'+x?d +q Yp+4i R1IkGY[5]%pTj6@K2"~spI`ޠ[.Yѳ%pN/`㌄C,? s 4 (]-ϦE _ >6v+EjqZRbx).D @5i(ayvG*>9+C*`47wX@5)|Us_YDD,vƂ͢u. HE V^30hPj]#p DY ɩ2Y]9o tuIڣ# od)B-ͯЧ ,:(0GOW'w|*Cs+zXWM[i:Fi13@UZ)ߘ; dk_k^xs;d^|tj|^ψGWrR,WT9^4xwGl0|,ŜC5JRη,f"3@@酞 ,쟝.٠?VB}dnDל@{J` PGո.5yfb\}\ ہI l?LdΰIjʲPgNaTirH3Ð34'm-F1TWYNwyr섾BA쀇ou O%5EYhQͶ#sQ1,8P.JhAMO^Ol>&ъ3{7֘M#ɇ^FHȝ^2߰H P#kv.rl849"H1JLh@DiO s7\h+CJdqC |QG:shc?z`Y@"%2PUT"GY. JXN2=p2 hxe-e9fr2^{s􄎳j*@(E7x{Zq3[_ }KjCJM$_<{*Nt['_`KOɹ/rH}Kl;3ѷFHNRJn*_3;By)>yBˍ`&7FT?+Jw '9 . ԗ+Bޛ|uqu`zXW8m_p<5<͞ׯy96Es_"qp ȪʠDknaŲ/>ᅓemWۖ$ayqepssd`}sN; ߺP^]Ss37,5Ow0Js݄v<:ZR+Tb*NbIMW__08zG=g8G1*x"LQ r藆s.xÍH.83&04з.H2vĶ~ct t:694K,e8[塉3ics.TW.$R's/|/.=G#x7,8@(6K.rVhNN"Gqҹڻ1 λ "RZ,t/7 Z58 `i7D~Χ8#һLKy=BDdtwn&RX̘.UG0/8$*ԴP8XD=ѩt&,-X@36'U]da퓢"PD*T2bjhoWKUIgYXK[Qx%akH#>*De͍HL<0S07R \j pIջ&}Gٵ _xc2+_Q5);6 ; 4?h01cx@  L ט~Guțy[)Nq="1zK6Y`D(IÁ,Y"^zHO˹L ٝq:t79zTIX/$ OV>BYf2[x1O:ͽtg&v(UVxؓl^e&{5!;"҈6,Ť›+Cu]SRReEJ 6e >E%1ZJ㉄c zf^V`@s;VX[{Qt?H\Au ٕBB7ܧ# cnϘAK6-;%_GOa:~$aŊnkm!l-3bu1XLd{|bC8&Y7$ܖtGy/y9+rlAfbq~evx,^%jI8]|`yZ0l`z4n0٣4.5 J}\6\VoWFBs9na & ^iWCjRsf, 0%j;] ˀHa̼jb% BQqa=5>z87h) GGvQqp={wV@GLsŞCԿ*y*U2^Y)aCp3(xKo>")x' δ"^╢ ImuqΠĭĥpU|>xj:pI4|| e)~] [[)Vaxqԍ˶ [e`qhŝ^<]y~4Ge -aSլcbkV>DS2tGR60AJgArBn;,Qi0p:]U%=XlͻBTOq<.9zWMJitdP<JOH#}iH[4F5n͔~Sn/1-L7 KzaĦ%|S4!c?6Z+ +%G?Ž"79faRQTƘ/BzM0c2TKhu&zխ%􈤵? ێ FHAA^ k3QP?w su~P^(]wRJ 7m˃MV?B5CלM+-xɥCV.w }L:|s?`nZwإ2Z)9ՇF2)mb9yº) ҧ-(l8zϧPt#|̊fXDUu°-XPE KtRB퇻oZ$Ay?~kv኉BP oH2 흸_,{̀s'r:TX0ΒecU3Swb?CwcGċ^ۚߑ{% /%@:T8#_7Qy#esţ$zd_>_\I ?ʦLw.*;L[nfԯ%- S# W:Zb9UO c|B y$EZn!-,KS wH0` kvAw@92tpFv.ډ.PD'/G.r'hCXY/cF¥3,<ǚ sT!1Y9 `!DܿpI!@ מ5/YwX{ kjS7UM$G qcr?$\B3;@WP$}lu6%vgS5Cm$&@1#cH-BXކ';< ZM%~6 FZ*y>a{m 5mK|iv}иΈED̪6rN'LɔcXƒcQA $QW0D^'چ "䠲}\/Y'~ȖV)~"ߌjE!A~8vٶB9P;Tg%O>R*}Bc\,aX1vC`?=ޏ5tkQMIV^^2.cfz08p>m+f&;Ut >@ŕ~IU5u< c_:caiZMM'[ H~|# =!vZnPCP移!TaOQ(?² ѱSR @cu AkdO٨ iEx.ʼυ:U*iAI 2'yZAV "x7_\Y:̅, ~u*^. uY*)2FpG8/sWQJj29FmLEuЖ6!rI%~k/_cӗ挍 g ,Y!va]/zWSEN$U=]Ǹ^BIXy4n@Ug~ @M%:ᕶ@ 驿]~p= i$}S ~E!57AI,\Sr'ȾMO6X Xu0f"H zX$WK\Cw(X־D͆XB1`b-|25eֹ%isK|j-3$'(Z/f ~U yk V0?"ue\!*E)jC{>}?JhEN|y)mhܴ&pptgi-U:`o㙰i6 {iX2@\ y0$E8IP\§AbH҂g5?P Z(c%nho႕"aXmðQj|)t fer Ebe7U(R@V*V*7Ywհ?ck!WWnL%>FBw@o_?Lr&p"Fæz=~ξ=,O:)z Z5gPx(7-je^y8.n UJ}Їv-=~VFd2*lPaX:ʌL֖g4NpB_T[a7P5.^zh15GW'2y.I([] PϛެXCO\mxn]"JGT!r w DE3Q >6hfDDoh_44C}v6@t$N *wDZ Gܰ>Cr _ Y7M0ok5Ōz"PUJ.b8>1iMC̝6yA'! akZ>MfYks]@䕿 E&7[>v!@6j_@/Ch?}\#@/k.Er%y럝6YRΉk"yR#H+(wcyNIAaCR㿺v2yQ^Yp1W9MMArr@*82YߌkC0+[*2HE/>(/ӿ+=H7iRUh!/O_I .[3ȝB n׭O)ؚdHqO"t։?vJ&fs4'umy{ :>L7$ctĈЏ%rsC-Sd6Zv:FQ wl@΢|߸e&[ 0YKut ?2Eg*NѓtmN;/̶ax|{߮OR2~^ߝDv4Z V 5Trڥ˂*cn͕З.v`r{"Юjԍ苟2Ped])lb\P|u r!PG}  .-9齊 ^ !C;f-J0\݈$iOz$FDƣD JhASP&#|ޟHD}H\ d0B1!`:dBIzS'=+!Sեnf)`Zl%')ԶH!?7%N a2D?MvsV$$Y !8|pddmrW :DG[NZj}#A/EAof#DG4A _!Mv4=OwOD7 i !Ã`D ޴gd_FwH;8;G-'qEVU։a?%)DL=x+C';dZᝲ_ 0ƫ;?3we 6-̆ٽܧLlH|@"+L7;Ь#oNhP6) k]ؠ#'}Lj52hx:t6 qBPnQxض.AZ)~:,%1 b'1Q^6;}' RV .g2#͵XYQ:)D.^qcX.e3qzJPVt-".i Q&عuAyJfriЇ]N'cA4:۞EsdY~R|?1QGkP}(R@>j3 6am_d,s g`({4cxh2Z˨7ZP0C}U9#}YvX7Fǰ. 2x{]4Wz!o z=uGNAv0 z/DNVLwz6Ӛ5=l}]B殺/G[Dppb /'|Gjru|,pwDߘL"9;npDk4O)Ô%.K{HY 5[{ vR7wv%^ψywd"7oU9x=*żFׁ"@w_Er9Q6^ IעK߂ )f"J̅G84/i 42K򷒐ꗍjMn\Xj 74aR}#b_Qjq1̌YpE6dOHk88H|EdF&TEY^FVI*/_ 0Z@매9 4$kmՋK]P:qI@>HɶQCoUse^q5@S=56a;*q;|7QV2 ♰~W,݊4D h nxAM'+TpG\a'71cBL=g3W˧da:of5!d/-ޯgͬ9huB%+C[x@.}= \}Cf KH5q\mY wƠu+LbDnO,uekl|MA4qk+AW]H}'_ Ot\fZaKk[,auZyksO҄2#!\曐40a {3[mO=jõ[` 0u gs0j>]&5EqYqKm ^AJAPVҤ-Xcc.f7UV0FP/кi(7Xl$-eQѵwwQZעѾWy~G)71wX]1 uأZp X cak "Zh9>k0)γӲv*31FZbk"3C6i$j mzB*Ks=Tyð+,d%CɅmqכcnuI`;ɣ!,}D Ӳa<>Or`NKA#t-βN!N9qK+5)7.PI| ]ljG#{ X6Yl2^Vm5it̾Mhg4}Z Sx S {g/ؤ8+nBtK$\AC.iRmB| )XQ#t?}D_xrb'4kQ8˴hΩMSW *̊6eN>"fFH1A/IsA>I0ogʌ4|Bu9'k+» ?f|ꫦ Fqfx-j\Ib,9I~VL֛em%My%IQ rSZ #]\Jkd2 B[ضȐVS!h +9xQE>ֱKׁ4' G{U4sV~RRDmegI~14aImEYVjvf094 X߄|#"P b2I&YER%}Nk+3Mm L G5V99C["O|= ,:O p獛Ǔ}znu4+xYSqfR[!eT;># w4G gZ6ai9@Хm5m$ "f!ջCs{!0 jly l|eNf+^!WTd4}K„Wd'OdH<9U*N]656ξN6hBDO[cc,u j4Aj>/{ha[/~!˘6}x⯫IG;|E0WUbB8Q(#u7UC] 9[gF,S>?{_Rp& w[C@䜿Fa.܉N=&'RAeO7ђрtT߯mZt/?c~h<h#Wh'3(bHta ?y$Fڃn0Awmurtd k!Vb"֡P[d R_y/{IlQB+1L/z+nS$ SKV+k5< \^8 v"5r?]:ʲyP,lW"}ί-9G+m1›jx!TrKn>L CQM"7|aV#R2ޭ BUB\|e9]w؊Tv#)jf"Sf& WAGǎZan~k),=k}Pj]4*yzkT> `~=_㴝n3$ޙ֝AVY3O9UxAYnI#qE) / *ueBdW}^ӏdLC58f#MC͟=?؍}?-lc_:oVgFk3Dݢ!elij~S֡q24[πP=5!/ umV| (#"̕Sz읡Kx3f=za>BgZk%Q)vVk&hEzr$aR\c,C#U?H nyhBiD{56_ _o&U^lI hNc>lGZCc0-K}hHg.憑GwrLu I;%*S@Z$(tnEڔmeHߩwlyUAQ5&~|w쉮[pW[2)DwkA܈BS7ytPn1- 9uL[rH@q6vhoˀРA21E wܪ3SҗB\3i2%t| ֋ S<c^)۽gN"Sᅦ4N+3uܰ9kFn=Z$ʾ|S0#TJI(dα' >B"G饼?#WxV<9'~c ,ȡb0nrmp6@B {<ڰ`/T.c. #|Y$5\cӬTڸhc}|UhHшp--Q㥋FCHCSjc|F! ^?Yo/hy +1gʩ h+*J6! &ϱ8~^azIʧ&pIԎ5* кG\h[G^,J~\W;lD7CJB(Vɭ\ Ad3dze?\dKɣQd=PT峴[_ʴY,<0#*IJx32EX$6yfD$Ϧg3@q[6U3Kԁ@HʔMpfԣT}7e:Xb}M }+݂~X_Pe7w~N (_nHj}i,e#kQ?Ev, x;d]_wˠm^mI͵5քCGg1AI5};hIxf5TcJ!G$@Ty$zx߹Ųuݎ|1ʧ 05wz |v\%BߗmhS9E8Zli;XϷ_KpsFyy0/V]܆ȍ$:_0׷|t?0eŽzwB#fl!!Q@RЋ|XzB:SfҫAe(9A^h=uϫ;5Tv DdysZ{z (>BNv !}Zi*`vo@Y d Fjt-R߬]ۗ| P`۹Ax߭Lb({syr()Q!30~eq3)Ib_}¶($;MtrJǬ H&L3(" w³K#dxy4UNe,[?uIwRC!SK N?4m(3k _f%@r{:'c EPh$]ESwB\O>UVYNֲT>!?,3Mhʐ4F">-d4jIk1SJc(` l3-hL5YTfT$a/nY@򧫲Q~KWR\ES+ql("_ *r~X@kSɟ|uI=r@M3g5/塗'hGe1r [פ`^>{_;gnspm_ZxؤMqqVW(Hn^Jb:hpيl FB{^8͉r=!/+FK!H[vt>Hzs]=#Ry9ˋ d1'n?į T$EHnRﰩg;f Qg(<84<)>%񦨦9] 4CSJ 6g3/;GTp|ĩ@#~Q_O} lzޤԟ X4@_'>GAҬ6o<`#{kZfhZO$9F%72 %=rTA], kPg 6+˩βٻ/v]B+zH"(!Z2X<2k& 9dr!H(oYB1P Ջ,*][J ~垅ȿ4g zEaG4NgPYSjdFI K˾6W4C A_(hZנ۟m]A#cFw^7<meԯE}|Poewњ;֬I^ש9 sACYȂ)! ]{JߣdV#DXpe:y7f: 4( qOG/XEE0GVEu)oAfNjc -uc7F~C7AlJw̍ _ $7E{7xóJM phLRa^3n_joͤQxImw 34#ȓ x3"ТCE,_PX9c0qk%U$$b[XhBU4eNG5|99N=TZxP~JGTsY O?107Oѷ!k2aR B2/GN^[hή,"ۿPD|̭#78#g2FJq\;{/.yA!=rTԚ[KĢ1Duc3P50VOя{nli ˔aъ4+-q9feY 1'.4]/ qLAOP'>ҧcVi0IIfJ dfh6[Zm ڸ_Z#& ݄T[ $;x(#)\/Vi{2c%Bg$s}ں dh)eeT#;X<{#V 4ndY+Ώմy@pTZܷ.eM-=q q8NÞSn#GcNj X#^*#LpPh|5LVr(N%d2QЮ *"] "Ck5f`1=@r{!w~DrNTȻ<rngr(Y|되ЦU@VWziZ ԨjgF6 2l,M9x:&C*v 2n@*Q\=yZm#ި?gӴj2߻<"Y6he)kU1z(F>9ccz $Ífz*<|TL-ؠcoѦvd=iv⎠P)g(2$q`3f O#}m7[ec|glzp `ȱ)cnEyҘцM$,_'s!erťrq҅׫HvS]:#O2IҴ; 2ko}A{mIӇlRMtgԦ#D5b/լY'>YI$CR7^I'b$Yܶ3/5H,ELCOqHWڮ[J'VFWVۜf?iQE0>I@+_u\-oH#Z12 d=nw[azenVo`o4hgk : p>(rHB<H7 J~]0X=q^L3tݪ8"ͲZ޳hڰhfƧ `w)A[+kr/^ ef6\H;evzRt;E/aJS 'fX᫓tmHC!]7|F<3ݪ>ea[8T؏Ϸ-hO&`f$@83`F֢||v0YPnoN'fh0Ce-G[PT9_(APfL21T,wZx7GQ1<#5" m#7"n~ {پoٷiT9x>~s-^!4ȡ;l-Љr!WrU>8{ \\0 ?G}ԹXm"\E1lXj,zݩS6µdzm!_̪@pB ;{+:Uois(ҞD88cJN`n UB{v{nO ͇Pa%+ѪKHuRqd[\)fH-7F^.ț"xb9It{<lja0Q68B/ 2-Ɉ/S(# <'*hF+ԀM4'8&0J֩^򇂱vߑb _r!˯Ӑb UQUT(aDY&ǮʄC&3 XzX'# F>n{ =w&- BsXKfv Ԟ<^xo3ߌ7cOlȯjq!hu6'#z|_*. xܾK0?cVqu]?-DHnqn+Z69w.'rJ,5MStvq jC-[?SeeӤa浛aq)Wlp}⯛=z.V m,=;H;f# !kr\۲kvڽ; Qa^^wp:*ʒ~|e-s\#4Vv:Y\o̢ʬ17DQGvXK;8Ȓbd̷]b7naР;'PDiDbj6U7z}x'yvbs_+zqرuj+3VF$k=HpsL yA9ѫׅ43ᯕ8IY!Ow aat;FA}eX~/|<ހmGk]u;$OJe6`5a 8LG:5˧Xb B+K8*L7} 0V;_!s[ YPG-N%=PȂtɷLu~/adjf,n@˄ђ}Y R4߯; k>*ˆ{Ī C#oZTx+4ݭc4pc[FbB2k;xOd×ҏL 2O!gI݀(.p7⤚ 7 J3J'׺LzkMpǃ0Qju">cB+f Pyª z{3~:XӰ GRz,o=; 4jJ]m~aTo;f僌wWV'b Յ@l^tȅZc*1[*颷4ptnUCMXfE.˱O,P7'$hcV+[y__4cex5T=gֻ}}ʬje$ZSo[ v>ßyǧ}kW+!#V`V WFIAPU8j 8d@GjU>AFwIr;YDQqjcZV5~6 3nw{z9 )WHbtޔ,2V`f ;>i6'q;@uFQ'̙$6.Tnت|ĵӳՂ5TL%gIVvG_ I'Yk'9HU *s]CSӉW`% .$_p2DxFo ˟0g⋥R4dG 8SdV%g0 o枓 kJpdjNFv v`vc@uZWHDĜ@j{1VLcBy.;AR*c + I z='N?hP| 7;O>a;uR V` cbYs=Zɚ$xn.CɂBUu;Vl-xn$։ ^ڍ\{\j 03+S ^MЇR xTU}3NB̼}$h".QI^Q8b?SKIѨf^I# zQ(0U$oY5C#D^D.y5؝CK)օDx!JL~]*Qt.4hѧ)M8%Y+m;ZIV?MMw%+ Ez`š*.Բ%zts3ʿ׼Nܝ_%F;}^Sk.)BX9_vBٮf#2_72֟jUM /I[ OAڈ) .5Q?mm» T\AqPbaԀ%:`e|Gk[Ԇom "t2fZ!aua}yޗOb^h뉉=Dz.TXWcLѸ& Ué {G9MGeArۗ%,;bx*Y>sEt %Փ.ֆ]!K'Y!`I+uPYO@"e߿l/*o²]/N߆ =A29d>@*W|m7l y CevTIyV?WV1Ds9' frUzrC(vuV{KK\s|V7ȈC1%%߳KZlWYr~3\|z+k>P.J4u̸_ uێ"h3CPzXA^.,Z!+UIBeH[ү\-gK|;:4_.QmNXYh:QfQ$H co-F1H'i@Z G)՝A#4(v (qe6qƟyO FBFR&AAUAF/6U&>+d kh%x_,B.Qu50 ,?cصhֽ LC \MnMJ0@u^wJYѓ^k9\LQ tOawdy!OxZc9;}"A?*=Xbqy˨I*H]*oK]bK_""u"륒iMՉ41+ch1!))mZm{Z 13$Qdf e>aPN+zvwx!6kWsXOe>/pIIҊ4J@Vv6BN蒞0xҤbsн*֭* 陯Bix&mk4;܇2&a]aa p'),d{= 1J(a)3 "8脔xl|8]bI"NO; byExL|hg$uP{["Cb_d ,e"nLr1!I6"Γgr&j"a @ج1%`P'ơ,6꘏cEBH *MԚ4U${wU1d80[Tq#9Qza{STu0?yLFqdroUnȍ헳AJTXu@JQ]ܛ2i;`fqۤY. ig#Mm]yocm:":r^e6r]X`!O4"Y>*,BJŜc+_.j xU`[L?@ ͎r7? 9@' ^\B1/Yrq ֘ȷ`!Fѱ ~ ʇcdP\W% +>H&ck<Q{lkzĵÍƩ/ah64SGŠcb=S{ǦRsP@IZF!s|,#Eu2Г5Ll$mcl~<5D٨'c2Dz8*Ufd z?Q*GB9-8+ĵx|*E$S;jYͰ^5@5gx.?u^HcPN{GFUvSOq2mdzgX=ܪ%djgi-PYoe~ 1cd~;=(읟9n~Gت )̑^| [/Š.9m yWZv?̪:{ŏ#M׹)2iSh,CBNRVʇkeWzu"7OlKy[nqm*\1Fq_oIo T6}xT-# ZR"̧' ?|tǁ q2s\벾jR _ Շ7 @#a)XߺzR| &*7#\Z|1~,| -cQK_Ե8tFښ5"Pw(bIKcWBSќ+hK(ÿq6B"xc=fXU9UQ^eNd%S]3u5Ll%*FR] TC7PqǕxp7%8%t^pn&hb66ߜbQuN,s27³Fú=C)hZuӚRGPcIswW/<ځmٖedXgTcjٸk{7,%&I%-D: \7(>A<+nu_.]ݛ$D60|6G VъEmnȦ J*ߝIGc!- &)_U=$ե"&8۞IAӫLrXwS2tDѼc;P˜AԜn]/`p8|#ژ sag^_MfolZpJkϒD<PUY\=k8/*L ƟcDa4 OϸR91)*}28oC yd$+Hfu)Vy"S҆)Lc˛ުigUE U߱ڌS`kgvr"^zęFIq& "27aŦ7RIV>. IS^;XhJ:'@=%yrH#T?3\>q!+f;cnc?=0\P 0 '#DDp"[R-i@vmSTX'^sQ1=_yE X?ĸE^Zd8U)u%96S9|XMs!6bZf" ^^m#a[!Mjޓ8EXN@CD0[@'o)&mz"M7*@Cf 4]|ܹOuSZ)sVCjeʥ`N@/Wdm^VHT oGMb%jnز(MN(7Xv6|EcӬagy42Aaʦ!#78H&{jy%ׇ!rG[GƊ"d޽8\_@Ojqk':)SmQvd͆El# t6eLesb\qYG.:lp(=}}N 7T[b\)o1G$G޺c|ZDn4wa Q! >O(Jګnw_@@.P{1Ϧxt7JH?r2|L}$ɽeMpSS} ]nΡ+MltǏ<UyJ RgJϢyHSꭻt8 h6T" :%ٛe6P'#Oͷ ]*8vK&O9wzRhWRj_eϒ%#E XKqqwMmo=-ꆓzqa2M`ؐF}iƗ#йAXQAdc56ܺٚRد-ʟ릃5O49l=&VŬȣj/ԔmYFB.nH K7h2'4Jl![̀X'FSD5?x']Kg~XԸhe`TRE'0nrfᔹ'Z^ (pf05]s0.m_Ygp[ LSEsCΰަ`$T[[3c+8V(JpHKM<]"hlg$#6c#p&KU6z_ `mᥣ+h3]  .IR!?m4Dvl22m? N6*,o-O&Q a~Nr-Ujjq1U۲exqdA[-Ϳl~V<% f KU(z̈́uPn WSEm]&[& q)Jȶ^C -nbIoBj{ڄ|b]u<Ju.5bSQPy} >wD8u Uj#q1|FoS|6.m%BC$nUTgmCѢ##a gH 7uMvEkIhAk.1v{8mj/HܱlUeߑLL>42J(W1c`II~KH}UáCd_]]VO'sY0_ edd%R7~|:m Iٴ,F#}Zgr tDdXzhp}^ IbFNr&{vVg?|3cmֻ$4 * *!A6pJ-ٵp_1{⯣G]7§0y VUd$N_9ʑGA6r%: T!* `LM3n kq5j&~JStS~U%Y2A 46Nx_ԒE6ʟ!1K @;|q^-L0/z揞E;ߵ&MN"D){RqiZ3" b ľ<%@G^:i#U'X\C3hvAR^sb1Ehq\33OۃﺱbȪOab2$."ju^aaұ^f/Չ/ o|y⋡n _6&yjp"eګZMi g/ywZ5jHX=h]-!] Z N?_RRt?e`E6`{/0Qdm io$%F<2xfCS,dNй}2`,!ik)2TܱYZV&k=hk܀1|@wn?:M4|k^4/6-Gxgh<\4:kT8ѐloa߮[Rm ,B5=a$WDZH2|1CՆ(Y-V σ%] 6C<"3 ߽H<\Pxw&Y$ͮl&k =u͕0 m.V$ W;ۃt$%R^rCwַt􋺴z"0'au>"o.oeW1_x:օ꼀~ƺ„ٗou75ֆ/@]sTv$X4ir.?`z{F鉽oiY+VLF$`@MYh\ d6" +"˞:O7kzPncߩ"k8t7S@4=~&긾Vq6۷'i=:e}&=ߌS9 `C&{GTX-odd*l)su#>:qWЩC妿I#c]<2{ޢ N#U-IrɁ SlpI#/͠MlB'Xj,;&R@%Já#oa%7F__|=<SՓ\\$kUey0\U gU2 :(6ĆL+%; KQ[=_r˸9>?oy3r6|q I:c:{'sivyA̒Ēc,K[űTŠ͖ 0IJA !vQ\tt6D}ퟹR+1B6KZF GUmsʑ*ѡ0,-1;8|]*+ˢqDn8r~EXxuOJl``TV%VxuuDN>\ Q ւ%ҟkR h٪{9EV%J WhN)"I9ǰJqP#pϠ J̸L]u''ŸѴ5~G?[ Ꙇ-ԓC[*{ØK@QX\٠mن6]ak) ;n-rwVyiOLΑhAE&zwQ'97.q+Fn7Ʊd}*n(1'Qo3k\TSA4W Sأ L`}k$g44 D`gd`9J;jd^{I=X[%IpL{$2_YU\mB>6‹ز@b;5Ȓ![O-vX>ZhTdh7˹=J]G26?Y"2i3Sχ,y+qB7VX%XzpkoFJ9qN5wUD*)ZBw32,aCv#93CN5M&kRDe+B@1mSb{s 1\Ng0{(bo):abf 7d{ L/Q+{]t~JW3vV|8xo ~S}w۫;ηuU)xI0ZRvuY}2! e2D*q$u )px|S3{! n.PQ깐tO'˂l.^fCKo"!#~lM(uQ,4qq8:ry&cLOJBСnapP>DϠL_J̐F-j2ˌ=1^R[Wj\N}ǨƓ~|?N>G"+Kk}42ZZ4Q헂e c,։qۺ͗3~Nb"bT!v} :#"Q$cAK.*54]W:?i(@ܴjsuԐ{3t K p/.~f},:'4mJ |S35#^Vi/N\=zG [RTpǴni'[g;Z>|yW™0Sb>TehI"ڃm^2S!lH@>[l22jye'χ:;uhXkbS}!>ڹ&-#dp'd|yMx=lEEg IS^=g73AU1<5I=ƀl@bP&*L$ uZЁQ4U-fe}?cV1EI\Ć"sBXlx*Ӫ~eG:U5~D$[-gdF+[tF0IBUyI8#R/w";/~!D`zz!wZѬ4@OGm0)_\/Fh &~v#*˹$eKm'TLNSLFy)c!"n{".5gg);3{gYOZD¨ٱdy^Qw|H6 %"FAQZ7y&hd k㎰PwDv ?: B42e%25k3PB'oO;~y/ԝjT@#q(a5uŽR0t&2%^n6 MņjDqb AF0?Ael_7{ g?~z:HI.eɳeVETOLA*BN8 ee`l!2PM&gϾb9L*]6@Dl[hVu{ۀNu 4 {OƺIݶ,%'ކb$ʭ"etƦB{\kEZ:>b[@hnaLL j"Ӂ*}y3TyYXD9µ/Efey10J3\-9]pN /[5c\;,ϊ-`ڹ=B'Kjw֕ 1 L#1;:ĐثӶvBX"(p-0H Ͱ.x?f/gU\! ^k1q/#@Q 4_?#,<% 0JA<5f-UXEFq Q|~/ a'c#l*BfnFmpHbMCW{kIU8NO`~*g鰄%d!UzT*z'rUr{{TvUNpL?ÌV]oϯ<T+o!=& )zΐwrt^&% [}ubmT$Ȧ9"r ) 6ރϹˊ5L~2۠~|-v#x'><8>ͅ.4Z3LZH$Iu%+jL+gg!nDi#pwSu3JB6(TCʲ)_2 ~ŰԀ抴[3;@ 1wU]cfDN&n9#Yk3br`K3gnmO6=Q`rUA_.=-`CƤtk3J#h»V4ϵ}@ģtEAm%yJlť_Sֺo9+LٸE9naZT\$4y[38L02!ʴc>Bf8N/yƀ}>KTIpgʿ52]*o֡T/۝I x^ w(664+,ܘ"T8E@ʹXb ]I =0g{KYq&Ve*.GXOnAӡ{cŇ FQYvOF]o5A"d} KiHTjGZz=C#Z}ߞp7.zO,gW/ CY*x~`Цp[0Oy}+IJ  |BsY@]j%:Q kf9X;WXմY+[=HCnȰGp8vԭ! ھ8:.hz(|ՠ=S$%~W'w]eXk:'=P/r,{V:U"͏WK؇P*X^G5\{;(ڔQyX_Տ3(43eؒ Ս }%eFlK2eyUvVRqۆ#XZA0s ?Iquix=go@ukƟ/|?/#5fFuJ!4|}y׻%`R%tDE(w{o$W-x6A2u'ORB1B j#c:3N޻z6_%LyPWk"ꧫ>|c.Cy[plKFz@iv< M3|5FSŚ _:W89ܽ nf-!}M ^v{4%p"n_UͥTY "iHʻi# ܨdR!؍#)5 .'dɈO6]T6Sٱ+k04ե=0' Wc%@H,&2ky1jOijfR0wԨWΔlh,عpPy'O)q]ůsgt],5>AB`dاT:?^U<2zA?(I/LM JQuIuet2i9*j]$h^~`y+/.{Lc'af\ o]ߏmPU&hlD؈t$:p#8 0YsV;3li}߰": Iyִ{gaMő0g;rmou\Jĝ+SlO c+[c%U*YX,?JczfHƒ[8]rB/~Јތlu~[-c:<E.cgDZҥMK#gḇlqsQvnU~s$"j ߊ3<ʶh̬\>î^Nar *{2O|;Dx~>w/2s/؃@z1\rO^mrJ?xE/[}ъI~I"2IaZi|]sKZ<#i*4QD9S@߆|yAvmM:.:72k̚NWj&Bօ An_XQMS";o`Mi [vڙ(%ʯpw>I--͘c*^n% cn4t~^2#.3؄ [LuY[ _"qTm<1t QacHԊMoMaW?%Q,v=/З_ީ)gmLJ$Dy"~֑= /õL4V*O|2k' Y_trH 9]W^I'Ⱦ)&űlQLp<#*@9n%㑙gZS3ю/Zjo{]3nvF%q-[o9Rtb ` cCQWJ%oE]m$ʹ;b}ekգn`G % !Yrļ} §kDOrs~ܑVn$oI.pX?{վd dj+˧g03uƓ[aѐx`e ٦ASt-rДMXkcD(vd):mf Er)ǟcf!rtýmh+R.C‹l(7'C 86(y§ĉ7C;Q!I]GF|,]'V6Lv]X&w, n~5)TEtNk( HEdYM1$k|ԉZ Eގ̷k+iUq3GQAowmnyj! 8o])q0aFG{TGL=ZQIMe8,K^ m.˕®|G)CQm!ۤJ¢Ew-{Hvc)'B2m978N<8or^"Xȇ i揫eG9i[0An@ZϧhW>#7(Whʫxm/]S~g" lZQpȥ!>_\8Ҫ,-@Q,|V֋afQHZwɒeS% pycM/hy`5 J h(`l\!huqwzHe;V~0(r )"X5YHPZ&AP 522z5Pn{\ga"RNn[ ĸCw`  TdB,Zr,qLSz¨fi,3lh겻MUzeZX?*$Vg3~4S+@eSnx|qWX71u~D[=Fz˾eۉ z&;.k#C~;1NI#XLCw,;~XLY[ iQԭр񯩶R+8gj^VPxۊ2?4{d s!ZRv74W4m:()+u>̆rݥ{Ѣ> R =1SZǩ/ȿfH*9uXDg/(R{{̋\wh? uuCb~' X^l/@ s!qd 4$~ 2<˵{w*ntjY "i$k6Αcb;P2&HW&X~do D,r?z*|U̺)!lv2B3h/Αa(7ZׂxaaB6=rAU%}hL4ӿk9eO!uFpRAَ@ox( ]tIIzZ;Xj~ѫ4pP6K8!`Qb _q]%T-CxhT<,dR@no+.!6_S0Cf)xOA)BdjpG :T׊Vҍa$1ͺr!%(}(D:ct/Z)̝=hb눕T/WOPFʝx/#2V_ZR>F:iJǩn╃qAM9opHJP?z y9E*)lk Ü<|z&ۉg0^HTzyN}M+M3 4e(لx(yAwPDw]qiPԓS&Iu?1 KH!k3LI"϶&{E\Җ1s[>Z95ұQ.C`CKpK9bxgxѷN@8v뮣hp?zP!hVHFaċ}m=V{V =>LI&l{@՟1:?)c _23>e !##|xuaH{):V6F8fǬv]-VPP/'qi!P+Ǝ|{F9'ЧŶqܪP5bO'w9%TjW3kI&] /Cvv68l蟌lm". էC|Q ].5d3ybéz]y\%iqw> LjS8tRw"5g܎EadPh٠yWOo1HQdVHYMC6|+Xi!x3PP@GZk/VM g޻5H b>4D1ڿ7@UE2F\L"@6SƆou?Sqh1u@n][m+H( 契d Q}$+N74C*өk)l S<+tNcKgM}Q nxgu'`*c'NvFLΏƾm,&LJ*d6X.{,8}b1"saq>G $? "u6jU#lxtR9 _]Hfo$M1@w<m0~3e#T?Y{L}kfNiso3kw)*ZO A u qb%S? qWN T@Ia%ǨH-]Y|iSSloiț$_rjv"+QeJyI[! vw"^Qx}fZnu܌!n~ ى&bjnc}l$b:. *Zިm{8>w!}(ti^0gj h$w&& ei%? Y"I܆A}d--uo zq%' аp-xXd:-`t$8 2ZptqJeV7&i>/ i\N!f䟛e )+)1Rg&G1gP>!';KŸG8]UI3RCg-:WO_Qe~[.H7r2^1} s(M4V v5 a>29A ':dyTmHAD21+us [οG?PV 9;N!2lvJ5P뚩Tyč,8ZnΙT[&7[&c 0-h(aq|ߪ&e87 Wsg4OEQR Zw|GɯA9yxF+wjp8I~dgpB,{HO?>8{N_4}. ,;Ƅ k`iQçcBLڌY`is='lzZ<];'U[zjb0D:2GLݖO*s5=H/g0Oš`]VOg\`} =Ω#N 1UBwBP}- ǩSp /=K[F쀳܁*0奵pLH\-67aRl/pyu{;k֔b?T[rtǖڻ0/gm)[3m*vI/5*nYQ1V8Au4 ^\fY!k_.8oMe u ZŤg DE% b0:\L' g%"׫H5Y,&B| "i7I%ģ(aGN0S8b'~ԐXd;Vٻ5蛼;,|V/ Dd 0=yt D}ݼ57/"ѫ+b-jp`1NC@.=+=C-ژ|;}XqR= 9_@rٚmp0(;kTqe!{WL^5epz<Ө#d'9ylWYN%,pnW_s.O ^;0=v%EȆq=ۥs6GUpO ;`eQ y*d3g *V ޸W};6%V5 6'U< Ϫ8&7dS7dYWPXÎz iuբۛtm N,Mꀗ0!v/Y5X g;ЋW^+1ft `_ 3H y}D$bR\ͬ]B2lRj~]h)taѧw>?D<oϊդ`.5_#mOrJ3K"4~~sH 26f h%{GӺ-U쏽VB2kI tdݖ1 Tّ=w<Zi2,({mc{#x⧇C8OFD̵zt0stn7 9.cѮI]Aʠv$E fKֈz!6.EݯAtPq9LxƠ.ILI|?3 ݍ* mzV/?p)`+@ ɝF#+c`{+Z}#զD OX,Ay+ݥb 0A+͜ Sd v#Qo&;sWZg;kim =wUi/0$erk v]: O) ~5?<*@L#L~/vvMW,7&yb͕ 9D{G]gj1GEU ˲AFe~POr;҈A94WY}$RS lr̒jd<7tf+wbϲcP1d+%R$uI]C2NG,"9- %b^~J a_6@@(IymLHIuh40sLGJE` γ&v]t&hq" K.Uj4V$K ogXEo?j)l@ُndCcܽוU?^".bgYH mU]?Ts=( aaZpʪu !\`y96(!)iT *Pj&g~!]\h3HVB.2:7?%őzC1 U@+ҷ8vt!, 1 ?(~Ōð!Hj1g&,7yS ̯V9Ǔ6px/ ci!Ͽ.B-{+\XtR5lVįaFÃ`[p.py r~[P˙b_"t!zn͆,w1|*϶?֠偡&֏J8 Sygwl?m?Te,. e\왵+ӵe՛6R$:l_YaQh фҏ _123~ Gl*Quϩy)Ȩ#"G-wg>͊`EƦwO*-R`zoB""8n+Ә[ xd{>;8jj]9R,AN)[iB&{ymTDz gmVT),B`V~ukQ#E[9AisapGRi@}dPړRDd&3RIP\|y0$$shXH.HnUҜY6s\Rؽwru~Xf/|qe+&4jbXK__fZgUzw+Se]-#lqL+jjjU jFx~qi*KJ9GWq5}eݿS=l^1@eeyfqὖ45eڊ v=p SQ8#04!&YEQ~n8ׯ5)f)~0ꜚo 㰼,%ŹHZ4ﶌûdV2XKS?G0KX'u.uᢱ5)­мTEʀl i 'L-hyd 3}!9E_/2}tobp4m?P*?ibqq(Mu'   sS Kz[l ^6ݒ?6;HH n.V}~C[ee(d%C g\=Lr&邢Oi#z7Ӷ2241efa*od˧ZHq',E|vzɘ v~Oۅ hHYo=M&<L x)>8CtX-! 1vscZTUOݰ i=mv&ۡ%ymn>Q:*''k&mn̖._AV(c]S{1҅+Ę|'Js%5J2&ΰ,޻ 0q^u5s=Z8t'^,{K^zGMXhc/y[ ] 0 9G6R)6nRȻҧѼ&~|Pnx _ p~> =aubܟ82OV? ԕK$Vޘ #2he.iMK=a(Gq1n^,t2$vI5ҽDÆTɂ 6NDң`M7]2r6k7RFsk&ˤFnL'\hN/-X$s{P~9ҥ7)aA $Trx.^?YLIY ґ ZaofvE"n󼇠+6Ic3Oo W s}}۬M |}xQa.o+ygt S]0yRɚ{&v܂PK{xJk/#? I6h28#q)\fN36SF p}bX2gJāM7dYr6D]E!S[=BfC$f4 VPY`4oH]Nh~E@[p3EjL~R()r?v31?TiAEB~t8!qnns B:O!~`%W'(ZlN|qMYg$ %=Ězq)ݱxلO/Eb%Kk2͗!9{S?9s^Bu,:j5e=1W\d~3/PfMYv1U꽛ϗ.Ks`S)#Շ %Lb^S;wg]G|ׄR-l4XNq9,ʇ̬u2vUsGՈpMyn c8c:ʏ:20_lb lQh%069hHZ0Z<ΗfF繜L={[>(_BIc~ 8 _>!NP)ഺCR,§t5K|]:2(ϋy7V?ZޕW Sۨ@G`P]`xxoZ3:ōFl VGQl{]kU{r(S63K\B'_9y)`uٰQM+H3>Dއ"Q4)Yυ*ywI gτld+zqA!Ngt]E8?LA+9\BxK򽢇B]\, *=]7N|%~?"zbHvbdi:+|8Nx'{aOhPLJ[R3& ѧL_P3k~+$x"B~MU_\B׏7ȎJu6b`Qv+WPgf59L (?\fB$ڵmrK)<؎xItӄEOs@tks2?_lv#($G@B$m*h_~$`K.ntS݅b:SB;u:IOj%-6246k [z$Moxh~B "c%Z5M.c w+K2'k8{ÀMm<\{fmŷ*LһxXҷrAy~^z)T K2zRk ş ?y,eS#쿽|ҝOGƽKMO/ Ψ>.љ¬ PYVbLjxsUj5Nv@!ݨ&H8uO³1rj8Ge䙴Cb𺯁e':ӿnol]=>|\iiF2WܟC rRJHϾr#pKPP66bz }7B'Sꋳe.Sά1^=mK{]Ba-P.қsGELaBL-"ع܌-JZ:n2sy⑱n_QYqUCQ \ LFܜڗZN 뗵)XNMDB ɏ V ˯}8i͡'װ-+aS9R%bf}W/%XAϔ ]aI(}aa磀ITWĞh\c-\v2h) ;>NI סp7`a &K)1>\p0կkT%.WZYI&3Sz<3=|3~8'1:ß20$hzıl<PNmATM^nM~6v0!J)9uջQ܃#QEd*ak3eMEIj5Z,} pLAi%` \ger6%mL4^_rN\5)Vҟ8y} ֵ]HL學gVdQP9JruC"c9YQy׉Ш]V#Э.Ω,p<@!^ZD__JNq>"6/.}w:SZN (ȴOBcydKsawwEU߉g\wѧcn:6(=ZIcD[ƹwשS  7K:Iаg~ o1PfL[H#bOcs8` LUi_vx{0$sa"y9b V!z\*iCbLwrIߜpWO8"nl"8%?@Zbw`,8-D=nNI9bH6.<+\ek꬟?{`L)kk\*w*c^{agQg(RsZ%sJSBL+y |܆ VI#Zo}<NWy:$*.Uّ|' R{-_ajEL S8lEԨ)SKҿ[,ʄL_dvhLDabu.١T}>CպVâJ8[|hRHB2HF50ns~loiM^qX%қh c2WfWbE ?Wzw_ծ 09 Ieiq+HO4UZ wP#Je>].rLجO'q+HHߢ5)op$0 3(s6ߐQtP-U~avbbň$XT?x~jwx9ET%6'Ko7AS((W𹡩 v4?͏zbIL5:@iXvi+P3e9<1yfx̶GsUGkCaYGF) m&7L]S[{D v3Pf=I9'Ni1?5Ԉl,dDR )-)w%JoxfpTYb3;f@%9+Z10uo\+kpn 摵^5#=[˙d  R7 H|PW!qvI;@.*ޤwGKY;+wD궎7yw3927\_^D%T/ %MZ%wNW?tJvٺ{^r,}(T:#e߸.AQ S(?n$ji@7oUBZ_"QD"Og;#qt|Zsb\AVU+kCpS<~Qs#K!L_2]㡚lެk4GrCPEX{=ɒiYi$r{͊ڶZ --f̂°$BwHxRA1i෡HBY<m۠|Z1gRZ $#!BZ2+O YZ