sssd-ad-1.16.5-10.el7_9.10>t  DH`pa.}J$ƨa6aSaX~FԽiyI /6PZM|.]LY[Oz[J;%$mf &9XwԺ隗!\ ĕucRa`@ h4ͩ0$A/Fbb]'#. p AP'CM hHI)pNfw޾oɁg"SAp ІO J!bS:~A͉XrWdn3^c|YkQ҄USq)ΉR}ƤX]g\ zV8AW~BG#%2T,'[/%oD%kBdz2<|fzjmKL= ї8HҔgP8vmgnMW~h8?s$v^^&ݛjx4RlCђm=Y&B $W?&tOVk-h7j+^[D@mSV2` f1d53a296fc1c06780e186e8a0ec290447d4f2c5ȉa.}J$ƨpvQY' a#5nyZ.۫ ue_z 2Wog~A1f•(9[Jjדk"K5 RU@/]) c:˻(>\P'% >kQ9+D߀ m*8|w4hSu1 u띓u*sg\.4lRRܢ 49o4/+~>/"4Xp|&4s00h}+jkT /٩h_L ؐ y~GSB^1)X(#%r-l'©_Ossڿӗ([5.,+^Ecu$ɀ9ik \p7u{nudӛp@eWC;`mF#EB N, oͶ#!5Oq~ʗjĒ2Zx~Og+l"_7(Z"FVSG,+(AdE_0<hD`]3">;(?(d   9 &:W]d    ? HdMLM M   ( 8 D9D:DG"PH"lI"X"Y"\"]"^#9b#d$e$f$l$t$u$v$w'@x'\y'xY(Csssd-ad1.16.510.el7_9.10The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.a.Ax86-01.bsys.centos.orgiCentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_648hK4:5D,A큤a.Aa.Aa.A^p0a.Ana.Ana.An28f9a80c09c53a17d3e74ad515e5849b5d2b64b3589f42381f787d55253fc0aa50180845f097c91fe9cdf204762097d044fcb22ff57ac86395d29e26983c10ee8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903f775a1c9b403123f8c9e433efceab7fa52783aefb4b94a1bfde54bc0f4cfb0bc7280ae5db03f4a19cf3e4d5f175d3282fe3fdad932f9765574cf4c9b91218cbd376ea2b34c7b336592eb01861fe23ec4817df73a4b7e93b31f5797676ef6f11arootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.16.5-10.el7_9.10.src.rpmlibsss_ad.so()(64bit)sssd-adsssd-ad(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @  bind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libcrypto.so.10()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libini_config.so.3(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr-standard.so.0()(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.3()(64bit)libselinux.so.1()(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)samba-client-libssssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)1.16.5-10.el7_9.103.0.4-14.6.0-14.0-14.10.16-15.el7_91.16.5-10.el7_9.101.16.5-10.el7_9.101.16.5-10.el7_9.105.2-1sssd1.10.0-8.beta24.11.3aa`@_ _G@_H_H_=@_;_;^3^@^V@^m@^^@^>@^@^@^t@^r @^^@]]*]@]]]@]@]m]m]p]p]p]p]S\Q\Q\"\"\"\\\r@\r@\r@\\\\\\\\\\\|\+@[@[_[@[@[l,[b@[a[Y[Y[H@[E@[6@[0@[,[,[d@[[Z@Z@ZmZ@Z_@Z_@Z@ZyZhu@Z3@Z2gZ.s@Z*~Z'Z!D@ZZ@Z Z @Z7ZNYZ@Y@YYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj 1.16.5-10.10Alexey Tikhonov 1.16.5-10.9Alexey Tikhonov 1.16.5-10.8Alexey Tikhonov 1.16.5-10.7Alexey Tikhonov 1.16.5-10.6Alexey Tikhonov 1.16.5-10.5Alexey Tikhonov 1.16.5-10.4Alexey Tikhonov 1.16.5-10.3Alexey Tikhonov 1.16.5-10.2Alexey Tikhonov 1.16.5-10.1Alexey Tikhonov 1.16.5-10Alexey Tikhonov 1.16.5-9Alexey Tikhonov 1.16.5-8Alexey Tikhonov 1.16.5-7Alexey Tikhonov 1.16.5-6Alexey Tikhonov 1.16.5-5Alexey Tikhonov 1.16.5-4Alexey Tikhonov 1.16.5-3Alexey Tikhonov 1.16.5-2Alexey Tikhonov 1.16.5-1Michal Židek - 1.16.4-38Michal Židek - 1.16.4-37Michal Židek - 1.16.4-36Michal Židek - 1.16.4-35Michal Židek - 1.16.4-34Michal Židek - 1.16.4-33Michal Židek - 1.16.4-32Michal Židek - 1.16.4-31Michal Židek - 1.16.4-30Michal Židek - 1.16.4-29Michal Židek - 1.16.4-28Michal Židek - 1.16.4-27Michal Židek - 1.16.4-26Michal Židek - 1.16.4-25Michal Židek - 1.16.4-24Michal Židek - 1.16.4-23Michal Židek - 1.16.4-22Michal Židek - 1.16.4-21Michal Židek - 1.16.4-20Jakub Hrozek - 1.16.4-19Jakub Hrozek - 1.16.4-18Jakub Hrozek - 1.16.4-17Michal Židek - 1.16.4-16Jakub Hrozek - 1.16.4-15Michal Židek - 1.16.4-14Michal Židek - 1.16.4-12Michal Židek - 1.16.4-12Michal Židek - 1.16.4-11Michal Židek - 1.16.4-10Michal Židek - 1.16.4-9Michal Židek - 1.16.4-8Michal Židek - 1.16.4-7Michal Židek - 1.16.4-6Michal Židek - 1.16.4-5Michal Židek - 1.16.4-4Michal Židek - 1.16.4-3Michal Židek - 1.16.4-2Michal Židek - 1.16.4-1Jakub Hrozek - 1.16.2-17Michal Židek - 1.16.2-16Michal Židek - 1.16.2-15Michal Židek - 1.16.2-14Jakub Hrozek - 1.16.2-13Fabiano Fidêncio - 1.16.2-12Jakub Hrozek - 1.16.2-11Jakub Hrozek - 1.16.2-10Jakub Hrozek - 1.16.2-9Jakub Hrozek - 1.16.2-8Fabiano Fidêncio - 1.16.2-7Fabiano Fidêncio - 1.16.2-6Fabiano Fidêncio - 1.16.2-5Fabiano Fidêncio - 1.16.2-4Fabiano Fidêncio - 1.16.2-3Fabiano Fidêncio - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.0-25Fabiano Fidêncio - 1.16.0-24Fabiano Fidêncio - 1.16.0-23Fabiano Fidêncio - 1.16.0-22Jakub Hrozek - 1.16.0-21Fabiano Fidêncio - 1.16.0-20Fabiano Fidêncio - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1973796 - SSSD is NOT able to contact the Global Catalog when local site is down- Resolves: rhbz#1988463 - Missing search index for `originalADgidNumber` [rhel-7.9.z] - Resolves: rhbz#1968330 - id lookup is failing intermittently - Resolves: rhbz#1964415 - Memory leak in the simple access provider - Resolves: rhbz#1985457 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-7.9.z]- Resolves: rhbz#1910131 - sssd throwing error " Unable to parse name test' [1432158283]: The internal name format cannot be parsed" at debug_level 2 [rhel-7.9.z] - Resolves: rhbz#1922244 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. [rhel-7.9.z] - Resolves: rhbz#1935685 - SSSD not detecting subdomain from AD forest (7.9z) - Resolves: rhbz#1945552 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 [rhel-7.9.z] - Resolves: rhbz#1839972 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR [rhel-7.9.z]- Resolves: rhbz#1875514 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [rhel-7.9.z] - Resolves: rhbz#1772513 - SSSD is generating lot of LDAP queries in a very large environment [rhel-7.9.z] - Resolves: rhbz#1736845 - [RFE] Backporting certificate matching rules for files, AD and LDAP provider [rhel-7.9.z]- Resolves: rhbz#1899593 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() [rhel-7.9.z] - Resolves: rhbz#1888409 - sssd component logging is now too generic in syslog/journal [rhel-7.9.z] - Resolves: rhbz#1852659 - sssd service is starting even though it is disabled state [rhel-7.9.z] - Resolves: rhbz#1893443 - User lookups over the InfoPipe responder fail intermittently [rhel-7.9.z] - Resolves: rhbz#1871288 - krb5_child denies ssh users when pki device detected [rhel-7.9.z] - Resolves: rhbz#1853703 - Unexpected behavior and issue with filter_users/filter_groups option [rhel-7.9.z] - Resolves: rhbz#1756240 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains [rhel-7.9.z] - Resolves: rhbz#1851112 - LDAP bind can fail due to unconfigurable DNS server timeouts that inhibit SSSD failover [rhel-7.9.z]- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete (again)) - just bumping the version to build for proper target- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete (again))- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete)- Resolves: rhbz#1854317 - sssd crashes after last update to sssd-common-1.16.4-37.el7_8.1 with servers configured with multiple domains [rhel-7.9.z] - Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] - just bumping the version to build for proper target- Resolves: rhbz#1854317 - sssd crashes after last update to sssd-common-1.16.4-37.el7_8.1 with servers configured with multiple domains [rhel-7.9.z] - Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z]- Resolves: rhbz#1804005 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1773409 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1551077 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1507683 - GDM password prompt when cert mapped to multiple users and promptusername is False- Resolves: rhbz#1796873 - [sssd] RHEL 7.9 Tier 0 Localization- Resolves: rhbz#1553784 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1836910 - Rhel7.7 server have an issue regarding dyndns update for PTR-records which is done by sssd on active directory DNS servers. It is done in two steps (two different nsupdate messages).- Resolves: rhbz#1835813 - sssd boots offline if symlink for /etc/resolv.conf is broken/missing - Resolves: rhbz#1837545 - Users must be informed better when internal WATCHDOG terminates process.- Resolves: rhbz#1819013 - pam_sss reports PAM_CRED_ERR when providing wrong password for an existing IPA user, but this error's description is misleading - Resolves: rhbz#1800571 - Multiples Kerberos ticket on RHEL 7.7 after lock and unlock screen- Resolves: rhbz#1834266 - "off-by-one error" in watchdog implementation- Resolves: rhbz#1829806 - [Bug] Reduce logging about flat names - Resolves: rhbz#1800564 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package- Resolves: rhbz#1683946 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working setup- Resolves: rhbz#1513371 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_be[PROXY] killed by 6 - Resolves: rhbz#1568083 - subdomain lookup fails when certmaprule contains DN - Resolves: rhbz#1781539 - PKINIT with KCM does not work - Resolves: rhbz#1786341 - SSSD doesn't honour the customized ID view created in IPA - Resolves: rhbz#1709818 - override_gid did not work for subdomain. - Resolves: rhbz#1719718 - Validator warning issue : Attribute 'dns_resolver_op_timeout' is not allowed in section 'domain/REMOVED'. Check for typos - Resolves: rhbz#1787067 - sssd (sssd_be) is consuming 100 CPU, partially due to failing mem-cache - Resolves: rhbz#1822461 - background refresh task does not refresh updated netgroup entries - Added missing 'Requires' to resolves some of rpmdiff tool warnings- Resolves: rhbz#1796352 - Rebase SSSD for RHEL 7.9- Resolves: rhbz#1789349 - id command taking 1+ minute for returning user information - Also updates spec file to not replace /pam.d/sssd-shadowutils on update- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider - just bumping the version to fix generated dates in man pages- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider- Resolves: rhbz#1769755 - sssd failover leads to delayed and failed logins- Resolves: rhbz#1768404 - automount on RHEL7 gives the message 'lookup(sss): setautomntent: No such file or directory'- Resolves: rhbz#1734056 - [sssd] RHEL 7.8 Tier 0 Localization- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1746878 - Let IPA client read IPA objects via LDAP and not a extdom plugin when resolving trusted users and groups- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1713352 - Implicit files domain gets activated when no sssd.conf present and sssd is started- Resolves: rhbz#1206221 - sssd should not always read entire autofs map from ldap- Resolves: rhbz#1657978 - SSSD is not refreshing cached user data for the ipa sub-domain in a IPA/AD trust- Resolves: rhbz#1541172 - ad_enabled_domains does not disable old subdomain after a restart until a timer removes it- Resolves: rhbz#1738674 - Paging not enabled when fetching external groups, limits the number of external groups to 2000- Resolves: rhbz#1650018 - SSSD doesn't clear cache entries for IDs below min_id- Resolves: rhbz#1724088 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1422618 - sssd does not failover to another IPA server if just the KDC service fails - Just bumping the version to work around "build already exists"- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization- Resolves: rhbz#1707959 - sssd does not properly check GSS-SPNEGO- Resolves: rhbz#1710286 - The server error message is not returned if password change fails- Resolves: rhbz#1711832 - The files provider does not handle resetOffline properly- Resolves: rhbz#1707759 - Error accessing files on samba share randomly- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains /trusts- Resolves: rhbz#1684979 - The HBAC code requires dereference to be enabled and fails otherwise- Resolves: rhbz#1576524 - RHEL STIG pointing sssd Packaging issue - This was partially fixed by the rebase, but one spec file change was missing.- Resolves: rhbz#1524566 - FIPS mode breaks using pysss.so (sss_obfuscate)- Resolves: rhbz#1350012 - kinit / sssd kerberos fail over - Resolves: rhbz#720688 - [RFE] return multiple server addresses to the Kerberos locator plugin- Resolves: rhbz#1402056 - [RFE] Make 2FA prompting configurable- Resolves: rhbz#1666819 - SSSD can trigger a NSS lookup when parsing the filter_users/groups lists on startup, this can block the startup- Resolves: rhbz#1645461 - Slow ldb search causes blocking during startup which might cause the registration to time out- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains / trusts- Resolves: rhbz#1671138 - User is unable to perform sudo as a user on IPA Server, even though `sudo -l` shows permissions to do so- Resolves: rhbz#1657806 - [RFE]: Optionally disable generating auto private groups for subdomains of an AD provider- Resolves: rhbz#1641131 - [RFE] Need an option in SSSD so that it will skip GPOs that have groupPolicyContainers, unreadable by SSSD. - Resolves: rhbz#1660874 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions [rhel-7]- Resolves: rhbz#1631656 - KCM: kinit: Matching credential not found while getting default ccache- Resolves: rhbz#1406678 - sssd service is starting before network service - Resolves: rhbz#1616853 - SSSD always boots in Offline mode- Resolves: rhbz#1658994 - Rebase SSSD to 1.16.x- Resolves: rhbz#1603311 - Enable generating user private groups only for users with uid == gid where gid does not correspond to a real LDAP group- Resolves: rhbz#1602172 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1622109 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1619706 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1593756 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: rhbz#1610667 - sssd_ssh leaks file descriptors when more than one certificate is converted into an SSH key - Resolves: rhbz#1583360 - The IPA selinux provider can return an error if SELinux is completely disabled- Resolves: rhbz#1602781 - Local users failed to login with same password- Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped- Resolves: rhbz#1522928 - sssd doesn't allow user with expired password- Resolves: rhbz#1607313 - When sssd is running as non-root user, the sudo pipe is created as sssd:sssd but then the private pipe ownership fails- Resolves: rhbz#1600822 - SSSD bails out saving desktop profiles in case an invalid profile is found- Resolves: rhbz#1582975 - The search filter for detecting POSIX attributes in global catalog is too broad and can cause a high load on the servers- Resolves: rhbz#1583725 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries - Resolves: rhbz#1416528 - sssd in cross realm trust configuration should be able to use AD KDCs from a client site defined in sssd.conf or a snippet - Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd- Resolves: rhbz#1590603 - EMBARGOED CVE-2018-10852 sssd: information leak from the sssd-sudo responder [rhel-7] - Resolves: rhbz#1450778 - Full information regarding priority of lookup of principal in keytab not in man page- Resolves: rhbz#1494690 - kdcinfo files are not created for subdomains of a directly joined AD client - Resolves: rhbz#1583343 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 - Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully - Resolves: rhbz#1509691 - Document how to change the regular expression for SSSD so that group names with an @-sign can be parsed- Related: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch- Resolves: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch - Resolves: rhbz#1523019 - Reset password with two factor authentication fails - Resolves: rhbz#1534749 - Requesting an AD user's private group and then the user itself returns an emty homedir - Resolves: rhbz#1537272 - SSH public key authentication keeps working after keys are removed from ID view - Resolves: rhbz#1537279 - Certificate is not removed from cache when it's removed from the override - Resolves: rhbz#1562025 - externalUser sudo attribute must be fully-qualified - Resolves: rhbz#1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily - Resolves: rhbz#1508530 - How should sudo behave without sudoHost attribute? - Resolves: rhbz#1546754 - The man page of sss_ssh_authorizedkeys can be enhanced to better explain how the keys are retrieved and how X.509 certificates can be used - Resolves: rhbz#1572790 - getgrgid/getpwuid fails in setups with multiple domains if the first domain uses mid_id/max_id - Resolves: rhbz#1561562 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal - Resolves: rhbz#1583251 - home dir disappear in sssd cache on the IPA master for AD users - Resolves: rhbz#1514061 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set - Resolves: rhbz#1571466 - Utilizing domain_resolution_order in sssd.conf breaks SELinux user map - Resolves: rhbz#1571526 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.- Resolves: rhbz#1547782 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process- Related: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1516266 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1503802 - Smartcard authentication fails if SSSD is offline and 'krb5_store_password_if_offline = True' - Resolves: rhbz#1385665 - Incorrect error code returned from krb5_child (updated) - Resolves: rhbz#1547234 - SSSD's GPO code ignores ad_site option - Resolves: rhbz#1459348 - extend sss-certmap man page regarding priority processing - Resolves: rhbz#1220767 - Group renaming issue when "id_provider = ldap" is set - Resolves: rhbz#1538555 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000]- Resolves: rhbz#1565774 - After updating to RHEL 7.5 failing to clear the sssd cache- Resolves: rhbz#1566782 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)svuk1.16.5-10.el7_9.101.16.5-10.el7_9.10libsss_ad.sogpo_childsssd-ad-1.16.5COPYINGsssd-ad.5.gzsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-ad-1.16.5//usr/share/man/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericcpioxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a6ec29e64fbc63b8c5beafb2765ae3ebee036db2, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=93844f5e8e395f57ef432a9a16adfb6fa0535f76, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)BBPRRRCRRRRRRRR RR@R)R:R-RRRRR,R/RR9RRRGR'R RRRRRRR@R0R7R>R?R&R RRR*RR/RRRG?P7zXZ !#,m] b2u y-iSqiҌnEҷymCD-xK1ҹ;d,zzƑ+4^UްcҢQym/aL S`?ߪ%ϻ)[F}Q\1X^B*-qY Nk'O';H[E'z-¢E%-- 'N9u1[4>y!0HF'Ъs(1L֨zy]͢i+p! ULP2n3/Xj'9*,]5DD4>zGX_c O'^ I߮Feܟ4RVX*\5P59׍Q/Z}f` rlFw‰^E= 1m -"%ǭ Ȱy|T/G/dPE~/|GbkO+H 4Di&yZ*AuM z͋aր'G9C~a]2|;^f^?}_; ;++#q/)h :3wvhn'90.agT1y,'˒Ћ O 胇`z? ^IX;AM]po/:x(#BUQjkQWrv&:t̍Wތ`,0( G;Y}B6kk (s@=lp)Wˆ:WTdJrj-UYTuMs`Kvlt@ʴl5qda*P-&_K]UIlaFIOXP~|T\k`pEۍ!¼h@Lf9lR3viOZie3e0pCi;TӹuP[ Γ>H^ԑ ҂M^/¿)}O?XfpNV4A/Y,P!#.`0&y@oֱcT_F /skq3DV!cDX:_N'E(OۉRYEf֏Odw.NEܘ8}e`Y#>:%֣Eߴ2t*~2nV~R?ѕ\W܁t EY vb b%Crɑk&*IĀXyt*]Q#9%s_@7j;.pԫv\d9;g"1CR-;ܓ=n(ilQ"gamKq<\J,gñLN@Ѝ^`i848J*C, `DʼniiQxpS"ظ; l2[3.QB}5TOOOCC>*a͗b5O hHpZ@pX9пS :R1h}qaXq\.bY ~0Cx/lrn.oc6ک"̈J즎]X|^067wɥ4"&Z<8B.vc[1gj7%eD+K4`1GCњsʩoFoE4V<:VJ%>Fv# V![D~eoћqf?alx0R쮭ɹ ;e@_1[K;ϭt^j4_,?FkbHXY9@q4Q̡Ⱥv3J?KO ż7dBg>lB1DW`/a{= G6 PXrh$Yq`V҇PL<,դzDJk{*sN='-$s.eg{G÷ĆaJ軝a"(źJV[rqjpU%RI8ZnvgSW31Ž6(n4H[RfQ{toQĶZY&Mf}q݋rJpFԴCaeuЁZ[0HUT]N8` P7ku%L D!w85 Fr17sC Ay< "қaҡHUD:gU|s |MGkA/uͰTB PX(7jYSDJS{p:O?fpivoπણo~)lSNHڹ[k%zς{5 @mc?ьB &O@@MXu0h? >گOҟV!+VxsN5БGZSbjOW*uق,&d {c|z6[0TLl|(rު$@U{˸mn }0(qVj{.֝R.2{ЇBG^km@gueJ/ϊv3QMḯP #??xHdҧLT<o-qOS^ CwVAX㚧iQN1N9v5usdF`U/rWv`j$\  "߿g@sle޼$"F=5"~P-vFr-NuP8[;Ty4Z ?xmuPke_qphqКB ?S%1lvh]TEu<_M/mV![io#-'I(7(AI ~130'1l:΍Sd ;]N1ݺhx1 nP0ԑiRl'n#f.C}b|Cj5G3[ݒv=YkZL&V~X[TۅM.rRy:¢ wSҝKߕ񠻸F U=ˆ)]UaOGrk_sx񞵋s.6%5k{y<'".tEǻn 1h%(M0JF[E!)+bϯZǏ|QqÅ+Z%{ϙyKD0ԽPZCbVw<߼ g[JQAhy[pɾ=bf؍C(O\8곲ۣ܇=bS F^!D] )IHo$\q 枨Fھ= |Mu6o XLk?R m~ Ɩb7ɀK=E]Roر2p94RH[]L>ϞyUd qYV`igYwmf'qo`zY`q#1)+Uo6&?areP5Y)ꦮ ?`rsnyRm+QYl%sҽ1R?ɲ-ʿE,kޏL*ͦ&-fݸ} Wi!NI%Dag=STCyX^ 'DBS -a33xP Kl|QQFQqʙZg>i"2Uc@؄F`E>J0V:}UKy:Z!>yb-\U ۞M! fS=b]gBI%_dfeE)yJz]Xj^w햀җԙo5O' ;'ǧu;)KQ!'/cUJ 3pgI16 m48ǫuX CorDA M.meg 1HUTb$e 7eSF+vCA pU-Qt$?qO*}A G* U(>DG}Q`J+2 ON=h1^~:l\Gɣ^7kmUXK|gd0 mvQ7\ǠE.zs.*lx_QHE+GN^0{R<"ʘ%'R[&C;Hl v{Dݹb!Gڙ x_E NC_k8H&]lQ˝Dm/ 8=> {305dA{r|*<1:*c7e.bр@*|s+w۸eW!Q:k]!anXh$BnU=R{v10U(G~m4F!U"fzE,<7Ež"dR:"{u/YYaSjKe\ ۊ%} ut)hBx|hgL Ṉv~})BhR 1-zKUTg|pM1?)S )#}u)"z09tFJON㉡Xp An{^Z /;7Le0rvݟ3+1#j"F,KX .VcS%@DQg>5޸$pZ?IfҪ\~tg}rKѦ79O{}-]'ÐmTS:R2=IxfmJ,K{&]I1uGP59&ZaiYӿ(+6a:4 5lkj0[_c2Ί+e-֓rlymM~XH3E *٧OA.ՙn* w^+6i) :VΚNt'|>WBH tѹACV)T|F[%y lԔEu`5'8hz=b=wK1#M= ܹw6b <~$"WBvf]&{ӝD"*۞n>\@uzcw8JFX.j43Z\ @8`,iz84{SX3}ڻ jdj&n  Rxuq{Zq4H$rɓʺ6 ygKt 1>vmADJءFj[4KC?'hO6U,԰SFC#pxpSP\僄Y)M!nLHr(`^ )hBO' F_PSB4q/NsFJnu/S"jT ӱ28cCHˌ3P~jفA]_աc'S{n˹q9Yv=Wa#1^k8ެGto6\zÖ8KPa١ '4 u8yԩtWC'>-4]@@E;8h\GwvIj~'Go{+jH^nָѥ%+̱_`-i Wv0;ZJsVocYT70i몣.G;{ ⽾:+(tȧ74pu$P_QvQFUJ/HY܈kȶWЅ@ũ(tpߦ]mO~5 [ `]yhP0[1bOpEby')AU[muw*8h7҉ iO6wQ`^cgCA.h~.H 4y)d.C(6d,jǚB'#f'ؤ=:B1R"8eVۛ12ט("|tApi9)ޤ+3 *ZëECmOʬ@0"@}3aL=)],e8^,y1 vVt+U@9s/М7ZHtYhvlo!qXsN<)!0*dgHe;*|=@ͮ"\!03Os|LLG*-C@qכ| (pn6Kuzq*yD^rղzI7\]Մ9hQ3RHv7)$i7]kÕ @$p.{m`DGu߾]2gw_v|v92p4=@Ȳ!~C`L2躧`3Ojrz-m9;:kS^Fg.a$u;-=$5uQW5?'5LvIwRt`\O$b33-mP 7j Vr1q ÔJtUüM]m+Pk/wS_#1 jBm$^s}[L'U;5ӈohov56?q_$@x GԬ"UJqޓbӑξm{W06`o)MUcxB3AvvTFN97A1Me zG3>ߠ?ibemF rDΪqeZhRe~ɨ*xWIX CgE^.'xC,;|΍FM}L{/T޽,2 +y>৶K3V|3b]䶩S0b*d\Cڻ+GsQZgW3DulvC" p̢0\517F#kgS \ {]1[sƱb  E_,ʴ1s IO.uZ} e^J=x^bKO3YtuyI@= I W,>`|̺ى[]b6Ϙڢ,܉IYz܄},duGݾA]xn-(ГgcTT8Y53~aMHBjqWx v˳ն~J"&4̚'jOPiH[5D'v$֦/:M3bp7?={^Bl/JbO)1c˂jL?b ZbbG'|p|N0'Gn8?d7e΍!‹EV:7M]V;@%_څ)G,`(J"dR%Qҟ /T6"(oXY Bj1?vL9+`l;M>OI z$ |\N_du 9<2ISoz6U;;'͡j(\t8 -kxK q(jȴ""rwb$]i܂,Voq9:\E{Ln=YIe7b(>p)ڹ4 vDI\Q:@S0( ;Һ;'k!9FcDؽD !i#w?d70HEprn;o~C (|d NN DhE|L)Ds^24x0(Ok%4Ew p9KŔ}YkB;*uF7U0!b!%QՌkVuІ[!9N%gqvC_ob*}`M=8h{l0=dnc*ėM2&;X P Jp@Wln Ч),;'gP\PFWT3pȁl%꽻 0f C&M^Gr:72 ܱ =Mphxb1ӆq_t2 Š̈́cW?FT C tlAͪGh&,Jtԕ.Lhp\_dČElw(G%X G/,- B5 UW-v8ۨ^+17lm@ì8'4K٤TeJ.{7Ӂ㠰GWv3P_!V4r7x[ɶ򛳶1ƀa^hIEڛٷ3!OD@fG=~ܩjXxaLQFU[.h3w:&1 / 2V`SvvSyRςW@UlyY:|}JT%<Z݆sKroŃU0 ڵO5DO# ;к'ٰܨ*IpXl%95Z+rAː+a+FoD:~ !{OlbL;tA"%Vy7|wA;H 61qAd?+9\ǔٰusu~:D-`d8rfձ|Yg78T>d{pMPfզk#hTBX١ұc l:-9.9ȫI@3hi^&p#vA_ !\q)3RgQ%5۽]n.Onu,e6 5-|*I%o\ +^ ΢Z&1x)/I]5͵OfQו?{M"nxt/ϩI"₎lzPϰAQ`+h8-Y|Ae]5'oT|C 49~"P BJpLP |j)zȜK~ o+ʩ9 ptNDJ&Ǣj Qỏ3/o)Z$ 0q7Fd{a"]g]8W|hؘ3In,\J|sd\"改E3݇uDqcGB|jV"Dy-NQStNTj@H@9یu:p`gT+- ~h/[N-.^(@2>qד-{O\2[2cc2Gy(N`%- vW4&aO Ƅ*E~9ݥgIsh7SjwX#}O{:'O$|(*=OUʾ_u<  Ҹ94_~R_ڙšX-tn1E }{qe"39ʽYBy# SeA}bEA7s`_ jmVkK91"G<)7ܺN=2dlF®}'9Sޭ kE]ZЧ(: |(+On-MCFX6d.L:I 0HZpVds !w?(b1PS*%" fiT>eu_Mh i, Xr+IC{{BkjԊ:b[u]ZkF" `ܐ"R<=yUH+au8O>[ DEd];n&R5ևm۹]&d*Eʩ>.5; xBME ٖS5,$bz,gTz @|Ji gu@PURJ_[-CeʡWzM8NQ9گ_kH/ɫ Yt*dܧ1ck?Q׾La_G]n:v|`<_ (1 P[6uNCWtv2t?LLearu[4U^;#Ӗnu J'ڊ.K,p 8XM[U(MYbIC!|i(5l}4IaF…J2l%XD]=snGV=tY dzQgʖ]=N]dn_PC9WDC70q7Z/<-#M4RU%^ ۼ*Q%M9.KT޼c5τx] 9? ~G~;[WxU٩!&$PPz6RKO=ۯ~rN|iZH&IDJ֫{ ʿf5@f((R&wPc|.cZVVmFX>WB^^ [ɧd$0NT%7^?fnRUI^y{sc ( DSwr|+M(q٤=o N;fX D= ?T c!@{ b<^%gPW<&W_Ía;Di(UaZ0Hx@G ʚ6Cm?gbH&Oћ.XJ"Qf;>M'~%=[owZE8G᫯k, OGÈ0%}e3Gx4>rC5\cd=6\ݒ`?KMh"% {@'`;i.m.7r,!tB*A80quw̩zticxA%n:ց$6fv<gyF3#|p8JT<' mo-L"xcnۿs~@uͨ_kΑbQ!a ؎rYf_K )@Z D>6{Sms?:ePk"69#;1m&Hs#e (:AZsݱtCV IVdxv}<Ɋ;ft/3Sf`1=>WlPS1Ub)7N32T_3^N)>ws#Tro pr)5{޷17v]ؔ*#& ˖څo c[ 2֚[h+y{՗:]4(%N d.xō=c!!irS4@"[)8.g}cBJ22hIaH-fFN(R}75O+'I/f>tµ:->b1xS>mt@hU`؂V"+ɚb^9JL1̊7S#J5VkdSz~S/kg ~ЅW-ٖ2JNutll{M!&]V -vX(;|s+V[MS/ :u-QMܵasn(&On "S$[h4j#ց g9 -b&x (ڿdY;#p&;[g^Y ~huHȪPʔҎo|A)z@X`~L͔/U 4{|[yd-=ơxn?;U)-[)(iUZXo&nu'u*?U|xR!ҹ&¿NIQlENvόq{30`sc5)BJk糉\ yo V7I >qZ˞F3o49҅Z? W'_{3Xw `;NxmUr l,=k?l~^ؿHc@NЪ8{ u"'kΤS)qnK=`[ |GPL/@ !Į-2#?fI6#\c翀ao}oqNgyUdI-r4( &2AD!*4>ȒY͠m݁K |)5<"Z",`MN%XŠW>2u(UA@2!c )x8lBXLW;׭P+ҡ=xp6w, xdNj?3o!Uac_CƚYJ %wSJP%V BG[`_[I{v_b gLyj#Bg1bG?Z'p#Yxc/-E4%+'Ū|Ik0W5/G=MVT9|ـ/]Nq54d+O?(J6 JG.r N.x 3M;s7TB4Hޱ Ӧ{'7qg^I*D@]P.2R 9AYul-,V=$BZK!N0bZIE!+h!\(O/hO"pFIf".aRb 3JY7m +trxr(K/C@_Ty40m敖b,TK$i@A@:؍ML CG61n1c닱ka- C#h ?q^^)4e[>/m /$6Smsud?E%5/^n/3k\ FFve:ƻ፪qQkՙѾCkl 2 1 FòD T#*q(,py T3Z&p%@gԡ cpmҼ{-Y}\={̰Bک'HQrp.RCsJ Z!\qLPԊʡL틡k\b̈́](znvlOӴBǩ^B gL@T,^PPߞ,Ui[_wG<>7mvLGtg | [E?l=gl6Q2UDFDv]X0T>J7| 26,:@~Y%=KBGE\F]?3gWACtnsSx,j[J(2*Pf/bݚ9g8L=6{'Or(^L|AlgCa\UMJ懳O&J5P-0E751hu\߄13>q$G<)Y֠̂9,6 *nB J2I B{+*`XjeB iYA#E AjmBzH6KRM3[%F]kTCbJUd&cGN>g͘ϓ< X 9jH8ܻթW w\ 7T: LRҵ3w=WWDW;^kQiLTdbb2$|aNY&:rq49rf(U-sJ[ew`xvQ2ܵ,aI/?#9˺P$|< u3#ktPF) f,N ,:-36gyi"RQݛ~xxu*= 1[,$P4on%-ɝ{^ʋU@\ⱩrmXNF`)(|eHd$ܩXb:VK:e8y`V׃ABCaF~B ~Xv;gGQ>05aGȆT77$njи{9SՑ /mSc==2G_ݚ:=%|RDkiu7R \M"^a}pS\hr)LXY^^a"L^1t](N|(©y=6&$TҴ 1q o~]-5{)dt=~ؐ‘kN5#vpP P)2Tj9r/Z`KXrzBs"9BzF4[rZ\Q^-/&עZ)VZ_gh~-}d(L 5 7n:_GR^4Cmg|}8 VR;BnjGSa庯xU?"ygz''F06|,3 fi+_LհKo_F iMX=t$EGa܀s^7<Jd2C&P19'lܔ}>y`7:<9iiPNJU`^kiq+(Dxh< |mF< 鹤Pƃra0:j"}oCEwaWш%Kr|w$K5p }4M:fS^99<X+6Ɏ.^!Vg#` +z[T@W'mc>kTvƅ yˀ0O4Dj[ p_|5~}guxA0uA+j[ =n,bۜqxb|! |RDOE{(59]sQIRx&dZK{8a/2h?Rm)t=o%GC@ 2)mGJ7c5†n4xWLf[qIp {6 4LzOO|Ί",Sa6pmyQXߑO8CF v Y紻܈$ XЅIRS+ӪOt.4YvTzؤKL c&DNk&M O} nm?a7gvR'\rmx975wkD)W3 ^wߡbPS2>;l65 :N7!ʔVLG3X-0$ƂALá5!DZ1b%uD^"H;yae2W5Uc[&aPxެBX@\%w9d KݮMҔtE 8FsU"LҔd$Ļx2:^%'qBի`z#?N@kµ6~C ."҄h;{<gVz)Y`i:y:`lcYJ>ςt89HU`G_KlU76N!V']m !,tH1GQxK.{^''`jhgҁx(M!r]umЄ^y%o3וm Ͽ׷8똏[􂲜Ry%`b%p=jmerOZ.LWfqPFc_ +AuOz옹l5e*uB"T"ǫnP6ª]UKfGTW l^g/EYc=^ {/gH1V=c(LTh)˪$u(im Gf<ТR߀w+).n`rd r;d @*Rnk㰩 C矄)[&GN;/]zF-|z=$X$SZqvO3!*Ұ;[:.AZrNg #JM[nGƖ%{ ?U&Pn[Bÿ8~f!_3ȆSEm#aC1WZGx9#ݪ_/cTmE^K~ 4FW$I)JQE .9sH8c|8СւڸN #׭qK<'i61,>A#Bc̶Ј@P<fllbCk}ku&&@wCSOiK+FG}:@+Y"76Vչ"ҎS[{71ҟSpnO1,gCwŸ!2ji&W𔑬U^ᛡֽ.Cc#r|U⊧|IZQv~J3[Qs:+N_(UďVmӌ?#Ab).cgn}I@ar\͒kztFeKehzдuAƪĥ3lDg!)uK$-tB_(Bp6vWLW);GOQ8')STքN$D߫΂NUC%?UӐt^Py5n0JƬ-lU6z2̈_k!&:} s5<:GAZ#wOBf._t(?ƓH~u~O8iNzt+X@`WY6pg!DìA5=톡d7 HZ";*8}-*b;l0% Is<7 %_u$^_;E aȣxh=".)rMvzjg20CT,l *Fhk;^'hQ=JTM\ Vy}!/O(C`KIlLc(Ňg/ /:}$l곦`VS`}ӄ҆OBQ%;VJ"28Ai4hVlg:]jF*\ 9UM7uI_KAqH;!ɳioQٚu"A颂 #VP~VJpo: G{2TUD׹Ch0 aL\OV*#Gb>cs[@ ]/ǨF"d(91̈́W"C2V}fkRY:OcO|;Qؘwǡ?1e% &s X@o뎔 /ĭ'Z[0ΉtMN;W#m3W鹭3BKeAr+3oԍ >!yՒ޲/[|)2mڸk H!~06ݓљj ;v S!a,aZc7z*F2]۵m \Y,yTu* ZzD~l@Xі9%"Cw$7A+$+p];,`/s3ltY4 R֣R.;@i!dTL,#~uKa9C,UHgx^L6]XS@w0"w%(\Ne$DFQ1Om޼dfm+D^w#!rK"O3ҙ+}^䟩R1̪%bd߬w$[8]X% ^X@yaRvj=HU(C1?2ipԔ?@l{ə]u,"L.QvΌDdU͚c`X@9R mgM_S$*!F7IgБ;%K4VɺeߘL`\ J]ݠ}ۂt`V[yYWμ U%e/ӽ_%~ŀh ԅNaS9b %Ij='־=TګS˫ Xifrߒ';_ADKC]} ]T'Cmn'-5/Lj(?ڵ.h`<ǕNGFsFjU5R0ܶ ors`BRYWhiřWokJy{UJPG}AȤ3'Ԟ3bqCzp`u,4U $>MgbkM FN6,O q4`4[Va\ztXLjp7 q[8gqt屃_3Z=TH[Es-55KHN*`0[;e\ӢcYi̗D?IAsrAgUenO-Mދ@?߭);}G"XdC =wimPk==Q7Ya%.rN[ T%BPIH g 2\ҋ8nQ:ڎg ^ MK?8BqNZ?:.kvӟ9Sװ@ܲrt$`G{n:tty5sv?VK(6毐$N9a9?'3䕍 S-WkWޤKUmuo.CMa@?k*lBd ї#⎍Q q׊G\-D_{|zYȦa@_ua٤[XvF@]_Ԯ3(P\e1 cRN2ֻY&F,𪁃es^{uNZ:[if9j{ÊJٙWWP ^_W$7Oh~$\zN}Ja-%a^'tiy>T`{7V˂a\i=V+YGo7[s|&ZS^'T?[Dt8m!׏v"osNlĨ1Kf v8#]װ* ɝI8\[%K@~iZiK[G ipxKCӃQc>,G8e3 G_I6߽[FOj} d~f/t;9a8H;X&*|hzdz`N뇒ԏ8\ILoe:K|$3VƆXԷA:#=R)j]Z7x3+iu1\뙠Բ'B'?Ry'<\TwR xx : -G oyu:pb'%ܰ|+ɯEbϭVU#uEGC/vl2(D;'0Z6dGb\U*#>=P{9jCY:glm&iIY7K]KM,!u- )t⦕gi}TǬUþ6bh0c|,<_=:C!UWnz%?85~V_k%{/f>#SUnPPM/ӭNA`k¹ԮG״άHѺ$^^]/0-8^WInb>޳1D ~H|}>r{L4_C!Jk2& zDWW4g4 $880yeu䘑 q}u_4Ή2MMelpḄrpHW4kNnm Y7-ri%[f{&L+ L~"qyԄ[n (}y!F튶`HQK?jp;$ [;T'dWi>pȵbYT~GiT=3Zc)F~5|Ƣb#zdS*RDl$v\N_1D 9)'&b 5ϗ99#[ycqGd=0QE=}5߮fvsz=XpRJYC5]dNja`kG*N}alP ѱ Sas262<}`89w`XV+ NP|1Sh|к"c|FöV% 2_-o n)e.yiS;$M;n!t*EڈQI~Z2YzTIgm:jyd0i?oDzeW1劌`,~:ebST9+7L yY{v2' ~ CVl\|ȤA.9eG+gV98`T'y94caZY6$@V*ł3R/pi{vX]Z|a+Wj1b6{E_,CDx][zSN u "6ҧ E&"7rtx3ͫxwR u'j(2F/(MOG)`av> uQЮMwp ۋImՓkDQCOje*_, в['];L4f+v Ԁլ ?Џ=AX4%>Z;64໶3_&U8 x1"Em"ˆxv0]{ ? c2'WbiJ*NkDF)9Ҝ9&kb>Isi?ͳS5 0 TFd߽GK/lW JLAd:?X"wG[ptm&E<>1:\"r2E`obt9rK$RDzr9kv?TkMs~X+Q|f%?ZI5w\Y >nVݳʇ-&lT_4;ٞ~uܬ%'ѸPFi8yV6sUklͱF=L|K5›-\F?/͈A}oձhq04k5LLZok`ыp^? GNՒw;=V6H BAD;YDzy܋2Kū@跲oyu+Y/a_j ryK34+'bqR%Fu.?0ѱU֐4˃d2e댿ї+s,ލ[X|} SI;.jX:ص0!p 0=-vO8ub#{d>{w86%R^=AMgH>81_ S4J:* ua</TrNk6.zΠ[/hUziQuj5+J\2 h7塛q751g K"vj\ bc,jx`I@2\{1`;B`>ط#MQD)~@S=rr]ls+dKV!Vg|zNqf̛o| d -eL а{/@ҳ]i T:$[ﮕJDOhD=v՗$<)1)5P *f-1!$iuS-q»P,V C'lƙ >iijFa_=; 0lKȧb?I tY΅oY?jwC>({B0˜RybyOv8bFd E`vc hD+ d+ᦜ.ZnA;8ð  m] *4|?G 9d'BL([ VxMl#*և] ]-pdʇaze ;1-#Q4iEtݯAzc>QVavl4nF'ó-}r&m =g?7;Wqv)N+ZVke):c>~DĢh]1|Vҥt$DfϚ'Hdd8[wpXWqa'a,mN;Fy2X+ΘtB76 .]Vm؇?$E QK!y𲘥/a9x!(%L-1{<ׁϊ-TBi l< 1B?sCo^I,;on ӛ\1lZ}XгQgB e.-oUL)0gЈb&ڒntbZ_^؂։Y! n7rI̎ 'tv ;i;q^cKXc1** ]E?ցW^ƆE,o8㏞8C~KB75|)DY".K+7 V׺zWkx4} gm>;:|ն'CyB:g8 { ttҋe4;NJ ~yh+`XMVNj7X_;ç{۫6~ c}|]υ=g̩V %2@%uIS1V-TNOwHqEլNk]ԩ+N?{(Ǵd~Y66Ò/Jv;݄SJ~c[Wu\ B1Kl)Qg)\ s4pəM^۞SQXFè\i!K8_#(K HGl;^xØZ O<" YYb[DcIqV"0EH A}5짝#Һm|Az ;4N.f]:ENW@L҈fȈe9' m 0j !viW$FOtٰ]$A{l`i8gWtʻ/ytOLEV NI$rY"mbCХb`b?nVP[*/џXda& Vk^ͺh>p iy }{ ڨV(|^y_gؑO?14a9si|H&XrHtӪF\h9} EeVepG,3N{v_y "CV<(9.Dv|WG tV-U.އ갉3n۱gPq@"pu$L[d{SN[_P,1bC Z'Ё'c9qv,L7 YUpc4ggOqnsP#He4&P4r&p[ OcH6O>J`:E*徠ek_>SiQ£)M6K/h~!yMS1†&I0!, 6\|Vgv!%֪G,|cBdr,9 {E6.!avLKPmMf+32:Z4\ |cel y#[xRcA_,Bam1f:;T'$l.VB&=㙟xT!XD[qkX,@[R28\){!m[$;]Z0MB)Ai¥|8]iuFgMRy8t'6<,-ۖB bT, s؛_a/fR_&  t|ȩDӗv.p *&oe gM>L-~,[)h($G5BZfN^.I$ز5yV AiHԆF{%l1uG$awfP SN|G{l\^2@<_U}c ɆhN zj8}wSBXw>q%:DQYa._PfٶXVY8gaK'QIb%/$Rg#sLSb;{|Rxx˕q0QzUK4gn:VH%d3-ē6=ZV %o^y@ 4%CC]Mj@.;!:!j? XʪK•}z0!&P4K,{}.9TGru4>Š! 6(d'5SюGqޯ>Is\Đf*eSߞHȤk⨵o̗mqo/%=z]c'5m{&ˡߥ_CL;ajXAR8 I :  2 /\xhƍcKZuV N0#b'[n$bvp ~>v[*R# V$X b1sQȷd.AijlBy~\]bIug|dlcnv߉v#62G XU\n,OZUL/P,P`]]ueq e "^V잋 {w0:S"cy fpحO^7`4-BF1jN׹tJ:x %A9R?^VEJboDAE%*M9s>_Xed¶,gד7dZ'D%37wJB^x+D5暹iϮ~uFMEza3|v/L .\$-,מXn0fJ?45ad:?$I~oKӧ{GLy|w0Yο'g^<nQeyb``w |KL-]oXSjګ +8ZIW)3h+X{ ?zssC .v3։y Ͷ, vW{{KU04SsB2slGv+绬l!"58)z*u _8 #wYqd .$ C`s@D[s<:Θ*<.|\Z(wxFMB.~1uÆƝq 6g+gy;U4oȗqY@@cK}?ASsObiQ0{Sk{jc3B:YI2L)󑥄<[yFS$bFVN#\'!ޖbVHNlSoH-w#QL*F\ZJѤJD8!NU!.;pM&[ml{qU;JHK@^m([@\o_#O쭅,3F6w4mIJV4gz'S=]Sf3B3$?Wa@l17$yq>P$tGaN2))7+BjQr_Չ栠>ui{]ř'8~t fU:%1ϧ_$[M(d}Z&#r]eb%HjsUPv Y J/=m/`,b6Ìp#NF 4/om`06IK2Z%as"vj!,.J]h; B Q!KJ4W< b ,H, =I']a) ub9w>wYQl,p95q \=8n8/j*86Mފfb CdfdNP/XSDa[VW>}U8J wn;";^{# CD,ٓĂ5+;?; *fg[妀4ur =JUORxWoPdBӣ`1Lhu9o{ ڕE$eȱ8B./Pn4߿l<0R*؛ɍh&P2H[ b!a"V6ݼY%jn_N.ӪB#8%L8c*AZY9š<= -CR끊WY$A4T͐ۜ۹G$B$Km I+EbI\\KIPyE_е'F8v]Fr(s-:$>Ÿmu@{)V5njn>8&V=XɮG<܀M3"(o+J!/ŗ ST $IGQ&|<6tG bh3)K/QisW z L`BӯřeMkFEɌ 0OݲTS/ Q|K ji)VʶO$NR( rT#[q<ޱQm\{.[KIwRɡ"f^\یٗ8@P=X(X~|3-7s'ޒSVD?F)u9!Bc҄jFrU˾JHv$B }~7Z|Ʀ񂂷~qN>yFZC*'RLy> [….9a;Bir,xpݯ0/̟uRxi Ԁ1zOh5x3Έ(j<| K&tl |LO^d-bDݒ4u'FFיf70?޺MaU3$@)ռwG}6ûx(~Pmíκwj*Ib Oco:L9R˓/W ޏN[8J8z&);_Q K9v87 S *'0Ky]<=Ҫ22'y2W /A@u\zLOZbBPrP獈;-%c{gu-=IR(CF@{^__ NJ-. [9))*ڮIHNM ik{Z6d!M>wۘ K|zwLU޽ZI'5sa㚸Kؠ+Ȣ E'mj=6dQq XG)`bb+[V،I!b.vqMaAUi,CTsN?M>0q$KTtadP#Q3Z?"6}9;LrϺ1 .!Q 7ρ:^~ipϋ0P|3O7xx5%MRkp'yr / BH" }1jLRiPۡ49Qѧ9p "P<84_n{y4g3l1?hGǩSmft96q".z_HS=bLMTt ӧ8QQ_Yf{.-0N A7I457;]^oIu*AMT̲4*&࡮҂]8=s/@jyKIhfuZ~MR(yU?~~(esQ7;N.hcj|C7Pwݎkzd>0&}XJ) .ͫg3s//Dd[&Ƭe/nL:ĞAJ5 $/q6AG3m7l]{ND;'X+EGxk:ᢇ[Xa'$ͤN(Vo [5 HfFEqC+6fw4PyUR"i"w͚^(>Eh+j lE}ȼȍoNQDU4UT4LxB?Д;gdlBp&M$or/vQaŕI[nAmP:GfWF3R'0uv)O~˯?#u)l [}E'`X?Z T!gv09}時sΗ,`aҼ(e9 {EDlTV*SqN`djxy*! 1PZqz r8J2w|~rj}֨vɼ fPdqڢ\q~XyztbQCDiR+TDpewbhCYsF}J@>C\`zLW37a-~C?eO3Y (g/;~Y8AJ6i7m(jO#m!{uH3fX`tGOm$jfl2SW_R Jsq>`IgKv|}V+yVkT$JS~u }m?}XL՝w"DA'KQ:U (!@ h(]==8[OggvEH˴luuAQWQU,$N稐;CרK2)S8 ,DXK2jZ^_sȹ\īx1/ ~ K~g".~c:ED SXV-o+sjZ%&7my*Ծ~"Fg5Q Zl+aׄV5ڣ]XĢxQLZr[O2D~aeNդޖf] 2ѯ13+j`Rxnm$,OkfFYD=拁܌#\~Wu*g@O}nbJ9DeN[qʞ!ru}hG/t [wAI9efy/F6FꟺOm~42A"H;WyjQz/H-} p _six`F,F =B*Ks3/L"%QP@Q; `BJ:O%^|zYmWQspI pB<+;zrxL"V6 h27!#oNJ_XFXM ;,k#m%Jf9Vc\/+ x!Q{dW$5NtD/÷}[5݆*Z/[d>ͶM6*H}*0 M%FE|vk>0!Su#|V7&khzi(r}B`}8v~94)4 h౽np 9Iz0*,zUGtqaeI9|͸G\iQ*!ȳvkVIQoKReگ5 -ʽ% \imG0`R ;-iŸ0O Ѫ0|5;_r[z}mX1q=\ޓn RF- BIXɋuW' IPe y=z,IY ~Fgi<():U Qs2K)݀.k ^yL1e`hKu sGA;X/aԶ \=x7'l&6)-y漄Ј㌬;] [V w~zHb2 2lLtLG[g'}) OzG"n>%gv (-&ڟ(d~P 9],ew#j) &%5  vGl ab.;$ )U/p)ͤKrɳKaq^ۻu`?ZZj|| B664KuBtٌ;Pg^\NLC k}r'[ Dz6m7מ+_G:wnK{LUsvQer\]AF8g #3- 3Vp@{~lKAC4>A:D%:&W.) J0z$7 wK/c7_@v0356|츐lwhN,?cıx%gK@C\ڔXI i\o'?UC} boS h1M RK- 4;{M^1 ֎[_еQd/2;  P9apGA Q̈́dX'f~7U TCO`* ^ds ౟)9{g IR^~EuйJql(*2,d]~ S} A4f_>n=%7l>댆+Z"+[eay1 ^uK^G#^l2H)l{P#o3D+í諸NEmmDAH^դKxQ|z\hQ?fTl?!b8heVw=p2+<@lǙ5wmAdFoܐ U$BQ{ŝ @j`rvL4~`y5k&nnARUICܸRT;aʮXev]u\%2+Lo* |15fL$",/WkK_htL K6DRʫ*KulftB- ^{Tu-bN LT3dNr?? NC{nn21]j'E-&kB|+N8QOgEY1_5fƍ::4oCB MJ*M[ۙeZ~(dE7r~@}g(R3srWdůU0q )+v,*䢛r: X3%c}$g4F]=Jx{StieK鉦6}:۬*s(:uXvV%%D`1b1 +qÞwMqFQ+lBKO^تEK 3GIhJ~*BְWu23G[Š2BEn']!p^/{{Uu鳪jJy[,=bMLɬq 1W _n;-N|%c kЗ2# ^e;/+6t.v~9R4Jч,}EFd_G b(?C## \tB̉F56n |!U-YM~xT6^k ޯ `/~^ 79 +e4WbXk.Pۜg'VR0t;PK6E;@hYgdxcL+r)d0q;My}I pY=>i,% KN9 }v]$jm1MͳZwJySm/t_#H@_-]t!4WlkݮATsc*fZVi/=x*m߆<'^H kp80PJ|5v:__s)Aup^gZRkc6sz'쎢j/jl` !^Gc>+&~10x@EbdAMĨ$I1Ox8á0cpjšs wka0]T 2'<+ﴠd٣H/ZWq4A29tq2k] Vm` Eo/}#e!)z oq L׺XF?,瓅i`g9Z}Kt3W.U)aӐu-E?;󠧹J/~ [{"Qe_bH<4F\\zy;HʣCe(K&g291)E& xaNx|(Ee0nqpj8Hy7]\|j]_VpvcмQ7nԡ1wVp }7~$2)WO)gKysy&-nwmMw68ϴ(0H˖R烐bwq61Kk fQ}Yo#sex쀾4.sB{J+3mpk^W~Gd:m(P)}#[Ut Yu&nO#uWvibY{P] RxsCݔ[\x$XG'|rvxG 6?),޵4 Sum.I$(d?6t7ܽ"C.bx9%GK\^KNf1EW`/RkfD52O\DI` jee{oHZwtѤPPRA]f.7Yc~Sij\_|GRdMG|XL{/^EiYWt*2\bd: [dU؈:{F,{bٰ5m`~&H%:狾b$pN 7eTV^N* P\d2:cdΙZ&)'^Yp"w aȇziDa|?eZ9_eczLx|ZJvUia*_גZM{C@=jo#DOz(1ޛ >Q8,QEjH#ml\ mAkEy+vGIrEUg!G:4J9k-*C!]ҷ-,2}'-̑R؝@(hK )E=5&ټ)nϔV9n1uJ"ʼnKDf{8_/Lh-7XZu[3 >])jWz[ܟPWxjuOt_ܛS58KCр"0a㦃r;R#ܝdlb;n<=}6-B=7>2bѭkg>&سUN>hrzP_aCIfsU(fBb;g3><@qSrT{Ih)^=nd9WXu?mҏPscJSadz|y?x{{ oZxx'el/|tIӔx)ۻJCU gUA9 xF6 Ngկ`mʵ 8Ak:J7p pٯXLy`j,%e` CRKz-R3T,s]/+V+X63Bp7pDTyMfؓGɞ'C€u}ֈ&qIȁEt\)([>ɛndۈ'5~% `omg.@z5gfHƗB&r UY-B_SԦt- R{ШQJ?nm evL߷'5g$3 7 J>:^hT^>BF*ŌMܫugYfBbsSH$::Zi%HePp&s8u=>%|J %9VHfji{r+aCoX݂/,΍N[-ʟ*hMFw]ӈd}*ߨLWMU(ķ.7͑Rl}s1-"b nޡ؍!m2_%vͩ^œ8ȃehr4iU3d.9X8xS5.ju\tkdsf 󂈐!Ft{ҿP7JdžX+/ =fGd^w'*gf6yWc5ҿM. #L~~;W&3 i&`a 4>,h#i6,&;X2ƽ& ֮VA$DM , ¼=\>`k7NtLTdq tWRIK};&u-dAD SgŻƃY ~^Di&Z籕p34ڀUh4!6M о=vO%bSaS`8HJc@heq݉,7ögyU? FIy\WBk#Ic *;3Ώ wP+{ S7Y.EaWg63!5ށ-ih)ddRs"d[U/ȶC K4!dB$*]˶d}lJᵱxj5\E,t$baM~ `xXXcB'ٜ 8gqcRnQxiMs_le5"qx3~$"+.;+ó9 $$MU*rBcHiGUdNE 82tavj], ;uS G5ӮHLZfΔ m,&~e@:=>4 yŃ!H!͹u DoJLgVqLWa@ͼMN JGEFz>m& 'R@%i>rwbmρbPp齫/@ P{nih뎧Yua X QQ;V[ZA&D (rΎhtC^Y4cjq;~|!o>z6^A:fepBNJ˅L9xK!,W||~˒]OjEiwe>yE.=5= s#J0ZCG}ᓰv?@]%3З9G4. %8ϵ2F#z㼼$>NiST}v\u EPy)w ˝RDkvyNaDxXh O9`8mNK=1}OT>Oz%彺*eAK ZS~4&fzt1rnFCD8fĒ հ\tV*^>~!~YiPxɱqQQ+gWGx(:v]%P09#"P 8ET6CjMsOuT\Lǝ*͝L?Z0H'$9:ZQ,h4v JEg::V ·F0?[)_0HiRp?י\^1 [Y*5a{Du+snDQ ]Cu&Iyx}BB|r'rg6>@P}UB3*Béϸt#wTk)5MW+k @U"LZ"VcaF>:#KDAL@Է w̃L<ΐMk15wC͔D-,GKouT x}vˢOxL8ⲵ9 i_Nxs~j)SIh\b,#G#w.~D7ݝcOIp c&DHL̠ g4#9T,Izd(:~H $A̭L]:pF.twf87H/(B?hs Sַ)&g\qgF93ob ;(;N)ۀ% utfŜk$f1}KVe.Y{9˄C}y \Ud qlV|uÄw$sw-.YJ_x$_Y-4 B{lelT[YPǍ|GPѓkI'"gnt ?K r5om` z;uItnљ;ĸ/?Xp٨#TZOBʂiI(]%P4G3}n=FR+qzҌ =%&ϕ6w! 5kE36/vRV8 ޸lBxZ_gs5kpOm(r $:RV7BPlh-9w}[m{חF/4L!hVm\&`eMAqS:ɺ[t6,܁2ot5,ϧѬS_ -i{k**%5m\m dbrOEhL p6Sk臟@WxJ@uaqt_՜pVkVD5WSЗH r TJ5@C[6΋{hbN?-B6޿$ijLGqftV|D@sY{Y'h5}%|mp4C+;ay;x#&8g*rsU"OG/i*WJ~L)֣1Afj/lk@ 5FK9 .;!S*\TB~kkڧ2Ymnk%k|jWml)g SZw2OK,2c Ն 39P"j#&_\^.@ bUj[uU]C|dAIj]2Y$E'5at 0M~-뢀g:CAĖAd̒`:T tճVkSQ8 bOMj8`;R*d#?:ѕʾ$b“e |O~O35* _J9[$QtG}]>kIi *D9ZT)sgU[Gg Rb袍M_G[g:,4 ee88& `+9sW.оî5;3f»ʝKl&u'"yqӻX{@l^aܨ_R- 7^Y230!]X+KcUj,-"Mu۸%~hF3ZnlaQ'4$%Oٳn3Aw-JXȵe- ^T(UlA R.  G?6ˏ¼W[ݛ<--7 ?:٭".=Ј@T˞ E;it6F'?Gя$-oC ٙ+rc]ѩ"@Gx;zwnNZOLW(%JA[KHA;_!__X^ezү WF}|ˉ D%Of4.l8ٮ ,1IܡY%ڑuʴx$^I g#&Web evyvA&g~ͭoE Cos!8he8_S?~Ia0Ɂҕ5rxFhWp8z9@mWxDSKV3ׇ[8[﹊B9/Rm^7k\͕|ZԼcd *@}R5̕@2%a+/[Js 0ჹhMfup0]xkaWo#/RZFv+wBfO]P}D7)!Ol&Ž>4>I'N{I+%)_ Uh)7 pa!is9fe[Uně(`_;;:dfd J9$/JTkS!2:_qEuςWhøɀ$;UYұUCbpm] z*ngZӻPqhԅ8=TF~e%$ Iґ/zv!,e#W ]3Lc{Z0>#*V&-22|=-9+'" keP7)[y:Q1lZ z%V7֐zײQ:Ԝi# QDIJlRR^c@E"l ;\ uQ@҂fb_ *ja) + &d`PVCGehnۍB9|$ 9gp?4?Ex׿LIO߁8StC `YqrWf^X f,(X~E n*kAl]5:-'/D"h:f(Ƀ6pyq]v%-ӓ*!glf+)\*‚Z^9ptDYs^̵X*6iiFGx=u< P8CU Êp#p+qπTPA6"-Il"sVn8>s;=`BQ"#W)oZ euxM.py"&1kĪ Z=6Xsq!gO"`y 1 S_.ϱ@+XjE:,o+2YaLd\fF˘չ2]7hzIDނRdYgX2RxK&4>fzXǀK#SX"$H$w[x`q_Tٹb>bgǙ%IPX)yn1Зp;8 *(,;R_$bQn_"r;Xy*L.^\nb0ePIȶUȬ> \%Jo&3N UobA6.FVI.B{%9MGKQH"2}Bgla$/H%eJ'Td,K1r oj"掝_cA8J| [%T4bWmI}&tJc%`YV)&IޯTrT D4j2Z v/ n􊶳f O ,Þk71֦u) 5de~g 5_6hrm-ُ% 5#xݿ ;7Tcpz$wԖc|z.p"dtwV˔d4‡i> 8/q’L9j3]d|9|RȹXC^R-pĥ3IJS%`nAl ~mAT O~c[֧>}͸Ywy[xCpk⭩ yjЍLY+yܗ?SR#P즯!ԼHtnp|`1eYabff/}Ջ؝[2vI?k,z8% jykOrV boC7ZC$̢Aun5x?-84ƃp͐"?k}#4}A)eR]iypSjɈ,R1 |s`k[NE z( ݝ:tV.8n"@j_hK&۪fnK5d8J`2\2ٺ)B!w:b'&(=˟=2x װ|HC5t1B`l,3▂uVҋ2zxi+k'G*Q_GB{kO¬B$v5jI;;b?G>!',Sl8N }Pޔbt:mNW H7<aF`tuRF$WT#ro-[-XgDSeb=<{N|n[8>:vUs4?`o?g>t@|6c/spf}k!a #hƆ"քӧb ]|~Z6cXC@vp;bUL,#25URw4g>.hb gDL]a `RTU78Q࠶kpSBuFi`C z{,8;ncSC tro8EƖ?e]6rh{#ؒ8ɜu=qHw6n,gQp% b[) ~!_*k,8:܍uRclX0몟 1Fe{ųZ<U_>*j5;s0nyvӖR̭~u'vKYHi-vo 8Y /5H8[%ve_ {p@8B8`R ֽ+[z=4VG{"[!{t9ҿXV=C ?Kl[>*Ts^5;6q[矣.kw-X;!dMB/: LDW;Q+xۓ1Z `:R{[0{d(Ci"o+Mny$y("vwNӼC 4q5g?CgҼk-}U-V[—V><ă@_#HNzd.)HԨ09 mҍyA@)+Mjɇ<Գn wC/!A/nt mG"176MӀK&t;V*lɼ,V ^H~50p^\7Vyѡ_0I.5I0jKYM{1l}N[/ݚ)"ڱ`"һ$F*x7\dE(2t-SQށFܴzy31y_'Lcra@+ss| S<(9yu0YW,jVo p V \;];T#syvLt pBAҩÑb:=L6U 6 =Cr`Qh~ rRpa1 s3Τbs6/П5 gzW hßa~mNW R?8r-EVx" ˄2B Isto%|MiލzAHHyͬ5@ub`t|!f45 LʟOfVDv+7a:`VnJ+ h *uH$'a/DL_'UVX7In)w65ϞG݉7J@w23R PC%@+poKTz\FL>^p c/;LLMswzc t‡i '-M7eQXGG5Qnw|m0{ >JQ"r<]|1ZZwTz˥I&Ӽe%,|L'-Pm:?9 Nֻ^o$48*5|,W.TP(ho!nj mό{φ )'n!(u8:nnP=9 r h 'w;[XURo4a]K c|rjJp> .`QF'M9lѕ\-cHI& 0]\]׃y]qm*/0]rcͳ<vE(-"o=[[s} Li2̀Q5أ0";VWqarYY|uy'-KYs>_Kx=L2# HʠH:_NZ<J!ծⰐL4 ]*fi06ulSAo鉾^Ӎj qXL#jN rV]2\n=dCg-o=:V!80$OHPJTWRЊȒbzDw:Owb2Ȼd܏2P-Js ΖAX(;9=%Y`@"eB\UM$_h. 3گxm `WNzs% 51gWy%A7bLˆ`'|vTp/Vp|`|ƭ.bG0"N~՘Q.qibNJq_ OŇhʠ06+ѫu\eKsGѺq]^tMk6L׽q63[v=]+tIwATR9`ǖ'Ati%!C FH^9/ql.a9Th&/+a#o口 :32O]A{Xrț,SpbF0#39&Uw\A^GLWa0 P'Wz-Y˭+;EP>WA1?_9h3d!|[q+<{C irccDj t'@OͶ}^UL8 #1|>s;LBbv8AN>Q>EHI2i&ĘlAkq^s;6y l qے(ZB>Mq\C=w!.@ꊪ0`QޮwN+÷n Bʇ>RcǎgLc ؏/m-I- nb˜S? ."WH\o&_V4ǽ6|H{r󴩻ed͉ӂ9Lro]\IʍJbj~ug 5L|D tp+C[s|;N\ m! ̤z6$1{ nH4}7f?On.O^u \? =g<p\ r]Zw?aGO#W+\ƚ3NP$N@,@:m͇XUùt`EwѶ),3TArӑ-)x+b0؝k/P)sZ[ KNr++~%e+S*߱wX3 @4jhZYUQ]NuLDžb'z":-ſ+/F OAq!=m th[Ҙ^3,̠b7ll_f"GJJjg|Ә&B]SfCAnܒXS@\4Iu\9u95o;1 A 9w%B傏FJj#g{380NkQb}$:dz sڗy1pp :Rd~=Ib_|{7I " ߁]oF=U0AI)7y6MjZ.=v3^߳x4+h|e7b͓ vv Q>GAAxIuRAJ_.O'6,C;3L;f 4|s$'6KxT0Yk2&d 4X[Œ m|5xRu_`,#y|R& _z ]PqЏQv*~흯P()ZaB2@>_0F'B8.UV\I|+;p 4hmpgKk𤾲p(ܤ^U; o B"vUP i@gv UCTx#ڻmUFŤ|su[QNt:7ju׵ /s=,3mZ_y-C) }f>lXTXB24*A/vF# >w쥎ݫ sŮ{LGD ם?68&qy0n+mȩb)&lE|Hq`h}iƲp9s:{ݘbM%UHmXfנ~ԠS4HOjAlK}jj0?o1U{`Lj8R)aJ` G0e 5JuC* =q[Xa~+/ƮaBDb %6KZ'4F5X.@)EWNi3})%33 !aqmSg oN%O@vyvqFi^"_y "ˀp,szK5#V`yqnN[V tUN2u'C8cכgb8kk $BvvttsVlBӜ} HbgzI9` }潱Yv%iosVZ 3ֳ-$sJo%EWa42Ƃ# ,@]\v| wvKfjPBpc2(tђ,5$@Y*(!H'HbW EJE%*D"Jzt\4ʹ\N6 q ?X I#|VQ9@r Wҩ ;1/<SDm$A!m =A A Q218fY=!8rm W,g70PqmΨjG\a?YccL WD#1[&Le'QybM=*L`T+T HEF *x{üJ{`Iq|pǨ%]LokZnﭻ3nE7XE;W262  Lm+Ҁ-{e\>ɑ6ȑ}yneTzt<ɚ?=?8JNg} y|y 75} j&M[Y% $RMb)6AM>d=eŧiz_<#x^TK bAN<'+va@_﫛ZrT"6m݋_b0u$d-dZA3w8]QP{qw* /Υ!(^H^ߺ#t.H/Y9,0}ӇBn|W-Yh)Vr I?yE]< l5mk P(95gQR1Z茟y^m`MRT:>?]&9-!m+~N?'zrq:cR\)7IE̟ՕٞѫW| 3)][WW>P]=ҕCT죚A!rRq䂆[I @+AN&7tAj">cTMlxRS@7 ]CɍeDrGWtװ>˳]D.q:eMSF|^Ob .9)yD銰"XhDž:/hݴ8 oW SG$ⒼA5b.kJc:L 0} Љ ptF{/snY%6 pdjV91\+9L|) <-f>Px]r.˞d_[\-`b7<0x֫ l`=eG@{CYw3v! Wr|]EF|=`V Kh=R#CuJ {OjfZu.Rr5D:O`NKv(&TO;0QGM˅`U|5y|#fg/%+U#$DO1\B 0ӿprs=fՈJҵ'mq%SY D?&ipl$\zڎ \RJ<1ҜI&݂ڞK} `83 E}2ccp:;T1nNOWi yДmyzUoҷ'ЪBvg9?N4jw!إ9Qi>" { h|wo3+#vy- բek8|]R9Ef'ADv-+ie -dH9kBGCw55M߬:X6ޟ%> L_⇖hqГ:lP9nV=3'p9il'ڑpMD@s&CD obWTҹg$y 6 zif?X. ùVHӉd=´m{h_ p\yVlCptl~jL 2f6 lx^2ϱ-iũ蔆QK C=X"I12&C>Z, xKRײI)<+?PZ{CPrvoby@Ǎޕ=!WT(fmy踥OꃻSi=Z13 0&f0pS˔<_H{NG8 9)!=Y/,CKޯ?VhLZq͹_BȨ&9<|"ۇY,{,AD:;#;#- R:x8NPB.->8߶t*KQZ(7y9V;h~=a$E$$rv85>[ߣaVSI"yCght>8krBI@"czOyoevWb rꫥJ (&#@a82ؒ7 ņ5&DZc57 E$NTXGWGG*~x},Yqg&v? ?ᷢr7_6 ^蔐D肔!Q;G>!oFE;Dscaŀ5IŹ#t.Q~2_($M>9*VoLL\faER3_^>2ZA:Vx=i8H͗,6ʻz:_!ar5e4c⻃MT_cLlc{Lg>)Ȫrzݴ yܰ NYag;N.mlp,R-Kܟ goGu:N3#,fa xW:\/ߤp1ٝÖ֍^8z" ;ǭ`-+K5MȡKOjM3 l,aÒ c^J?L".|FP3r!_[{μٞNnfr#a( U2ME1D-NFj1ULL~ӎ0|?yhK?~rc* aIY)v5dݕ9ё5 h{ԣ>Z>ia5M  G3 9f +Yw.z&\| jϧѐCT]R1֌f<-<yo:6ɽ9C.v?ɵev}_]m ߊFmmA1O贛  7upOcѯ[U4DHح' RYt&ڃ/bݡ,PxXy'޶!1JԠ5WǷXa2pۍ& [b#^{E]"DxHU=ٻ6ɛϹB,DV&@S5O FlZ9V7_`_x`:'x`F_z)EK"6^1|sSq0JkjcP+ǥhm 7)ʝyxj:78Ψ1$쏜J#JK ds9 'JbV,cPiT;`ByO6 'A:@~bJ۟7fbٍ&xFZ1U`q|j `tP)0;<ǮfkDxr67(xJ@ tMk2$O&%bc}cЍ{-2bs:-=B؈Hz|A^~?EÉV R^i~C۬ҳjgH!QԎ9 ^Ld#V*'0<ώܕ/xyZYXR͏Y*xd7ǎ[9,9jc\}U8!_kwB(J'x!+i./ź풣8<7%ѹH)ڙVyWF澹jF-5bPqA74fʕ"h?)SZ&,K>Y"4,߂%Hˉ*-Kxo_tvT&Or{e `[L>{حqppQFgʗ ^µw4U!Wj #3)XO! q#-X)s/;3/kvLgܨգaekw׭H|j`-lAe2wޏx] 7̱9@Ђ}`;1H hGA;$ƚ> oM !1U}%.c_B{F]$#|U~8SD5$v`,4&)M{-/;ƕv`MoV7u٪dń#R@ʇV̏l߮ѷUE~ш(gUnO&.,kBjm VR!!@ߵ3Y9@@!bKY_]qT[W.7}zp>eE 9'`2=bιq30j%qM-D ×v9kѤE) 6TذM`ɴfFvCdɤ> %C6FI%jHͅ.+%Brk2@gF ׍?d:ϕ4Or§Hfb$'?Xmf F M~~$s꒭7>h5e=]*zlNz0&iCOē[PB_@[΅^Ogw3=&@ (k l b6B8bJ2Lx3{ibvIlWݏbB7CU!aF5icAҥP_a%J}K$JKØ;i;_іSR58U,i]L!kvxG'O|:wj0ԃ1LR^]!ױwA/APh T` >7p` B0$^vcywH۲[ߩ:|!%B +/=[a3%E*tgjZʝ?,25wXy(7.q1?Gpp׏:/}Vf< R뇳c+ tT)jo׀35/ǽxcGv~In ? P6 Yqp_ʫ0C9|~xzX4LCk XA_ ~n9XطFT_r>B8xvA~RlW1(cKfAZѮ|, xD,[ٌQ9:J2WtrKn u%6Y3b:Ɂȑ9dH*Oog}H5᳴6K5)rrɳ=yp'I@3AArE" Cr./%'hHRrJ&;yrUkӏ!I>ͮ|P?6K{-$mh1-t M|X܇yאMcy1瓌/UZhk%*X%W䴥E={Gmy۟/ CNMKbǏkKqna(p̕Dug6ᡁSwRiPsܿ?ƜQjcyj 潜.|`\{rmy=7a Bn[.yҚU 3ɓf-ZUM3v? n>)N&qGx0K|O>a`xA$ UL3(qcO4Cd4u84_JHiqƥ U!5`pKGuɶpeFFx{Zv ,suJum~Q'6C0^1v(kn?6 'f 7UA2*}33Dt\S{8Bz`+%0#Ӵn,Xj{EnqW gcߟ0`Ȟ d4re]3JN~P%;9K^7 l.f~Z[3E|}!Pgz=@h ~ۂFgHHx>BN’ÎW94\nW1bh+~fs?/L[q|W坟X$,YgJ?ͷ3XY-*SMTfZqݚpoOaA nA:/ї5r 38U~!}75ҤxC >{V vd.HG7̭1xsֵ/qߖO.S(zriQXo85N2ZO'iA!wHlXɁ !b3ݵk4'<Zct3@H!Ndu630sԎ>Nhz~%ċH=xpR2-!wz%h3ˊkU_֮:?Gi ~3@Kquʷ/rj"4$;p7Zpց|zZ"^!TH&Ld[]BY';v\/éQ!˰H"Te k(#d O>ŞE n0}PS9Dtǯy߀GbmWL*lX[UeUT5tL "E._.,u>~_ []a}r$OXN >9D o xC&,v5w( ګLJf4_xvR3%x/M$Bn[ST<:8/_cI<9ME5E,]ft;[T|SVd8`&nO*xj9&$l(g6kk߻pskz3 }L۫,7òXUtMjKSl0RvhUQ豼4i ;]l;|7U֣|jMfƪco:yQ\W\}]i:WM\bs2"VZ{XbG35E( r{ 0"7eqkEzFиΟ.f& zؐE[h{zt!PCP hT8h ~ṻʘtLUdl^<%zuXoʅw>;k7ADM~E QEmJ\ (hZ<:Rc>6|$U8PX5%p mZ8x:d)G(BDCq%kEVoWikO/䘦A8Zf%|.MZf3*ʠڶ?PYw:N9lXs[nm>ijZ,βE7wwe"O T8b')8WȪ*֕'Zո\yaR*z{I Ql Ճt{ :&GOCeg'<+ Ԕ6-h[q867X(4aѨ3`ߦmucsgNuyWvs^QmCiZ2jſՋ>ܘLT!Q #ϴ \E27d']5 ?+v"jYR/^8>pRyaA30^W6+H[?u\6=2bśp8iL>wZW^ϞY ptkǺRհyLLjf9φL[D){<8_jܬ8cZ×P"Z u'CBMTUC7CױOkRVƑ"H8 }}h>Y &U#SU_]ӻyP PK1wקYշNGtuԛz=5x6[wdי6#ȡEK2 ŭ a,D+DIIkB7EO@{D .o;-+SJԈΈe*:g*~p9"͋u8-R#5 dB&.}T/mBy2cq9s'Lkk}A>txp;iٙ/IggoUvn{FvQե(1o~sy*CS{qC'_G"|nK:0OFNFK)ÞG8#DE\>ܼ?TUR6SS(o dPBDbSC  d!{.@GRn47pOޏY# l?j>etXfR̪+PbX8 #&aJ~/u̩ߙ3)Y*/2JGȁ) FK JDs \i8c[o[gn/Pup fÐ˕՜!J򦩯oE Җ夝˷UxZ> ޕ`]\E]hcՊjS:*"<^D 8f 0Y,2a!{n:V+t% AF/J)0qˍH>ejᰑ.OA7Pb䛼v ch[Z  hjqvNK%yΗ}2pݾ#,%Pmܰ?CR5S_6X1`K_fq'h%㲓c?ٙX"@֦ċ^ץ)8^?\cYx~w9(m޲ȧT6[⥿H67o$Ja5LAZkR)>,嬤yflfQl>0[Bݺw-ɇBI#J! /АC鱥1e|Dx45ʪvdNh_Uw-$͍~g&*IͨD%K^Ja *@=)p*NdLrliDqfI⚋"H@W->0tȇ߁{/JGy:2+BqY^Mm3JfXM7 _<_yz%Z]Q1 &ĒREY5E-Ls"W$$$)q]z)(R*sqj&E^(k}İ9Yl̄0jf1r2GLJ fί%:Y8(>@̔ pاRqȲ:˚^)Imb {C/8͛'N|8ty~{f (lV,T]zW-` tI\(Jș? Tr8\THWoӂ]fZMiL Q2D5CUeR%oܢ>>bb._0FFkӌu[9\+1g:U&#jM7.\ H {J6s>!X0^>rPۖ/q,M"Qwj߶ױ_?JD<B8fy5sǡJR|HՅ9rvÀВcA%pFSkV ) LhHp2A*\W pi $M-욬E1Ђ U_)NYNyBҘ]2JIkwI X4IQd0nh?ޙ2u`Nsc~3K0DZ(d#w(r` R_ hãd̢#s7{"z%I~a&Zct>5? RFTGx(rOPTjBWWt`a?㧌V>c`1,Cg~챱^kn&2X#3.Ч]k5,.b"1F,ᦔܘv\Ȣ'vzPh >t抢uGbBEt϶\v_[b Ɵ0:#AlFQHz١)M:,`WfZJ/4J%4VZY3bƏs&ʿ> /#3H=!M>eʦZwoѪcICL `bМ.Gl.7jrVG;Ӻȋ1TN)fiZ$i)|p]ź.?uGs󉊯 2y,u6[j=Dikڈv4i9Dp580"vT"= ?rٱ`V7`N̐nWp2q V^01cŽ7A=}}#'#/N^y$iԆ&iQKW]CŜu^Ґ2驷~ kRԷN)C^"&÷:AdhKV雳GPI.;W-?ssf: Pe=bBpm{S֒w M5Cy7'Dò\ʙf<ͦ)b ؏X/ Uʹא#RV0R>?*14SowO׾Ӫ =`AH1M5WI- E,gln;!/:0W,[W4롯mS]0umĉ !Q~ >7$ԗΉ{;"@ ^ k=VAPO͒Xw CQL\eLʼn NR'CN&Q9K-0ٗK{ l[u[ݳt[L3jN96^ \F!tQ䐙nhVv}MC$Ǒ@a~|' zt8Gx!|0O•H#t;qn:u0qƮi4yBOJHIL7^\2s@*o0:WP7z2L-y1Yօ'"{ 0<` [J¿Όd\QK_c($FL?-_3G \"R/ZJxw[H]4od#/o$b < ˦z+,fO[xN,1c}!^6(kWJNGoi^⎶K x a|m8HPS:%]JzS Fu|[kf^ximxqvhk@>`H{WT"6osJ'vCch y[ow3@l'"Ev|TT%SZ,mvڭ($e🏖 U ~/'Dߋ'gf )6mٞd_^FHT_S*:F72l".|k;P Rh2o Kud[l&Dz#n4ZCa.zFJ7Џ`MOq6Hf%ڒ~˟?2tM_VZL|]f% bkH}Qd]dhED%q7O}e=/.7M?ler1_7WoDwx_ߡ~$ʴҩ=U=p">]^[X0w`t JӒAd$N _mC\]ݥz煫m'O^ Ys,H.f: [H ]bǴshV4蘮)pkIhn8sm}F=P A*:9e{e3/pJ+X9>nK'=XSՍ3휜C i$).i|pÝ`5 0Nڱ O"XH?ZE2nZtDkn'E5d[ް54W5^T"2h^UҾke @ЬJ99{pr!X|QRlO{Ǐ*Y+MS|6 'wqBUt\ª5GѴၡ_0_N(hyy7"xll( fAV"ʨ:ە9|ZסLO4׋/sqR-GE7{x:=нx}Q"jh{#SNN+ЫJFP2&<S;LN8jeF:U|lM~E9(g<@&0evjP@nW Pqs٤3Nf\kltEZFI4׻#NuznrôVoI~j.qp#jONY5I{!H z% Rk3"nMOT,C~##qv wi*A/|P5Yv]@2K&-I>C)*T|4c$&lr a&E&RTh!7>\=M FAbl߉-&7b큮x*c^ ƃId*P<~UN}S.w(l)&^|U!t*yĢf,PBeHsh^%MRlXH]+0:1P&DŽiEp\ xK?KH = |;m9q5"J(QelQQᚕ(W3ix fzWX܂^Ho/nd(6`TGqqP>kza cP1&کG񗆙 B='n_->;͡(3a7?Xu wmNw@N@ЅrvQcGrT1["Am 羻h1Բ ٱ1@ʪF6q/ PlN-W\'ۧAgЏ43[Q>ZNw >G9}UkvF6[.e!k(9yXDR%CRi`ɭ 3, E( 5 %'p^?l:ek,*8HWײÎV}!:\ƌֽ Ǘŭǥnfe_#ARlo~x֑۹cʉ:}\-$OZvOi-`MdT Dr،?gWN[v&eBN_]p <KF䣤\q%n c nt=ƃ!t)>J)vje{!:Mh 02oGM;7 (*l*i;.9{K{jZpy/d1=9/EN+HdL1#<ʄONo/7fkؾ=i:%CP-ÏdMǻe}._DA#R^: C3JZ)iOCB.EZo)4ouX:;|Ӡl6!i'T(nAn}e+{<Ԇe#}QL O_ǻY .=G,B;Kܰ@|9TgEr=*M\?P f"R~a-r> 5;G|u P6]ˋVϺA&{V)(nU2DUdCM8>}˱^ǕBk/oEofR2DQ 8a)q\7եe\;Fc ||5}ǫ""`E~en}]UJW88H5xz."p̓X@< 5_o\C,hO2ruf=T⤶%z0wdbj0 Jj}2PӁ2D_w[ֆѸݭM?D7Jc-[L&Ju@5WYNj|P\ (/%8z+HPCwM/ަڦ=_im%PE_fvT5h. OZtJ{c% ]Ep\DC3Hp/ ¬8׹,ojLAlE_@UB*Ug8]-az֪%V[N(P[JVh+ {w6Y}T͑59!,%UKte&8ixѸq+0ܧaD9T&'؂E7"0.bpcsɬ/(vgx}DjP{ʀ\MCBVQGDC4Xo NTBBÂ0a hU G3WJ J,w]En#G$R~).Y'4}*b M'^lŋWS <t'$2D8"T)Ԏ-|Q0C>u2>GE"00TXU4>OJ|rرir#Rlę8*x^fBt_*+ O\R%mNޣޞ]G_!U r ncZ!lo˯ⷬpzO55\ob ŗIw%Y7)x;%ĔJ'ɺ~TRi[G"<[Q}3fW/U{nRXlX? ܏':e+56͆Vr±rIyŴ[QlU䝒e8ikK;91}*YP {sYNy JC}SAJzFfJ z]$MKEb}}V6C+;+ą"R$s#;Ug)DZϿ1̿fHH-qkstF# J܎lYuh>bHXa)\9 *d4Z3݆qx[xX }3 %~ELq\!0 ˁU'q[Hbx?PEĨ,=fs~1ߟIm~ gDT$̏Sf쳊8ATEW3 %3N:wKR$_CMLN8ldp@G,[5,POV-1; āghBͥ1% 0 :?lݥ^Ԁo7Z^OA ]%Ze9SŢऐxB+([!\4{[k xlCYRH V< L(%NmI 1 9+֧\,IdHO2"saOqiX5lV" x&dҫ{nҿ5Y(y.XgvT$T\X˱޹eC\&"&yȭ9HNh„ZWg:'Yf-0^W[k\AekN~[jY/UQJ- Nda#R[xv F$h؀z爛` YBֶ-h5YT7C%KdY7fJciQwsm IJ煸>T@;^6r<#H( 휋u'L;^+z>c+jUHJlD~`Uzş^"",> 9ԃfo+i@ܟ'/fzrwV^!2g ؽ(\h iuBGI뾪U!$Ev֍cOؗ)rd3>0Ah>yCKYta>XfE%PLT?V4v:|Jl7YYj|/r49w@ 5<'jvD$OOu?# a0!&;iN`~0yo#=z4ʏV2WYϙOfC:-Bp,N*#YDyۊeإiLڎK*Xl]ᬲ%/βo3IKI gzpIh xe@X7mCh.Zҷ-nGucNS۰7z#p#"}ThЯ'e_T f(XQPKE*:Ƕ }B;֟r=`ӏUf8^[9as"C5KGAyS%J鍓$o7%<+=N1ly4ivgkZMu0kV;ۤ oFF<˥ЎG:4 "^ $0àY<  j|n sգF?mD=M d6<}mmI _euͭUlyJMjt&A5#eT] s _j)&"f஧[ý͌ _ #%;&JØեCO/7-PīXubN9C:vr},7m6G+L! _˞>*2^{اD%dX>/"Siʓ@d4Bt+4m~CɁv7:GIƉ ɛ1!Y$Y&w95*g!T=CH+LrV:+ٳGZDT&S^4TH;9 1'r3.g4o,vR >2t 4p~c2tU?ˆ|r#+ZTwsҏƶ}̘Xutr΋(ܭ 4,sIC(^"woP-L~4q f(Ky`._λt[0QUn Jٸ6&TYD0Nm$˃Ֆ_H6yDeih&*"ܘx5bpѩ)#2o[ K9k)HP/즖λ|P(nײ{+ќ(CΗeGŲȈ߁%}vL݄y7L%$ oP8zG|[@=c*'61k99uJ}1pm [~M=&Hwxi \5<ȍ|c_HNȅ{#}pE1`m8!447+-'svNJXcxl1.uZoTaJweja*ݼ٠@ڂB:gx_lY|v[WUϑD,+)-FHA_̀ HcA o ZQtv)J4nXFqykB+w7gޮ1Dalb|x#_x|(G80}ؾ&R4/hz3;E_'0x{5KJ7g4*ѢmT&j fOM:m|:7Ń1Z+hrO Wilѿ$)C =XV{Fz;.W2#j;+4MFQ-:=ʽݟ3.hli1_(ֱhF$7%Ɍ 0O *,|fy]f$|gu#!CbsJcIt-#`κ3jrR?zYKu)h% )[ٺ)6L`?L|1O(5T&'>X[*fR,14u{n rTiDum^:~% l/v$̟'pC-R|k%PKc!X7@-V:Hn{ːuk?ԉmF{ 2x)iC }59- y]{1+J|JkB /tH3|3{{p):^%y=Y)uu8G&e_$BS3 '`?إmzKR#c:U` !|`szcegwG(t$+`ޢ̧EJ3m[0O(r[Z5J3;Y{F32 btyaЁsW@WY׬rF#|GQT#*_{e5q0|-Y;x1YvŵCV~G|)HvRL]{: ~x.٬Ƈ$:ĥۚʕH$]"0Tc}w\ßy'şɳUeS+uDo27JH,^p ͘&C ;*gR 9ӧHt_ tR݁[W6;<# oZ嗀uhVu48%܈P}fg;muDjCVEXIwiGPdOeMH1I2q g@ fLwQ[?Nߤq#.uv<3&0DT+4c( d$ě`uUׂDSDkи~O'c`I@EPW7&8}(T8Wn5֎COkʮ"=.BL @M@=U?j37)Y΃*"Odq]50k>2ءwVK[{[ц25Vpۑ)Cv3DwECo=Qs?y!D|pZ@z]E-pC0K;] ^Onbou$v~:˖xVrĤzLBuE 3nG{9 O%vFe8Ʒ pURn6u[f5ne&_eY?Jll/W3  ~D- HM<| Jt:cm\ϞgN%{_k9 1*kc/cR5`WXP2Nԛ@f4*}[NIWzKۊ3WEkT|їT䐌 i!UDrt~O,wJfe ]f*jk:A-7 n06_Nq #|!=;FuJfn{= rGq>~ma5goWz-f|& '[5"79{W$vh)ѕA!z$ -qGgUb^f>HP"&3x;^~[y P<]:Ga K*#)Ka֖R˩r,ZRG57*.h;'0Drl|ݏ= 7gn\ dIh? N ɫ@pe1)?FdCW\\6 QlUzfC?c+#۠ 3r*0VOH,t4s-=/ݢkpz:QA8CeSqmY` ;p"3Lgomt^>)'a-oA$ %D5e 3cAyR^.3%БawϻEVE!c=ԂVk}?ݎqOa?hE4ҍ︪2=v#ĭ&E`/%#1o] Q#M2usn¶ Gͻv1+`>جSP_k-Cb`եr 5;(|iLuں0YA؉[};Ks Pt!$H I*^pB1RT\|06CN  $ro61k˨^(Mu[7s{C Yx>K΁O33=#>?C %,(ݱN*!_*}H]p]sއ˧xue␚kd%OJj ;K倳"O\B\,t[BfU] }tD[nks^,~61ř%ˌb9mW"R4S?ezmOO),;h[Go-MeZ.$Y{x)jJUg 3` 0>}E55R\^&*HjO>: an?ޡ>5Eh<Riw]ka{AAc /wv[iYJg2ڌ_f{}df G".+Ni\n*;*5Rߓ'w&wB2Gv0`( A?sX,`)>)˵g0?pT6= L l]@&Zvuՠԗ$‘_z,n4k _kd]yghhA雈=M`X # g>QЧr!Nͧ `Oѧ =RWy`P.|F0,8=ǽDYOdd<哭džYVur=h+,Dpv`r]2q-ޢN[uC:KjtL;G3(}{ ,Z@ngx;3pmfm2*SpOQ4ُ2ҧ.y/vOL #BV~ɸM"|-3dV\]0;1ĚmLyHJY 詚ƍZCL `ga4u4j虜,Rv\@4pex?*= ?) 6rZG#[2=¯y,Q<`qrEa0ӣUdFL/u?]`C-٭q;y{?=NfxqHq߷Ϗ'  &(N16} ~mYL"D7N\)A@`O5ڐ6lsں7-M܌i:I- X\GFC _ m'fYC 2ͫM¤`].5娦\_%Fbjpe좝_f6`nR6S\7&aܨCw6E}p,zSv52es=f:=9pn2:{aTas3W; 2D`L* i4-vQ`v8Sٜ81RJe(|ysiH,ꎭ~ *MVQgxR#ux\+EHza~t >dv.m:H55a,Q(ѩC)a ĻA#;2=d2™LeBDtCu 99XqdEgϽi01oroaͿlVK@j;@wU%aooi -/'\ :m ]/SϕQdɳj?F7~O=9n(K wFDS'Y kMAZ/d3R*|b=1f.|:tj+)\:;ܗbƌta-lx)jwͦd-I!zt_oAY1?wU ;Kh1mi5̔rV#YG6MZ%b"35́nYdD1 H 'ē?Cϔ]f-Y`fpQY&I[hTtRۻqe=!EÜDz]`Ř4k]ʠrk _e䉞X谲FՁs^07im{- +BM@(e Yã\'r3P6.YxĮ'7} !]Mv@OXMCi]=>":f0KTvMh ;&jkO2%Aה$2WZ 9xs2$A;AG:8q>wߣGvӊ$/ *D7`'wWÔOFEtwꭋ֧tG+yv5ciUbI|対Q4L>5~"Usjڍ?o7**GIs\9^!\̭ѦuvѺe%yl ў/;M*\> c72ǒ.%@Y%xZLRgBs@ga>tD2fnڕ^x=ŋ?&ZUo6+Nm53w8s6Ww(~P;oI[iB" ˩@\6 D8''IxppX |sKmL㆒*4 (Z#7xݾqGeb)Co⟾j8EĐ/j_yYXcpe˳ymmE&] ծm,bX]={kv;Z7߶;F0).w."`M'*'=t3t- > ݗ%+9_a3U(/MDoeV}'Q6,!j+AӦs37h Y"+YUh%h4I=S:%Jۧ ߻XN\ʨnĴol/)F;j!2k0՜ ll,/. A{ZPց6GsWVr !:5U@5BxH%r̴4;ˊe4(\mx!O/?6ȀUWxӐϳj*8s>6ptj:W@A#|:8L"/qVYFだi-A`V jk2̼t^9D !AFS{} " efTZLΧHKԃ -&i۶o?Vx*}aiMPh@blO w& G5(A's3ao}0vHAڥgQ Va j'"baMg&$a&/&x11}î{RM'~x;ʜx2Q}6@d0`:s֔ Gd#CZ50ǂ_l4YvyÆ:u"F+#S-nWYEe YV}j@4\h eFqY_jyeZz90d+`X45CHc[0-E:eZ鳨D{:rLq0ēu?L,t=P (~c$3?{3h5M5/_;Qו C y /f&=fW[WgZ{6qt/4= Y {[y]wI݌(>J.`TMx(\v"k,!n X%-_԰_(s؂Dl9,ig8ٮ~t{iwbnX𫧯p{8[lT#GYZvq1۪#4jK/E,۲o"td=ÏBD 2qGGmƘEJU8jdB&S1*Õe DǾs+/$ZKi(A#/Gݫ=n_E(6: 3z/ {dJdDZKIRG$I8H;1>YW2ejѮ4qJ K_ d!(@G{ ~V#Tn9+Ke[\Z<~apL&y]F2n UfYY~kjSK'|f=)s̡qF>SzŲ̹p]޷0{wԷgOˀߴ7ۛ+mXP{%,>bg?Cʑ A c!1)[hHڄ|ʡ@+w:L# )Ҥc(m@jtYx28ݒ*ɿWUc/Ah?c<A - CHFM 칞* TG(N);+"nE$6屶OdSi1ݳ8yv%n]7^ o!7֨D;Hvf8&3蹖,1DYfV OnM\ȟ;w.ʾڿ -Őx|( /+4G~nZ&_ ޡ/Gy:z0ޫh-ݵpOY0R}a0pdu?/F3c2_P+)yW01N=@HW +,zW}[0 ݩe%d9|hw;SrgKvy??ܾʅn;?JaaƳx:dHT\C j81 Eh"pGν5͡D7ͅ3|()Ys6dPWoxwú"lJ"+һH-p81}ƶ2MWFHE'Wޓ@3L?t\1ʣJƢz*-NMZŖfU%^ '?0 X$ MzX?PR@?r4CGS. \u sFwn^WD% .)HMrUL!Wo/@a@h*4F3*IL|#y"Ǧ,ksA$m+8iõH[n3e ̃~k7dؘݐ[ 0z dvZ6`P5u^Su? (~Kq<6iG2{⏓%-hʔa1ˣJF; 7h#R:[q(¸"^BѰ,eRk|?H\_Ut(i ߋzݟ!B/vf?r @Y9DXW@7oj|>6t(Km[O:Gؘ,Nc:ڮx/S T3EtuGˀTYex~H2_I{HNKRq%D /;?Vu1bNm~r>߶d}$*2w1߅$nY~\-cQnk;E ,udq 섺Jfg\SCDb-#Q&'ej\ϮȰ?~pK Z{AFyU15|Ggw;*(îIlHbIA,zHl:O1oIJǎ/"GWCF֕Fɥ:cYocdQf%Fm;ovG4n[VKF@ZX+±ov {>`}tW\TtOU7K-#˾ɉen9w,4 0< =:b;$U$-c؍;0Gtw~ɛ*yS_z\xҡli.߼ؒdEnOnB&&_W:GiG*7;;!=r 9mqj((v't_?ԐfCT = ȦUʺFF¬m$ףY0$^/1N_hA=PhkipA//E`&3dz9$B13mPɽU+L,wA7 )/5D[˛)U2R嗼ZE"ݭ*Sz$ٶM} {Skz)'c96{Q|=\TƖpw}}N6k,z="7*39AwЗ^#:.e6"ܙmxUnb6Fd$v(j~Ѿԫ2Fbm#M`ک V8FzV[=p,-lŝ<>d0bu8k9L##B$#fȑӈ'6 \,{՞T1C L_{t*H֦5 ')eL2o&FTG9My :b6DP흔`-/~Eqt{ dv.겯Ɓh&" h:FsCa 5*KHv]+-Tc׈#VTLV#qE+$#vHhlz2F7E_AeIzqtcյq=-/aޚ<_f<"*pΔ݃aڣm@V% UOVm#ȑ `n9Zmg'bBG'2>Ii-]88-͓@D#V fXk% R7A%T0՜+$Cn?+zʔ-?qm dJS1C/+0%8Мv);#*`MgQm=B AiM~2-/T\Je̗]n3GE" -N+av%Yr`i[Sy-lH T$Y~p 3jT*w~>g\DB=\f13"qv]|sR*v62}e"4)AoVGv5A0AV#<#цV+rS<)DUj-}H9ZFiOх|bw0 7~RQz k4G?$`n*2FT:Nie?B4΀nXx`E4i몰VNf۾2#yq/ߑ]8[JKw3.AxW`u'pľIA3pa:Baާhح@I¯0_7b2 ۼ?|.9"_#/dglԊvMQ'H xk,:pflymN'biJQM]g`h*EMWs&ioAq 0T{4s)TR}'$kNOkcZ( fa)"TQŚGќ-`㹸l'3lltkS}ʂZpH;:5lpOLc8m]U|S?q.S55#1b+Hy/c lR5Q: 2`0]:B$mݪ6zߝy)`P[hl N}L&ߚ.EUY?9 C,R=4kZy F(P6(ن`GӊW lY)QcKcna~ՏrV_ZGx)ǼIdzlTOAv=/wblbft"ZaTǍ]:Xq9ǧ0CrG^IAL$${Fŀ%vOiA5pjtR 2~3)_`I?2j=uVwJ3g +%_IG)aiPoYsRSLtkČ o`^%7JN"BM ~"U{׭> }DžX#-D 5wU!]_Z=f!T\?vu*!GYZʴP"hc{л',7|:}}-(p<=bb"; ?U%@hvc,(C5LDGXN|~HnklUN.)E'V=a2 AUw5L&+/10>I>6bDr ӵ{_ H-Pԃ}~4KqGex~;8Xsa`6%Qdfd* tj!AMc釺+<. W3&̸$]:ugڷ(.cP$P WXƚK@o3)xC2 $|ytO#eCiWɠ !WzcH[ =l1HEI`@@+XX[}*̶.P}/'J0r6H]w0tmؚA!?0i]nZ~iP'(SQeToc.Kn6F5}e$ jBhVEϢ+s tU#!ÌF=${\VD9  `sBl L#-]||m91^ "-R1N֕9~mbp^椵bPZ&);n&oCcXCPTbG:]\n[ʋRr7K PRPRF6Tz%EsX2PjKu% F[WW2~J5cj>x H_%1% TSA3-JfX\Po>@PYs덥pna-=" rݏd wK5ۨZLSz63C5.NjSMrWflj^ZOC[6U~ޓߠpӘBA ?nۣV]ǛWbLU[(o(CuonJd`*"Duz1G-r+h+tYU r.>y0cKͺ*YdI(0YNUR= 8].yx"퉆8:Du?`q؂:ߥfǑ΢ogP-\_ v >XfXHw Y|^ dҭ/d _OhA!Ney,~ϗ+˭Ӹmgm4+ɫ6꣈0HdĤt|04u-B!vAgU7ŕ!.H y2Y(X8z2zmt@V_EŇ魷xFtݛM]t&$·Qrੀbe8`7Ql&sM?f@l`@c4z)A(eo?:{c<: j*4%2krL`,ddc=m8lz {7(w ˟LB8)"K9z6&:_3¨4+Z3vޓ! CNȑ+s?-D)ZdW@=RX%L^%L@ݛ.UOJM᧌BI,G6 J{6 Z8)#-P;y'4z /u>0wրP]F-ZsDQ.ђ*`藤aD+O>6Yp7 S] LHVm_Rw _d ag*P>Ԍxb.mI ffv0HcjF49s* 5. ϱJB5䖰@G net?8З)?Rk# YX>7YVr!T% ]7:u\:S57r(Bc{!#eV/*Y8'!7Q Y{ֵesG޲kZ$ {K{K|VsfX7zjBU3qw)4)͝#?G[eZR++B0_u3. er9pU rׄaOyR9b3!]oXKHӁ~A@#2'+N_>'wdlfJoսepS BhBƒB@?vpa:e^Ht[o!Sj0we1{gVN_BTҡs7;X9g61]&>dSEܨU)Htr>pͼtO]VJTn׺K1eʆ(T %Is K:U2ڊlNZDHSNI*.I4ح%˧%SyH?J ۾bM[K`ƀY.T &iߜqr_˯D&95˱=&Sfᮛ X'|35L]=yH-[fd ~UlK4Y@F+ M+N?5pŠ׎ŴZe=H:( Ԕ>ĺOzk&W 9; 촶 G?dqI]}xlNa52 夣=`% /&C@}8GF*d!%C(;' UdqXպ̕#cT?6+ 7!qɊ$87k|%VQ.mn /< *u)tNJ i#d0ƌksތҥoE(^ye+#daH 7[ 6B%ӌMB$= Q؄z%:ܙD$3X@gc35I(q+(?{.¦Y^3u%[F}2rIZXZzzVD\5MYP|ol=Yx/J*?fLjL?$&) K>jQۃsyE0 (2C4tSs $sݧQtv=udM`3}8,3'8 >8RO k6^l]Gon>ÕBCA45h^{1 MPRs=RXn.@ҽd{?8 v{xM>R:Y[4$JMR WbI<9خxwҷ![U rcs=`Ѽ{-ht4[%Xv<8'!YQ>ہZK YN}%+zt^+.rW2ɲq9_vZlqd,'ϯW3/weZ ؾAs1'c8Zs ѶB*֕l|ͮKbu'|cx. piݫYb {^:wa6Vc=U8|hz` `=6_yjXӋw3`dƶd ^JT1wM_dm*h!GGQ>cPU&΄WvA%WkC%53]o~tSP9G򽽏袊6ՠ޶)B,ѨZUPz_C;lU{f*!q+ǿ؟au5H)ێB %cGQWJK=թx L=_Qy(!N0q4w^/Ɓk V*m#ud2m7;aTfAΔinHt{6Ĕr*muBTgR (I5K)a?K% #˒h< !Y~s_}  5Wt=/&,Yڴ1Lu;b~B`sDsib5󢳦EjJ}-)(47kܵR oSWRޫťJ2B, ۅd%/f[ ~C"K/*U1)rg;Jlpi Ɣ0p8m/ioϭx[EM2Br# ё#:J;ܤ#T4Hu4zxfzg=kXȥ:ӷ&MV.}9e 4%Kxv?׽ןGzSqʣ〳gѝmb+G10;߉G(_OƵe7\.JCEo-y"Ir=쌴Qz"BG {MB|)@W8X˜`o!&9_{>S \y 9iOr_~ Hu'U (SiGMң' A*e=a_@n)X*kji<b9v9A%1Z>]T$DnVϯ#CtZD(w %J  EwB_b?⏚_|v"_NKR4ɥp*A0F)M9l߆#s{2 %ȭdcK]ts{@d s F!TUevmB7\qsf|oȬ+--a?]M/(e'}ለ *fT YV)Pn> N<=t]׀`3k9*s %:7ӨXvſ?/G 2Xs-L]Dg*t^?Rr!w"PDid5imMR@?f!E o:8c#΍oհrd`Qkw9:tޖTwK;WM> )TI&XaIOAĨ:$5 *X b)4J8oؤҽ=Ȝ86QI.~4Mu}#ė5[Xbl؅*`B]UȄ2Wئ{) %| β7}ӎை ,,\ѣ9&Ӂ%e*&$K$xy =37\| i]Q_*  H_bI[<'cWpٓ9 PSбˡ|RTQB;6F(#ʦ(;Lun 1},$i˜O0xF-YjoeֲX=]+o%lzҾi%0@=D2׈=UZu'" Yo(sLi٩jRf#V =Mm7Fwh'e21,Ϧ0:H= DwBm?U¦3<)ƹ?f?)>3v{*؟r.ii`P=pZfہϐs<[Њa:Cf ĵ<]?c|p-!%uHN>0B3hef8etpO]`<LWPDj];.J{WX8lL=i4"tO|˃Aa)"&Lk} G$'AɭߎSԏȏ)}Mܐ]ʊ?Ce{njl}IPsD4r{:lgw/.יɱCE!)Ufgk-Obeȳm[ q*p0I4u뻮?xzhvP}x9zQoq"E'8t`f3z;(S; L *& L7!;Xul쳐n%i_}GDVH,b ܃t"+8^Е S%r`桂Ț\L Xq Sn7-١Һ5B(Ft)63F()D=S1gᄥtՃjj@OJGPmSzXnr&98 ny OOhQJMx6j[_fe:jwu1Pɔҥe;abhn7\{=Jz6sh.)pMʖayru~ÖWL`Zɥm-? H> U2FFCAYGgdHt')G/1;oMS1 %fcVWsM3FݸQ9h2\t{_CJb (s#SkH[W04lҗ6}>n}i'~At/n@c6V.B P@i{>gߕ4p%ʏoOP꒏DeӎůHl\- Z7vH:A[٫x}߃zhKKw/pJ^2s'N֏Z2u!TTn)JYhw+vZ?ƨw @̷#ҥ-HR~L Ā'Wwؑ_Io։W%prl1}eDDSʏt'P Z#Sr(}ed8"C֣AwF骪Ao{cslFT#fa)WC ؐGF 0'[g&{~Y*T~O8Ra)!MׯhCsQŨ0̾l^Pk>QfFU7ĠrQy:a ~ނy lS3ˈ87 R絁lm\=7? "Axz4bi([ڀl0?ngT/;T*&J{yQGZLyx pւ0RزoHsmDRM1SVRRڱgLTά,*Ł%YbbGdZy۩X}פ>l$`  ^VgPd6aXEMh&jgȬ%|/PLFjRZN'89aٮYOR7M~k}1]yIQ(!2pxmk+1i$I`5%;xA 5Hpgּj o-9tN?j@vg+ [&Z#yxNC;/ȭRgD@# ڈOGɱ#[uو$9^8Gce`V7iqmH P*ӻ99.ּ"t$Үp>{qP;n% fk@kD\`?Qpo9kuOw?2Rl7n~ed`oLd?{,MU {AƄ0!,+Dw*PH*o]p+8\NhY>]s|Uޞ{g9)O ]fٖ;7v*9`dbnztm\|N$sYG3MZ_}?A%rhJ68osaM T7 Q36b5Xo ?^D]-I.Oa.v}07`c`8D} =m[pruD92 ït.^Fm!l5b"Q̪G#U΁hAWjK~(HY jy<P0Z~'I\q`U_(2ԄpuPtF9|rvC,iB- K[[CU +Ǽ(1vl97sB¡:>M5UO -𱆿dnc<4,vzu(C\&RG/ǫt?e/C)hj-CS2=_J}m%=+ Kkjv(d^;g|XdHBԄ=[Dpe9u4F@ۧjqe 0k=' JytWB7VN.x$ӝ Tu&jq$ h HOmCFN9mji r"=zKu+(mM+_T4J^k{bGRm^`j현-ba }d~BE?hx( =7=ZɦZJ@@8>,q!#]Caג,1k?`YYTGEEYVT%Nm[fg&u0 [b?U̜8Y|HqIJW3)lI&?KH{k%>{耝pe10HAHȣwGlEx<.:R( pp5D9&2{&*LCtcLQ(qI+Zv:]ih(NJNJwZ7EԥqM gR!la=ϋ& `iz+ !2Zx0,[6b?:?uBܤ7 z&QY|e[пFpn+JclpD?$NF6MR8E:8'i?3mwђ|"}%y΍g uD[זy#w:rI%a):0013hV愠E |8O\8,1e^Hwԅap$!YM8|U^DFʄ9P$j@ pܲ|sqzn:&I_Yn&zV"yaW+%Q>ۗ&'W =L3fUh3qXJgrg({sf+\Yu#]< `LtYxW)J5%+ \MJ RPz.v8&twXT"sѱp iRU(ٗҷ\_Ց~* }JϘ͉^>v$ 9EP;ՏP͗q1{3pX}`Mq}o{Mǣ  ٮID34U| 8[5nUH/Stoȱ/2 "1[`]BjG2v졆(yfř|LDRޑ!_f >I&er<$߱!ݎzwtUvy^&xoX!nLDb>.θYf :h)z ιpe1Z07غ-Q靁9%1ӆfSݠIapA $7ekQĺF1 JgE%B5*# uF"/ $=ɷVPd/Bwl8Iwebt 39$3VT@ KгCg((!,6dk*d'wi5+3j@]$?2"i[#FaY/ Aҷq.kzD QqZ{j`9&:G|7a zh'h3H"ⅼ ܍k U)rO97m뜜c;8UkvoHAi14=[H]% N(|HetGO'=54Δ$w7~6zZGxK\ĻiQ{2EKbb$_U#r}~V}N:oޖ0}c^{ޱ X[L$w!Ê`\îԮO7ڏ;,ЇM;fNCSfvd>0ADSC?EB`WcA`dKMV\c Gk2p= IC\5Іπ/84v0;gp桭迮M\yvE!BRP'.ҌȋT@8WӵA =K>/;H5P ( k̃!ֆH Ş1JRgQIp`e-V1 7Ρ cchb *R_=7[!wDY{<0;hf4ـ@u4HNj >ᐚD7eePK>S&HO^yw_==g1YYRxЏZő }S ."4Ӕ<#r41-mkkQOQBѭX ]N!Uack_~={֟98xv Xȧҙ wng⮻Q9D#3վ&=gw(NIYZyXZ|N탰 QM0Y,aŬ7xLߧٸa7ِ^hGWXӺ5YX9#^&cZ]42jUCHJ}[O &[##^KlE4*(SfYdQ:̞w|b\M*HЋ3>2mͳnI`@99gTE.LI@tFC鴧c$A`usFo3_vc͂>Fn(d)c\Hgs[$pot8$Gߠ"UɰMfC uFGk-fcw狲ixJF ۀK?)uOANž eH:%S?HIkaq\2{6#ٙП0 Y+@uzc}jAy?٨p>R *dkxFayoy+xׇ795GE>tQ1Ng9|^%nO>QD p$7L4,Xe~!H¬gS5qvc)Ϫ8yZQ<W=0.["cj,ڗP#^nX@!ypm`t[/6iC]Fu0[lT7@в*]tV9! M9Iv $v($pÏ/%>{3 -$VKI X) +^7jo{[kJ#j9F&_"txa!XBH*%WaƵ>eHf}a .\74*3sP{>6OѲ@45YM9X*'2,Ʌ,lBTMAԎH7*a>_0@Ppُ _?wԔ;~F=8tJ(d 'uG 7vܐA? t ,DV;H]p7K'ܿEUOP $TA(#Dxg[e[%).TnSdߏY*l9g 94՟Ƥaнt׌زQTKa×XJz za<1۷fe4 .MM@v=B>~ 3~{]<؄\8M`FɡHG!hS[2hqT($ @ve dKj&nT&nån]Ǵ^jr#`5=$Nuy}6fW-j;ÈIω:k-cj!!>88׊)#(y=9z &MR0;?R7D7O[s3#ɴei|[jYDd+k'\^Xw@D~ú~١VQŴ+ʃO7ڙhY{H̴N08`5UPSeT>^muV\~3[cvx1 Z :ڤ.tE|ttY9xtaը0ÃGnSNS sQLpi}h%H1\;tk|b:nchL]ȱ^$r-&w0#>΃h_ľxly&ll*QIռdRVvJlT=TсDH5U$k[ =N+sE8ͣ6VEF3 'ANs?r/\³NN۫< ZEIcgY<vO174*枇aT0ˮ / SSb2n@]q.aOXz1{vcan/wyxm G95 ܺ6>hmilxV<2Ec&45iwUλLI$P£Fk{t"7Kl ;(Èxwiv 2thWO78!84hteOE"%y0A.!ZR'CmqЩz# :ll~I,`Sjr0AG$"mL"EN "H4 I 8RӤ0Ȓٜ R`Z brNѼ0Rʰ%:,5[o`AUkr0ZDBX ]PM{0v$wSfM1z ka,:UnRN~+ưq&%$V+FØ&"Ue@r<|N .kQp?g4x[yEwI1Ay22vʵmElBE9SvRiRNɎ4I1  m; I7K&MR3mơLY }hjPg/P(&+lmR\~3e GCNcw(WXX3TpL=sL;=ncG!ĽyjIŏ&3@y0XWJ!P`2:z9#瓣z@%mp@W0EZ~`[>~:>-ň(Q6:5|z xJAX*6zkA hIcDzY*< X_c%\OrzE~εU@|n$t:k  h5ʱxe(MA8DQcvh7<9ap }&eK|db>Ba[S .piB轏U+Pj]* ]#9EZGt zZTKag~eyG8K;nsn)7Hwytj09/DV Ad ()Q |O773c (1Iff}sp4{r!RKl͓Eor68>Gz| _^y9lgГ `Q?Q#!q-:ek4ɁYgA#m 0Fu"BjUXHSft~Ȣ`No9);>cv#ieA)}caK~2OG~5ŧlHiRd˟~ca1%D`J-SŔ7*+cZqW3.Ÿ 1)g\i&h⸒PWb&TJ9 { 4S 4*i@9<z͋>25qv5Ÿl=ASn#7zojT4U+ֈ Sh1@ߑ~n 1Y[IZ*v~#;[,k^*H̚BZOhW6>gJpŠah~Y, ڰEJ4Ig5qÉbZ iV}ڳHV776aNZݜ6[%㞄+_lEc;*nQT޸ozZWiϻw1׹/B^oW8Ɉ}>jvv0>f|TӗyĉubGBG b) Fw~(Ug?pI0d4xO$b'l2VN%? 5cu;zݩ]) *#lVC h^F-kMcr%TBC&FhIXP=,=0ik&!mR58V7: *; 9z D. n393c]0yR<⍀TIt$w Ɛێ6 `$z5|y,fޅe:ۿ蝆}9vXG8 +,N0ʺ>"$SwV܈|6eޑ4]S7.1d~B "XgPIOeVxDY&E>N^q UZMP}W衜)&lܙpfkܸz"&H M< OO!}|M 8yV}&7! xŬ>qƒc&Q:Xs[}?eyBMI.uV_=m /泲[|OJj2Bddj]Ҷ 0;ʹ9n. 3C旭(X \0$vPyNƪ,wp{>'7=odDO|P._gO:^)DA\O}}57SǃJ_nVjtR|+ǝ~b^9ڛra52QwVBKfJ e/7*- d}vZVMqmb8G ?v-̛'$zd/Tպm'pvR=Ml(vMV$+kwl9`ֵuƶvWu;t\貅4slf 6Rkt ؐ>ϡ )ÍS+{`]koI>DvK]KqkPsp6 g?(/Pof׿F>NO;닸ae9$OB+;j]y 3;SA1V\7/}/_I ^f~; 5ާ.NX=宨g J篾~QhǹP O0d No&hQh_.Ar5%hr [D 8"/qּ;LZ'N._~*wU)?Fqr*:?e~:&!:4QItX7K +h͌x:}/N~ohW߶,{ !q)Ic3 DjH*Kvg/v&}pxpw~ttA~>;9\||6:?9hm3+)8c\S= f7W9}Xg$~~J"ðl%&05m]O6R( # Tp4b Pk yp8옡P}Jr 4_V8]Vh[}< f!.Cט"W$V0 hC%MZĔ (8},+J rsCy@͂ZGo_n&H9K'v欈l=ޗ4Y`}B Y*veLF XVAi\~ .8t.ܝӤgt+46Gfv[i!S<ƕڰJbꀸ45cDN`AhSUYL8%P_N!f}q~!dQY"y>SBVAicFG:{dKFQ\UY^ǑhPtddy6]~rzRffIk 6Goj>Ƀ@U[b>|QC~;NkF<[,L+ςVN-I&b0u6åF)0ka9H+WCŸhYd+Ԡ @  CAj.5WK 㑜+B!kPl驴y>S֧ost=ʊCԣ0{'h  ?{=۲yi: 3OoX- de2;3쀢R@/b4 JőF~TSf*LmACO;4@C'tM( yzVH>hi8O2||_˦1L*Kը(mLJΜ@FϮhP#0[/gwZ[)a<UB1rrQ7F4}뇿f$(aRV _]E~^Y!*HE^;Mulq%-+%8b妁Zwt~>z{qȽo ̰9c xI^,=B zk}u&kW˜R,>7M*#: lԏ%(Ǖ<=8$ o1C= gJO.+W{gQfS⍶& NBܶ>l *J$+ٓ|j) ;rG֨&Ň jOTJP,qA505$`XDX`j'&]K:sdEXœnP𯄗c z_A:n㧁Xf+$*V=ܚT\9 .,3LbU֋Z5ō ӎzתk upH0))&ԟVO|S4;\ 7НڦBQ,%.}lzPl M9F\ [ZM+Ga'mhrRpn)n/ȻneAr\bڄOS)G^WdQච7m?A"HOP oؘ;7D*Yr s)zE-Y<*q0jFIX {6~~~Ч+r8߬6Gn۸lt8vzϪ ,50 |L,kV̓Vo+,\K sdObV&՟hcBdn+YWCkA8i )/ט/K &C5T0N476M8u.3X]|nWAV/YU,̆b-MZo^Du\/# f1 Ghl9$`.b"-4Eګf$(U2d;|.Q4UkA͐ 8 +O*1Lu=>>BM8pvpYL!Q\ы Dn9(UZWl7&9LַLsdOΊUֱ?6[3mTLyTVq4ִveNd(fL .@v9 hMVbr.FAYpA$] AM,|E ÕSOUqW =ߴ"?">0x>Y&DuwR֑A1c`;GR<V3X8J)B"ү+J5ӺL; GvΑZjq*1*ր^#M A_Z/KiD9,ގK?juml LEfiِc=vV""O/XXBx&̌(s,<@[]1<1Ayqc| kROݦK&uUSꍾLrY_"0lh¸Qs% 4F؟]@P,n/ߚ}-:g,&(DKs1| x]$M;wҲ4qB-Sn֬7H-5 *64 q60W5lDlpN?s0`Aƽ@*`Sh]9볟G/^ˆ8σw;GgoW'%:R4)@hd,Iq8J|t 1_?l'|3r?8PPRLfcNFwRl=hP5ܽ.Q/ .wEs@x?Lbrt3fD&#IT:\F>sYA찹1]YƲ~AU[hZ֘E'9G9 t3ofkp 'vc$$ā1C]DQbFr P6%E,Vu;Icj7ue_(~F J~{y[1sh`gCG1f3: WPda[|GApir icr=dEr!dZ{Yo.l8} C_Fw(Aظcɋ{U8z{I4ol=?xǂq-Wz S&DܙƏ(ϕ*e+:xQWtot@j$RW#=;;x#6ܨB爙k= ђ 7hyZTd̥) !TY0& GpГ|(ՠ;)an9Dc xfn HgNBi3P}dCI(jܞK?x_92ݨ9gkG\q"KkE `u7qO2"o^묹Gp/ZΤRa_>cΚ4Btʁ}DH\S. \UayIi|Ȍs"9ݩRJE(rd qJpGOg?ǩLW0OfpB~K Q%hɨe3qLW)CB E)h GABmM8)/>6cG"xT?]tZbA:Y)1θVhRWU>^FӁBM0'kJq|DAW((!2GAbrsr;/^_}ۻ;/w_w_^oG? .(rG <5ҞHp.+n=hg#E-0I<ө5s-i,tdAۿ¨Ƙ;AT.֑4F")qݷu6,_bʼnusRﰙ2TM5:¨#(ő1kRUPi[Nb?aݕJܷ 68?uj/uc-vxm(,M tf8NrƆ# iK:"1flm&soQa}\VeVK@2r,qd-/7UyJaN#|>HaEBg@r췠ҩPw(dX.aJM4Qϓ;%{( :_  -lHF| EE%BA8byΠ;}:bA ']X= Mq|rkO 1m%YTn†37%l?e;T벷{;B5}Z;e@lf 4""Hp8. m8ȡ? ?yAr$; Ә}ӽy"#M_-bZe, ۢ Jͨ^+9iw*VTl~9"^d^R<_TSioa֕qdyO~TuPBF{!2V8xZ]rӕqftn ̲ݸ|5>vaJYRA ;gXy e {e@DlÕ\|YA8O8ˣ ^ G};Y.c=C[W(jG npiKeǟG{.>\›/'g~ ~~l'Jm?}:888f,#}bs!;:=|Ḓbd &+um0 Y2kb 1Å Q{GaX^㴚eҿ}Dz˔$45ԛC`BKllW[{I6mVB>Vs[mh2Ӣ#[,V>eTVt2e7VN<ӵ=hu)HxNJQqxxa4kU^W6NP^,[wTIhI|kXH.[tvriF >gE'S:.#q ʹgA; yBx6Hr1ő= Wh$[70

>#3N>-VYQ6}ZXA"piɑ Z!P2Kw8D = << $miin'XBA]zݶ*O=3R'ztPh* OB/jfV>_Ӻjy fkQLnM/^zW+DɞlJuW<3щClv]R/A?=K%ytF:j!Vl}1W uԼ#>B>;ɱ9y,ᚥ[r-Ry6f2aC6a^nu`Ѥ?brG;s󈏨^a}1`*M[(5S:p?ԋ]iN 4 }-@ZuB<-8\$> t>m}trq+I#&rNX-X4.bX3c9:DOc׫Ցwory4oJY,%< #R_:<`Ut~<1{raFޫ36i 4XG0]OڱXHI F//O_O//.Z}!% Ψ(l*Tdt .LGqܚ̟$:9|ϠA 4\= SRwB@JFZ ݚo=?|OȓKa:3 zcζڼ|y/B+*5I`ȠgRu;j^0T l*' M` ,5Ʉ#e3+2M\FKio>"^FI{]4)s%`gIp=b rL$p抆U<e*.$3y5 RdS 0Iiz7 Vhw[ vyDCs T8 >3VQٲy.Cw(Ͳm Eo>HB@\cee#XY SkCኂJB!B!P*hk #z~5c 1InBMEepїo(-\FD&4ZV__n>9(<ܒ< R.al VFCDv b? ܢ/LWe"_K0fFCCofYoFK?sph u7 հ߻Gogg&zŻl. W.l>h'6[RIA T:WQSpvY?ʮSTl#Q N#-VYϞ -z6U5p"p5(dAFAJ Dq j"$zaK[~:[O,@S!DX$-7[>mws"3c B1׃-T"Q.;;sFtkāBj (2=h[ `Vӟ!hEӜc$=#u:jlB[}`?R py" ڀ/> :am-l8.&m̭E0! i.H+h mb^2liP)![6\4X }b[[>)ż<>?}eo|z>ƃ!|~mR6F[e6:6dAP98 .p+oqIH.b_'@F62L LC\e9wN^߄o .lX5K1h5fIrE 0S\^Pt`#s WqL V5 I[b 2] Xj˦3`,Lc prI8˕KQ(ͅf"LG`4|=(S5Xe[SzL ;-[kcxdT?P((ìn8^AYtBZ%p=4 ]>$VF.R,kǠITKXF V+<-TwюY6SݘQ+R0*k[ڔq\USW-.bgRB iƂ˂TX XСlwPSe,]71#[Iڷ@M1smkp.]I|eG^mlzY \[zHo> ]Q W#"KAP?p7-\LE_Ai461qd}Ѻh%v,]JP$`4/}[$\[u">~.mk-LƏ,c"ui+U@ڌG4Z6]0^1 (|ceȮ1|eG 97pO@["]tO٩0*,ZAkRYl^2s+d᱆גJy/_'_MTdr$oO,1p5 RZ*ptE Ȕ;L|h mx]P\@}2ʦ4Gϥ-ڽ(׏9O:&B:c/ݪjMpۢ{H";?ɧY#MAH"K 6[[c?!F+AFFǛw-.P3ѷٹ^~6۽=Ӯ-%LPM-h0iz/+bBj a-sv[,mlʋ 곔G13+YL~XlyE 0R%p{},OL(Uꒊ nUlomϠm(XK0]d`vF[P%3ĚC{KR]FR\ MmyYTՊBX΍mJ `T!wтZVj#F]nuN/6b'= #Y8wI9NhsSTQK)fp3SbZ)KnYC-]bΝLdűfT0h6Vڹ϶0G֜tN`-*0Pߦ "}|]C!K Hп0`kCnrt~=qhYX=S k EJG8J/dV*+'%TH} C)A5.RF?CeԫpS4?OJs$002>-vb 54D6)юwͱ**жU.3:vELf<ڶXmEFЄ-JB2$ a=aFÝy5V cIz *桥UE6,$2i8*$W׏1 3!4HsZ 5&}> zMsI kAtl#}ɏޫI7-I *۞CU4|Ѱ _ l4í!P\xR42XD܃18M}k0q"N 7^7S49oU} njV>F@CgԽJxg>_wchG*^sﶪŠ3Kr7 uAeTD(l')b'jq/QZ4xp3SI MΡrΖHK)4Cȡk4yu/jhȤ!!+Dn'yF^=|t~ٌ|0? LdwOe=D{5 / :"J0iIӝFYdxb3~/Αk`[3@hT8$2Y$w?WE;,G h WKdJº@9yk=xR^y=Gv*~PuuxܥKu5SuӉ}npt;,kKax+ ^ wS|.vf>]ȧVWzK<}xp52qzYjZ?b|VxSJ/$C}uX6A V>o7*Wgčuڞ6b^xZ<\:jz wytcwLŐ{&pty@oEI_|ZXCUi.;r}^ o$.%*x1WA.\+>YDk:Wx 3僐I^ӳWm  `6AŃ^z|djdB*]i@e焼s߽kɓ>^eDWF!;af#<NoҊ{}JiFekNDE(3Tl= +4}3ܑu7n#KSgԖd6x1IFfV3&,RGO`09-Ik פ9 rcdDC%:̛hB}@XoCma̧;TGG HF ii=ZI[Pshh)*}%r<-=. S:T!SJ3{yiBD]Q+P_@w|>J9w$#퉒4ZA@x5N~( u[(p JLyK;$} E<ߌ wI_b^GaSEUІ g,-VxWbN #XďӀl%.,PX$y3Yg8pK͒e&+ b^4 xy_Υitmӏlc8$klg(:W_*ev hRf9d6z#BBXo=m_eXR`HIlSL;<M.z,l9Tv:}DhOa5 wm~uSwDvcR,I 8NDUQU]P~w9%mo|՝b(y¿;)\ְ<=X[Ȼx5'pǬə;m_=32CBD?[êa [ghaK?oŎӘ`tHAZ:?dfI{9Lsl\WwѠdR"3:ږ *zh"T2vІ"OIꓨ0yBHflmKAch@ipu&N۳ִ,5u}Q:J641`vf'E_t&B.BSe{d׎6]|\R& MR V? JuLpCʂhN|;#B*~7}kHwyDH `G_b ()rvw,q>fߎydz:2GLb 1Q8'F4y_{}QY%߼xa *e&@On2)>@ ǹ4:O[aǥn~9ҹtYX,s  (i\b-v4*]U79.d.9R2" فZɴnک}6ixd cDi+q d? 7[4l7p2Xx Ztk,!egqÞ˕G$ 4lyMTi*+^.#.;RЖU;T>Zm'<$ԴDxp35wqQuvUe.FrIZpB0={R dS3׍!5a$uȟ) #9(VZN|bs/1qWx I:5bj8"*3Ǜ>勵|/N ҂jM|r1j`A=UHH\Zgv$*X]Er zwjbCLY p=5*/hťU@#6h"4 NNҀ9 蔺Џ9|lGw`okTNR|n5m') ČGջj};{2qP\ya%"oTwD22] ވPwKyzwZ WqhJ<ꯕȵ^%pUsE4t(dAW=V֨f\\te_"tڿqiW;>r#ξˊ#VT +WytޚЂ= b$ ղOH !TiA Hlيݒ2oZ@b iP`S8d&_Ђ+Jſ"6:IKy/lwܛN)շb gPq_ȑ1ىǯ$j bps'nZdڜXQi2DAclB9wPІK&&!FS([#lƈ_)]ZOnX}ŤDJgp Uq,Om!yNl&e/xeV.S+#>;Q={!*(v8)u57sJmTw"V}_B SFOgp Iӽ*ϭs/mg˾:NTd!}z3Zy͵h>szeϔCAL׉BDϵ"ڠ|gkWU3Pc饱ɧ|YU#BD Ķ\b~L%k7)?"{/jB3Fb UtR*Ϫ"YL#i,LIhF~Dk:qv.&f\V+[睲8<$Γso6y:I3;T}7OCU(ss] žTX)5`o] D쀑J3_#T6\r +resV,*ͮ ߚ0{i&Hiv^\!C֋}qgNM).h p)n(zO_NP&o\㖕(ąj$ڨΗ0q0:U|]1ūA%ONvZQDѨ9?ghDl ˑF 5iF7AhE#?>D@)7~[ע;9Ѡ{t>b)~Bh-:eUy~3/1`rWę Y^]h^g m- MRԴG$uLH06č7~t:^rLk!]lwCH +/yxFDSBP{>Ƿ4f|E[fmŤ.\4ylH|4UjC0៘YLMbXA ^[JpU5.*B1 ӵ-?<:{X:̤TbJcdeBFp#66KZ3V^q?7%\{uw<,PyZ32\ӉDjuP뙵ږ'Ow67ˤ$-ƘobAVyk7Og[ n(ю6 /2?A1>σUv;8O>S[=h5y.g3GN 7魄7 ^{V;}YoEɗ'fLR?wvx=CvWh0LX1a{buGI̓chXPZt)2tBz"CPΗW,_ʢ>ϞƠDdb}j yȮbGܛu[2y^;t*K0m5ڣ 9j_A5Ȏawjl9})Bҩ_E"aP59%j>Xpx |; 2B\U9i9έ'Y HC+YanhCr5M5{0j*݁P}C޲~⤄sRg1ſ Z4[hl*cS[d`R>k]D&{ALOMspj,zM_*qZкBrWMXO`ep)J:n^3__L~l7 7jl|(k̐K&I7-nSU-쳾L]=d߷dR7 rˢILEȝn -J]GU9黥[}S> Y36{G vjx78ɽ4΅hѧHE-WK ϻVSЬP+*Zvq?xd::]Cng'N D?1ǽCqъO2ND …˼>Ga5Њ7Ꮺί8hY~G;7$9قb"6Eo$H^ ,8,~ݺ|G ϊcW5DAd16&t?[!01;o;+{Do*ToMO vc&ar 6 wI/vbK`$@{԰=v+(R擉X=jrxt]` Pp_zw#8QCjʊ&}/hn'Ϸ^~g h07070100000007000081a4000000000000000000000001612e416e0000442c000000fd0000000000000000000000000000002500000000./usr/share/man/uk/man5/sssd-ad.5.gz}s[Ǚ+^i2IֳC[,Hy&[$"@pRvK"-ʩRIT&S5(ҤxmGwݯ Il%}~SQshL ]/5hGEx\GϏvuwǣ;6T=؉/D3RlkV=+U8L1Wz \ިVoDM7ob7c6v:o0X-̩ύ5*qs ZkgO8sZy'_ij v2ẹFMmtU/ar/g+ Rc];:p*:uN9E?.9]Q~]K8jTV7sry;j4[8(|sX1++cW_yfclzat3_l.yu?83X8}v JKq4S[Ɗh 鏎"q3*VWKfTY8)F~Gkq%,U+CcEݯZfiTpf|KU|3ZJZ);Do^rɩ.F?>iV_|!hTQͣ" M{p(wEB4~W ]~tUр]EP#P]& 4W=8T3ř:E+>Z7԰{54̧OGѣ7`3SïX7GV+ن|/Q38zpawWGB-Yw~>,s֦~[WШ0 2sOmafgUE??~nqk鏻IwzYpNQ < Ӭ[E3tL .Z~hMnlm0Oh  DA^C\fPK| KT;-.=E>Të Qt] zOԤpf8EpUppvԇ`=5}`;tTD O ml>m"FuKꐎdmXb::>p1HKU/^P&No.P:F._<H3B't'[4;9^\\6 .|#AeNTwhjݻq`?\^h*^Z4u&RzF!x1_ThÐxv7⋏÷jxx]5.1h&&X2tc30bb>ɘ뚪jJ.9BR+%Sazi?~R8P z=#Fۉՠ+揑ۏA/,V18}!-d8P rM jb/#pQo>G|#V_F} G@I=̱JwǼEG "=zh ICHqGj8@'"` ΀ajm%CA 7!Qh̰Cc`UбGp65H(⑊2@%"lׇf˿Vg!>^Y_+ %||/՟OۯOڜZ]V,f:$9hwگQ:l̀Ϡl"X]٨ 7ZCҨWլ74s}=da`qZ*V"zEmtXA&< Vk^ի7KŸzW8Db /FDN|h^ywKSdEZbuYI@הR >uoqKu[\mGչ_)= \ISo:pAPPbd#5W +T _"@75# >]W`o(럸@ p MQI3p|ci21i-B4%DA漋B/Jy5}P,Tivu/r,CHޚ]CcXi>D3sfhlj:zyhl U懀*^jBz|E⿡3E֞q_qbڮ ~M\H!g8ce塷".m%jQ;b',8Scfzf}DD\Fm)tFbj Iԩ eudeiE?ġw%9ҚѪZs\58Ko pe,G o!nE?Uzz}B}Z½N t~]jA0"9d1i|8VM`\T=%0`)[{@VRdF2~r+~W򥽯m5OP̚ *q uA [xf=I\>r5#eEև5E <7C#3[jUhvOXSE/648.IuI= `?#:iJ+wM#q{&R|9xhO+Aq7JxL")! `RIO28g£|e$`iE(Cg8[.KhX-~nweu2ҠFoyx!YHJ i}]sLқ"(L,3pGp e { 5" G 2>ekFp6F9Вmo/ܽ#/6awڶC!%`$I+qKW 3HtY= n >56:M^DiɐE/Kjx,1Jjgxw|)3[ybG`:]ח^v&tnd*C},9@d3>:Fj@E.pdDzk/ujy ஃ` Vgje~=j1Z[Z9V?K(,/K kYJ,o\~nj7}P a:Hx#\PPWӭ)-^P{8%4X2 AJ=Hc%VtQ3Sal_*%]lcH2kC.zHM&WV" A*N}MX64l0CocQ2B%eMַ lkVǑO߱Oq{YKO&H8%vf"<YbG+tV6bp5f% HziBfFGnEz)J;p4pj1y][ n1tdLP18IK Q8 /|TG6ei+'-04tؿm3[p޻FmVê\CIxXi6JXճdB'Md˻Ƽx4ޣ7*|(qRk[1:Hr'(/ep$P^e[që-~Dwqx[+24wc-\&Z*ݠA .&$]fP'AphK\<~&,GTy|,߄DJ$1Z qn aH7C,-6;ϓX__;{_ϣu XuϣoxP<5:ȈJH@A_],SAoSd16Bb4V:XSp &Ď[\`>dS}n96 fi0Ws N"l\;ygϹ,k~Zlҗ*ޙLj1C- I`)wӞ6mt&]!oi*A~D2`0IBíh鉂H5& sGyjql -@NC& h 8ZӧϞ; 9OcNiKq_hl.g(bg⽙ii{3řO#5TE]j9 i0R rKd,0]窄2Ϥ0M9d!KhK@ŋR'dKʙw=x'gF>-ú: rCC.ED{sGDL@ˣ/D-hEdy>?/KsqRU[/ԫZ#W, եΜbfqŝ9iϜ|6T"j}&4i;p>Wq}IJhEJ^v<R3+rCSRΣaIDf9s#:R"e[0+jjQ_t! yL+t Go"¬ke/:^켣:a@(g~PjzZi֫fDJ@~/v ;lh)R/kWs :$##ihm{AM&4`sH:VDBc`{-j1fâ-@8A a%uh Ķ7b2|GFX' V1usN7P3_~'wW#6~JvW}jrЪC#TYw#pĩvYiPFMuvofNjmS׎(C]A&M }Q:cg҈2dwM`k\ $Gr^ J8N?ʑwɘd2(!r˄:ȬC$"u5?|y/|gkH#xsuOp{P$6 S8>RN!Nnde܈~sRQq|O?*) Z~l'ҊH$@V4FXE a|`mraP JkjwL1[{^hmHi[;DwΗ `irIL.&ιgHD8uFlqѾKvTb6/,ht ϵԏ?8ٛ2ٟhإk|(:3vs>~7Maٺ)d%Q#q&8ID!'ٿ煩ֽDJTzt[MHk,aka"1iT%N,Z_.-ʥB9[+5>q\r࿠LL`@.3/6Du*z+y<4uzycyN$؛zSXsiNOl|6a4@LIWE3T4st3w%m]x.dn4KKqT(p[kR;AѳP{P60#Z+@CV[ f۾1@ms!dy٢D/ AdO\pm,lC{8"ܳ`(4$ώ/Q㣗s]-AJ3)=TrmARPEp@JO%{ Tia Z%_4%$WM{*p.2caYrMj0-b`D{fr~T.DՊ/o~"049O-D\`7(:4Bmk! |ǸM^lV@OlެRgR 7/_hS*m`mt ]5%R8R$䔰V -yOZLZ/t{VǼR! eR#oy4#/{cףSKŃx @c\0YKmMl]8v[Uuc;aK3B\ |~^<Kz?o2I(ĨJyuO !j3K=;)͐Pju9kcHp2hGNNIYaΑ&nhopp#lp`[[z L}RbZXUظѬ֢i⻍ܓ\Y]`n4y9 b3R8oR3wW"o|ooM'^fbK$} 2 leX[K"W#tV̅3x 9nUge?;ϝo־,W UG5 NU\>囅 }vY՗ R `:)Jm#_U/6MSlPV(}-0c ɵA#;nP݋.*[-ʢf2)1Q/y&d >'xoSR-3u*)0ehan*;;:SKAoɱ4@Ey|T#9JH{\?7(N6~GؿMPR$[tv 5d堦n2|?x핗'&οzn">r HRV#-5sjYc#HBXk|Bykz3:O|ܲ39^Dj%R?)% ~\p,ax+8E?U_l./;/0tRo^Wfj8ZR+qW ۴rv\o+j* mZРф`ӓӗߚv)ͯ3׮\|j4[jgfDZ`9u\R^HJƼ8%uXmU5^Bvdj| ~Ԩ.-) t]NtRLM!xgcwlPX[*x&ק/ qeU#%) cL&XL,p3kGomr!1q=) #"&qMHcGLΐcO)qPϓM*)BG}QG nͩ/^΍8]ӫdV ~iiكB 6˟9E6F1aMx,ߨϝSH|r<}@H_1ښa 2JM8})C *er= g~}eb"ğ MpnuP}.V}JT0@&MaKDŽJg Ag!퐞Vu־WN:0614B:o6m[C63NlEL`0]#_ӹf%n?g|Hlw%ixtm/#*BNA'@Ol>:xEDdWIwY314CZɗR>}b- ʷ<+I=J$J}"a$9؁`U32hҩ Zћ;;k 땉Z[r7连+k":0[kxJzti)bkA u˔,B5P0Hsrҍgqͅ4x9ދ\S4RN2ъ"'>ͲqO#\CM &~y6:F<031csm[nh)MF Y8Q,AE?ϔ;צ sjx)A?#ds " qF5%͉CgX}FUc W's3۩B rPdzJo5s28-&i4؂G>|3SO)K8♢x j˳dp+w74RUnEl6>ޖm-`E',)*$bu).Rm?.C]jPRX&{[಻K|h!=$`=C<`TlԶa-u_ԝbԉc SiNwQEQ }Ѿe༜M{_߽v%U\"V/U 3bOϻ~}X  u L'ȗma`>ѥMfF~O9o..ܚߥ:Ԥ K讴q_4alt=5wN+we3&H880D0GǵP*=].c6q)]^/f,>vToB`$,*H8 />66hCl7K-Tmd$!ͰHPB8G!I .!Eu0wdb#֊nC.Z*J/H0rһW pX}397F4Vs9[JFZR"!WQv@ɅVf'ױbBfx|qOщ{A4i;ó"\7cc鷤x6:唀t%kGQpҹpxyC7?Imzl&w3^D%”[E1֚`f0vtJg]ϕd γ/՟OۯO8]S喔e n 38?{ ܴ m9 ldL"/}WumJ㜚L񀞭-h?~KHdcy%옆UhMsi^z/mV:eG9PWUOS$u?zܩc. f\Bu>Y `+/S^R?֌& g4@B8ӀxFa1^ʫUO~#@Vg yu8_^:9KeZz4RUZ|tBy% 5Ѽ;ytLn|V+K' 'ꍸPjumTT5&ߙviJRΊ鷯N]2uN"ΘW1o͆XQ5n1-P@7um@D6M0m1sȌ`N$b÷{@Z]6 ?)l{ ki10#wn\%cu??^]b*mS'/Ӿ/79l"]сN0nNpjtezy|F2T 4&-7aREF32R8t&[$yFs2Hʲ^DⷼkGD7K?3JV$670A`3/ZQ C~[/ u(r+R.x5$@)FVD|jTD}'ϗݏXԆv؆b*Q8eD@EV$]xaR{DRf(p;Ng]Y(}& `&&[xH$+a]N=H:#|rJCc%w>%yB<Dn5=-hp%-+]%|- ܚO)6D`&giܺI>–)Qr2`)Z΃ٲz}3SCG&1sm^M,k^2lJ ;7Æ~d Nq L<ðL¦g[$(DaM#'ŠA(o'fH\3N.ۭ+#M]N!z5f"n~CLШ"VF|U73O.{q%=c~ߡT4ܱ}A^摓J䌊|~]or>cp$UŽ4P3z<:bx]I 02@'aK sڦ NlFۆ4 9A.8 EEMAKF*udC dA_n`an38YRfCf)M /<V]AoVKC2)-ہ$+}=eI9h[&{ 6Mq 83`jy9'JJ,ҩ\Ej!ArDu27"oh;Q^:%A_SH&W4B;y~Vi";0[UJ$GEUȄB b7ܸzqv+? rpI ʔ;خyC}Y|ٟ(8.8=6(8 G"*V wDN녛d2N9*TP"nMZ[=ugn 8M<#m :LM֛<0Ou>';MUF h ZɆ!YRVs6z0&B_!lu}eꑂ1Hb`@zKLL6<)"X@< ֏F1X3cl\IA\OĦQ$f'B$(m#U2X'@MhJm Xh滆# SF!Yb=~P)e=18$䄬u9mY5vR2YZ,xN !^79[gO:)d\%p0 @f_(XF5Mpvn@i0g2b,Ff槆ύ胢|F|3VkR\m5mJnHiH0\v^K¹`ӮiYb:G.vr֮S wc $:pӋD O-Δf1YqyOJNO֠ve_Wy}Z۔蒊`{h}¹‰U9H8`4I:|%B54[Z_ɳ}P(,u00ZkjGK[엪  BsteSl/8IXBs N/>s |~XєRHneT̃6)p9kr00aw,5ɂ(@$Ö:(_8Q$/z].tpIg%%ZYG冀X(ſ*BgiJIk╁.T҆l#fjn̬svm% @EDqX2b# Lͤ(ڙvPF,@PAITZIn䥣h|\'&:{5q)ϠU9/_[ٶiIa8umRprOAj̅OVcʷ و#CG5*MQG^eGKݞ-V {MՊXY*$GKHP-]`y hP$J3A1 SIS1lq0.tKJ9k+HЪ@`2N®uq׌X@/Z-/U׉ٛљW_;ce0IȐDW\U |>9Ȭc/Ya=AQsMeJJ`E##VE_+_¶$$jićHKƒa&PpK0JK pE!C+YI:'p׹ٵJ+N^0[Kly&α{ :k!T rHq5Ԟ+5I %(`KSt?W3C f8is"6uȠ9LPde5\ iƚ? MDzAש8JK2yl C)Ysi쀄e>-xn~ȳ[3z]\mVrd A(6}3QczZTƘ*$:kdvPD'|U;\=dhO`Drd^f>w$k |a1󵑜p`F'iT6t^cn^bKL3 DM"^RX)uO(a2u*=O` XjQIzs[E2ogB ֋JI3$鴅 [TAIm>ז'?@qC N+о1gUyD}o=: ;Z9fԪ{pόfE"M)t89pV 8"L%Op9 {a:O\3<7b^t{H⥺*68HT zH˦-~+ԥ #މC;Lb=ԘcqA|&RjK"ye6Wڢ bQQkvv{^~L *Bo_Vr8^$>FdzEvp]5eM&73TxVɩ0_/wJwC27jVSCt,,Z׍\ʁ1 '^T۶wg$C0d %=xiUW/gf~OɖuߓgfFgrJ _edWz)j턟mt2ǻd5ĩl̶xaL̬.¡!|[$DD>Q#Gn:c-U%5E}ӎ/G8:k-yOjdv'M#t5Oⶐد$!nػ$>ZP86WEߏG9ն_\Y[Cӄ֦?{[m'GFr4X vjNJ~}җ'" '֎H/؃v0t (-k j̴"6VjF|eYϫ*uRmxt_Ns8<ON a]DW)7H(pR)NW0ĩ^ UH~>r bjP +g'tvB40^(0WpJjb"Itz\=8Qo'\;Z0`A$'s\s(UbufYD{֖IXM@vz@wtT:%ޛ$ D9(fdOhuR. &{NݞNglrPn4 Ę*4NRLr&N$n8 CxSI[C#f4 Ÿ r?Z91\R#1WH2HdEͤDe5W(rF6zse)Ī䉚 ק8+{Ȭf;dVRVG6p:)F0= bL<nm+k2X'"fT^cH")]u#;͡$&kB6\y~eϑ_)KuIjǶ AEh|N80ݩʵ He+R=M-'OeL%{\.UZ#s}mWx8?ikZ \,^͊kr j|gmXYGB/d_eX>*HyS\ŴQʇh\Tl x?lυK^.>q}r?3{l2-}zWɮ~r'iЎh͙RE̴T( ,Lg\QyE~kBh?ް' ln6H>YdۯdBD^5ͤ騗$ȧz顿t,tw8: KPKDPBk.XcRs*8=ItΡOl8>Zj (N0d{RoGw/_&߽թKruЋWߜ ~ͩׯN^OI7o{KWliȥx$px 7/-vXvc' ||+T+xKorHĸ_%\{7)^m HZ`KpҐ:w\|RqV,:A/Q7b-x8/6MXߌs^6R(Kq[t_w/+2.#\T/:y@\Dk53;]S٬N 4r" `>: *+`w 6E՝ PM