sssd-ad-1.16.5-10.el7_9.5>t  DH`p_K$ƨ Yo6{pQ2kPs9;1M?*qb5Aĝa8C`bwlL{ w6@uf9䇗k[+-K'cI`&Y M&7$X#Q(|4U^+=D8s9m/8Uؠ2}WЕ7r9vF(_^wV2E/xUZ3 +IKn{ E{HZ.g:ZY4*g)00aDF_2L9NQ<"q8vh`N8m%bNEXh/e}d;Yeޠ,R, ]ʭ۞)uddvŶP $3] ,I7>Lz CACjЊz]2˹k{';^_:7/J0)f MgGY&"q>d'6KCS]  !- va374fe9f6088c1415b6b7450d31fb858871b2a34$_K$ƨ'h#ECĿTdD<'G .`2Ss… >P0կ>RAG#8I &4nz;:P]Cd{Ef'eA<(bJu `i HIF+IW]F(i L-d j_I ZiXtOX.hE&;C5z^܂!TG??/JV!zVPuw %OWK]BLwcןb芼 M!bD~^^U#*+x 7Aiie]3؄,(+X8)ݩ wi’urF+@*kLj?d\M{gN|<"TTfzN2,"$MyPhws'7  ~W\H>;d?Td   8 &:W]d    ? HdMLM M   ( 8 ?9?:D?GHIXY\<]X^bOdeflt8uTvpwxyYPCsssd-ad1.16.510.el7_9.5The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server._tx86-02.bsys.centos.org KCentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64'K15D,A큤_t_t_t^p0_tå_tä_tä6a568109aba2675a55dc7ecab25e7f31e6e8390af7c421ffc0974e50858a8f3bc2b16d52744a5a150633289b638f04fc5dfd327e133633a676a4bcb926366d9b8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90377e2ad0a512bd4621ce5045e60a94fccad967bf39a00f8e760082c554914d180e3cf68546106982c3674be16901eab64a0783427ee703a926c21499619d37b9bb472c8fb71b6f37421bcfa1ada1c8323b75dda4c4a4e6b0905842da6dd37e39drootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.16.5-10.el7_9.5.src.rpmlibsss_ad.so()(64bit)sssd-adsssd-ad(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @  bind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libcrypto.so.10()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libini_config.so.3(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr-standard.so.0()(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.3()(64bit)libselinux.so.1()(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)samba-client-libssssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)1.16.5-10.el7_9.53.0.4-14.6.0-14.0-14.10.16-7.el7_91.16.5-10.el7_9.51.16.5-10.el7_9.51.16.5-10.el7_9.55.2-1sssd1.10.0-8.beta24.11.3_H_H_=@_;_;^3^@^V@^m@^^@^>@^@^@^t@^r @^^@]]*]@]]]@]@]m]m]p]p]p]p]S\Q\Q\"\"\"\\\r@\r@\r@\\\\\\\\\\\|\+@[@[_[@[@[l,[b@[a[Y[Y[H@[E@[6@[0@[,[,[d@[[Z@Z@ZmZ@Z_@Z_@Z@ZyZhu@Z3@Z2gZ.s@Z*~Z'Z!D@ZZ@Z Z @Z7ZNYZ@Y@YYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj 1.16.5-10.5Alexey Tikhonov 1.16.5-10.4Alexey Tikhonov 1.16.5-10.3Alexey Tikhonov 1.16.5-10.2Alexey Tikhonov 1.16.5-10.1Alexey Tikhonov 1.16.5-10Alexey Tikhonov 1.16.5-9Alexey Tikhonov 1.16.5-8Alexey Tikhonov 1.16.5-7Alexey Tikhonov 1.16.5-6Alexey Tikhonov 1.16.5-5Alexey Tikhonov 1.16.5-4Alexey Tikhonov 1.16.5-3Alexey Tikhonov 1.16.5-2Alexey Tikhonov 1.16.5-1Michal Židek - 1.16.4-38Michal Židek - 1.16.4-37Michal Židek - 1.16.4-36Michal Židek - 1.16.4-35Michal Židek - 1.16.4-34Michal Židek - 1.16.4-33Michal Židek - 1.16.4-32Michal Židek - 1.16.4-31Michal Židek - 1.16.4-30Michal Židek - 1.16.4-29Michal Židek - 1.16.4-28Michal Židek - 1.16.4-27Michal Židek - 1.16.4-26Michal Židek - 1.16.4-25Michal Židek - 1.16.4-24Michal Židek - 1.16.4-23Michal Židek - 1.16.4-22Michal Židek - 1.16.4-21Michal Židek - 1.16.4-20Jakub Hrozek - 1.16.4-19Jakub Hrozek - 1.16.4-18Jakub Hrozek - 1.16.4-17Michal Židek - 1.16.4-16Jakub Hrozek - 1.16.4-15Michal Židek - 1.16.4-14Michal Židek - 1.16.4-12Michal Židek - 1.16.4-12Michal Židek - 1.16.4-11Michal Židek - 1.16.4-10Michal Židek - 1.16.4-9Michal Židek - 1.16.4-8Michal Židek - 1.16.4-7Michal Židek - 1.16.4-6Michal Židek - 1.16.4-5Michal Židek - 1.16.4-4Michal Židek - 1.16.4-3Michal Židek - 1.16.4-2Michal Židek - 1.16.4-1Jakub Hrozek - 1.16.2-17Michal Židek - 1.16.2-16Michal Židek - 1.16.2-15Michal Židek - 1.16.2-14Jakub Hrozek - 1.16.2-13Fabiano Fidêncio - 1.16.2-12Jakub Hrozek - 1.16.2-11Jakub Hrozek - 1.16.2-10Jakub Hrozek - 1.16.2-9Jakub Hrozek - 1.16.2-8Fabiano Fidêncio - 1.16.2-7Fabiano Fidêncio - 1.16.2-6Fabiano Fidêncio - 1.16.2-5Fabiano Fidêncio - 1.16.2-4Fabiano Fidêncio - 1.16.2-3Fabiano Fidêncio - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.0-25Fabiano Fidêncio - 1.16.0-24Fabiano Fidêncio - 1.16.0-23Fabiano Fidêncio - 1.16.0-22Jakub Hrozek - 1.16.0-21Fabiano Fidêncio - 1.16.0-20Fabiano Fidêncio - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete (again)) - just bumping the version to build for proper target- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete (again))- Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] (Previous attempt to fix this issue was incomplete)- Resolves: rhbz#1854317 - sssd crashes after last update to sssd-common-1.16.4-37.el7_8.1 with servers configured with multiple domains [rhel-7.9.z] - Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z] - just bumping the version to build for proper target- Resolves: rhbz#1854317 - sssd crashes after last update to sssd-common-1.16.4-37.el7_8.1 with servers configured with multiple domains [rhel-7.9.z] - Resolves: rhbz#1859554 - Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1 [rhel-7.9.z]- Resolves: rhbz#1804005 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1773409 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1551077 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1507683 - GDM password prompt when cert mapped to multiple users and promptusername is False- Resolves: rhbz#1796873 - [sssd] RHEL 7.9 Tier 0 Localization- Resolves: rhbz#1553784 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1836910 - Rhel7.7 server have an issue regarding dyndns update for PTR-records which is done by sssd on active directory DNS servers. It is done in two steps (two different nsupdate messages).- Resolves: rhbz#1835813 - sssd boots offline if symlink for /etc/resolv.conf is broken/missing - Resolves: rhbz#1837545 - Users must be informed better when internal WATCHDOG terminates process.- Resolves: rhbz#1819013 - pam_sss reports PAM_CRED_ERR when providing wrong password for an existing IPA user, but this error's description is misleading - Resolves: rhbz#1800571 - Multiples Kerberos ticket on RHEL 7.7 after lock and unlock screen- Resolves: rhbz#1834266 - "off-by-one error" in watchdog implementation- Resolves: rhbz#1829806 - [Bug] Reduce logging about flat names - Resolves: rhbz#1800564 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package- Resolves: rhbz#1683946 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working setup- Resolves: rhbz#1513371 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_be[PROXY] killed by 6 - Resolves: rhbz#1568083 - subdomain lookup fails when certmaprule contains DN - Resolves: rhbz#1781539 - PKINIT with KCM does not work - Resolves: rhbz#1786341 - SSSD doesn't honour the customized ID view created in IPA - Resolves: rhbz#1709818 - override_gid did not work for subdomain. - Resolves: rhbz#1719718 - Validator warning issue : Attribute 'dns_resolver_op_timeout' is not allowed in section 'domain/REMOVED'. Check for typos - Resolves: rhbz#1787067 - sssd (sssd_be) is consuming 100 CPU, partially due to failing mem-cache - Resolves: rhbz#1822461 - background refresh task does not refresh updated netgroup entries - Added missing 'Requires' to resolves some of rpmdiff tool warnings- Resolves: rhbz#1796352 - Rebase SSSD for RHEL 7.9- Resolves: rhbz#1789349 - id command taking 1+ minute for returning user information - Also updates spec file to not replace /pam.d/sssd-shadowutils on update- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider - just bumping the version to fix generated dates in man pages- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider- Resolves: rhbz#1769755 - sssd failover leads to delayed and failed logins- Resolves: rhbz#1768404 - automount on RHEL7 gives the message 'lookup(sss): setautomntent: No such file or directory'- Resolves: rhbz#1734056 - [sssd] RHEL 7.8 Tier 0 Localization- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1746878 - Let IPA client read IPA objects via LDAP and not a extdom plugin when resolving trusted users and groups- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1713352 - Implicit files domain gets activated when no sssd.conf present and sssd is started- Resolves: rhbz#1206221 - sssd should not always read entire autofs map from ldap- Resolves: rhbz#1657978 - SSSD is not refreshing cached user data for the ipa sub-domain in a IPA/AD trust- Resolves: rhbz#1541172 - ad_enabled_domains does not disable old subdomain after a restart until a timer removes it- Resolves: rhbz#1738674 - Paging not enabled when fetching external groups, limits the number of external groups to 2000- Resolves: rhbz#1650018 - SSSD doesn't clear cache entries for IDs below min_id- Resolves: rhbz#1724088 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1422618 - sssd does not failover to another IPA server if just the KDC service fails - Just bumping the version to work around "build already exists"- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization- Resolves: rhbz#1707959 - sssd does not properly check GSS-SPNEGO- Resolves: rhbz#1710286 - The server error message is not returned if password change fails- Resolves: rhbz#1711832 - The files provider does not handle resetOffline properly- Resolves: rhbz#1707759 - Error accessing files on samba share randomly- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains /trusts- Resolves: rhbz#1684979 - The HBAC code requires dereference to be enabled and fails otherwise- Resolves: rhbz#1576524 - RHEL STIG pointing sssd Packaging issue - This was partially fixed by the rebase, but one spec file change was missing.- Resolves: rhbz#1524566 - FIPS mode breaks using pysss.so (sss_obfuscate)- Resolves: rhbz#1350012 - kinit / sssd kerberos fail over - Resolves: rhbz#720688 - [RFE] return multiple server addresses to the Kerberos locator plugin- Resolves: rhbz#1402056 - [RFE] Make 2FA prompting configurable- Resolves: rhbz#1666819 - SSSD can trigger a NSS lookup when parsing the filter_users/groups lists on startup, this can block the startup- Resolves: rhbz#1645461 - Slow ldb search causes blocking during startup which might cause the registration to time out- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains / trusts- Resolves: rhbz#1671138 - User is unable to perform sudo as a user on IPA Server, even though `sudo -l` shows permissions to do so- Resolves: rhbz#1657806 - [RFE]: Optionally disable generating auto private groups for subdomains of an AD provider- Resolves: rhbz#1641131 - [RFE] Need an option in SSSD so that it will skip GPOs that have groupPolicyContainers, unreadable by SSSD. - Resolves: rhbz#1660874 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions [rhel-7]- Resolves: rhbz#1631656 - KCM: kinit: Matching credential not found while getting default ccache- Resolves: rhbz#1406678 - sssd service is starting before network service - Resolves: rhbz#1616853 - SSSD always boots in Offline mode- Resolves: rhbz#1658994 - Rebase SSSD to 1.16.x- Resolves: rhbz#1603311 - Enable generating user private groups only for users with uid == gid where gid does not correspond to a real LDAP group- Resolves: rhbz#1602172 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1622109 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1619706 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1593756 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: rhbz#1610667 - sssd_ssh leaks file descriptors when more than one certificate is converted into an SSH key - Resolves: rhbz#1583360 - The IPA selinux provider can return an error if SELinux is completely disabled- Resolves: rhbz#1602781 - Local users failed to login with same password- Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped- Resolves: rhbz#1522928 - sssd doesn't allow user with expired password- Resolves: rhbz#1607313 - When sssd is running as non-root user, the sudo pipe is created as sssd:sssd but then the private pipe ownership fails- Resolves: rhbz#1600822 - SSSD bails out saving desktop profiles in case an invalid profile is found- Resolves: rhbz#1582975 - The search filter for detecting POSIX attributes in global catalog is too broad and can cause a high load on the servers- Resolves: rhbz#1583725 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries - Resolves: rhbz#1416528 - sssd in cross realm trust configuration should be able to use AD KDCs from a client site defined in sssd.conf or a snippet - Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd- Resolves: rhbz#1590603 - EMBARGOED CVE-2018-10852 sssd: information leak from the sssd-sudo responder [rhel-7] - Resolves: rhbz#1450778 - Full information regarding priority of lookup of principal in keytab not in man page- Resolves: rhbz#1494690 - kdcinfo files are not created for subdomains of a directly joined AD client - Resolves: rhbz#1583343 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 - Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully - Resolves: rhbz#1509691 - Document how to change the regular expression for SSSD so that group names with an @-sign can be parsed- Related: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch- Resolves: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch - Resolves: rhbz#1523019 - Reset password with two factor authentication fails - Resolves: rhbz#1534749 - Requesting an AD user's private group and then the user itself returns an emty homedir - Resolves: rhbz#1537272 - SSH public key authentication keeps working after keys are removed from ID view - Resolves: rhbz#1537279 - Certificate is not removed from cache when it's removed from the override - Resolves: rhbz#1562025 - externalUser sudo attribute must be fully-qualified - Resolves: rhbz#1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily - Resolves: rhbz#1508530 - How should sudo behave without sudoHost attribute? - Resolves: rhbz#1546754 - The man page of sss_ssh_authorizedkeys can be enhanced to better explain how the keys are retrieved and how X.509 certificates can be used - Resolves: rhbz#1572790 - getgrgid/getpwuid fails in setups with multiple domains if the first domain uses mid_id/max_id - Resolves: rhbz#1561562 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal - Resolves: rhbz#1583251 - home dir disappear in sssd cache on the IPA master for AD users - Resolves: rhbz#1514061 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set - Resolves: rhbz#1571466 - Utilizing domain_resolution_order in sssd.conf breaks SELinux user map - Resolves: rhbz#1571526 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.- Resolves: rhbz#1547782 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process- Related: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1516266 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1503802 - Smartcard authentication fails if SSSD is offline and 'krb5_store_password_if_offline = True' - Resolves: rhbz#1385665 - Incorrect error code returned from krb5_child (updated) - Resolves: rhbz#1547234 - SSSD's GPO code ignores ad_site option - Resolves: rhbz#1459348 - extend sss-certmap man page regarding priority processing - Resolves: rhbz#1220767 - Group renaming issue when "id_provider = ldap" is set - Resolves: rhbz#1538555 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000]- Resolves: rhbz#1565774 - After updating to RHEL 7.5 failing to clear the sssd cache- Resolves: rhbz#1566782 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)svuk1.16.5-10.el7_9.51.16.5-10.el7_9.5libsss_ad.sogpo_childsssd-ad-1.16.5COPYINGsssd-ad.5.gzsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-ad-1.16.5//usr/share/man/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericcpioxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=93eb3bba93f9928451fc3dedb273c726131eb579, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=a4c917c979aa2e3bfff51725fa8117699fac408b, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)BBPRRRCRRRRRRRR RR@R)R:R-RRRRR,R/RR9RRRGR'R RRRRRRR@R0R7R>R?R&R RRR*RR/RRRG?P7zXZ !#,ka] b2u y-iSq_!5:D9*, dDY-V?V?zw5 WnM=\ WK7kq֐q8ۀ}%."ϥdGuʔo0; &_i d:8x*Zkh64A'.dD8c`518 NAiNw#BMƆaK~BNt1.+3'mD+n20gOdmy,g}4_ؿltV鼧6JU0y '00z&ߣQurjJ @,5n4~-2.F>-7+Y.EbXR@giO+QeG|9}~LشB g%{R ։Ad M8J n]|"RkŬ%O0 0*rFp{T7Yp!@%E jښo*:| K2h\q@?W$M{Hm8lɒQF<*8Р='o1>te` º9t{T;=!c]֙Q™s#rxz.yB%מ)*OaoǷw8%Ɉ.|p Uӯ ?=L0CE҄;to(`0 _ ]6Kdi%/uZ{k޽ﳓjmj8ֵ>7 (ɭf 50Y0NM5si;Бzrkb7 ?0Bm>O@$ۜoǠx>Qprɘ\T$e%iG"h1!p˅"bh͓aޚU[-ɽK4]r>4?n*q'fnJD 4fz/tʄvZM8Rp76ћPG@_3Nď<_d* bvhS+#~ #V]bd%oұ dm }5.;N7RzOJ*V>ۑqj_z:t#c"TcϹ) Lᦟ.RM !'fD?ѥy>ZXeS% -n8C|?+gOAhUQ@`7ܦAz QZ3*\QisÍ#[:aCk/9fJ6ɴa^Bwz_JAx0D'q|=wc߄SzHz3M V*j]f&+x X;k Szqfx:NA,CK&fRF]uUkp+HF[F(HARM/qީ#Eb>t;5;ઉ) TY]|QUE/ Z*2y0EUJ4! 좶KqRk C)3Z ъns) %얠A13a8YN?[Q[0T[R ơ^maf!K{Y=eЈW%BGp Ʃ౦@㐗f=6"RuZ߄eoYh+b(7Mg7Jr jF/ҽ=mOdɛ1ĻZcX;M*IɅ0SN~S/Ҳr楇 ϳ yqD]),0|i`b:"pZ*d=ur:6P}KXq[Nqa9&,PV=m[wO}Q"PHmL9]E%+QMߣiXj"yѰoa(/^ucRPjɒ2))/Γ]^Ed>U'L|.CduZӦҙRA$Ne;yI(DW%~4tM# ثSȪd~}v™aE"\/µ$ijz3!"qnpՊy2wACj*%PVBJ005sHtSڙ:=gcYi~ 8`%xG02Mz e#9wu9piB'q YD-bRf[FG[<ڠ+l8{"pүTҘKdy{]r4YՀzVYWI"PN3 RoY GC/m5PT:wѪRktt`ƴw!]9,?vH]5]یgsRO`@oo'6q!g 5mҔ>MK W|b :m08m͔ay^fWwN$hZ_R3ѫ `T0`^R]`}: |8AIEJPL{+p:Lp,^yUML&Pa'K.`{ɻ!z߼NɑEh}0so1~p^2#swa5jEE^Iv㩹a L-RJ{/;8ށ+[tAlөFU^8l3xnP5"w` h "9; '! BZՆ١ɢJ4hs,MXj?'T b H㜐F-uvȠma+-n?{{ 4G N߲Pv,oٟ|,]Dmjb{{ 3.vWB4mGJ D@I/JSw;ʹx2:W`阨?u_Cw=JRMHh8ˡcXnbUJF&bin,*,*dh$ɼ̏>MT=8Դrѝ@Kwj|4;*v"fxP: R`jMjTzB[%r\ x G8<>}՚HE{͌q{99ۅGV+F ?V 8 R(fWOrfgqZG(MzCArt7MP*U$|+%ƨ4 wrsJRrW&m#,r}EF9YzH汛]_71嫿ES` .GAG[>0l;kM) Y#̀:o[ݑ,dleCθ~9eG2C &fHG.xd*%.k@%fHZ<( V;J&fNaP~6;pO-Gj$Y=]H%f U亶{@4,-\&Etx'ԿW=FbV=tQڒ2ѡ 8;څ* 6IHwowa|)u'z{ p0P0Bz5]%–O+{u{*J|e7nH62&ӗ: wRj(I:UG9z2;z)8N!mw%>-94mO(/gZB>g*&Mՙ f `αt JrTndWPLI^A1.*w~aPu97. ΖXaZu=FS;st'b!ZίmB͐fsP1}V 5@2;f޽x @l D/v8VDx\z&+K:ό0]3该9yۈ9^BZz@٬l@^G >;vG3ύ2nl^4ɳ)~hx!5b4f!D`53sZFu>U{7²y޸߮3i%9udA㐠+Pq2ϋGm/j~X OWgj3O86l3;%3/s'}ʬR_1d[Q7+2S*(=cʜ v<#lf< ZSI!N>pL%'XM<%u %I[[%`o|I)g$!@yg)c,7Ͽ,Eד k6R2{h3z3E166˟nbhmk  2D䫋=E֘SE<0n ?IO2E= 3L~S0#~l FB3T#º|CGJɪ8e_ռOwR=b ڮo8l:V|5/uH7:7qb1g 30|^ ¾ rln`՟d| !rݡa>_I@:WMQY@=6_\?ZB'>sf- 220ΌZCKt9IPeGIFLxQ @1jSiY㼓0_o7~8 yC Zlg]O`Oκovr-̢ikj'K ;r ՑE_mw{)Thvba.?O)YI%{V>Ӑ ݭ/I=.+ ĎvSj,bxH"M= ̂B嫥ZP(Tr"y]r6gw !Slp~\a鴥g Ԑ8 2T$ӷ_d*] Μ/|@cnw3VJ{&*Uto◖1,qEv]<9ϟG&81 On_nsEPXWII_gL}`sL1rzaL﵀d31_{`֡maQ<֡-j*B ǡs,,ҒmAGݷB Lv$DQȭnT@Q '9ԃ]ډjbUrDEA*zi ODuCe7ZRIBG=aA߬w&"aѥF|wuarZ˿pU\da?1;:> }z&̐G3Ȃ%vkѾ*suiL|N6Vq)c äu>;*lwگ.YX[ZjLj~ Tkl3|n$" leQ!NzV94%ۏe`ɡI ZƝeV!%5\JN\Cg)Cp7|BN[  طZ<ȚF #HfɉRzb񨌿hE6}[@sO&0Gd>74VqTd 쒀ٚ`}:}?鼦o3Q[aachɮ@Q|A@;6?G%ncu*6x-3dM RX,јW2H(鱄OB2=XAr@Zq$4pE!|E`,{Ĉ.#e sB 0k G}6Z'{Muju1rt1k9gsg;H-%m2;z͌mFWecY7 ? $@FF ̆b/]䍙T8;WV/J.bډ <[ܬ5~jN(V= 0q dddnAآ;,)r5XK9'_T]ܽş]{FG6/|T>O\]+LQx#= Xv\ћU ˞(I]фP@&D#2/IZyuSۆ~Z.߷qN8lzDk ,p!g7R釭]&+Γv} 'jk_鐙7~ tRe!ֲRpt ^⺢\Om].ܘj b z%P_!#PNHP;PYhG콆5U]ځhn3d00tg@ ?q2i!Py P(E>5Pg{Fk̝LGy@'k,PFKYnEiÝe'tVX  w@Y%b%,o'l#츲W~l<ނpEVc^]Y"#M1TjJ(Gk@ 8/cYPvbv1J<-NJee0#ks!YmLX?O:IW pNvMX0oVN+bsP$ hQh nQ./EGbцw@04V5x2&DI0YN~ar00 W]̢=]yeȥB)5Pi*SrÏxEb棐DÒr̴gp$8W\& c ?m'F=]N#z+ʚ@W|n5nJ{d{g 0U7o Qg[n(s)CKI#e=B*\S*E3T@=B@gI)QkjG\أvaڳx|GDGOklmVjK_6V'"*EOϳs"[ٛ@4sV&+K l4g(IcH#+rmR?0řn#HZN]7//+JJBqUܙv =x*(q`:hY–h%^Xz8I%{Dx3oNF괟p~?Qa5z/{a]~qW Dubå#wd2K~cc6? \tbȃ4< EӇ\q=!@}#Qk-F{!:tQ*(?z8 7l$w#;F3k٠lPdLkrLvT/w Uճ[Ԯ;C׾!0l5D|VCbU_׾{cVMNeyd<_n>vX/V||?+('t2SC!*0ԘQֵ<_Q3yG#IIjD GG%_1R`=6E`jF?63 H?c«@ʎ2 $wg]0>8]7[!r68TFj(.N04FUTqSDp,gccǬ9ǒK!=)W]ʊWx/rJ.Ã.ԙ52ʯ?$n I,03Zs+?l?/m7xjsM7N7]X@@+E~&7VgB&>$8v9 JPMcadדbmlLʍYء&U?/`}=U\8HS9D!F0 [ 6Gv7+2>aF ރRiRv"м ?y:OjH gg`n_3GU-6@;34XuDdRL("e7CNCE,<!6q$g ?vU $ǭ86rC&_Z\sC(vڸNjVjIdaO&/4Fo&b|g`ZA vX;ONS 0Κjdž$sjP;p+DzF(O{`p֮hへke}( -f[wpFVĻe#V͓,7Ib ;މWѫ{7`[?BMȥ RZ*"o[ 5P[3kuKaycj=d3 ^BwW6bz|%YL.FBo^R1w9W}(񹵛#-IIN2}"*a vDH,79empB`& ?HbC,.KOoUBV6/Rr]D%2?ttSHʥW^Gr0AT1o-ΛYC{ Hf.P)7X64V6]9"a|cB̞rK"(=sz(aM+[>tUZq9'}Nr]34}mwy4TAkf;}ȫ uߔZŸ* : } +zcvڮAm6oժ͹Jo[|u @Q#z|2vIRPxو2[h(Ho|:vKN@'[Vyjs3rc_;\#ΧO.bX0?϶[ҽ=jh|vZ%7XUU:>.xܦwop jQէ|wI}ac[NM*'yD4<`%JeVK}YoՄisH ,Ck11[(=gՆ["Lbуj.\`F%L] (Yj# ]=/Px|`}ߵ;6-lOT~p ?36&~شxof_#|# \Rvǯ0a"d%"L`!zD7D*!=V"Vr1yi֒("͕2Kإ]ö{L,HPzQ+)bY3AP(IPXb c9(Л"5`3Mm;=Iz:4zp;.v{{a}pTr<)S'QR3\b[ q7γ^rU>>U`-2AމNX]ȼk_#ͮc7-oYVrmjQ~7b_Zm e&mww2y\d }N4UM*`3&x5*O`I*2/t!#e_sJJ88o5ԋBZ7odDVvg?VelK62GcMrdt5|-X7~ 8{n *pryNo` Rq?Ld z)nFY|$e`D\yHj:U4J޻9<55l4Ô'gsV`aj "1o4|2!0$w.S`6§U}뇋@BG%{M5aV K4] a ;rVDO%?1Qx5nTHNIrrC$ʽ ^3ڔ 6v&H ۶x1OlT($}q-ҌƆY\(5T flfo( r: zKw' Jg?pY:SX#q{4Ȕ4R]?AKN4^%V2^,8w{Ն{dh>8h#4_H2xg ghE(~׎VLh;@oZ1`&~zD˟ƻ+`1֜S6NW0Qq(ΐk\]jV2gz}T^TaDSd\A3|f]jmrt;#kyXTm64:, 0CeR%Xϻ_j.$/*~t|ttjߤ9aߙx垄!ޫ /jaY ct ]c]؆dT:Fc鮺Ȃ# }(|W.{cvdɶ)׏sWlb̰ޣ sv8B%%mq^'% V_ 4`ְ$ivj:.#TR)B>Ap0@,ͬ+ m7|-_ Ipeg90lS:Dz2OE@;cv#Lvv\8Фc%`ӳr&%s mcSfޱaZ @oJsCP@e\8cNgB uT%<َuvmo @6 3ԝ,+ݦzŴaQ{ UVF#ζ!XYaC-[--옲zp92zMCUYS}`;i?rlMJT;.[%߈t9z*g䑝nBn3M~{[cꆷ $cCXW.ѐyItjxˉ#,+1P،(&$mՔwKɨx?umpp .'!qL.,Mum" - r:T81=C)_-hz uG-?ͦP$ T%_=BF3o@O9;y(΢EngV/0DxaDoP9  ҭnpmYV;R5N^ hZ>5姐,&P'{Z7I=wDd](9.@RU-m" p<[ˏZ$^1h|hlQ8ptr:!& >᫙0mB|q2ƑB|ZB!c@yY̸x%{Dr\F2NU݉?f:,&#a^+[w/3 G/>j!n%Yŏq;}4NA!ݵP| D򁸡V;~/-8ї A+4-5 i& hk#jhPD bxK{pPi J7:cIX*& I]˔ ڑYGŏ Uk u,N6ti;[GY)(N% Xr ZjP})mu{JxĝDKyBD疦j'p+9}I9gbj᢬,] uw"g46"6@1t\M2A>3FU;}ig1F6k4GA{콢(2E,sA0rϾ=>j-"Z7梅DNa}:: /jV@CL֠b]^3Sǂ>mSva/Yh}M}T.g~2ɹUY*S(aSPy1Os.u ,FOf06Uiu62ڐʆ)mO 8/^j<jw#-ҊsEI/,CIАDpdKޭ;\v:;I>'/y o`D}& g_^u#51i-x fzK_>y9$uH)%\$GymUP :+j <(~w*=-()NPmbbN,h6P/v\!0iV7|#YQ%?XߎN9SuZ-ikwfGJ3{)QMhD+ZJq v+M!mȎ_{'S_:[@+fN1mG׼Yh8U c#қ6kjhrR3xIF K1bЏ; G7U+%wM/^G}IE K8zwUv\X,} +KpO_l4dG=X#OԀߔ C{c)ns[nZ]p^PSϺ݆}y}T`2aK>6X܋;;X LCۆ wdnOKaeG=~,/6]3%"(Bygx<` WfsRHSX]+x?oh3m/4kh9{y٤AdvbqL2*[`BhDe6ucf/J 008Ƭ+ilRN徙OƵ΅YjXmjì|>"rCdP܇ ?Qϖ>à<7|xƈzuDVlje"Ch̾(T,s aM ,ތX0~/hP5Q$HNDœW:cP|wWm}ܒm;gȴ m;sH~h}NpdOjEAQ~$f$_VGYAeѬWDVr  Ʊm8(IN”X'ƊL" 'lV xqA-(h+{&o2oӊȈ%O7S Ch&prj^[^Y::r?Q7 ˱I˃.o ~Y*>YO15vmxi 9ճ֤ v5 J4&x(pQ0ϯTQvW*$q[d(en(L34p@ܻ皺 bN+@̄P1rzLscV뱴~bk VU5IY+TN)Dc2ҙ$v>~i=-1/ /{+X3HW0@PP+F1".Brp2&S$֓2]eݡf5:AZKB^۪iS$Pg#_ls*_8qfC[W_K<JC{YtoW?Nhx5Evy I,(%টo{* .&3/6b''ԝA.=OWV`.ExR(ᲚXdKj:5,Xc5n8¼v>[2Iiި%p ~e.K2nfF r^\J'>pѫh<O 2V$jp1.ٚiK10T=r)~H2宊7-I#y:D虏 d3s&(G+To0PimA>d26z?uݺ7{hLIҐC! 0kx8 5Wl$HXO0rׯZ2;Vz k+.ޘL7[%AezYec*M6GlG1)  .盺{ӯz&0NZ֌F!rgT3k'K&a-ysV<vO^QZҫ&)?+`8Rwݾiv?R{9a˯ x4[d 5d La;F$b960|, љ>t" aka6]Cs ]U;'}-wd+VgTp Ceu= G$g [O k\|-{Mm&{m{M[+)̡!$j#BnfE aא(p%R7kERA]L.~4U2H4RC}(:-j޳7b 0 ?À 6|8ñBehxPcݪ'53+b}ADdzH݊k0,Q}:oij,Q:ǁi7f_pB|LWV ݤV`o`5,7 MaF4"M}Qp,'ed!prWjED3ܻ)M(uPbB>wc͔+tCMK8O=82^w| Uq'zز['NQjXi }vR5PլHDuuo?.r~], 3]rZh@pAҶ/e:Wbh,D79/BѶ eD zlh=”۱_Q*r1m%gM9.pjgSa<>:›H_gTx5{=$8 ͸E,o !ǻU9'#9;)lݶ|~ bA7e3TVtP%:- /#h;i(s_:gZs}`}`I^m?&tQ1F`ǬTEuZ-d,ŖcC'ryr=-߳(J5pqZ<ЦqU<M%Vyۙf %@) +[v5\)W(tDBomIICq0Z~H9s]Jr/~ NbuLNzT8H+J[VCkx.Ҥsi>]"gJdKy? Qp805"_eC@5_o\-i~KDVoeh3esؖ{g`vSJ{+tڱ+=|hd~p'6Py>t*G᠏0fmXwvUӭ grLje| YQӸ' c`! O;ym53Jm: mΣ-p[NZ3`+H`6tn-; 0nI85~gϭl)MT7hG}Z"s7z撻fqZ?j.\"GI|ga^[1w+%׆*>9T]e}qU[SO<i 732g@SqIn>~'Ǽ o s7Ct5P$ͩs6P_B-栉b{mXۢR-:Ba%Jhcy ]rπ'Xݼ<9']}ZIR[3Ic71<.ycooN. %b>,.LqzdaZJB[ja$o),:]\5 a(P9<#r uՒ> <÷o}k@>sNg8D:I@`+m9IٸXbCesv)%M[cvf0οH XhDRsA߶]hR@agtoa%#Ӭ@pa4UAX3wX#\G9rJۺܜB. :_/*zD-aO?)l[B~ox^124u $u_TU1(ؚq:wϝUSFŰY|(`?4 ]MɐahbCKsז_^4d݆\gTґ|w d  0j"7HAc0gˈ*#`HNBb]E$0p-{# PRo>@e7btL)Lb -lxǬB?dEvfA<O]Xè!7t( g F6'}hB[n AyI;U.q+430tuZm>3F۸\?dqc}&o;>\8xKA190!$ڙIE'ӄ;BHr ;Xm6!h&|B+q}OJeP @W,oTCK1f9^=ɩ @:[׉yW &~uyz^8R%#͸9J@ @՝e@%V E{]hD  ϬBV(_ |f)L [ϐp* -eBlvhӽ~9 XJy81@?sQ׆G\eɖ ACx¿1 9RJܔxC'NEs87/Ƶ"?#2tQjK3T<ϫg#ȯcTӂS=-N_>ĪxN{[Vo:YV}iJYES$],b?õͫM(л:ĸM.3&(y@p*b' ۵mҍ6 9|P-x{&{nl7]7]~U+}\m"#bҤl7૛Sz־';VgWTg_7 x}LM 0W o KV0am\ZBP*ېRNSV8 v]IlbK߷0jlJ!j|4"J󃏏ѻh4xi$Mw4XT"u .8%nc"Jc$X7C|q^!b9z Np oL1r1TH6{*`gl&nMs?j-j-n~h"\sJK>;,_w?4,T.qU[#^FuTf8]3e𹗝 ~PM݈.nó=y<΋¾e` ~E@lmo֢'&- Aб9w KaM#fױrf˚B󇿗]R`橎4l :&IEڝ J-΅A@wR3m1LڽGAbnG-3DSڸ_:[ | ;28/QSi]LxCw[}nfkAo;1f@aO>(`+Ԛ'XmJIdCבk<,/@8PS诊LgXeFY*;_#(hO]Y&YV3$>Y띗ϼ} ]h d<%G!/a7ۧ1 \.p! EA}g #ҀXOӕLn2vt"uT_c6N2{MQ7>DPQj 2x3TPLIš'qay9Iߕ<2ɥn"jl-h ڶ$.tgvg8ʅI>LDR}̷J&҇R}OXOWzء<_]~ǞDنcQv@dx/w7`1M܋5Q*=KԘv(\T\=a 2Q;淭cҟGIX_7alht<~,b osA1O'"mExh IJ [9)_`wd.f7jJY= h|xAƜy~5\i 2ܞpuUՎYT<0Z$ 0'.ZR YX=K Hd'~ ҋ5UT۔b Azt3GKЄP 7WoPUB(#. o vF( /~'K ]50xjRߗ&THvK%R*ב7Z. 1^ɓ Т1E RҢ$+ W_%H+ѓbrS)\Kڠ^w#k]|&LROÇu#*|xɍ'ħ2ֿj+I!.L!khhLੳ7S^w!3Η^|ŨwQ.ڸ e &:`vK7Vnƪ(;1H˽RqR`iK59`t!>0ٵݞyVs#1p`k |Y~վ@Q\5z1G b֨ݒ`gƵ bwv)bh0W)?19<Ҷz@orNJ9N gESQLlyc̆Dbw^P@64WU8J +Q 5eCvXq0J` ]GL I؉ ~pv ? fmGC eƉ^huP-kܕ~w19?RZgn"׾XV.o((hu*DMBKmߖ77QUʜliAa lW0c-iR\ZIĞhTg@WvlSE0/`)!$,4 Y0'<5#ȄWN(j-Fȩ3r:IsI-%.GF$䶒v+!FŶ}I8olHϦ.u7H=n#N=-g`1rtBq(CN*7nZ{D^XB3Ԅjʿ"#kWr#)eVWrQ\uΤ"UWhqtU$̈́w)?Z7Ӳ kEL4$~x޲Lql=9;ˊF\Pg>4 8j.eu|3&QEJ{j<%,^`53b'ej@G1vyb+_魰K3%5[cK4Gtm0;eqfCR\u  8?:5 vE] A،>ijp8;!v)8`[>Ru`X#u ǠŅ[qxfk;]剫y[ k͆Vx /7El/smUqS!v8$m㉕mjb{0q)f26 Q&{z!О%E}=r$TOR%lSK"eˀOt T]bξpU0Q>XlV'2S;~5GxOezL&c f\"nVp7}!(3!QQnAk Ig3FNGBe*wR GN VѼ} e5m܁&j)U({% `g+ ZUp\EaH+ "Q FvnԼ|F:# b0L /2^o!)-ܖDC_JtPfiƯ<hl-8?#VΩFu8 ꆼ1UHt>޺FPb$R|Km?hD%+3# pW]t0ByRGhD$͛u,̷]72 L]C=ستd $}{T0bjwiW+lq\Ka.ڿ+}Y/C%w3gJF6L0TZ:U%j/9WNlĴ,m}_w{0 uQ8xJcJS|ڳ$-Y:xJb*5({,ځ.sg؆pmbkA2KRI~̵S0e啾qkċ`_mf~QFqNhu xId_J$O+HN7Iv;) ?<:Zޯ&ӈ KOarY.mCXA,qUz|*$&qBAx9w]j^-Z{w,"L}RQFzRS jMC ˯W!c' ;sG2>k蔖=p:HNJsY, Ĵ3{>%qb i&J9 FOALAAvSR#XK3V443_#nFg#6'3\L0 dh{.9U},Q>.Utsq\SAkP8pdzf^9㦹+4Bzh8߱%*2r +F '3(4/w?FOjݚquh ?a-U> ހ Aq6xVcC]Co=V6odSVx10*!вAh{m"m~5atiƍgT:I p}t .2~Ce)%JFF|#;vK9%_w{RTuq1?]Nr Yd @$i֘X#wpȷ>IZqaPHZmi^+f7\(ː:7ք 굗v;3 ֪n筽ܟڿAiCE ;c;vnߙ&q%Ōc,͘X(^w ~xN?`S)_ծg\u:M~ lr5r$CAl̂Mr#LS6ٺa7my"D˜ob?MFMN=V8(KH"Nh~T 6LzI}ck؎  \)mX gU5s0{zHNCXϾfSل*XP{ķ@6'+FJ_+-- ;Gs*$KAv=m'_ !?ofq9'BAz q ,,NPȠd}.:gtea4Z.G>&Wڳ6jF-gm6oPŮrg5wܙ6Z+.mZٶqAXY F_]Ja=Jڕ^lAa 0sb?ӠJ6KW80U#8C+O4je:ZtM.-Y.uсŅJ~Jı̉Zd(7&0_Day̗{0`W,ZoZg K5\)4G␜v4x2~\AUky&)4UYg.e|SްujVj^UyRpQeg+~g „vy50_pheLQ#r8ԠWTsTB|XQޭh7Z-vI0t~ A_`2fS<lOyCsC6NBN3n D}zfae~'~t߈wg4U hrh$Ԝ\]0|fV3o[لy`j~{NM$%9 M[iv3à]q!'ch|j^)^5i,kB@)q;l}ғ؁L6#Kz"bZⴧEGIY,SaWk_V }RXѮEќ.Uy}v)/<'! kǏ /{tGqW+>4aڣc91O[Xtu-sHԋ`uWz&I)aсdxWQ 5O 2iI|e3M;>qAnƇad͸*2_#; !uՙo>0L%$A 䄾ф(ZR+G-Չ ݘbu Y%eEvr!(|{ ,, wkn%oRwa hIH"rĬr>~֚vę'^6\ JbJm,lRa7vQĦnRdc mVK=aYE|Þ3.Le;;k0mKоl U._A!d;9*5c}#ڳl<10XL'oͿEyQb$ Q61醇f.[ꒆ/X%d zN5D~Pwݘ‰ \b3tWw4g603y~P:͇UR9ԍ9H,owF঳ѺYCOiR}r$;'[mԁCqSS"hXP6^]},KI)XVo;wPFy:1εiyBz~CbU걀}`X;qllxU+4)FRDCP7*H*vFeY2d]{KXֿ|T d_#6!"'KcIM-~-Hz޼9pqeлQdo* ̛Pp d,:TE8nz4.o|`LH 37B ݎᶜI4WCM~;LQ9f$ѳAU44ʱ EK;xzmw߇.bD - ʀq2R@2V[BHN&MdURK/&T"G &` a>YDq|wƲc^u~BGZK `j۽e?CJ ިF*5]Y !1vy˧'r'4, 2o^xCr NAn 8.s~b H!Z}T (6^o0KC_%U%,73٤?U d% ũ5BIR IghJ't4uF^m? d"(Kgk;tX >Vߥb_Rm%= 4qΨe'QѸ>ɿHA4F6i{p}sem6魙 ]bq MDDz fvxLrQ`tS9 bmedp`ȩtQl`RyRW95IRaahu^V.ˈe! :"8#ŔG$嵗GM 2%H,EOƲxz쓒L,fӢ۴lo$B7F2=EŘZ{Cx3RyT>PËbqATy<\\J,7T^BKt\M#Z(WMND.:&~SdԒDzT\:^uuQ'f2h\Ѻ!LjCQu?i(ʔ]ٵk2Uv∸J ;L!+^0+emOCZbԼh|AyF'E4bl򊽤6!d"IAP-_LD5Kw'bl:LU6DWk݀<;R˽?YR ڙ<룲o+#v {UZ,_ɛ6F@!K^JD&N|K*?u}sql^Wr |Mѻ1Hz?cܦoh*X5sRU=%Ţeeb~Y]Fq㚘nQ/S`\R)=ֵ`(wArO6MZd=4 TD/n[=q*Fe *&Ya}ojzthdžTtWXwvID+yM8\{G^ҀMA8I)[7b`7 ι9Cڡ$Dž$sZ.f:RE+#:Ăj4&% z^%I"!K IŰuP.ۏ:]u|^àHR6+>tWE: ]n҅b$$.Ǧ.9`>*!{%`4+ c})fw$#ұ|w @R` w?81i8T[o E>'mN^:{zZ^( 6 )(ܶ0 cM`J%j8jTG|UK p*3R?)q;U{{B'-CX*';C`x%hS$hrQӪ8ĸ'ۂ_R~1ՠBKi6<##T1jv_ȋr%Q.ֈSŬ+Hhn2Y puF^}&zʲ)2:ˇ閪sÚ]Tdv훉xJNneyhYЄDL9^c87|t_d-xW;ս|u7Ejez،8P J'`ɦU./b#ݙ̅-/ߐBSmKr}]l9wuv s8O{A rϞR庿RLi>Z=Uc,ܾn APEEXlX_E$+v.@Q-bbZV\ g"7N%ް.NOT١fhdۃ֑7:voEF.E7'q$̈́SAīy$r.T phi/aqڛo"V"}ʂjN!ojb epZſBK;OPve=1Bڢ N!*3 <"s sK޿AydVxpL% 8)*7ĚER{Jyȅdu$3s6d_z#'A\,[;b-|g?.䜻5_CMx{?^(܉UYd8}x7`6n(Tį/|ݴhM+cszWUM'Q^f4}Ei%z1C-bRa++v9p/ɪ<XG89B;EK@Eܳ ]|)K7  ?Ӯ_6\2ǝ],%'+| 3w۳X1[CaPNY-,o>bf/qGE'TcӚ5XEn-&_ZaHz*6e -fRk}Wkc_cqd2]>G/ h4Q7%wwR۲XX~8YJw~sÊ}N7AnmLg4rN,OQMCDn-ݹTdv^apJ[e:F@M]4{9\UR+'WI߻nĒ%D`Yt0\!3dH \>䀬iO MÏyd*iךȦדmqf6:tJR U;e߯EZZPDv8`I5'I'61c{Zczf}~{o7Q e?'0MÏpO!4o%|&L)Zr=y9d. -Xk=݇7(>Ogu&`>ZOʼWA~ #9-yV#$nI~w8fi2{sXLl m\4޲ 0WPV.ݮs뮝R`坔GE.MjP#T+Tхwyz٭Rƞ 4:Kӽ> /iDдv҆N{u`O]ª%^շ,:MKa{ܡ+l,ljhM(q. s@O2MJ8[.G)Z֥7Vg( h;ϰ)3jmqM%nfg_?xדVn0zM(!i ,%pe$Zpw&"e\=@ďdhƓ9sևJyO '{3}3-7(ΤVt QK$|o:lW̑Da)k^5:T)$N{;b7Cuc -Oܹ[V iTp%ǨՑ +n2$2BYI[f:;#as@>T 0qKEˋv"TO;$^o(Cj6*B5!,eR-`4]@v//=` N)Nh}Qۼ'_))n{뺧eLG޸[t%Qڏ@qnZ \Z2U,,Ў?eN\W=#,6ŭqR )2 mN]$̜- s9քHu ؾw%>HT]"zd']L]3f9hu;%g?ôxV7 @7]d952kFx+c+I q}#eYElq4᝗HG\A #o0_Z## PǒF֐X.2&>'IwΨkU;[Lo |H0B[˴ar3&W :ڿѧmU]#@UBnNq򥕜aa}`NMl7 ,)@Ry\1n%m&I%FG2!W&hF4 tܐqC11#Z.͘V?6҄!f6v `C#򑘟~P7g.3;\$!˘PL҅um cCګV]` /;fT( ڹW0%e.ɜp_KtԆ_n ukI #=dxoտ ]z m9`Tbn1>+ݲ;r}ʯؽ0U +z4ܺ7;#l@"bM^}m:bUh|28^OL*wUiSHQe5$ }etA;`\ 䞕Pg$1-UR/Ѭ,e<.Ό #F sBڱ3_3|g2~Obߒt%1qTk٣!ƅ@ZpHJ1i.@ʡE<[:C"X; ;/{F Ue{cse]LH&<]n$m>ċtc(ޙwnӾfK[D{ 7ջ$ |K`gbOJsy8(*Gۏ݌Z*=%S#Yw` Σ*q?Z{fZR+*~{"@S]ykpDc~ic>l8fRߚrm1\J4|mT]\IWz[b!z2:}<k@Dl`cXa12AOtm$iqƏ vCH?d'̂ϣ4 TK}~7D*/1aM7տPqVtӉOQSWs$wR⸡VHZXQe.˼{0[1?kfmg=E>O>CzW9/4NEce*)ͣ Rlgڐ05\ȍCvh: &4]I1~|fmU'6݅y43eL=ˊD#ʎp fg!er.W[jIm:}:5g'`?h9] *1Э]O#\5X53 E[8w_An)2M޶?6.crrMϠ2-ɂVЪ7(ބfQ\=C#zDh'u7RR]kii (׶Xێ>TAy\L#K-<=iTbqn`@H ,\eW[SU L~j\B-etrmߪYEUSrw[%@t;![4N Nx+ZrC4Vg/D/`DG"]P"ݩL]9ۇ"ʷĘ=Ro"Ɍn'3"V8 A"âePq/[6USYP*L OVU<Ԙ[WUUj{;4^l}d-oA߀`hc =^>skDYmf'HQ e֓` ٪tCJ !\pP-WYp>1 )wHUqR}iOw^Z5KE@*:D3k ^E? cCy(D>Qﶍ lAԝ:.CQ_:r=q ,'[[-y(lcVMf,(x (`)z0SU20H^) OdklbmUW0?hFo 7Zev[8{be( .3%rHc)vE LEb.B$n}9jZ?J'`37{sɈLOcC+WDL% &> 5,!#͌4!U& &OJ@~eE4:|HĆ= BMO F[mؙ@j/IF}uqCsx͈khY, I -kn:wIt0XJiZVQz><[j C3Tɲ>JyQL=8\0CWAЍ0zW%z;,BSdZ滖N;kG#|",&ZO)iISǬ uĶ[pޱg#F$rK/Jv_1~:ƅ*[yO]f4jb1oUU )J20'Y?1 h'^ }Gh}pㆻ2@x끥S52S*.?pE\5є*xè'icې;*VzsFBZP#i2őUg8 "H6A ~IQ?7'2d\돳nR>φq )KɁG+8L( nW)- kp6?e5e—G,ΌLe̝MڟIVyz']FŒe, MR26̕EkiɱfZ -bWGSnאΒڳIOeڐ"`iG\{L Э86(P}3Kz;Z'AX2zZ=t3&nK饹tcn񨾧1>6)$gl U\ 7&e EL3YA e%?UfZ8͕>5k;3gf*xmt:"RZ֫X3 g\םTZ fBls"W=qFy Vĝ^I:b"D~kۜ9섭p~jvKfP^E* Bo2Y vA^0#_ vgֈtLּ׻2R>-;p-y#*4Q#M~= ޮU&8) m QxoZ4"!7\Nnc/*Y3Y+fTQmaji['8Q5ern:1FrKyN W_of-fBS*+KlDLGFV |j`. V"x),ge;dT~|w |UL?Ib=[<2&@. r)$Po }^c~xouodeplXv®bZ0[N(:6/SێD\sni:0c- LA<pQ7Svfh^9f1PhK򎳂y/8 zM \odXDt^fpw.D1Zކ.d3 aIBFfCѝO۟q>݀!}cX&>z+[con8msF% Cj;(*? ; 8yj(ҳ@n1AR 쪷0j\l?b^^o4O϶WUzsB 4r&{& Nbw3_#Q{i'̮yd uމwmФ n0l:V¤<;- re`>%{RWVu<ɶSPXhfA疥5 VB5^,P&w_+ʝPXفwuu<(ےup ;)bD'-N]'D|LӭcFDɶʳkvbۘ 7O&HME=)@b>=H [мT&jƫs4G}--rqƼ^T;lU0~#vEy[kSXᴳ#Fn^{|]|F:װXbn? nU 2&oߚ\cc )*Q uMFn:W lX!v7#k7bPo8}̫=Nů:>. ³A)k `!#mJ_R=q5F5IDW~ȣC;M&%߶Xv TsZ*'Z&4Djc)-x וL cĻu8W m&g>a ސ;@/ C|EMmW2gvkFS={8'Y8JmT8v S?0yj^JݾmwlƸHK@9 #{UH껄7YЂݍ(Ȯ8U[3 n38WOddDPڒ|f&=-3Oaa-01dSְGX z3oAر@ԊrIb=t+-Hy*/?Ԇv0#+5 FtiaE~ez"պ;Yl(Ö@HJFڠrT|]z+2? K!(FY<|abioWk]S差,OibI0%g]WweՒŤRT>PY]˴Z2浛jS T+pU5զq)W%HieM{T|Xt FuNgtX8@N@]k'VCBȀIf鯮(ܞ-uhϣ&v<3>|)g~А@FUG5'_&CZH)܇d d]T%4u=[]TY _K]K=(bF%a?m[g <8ӹ w4bpdr9kqST6B'-?=].\cYϼ@*1'sA#D~L9!S_T/`5Tms0뒊/|"kȳwJcH@J:!z]E! `Ge#K%ZljV?Hb&xfjh1?n?^I,\"(GUcdY, O[2cc@O4~zOy;:Lb˩6C rLpNq: $.$& ݑ~̖B1-I^Xžżj_ST@\LҰ S^P< JH@deSjkT6H-7Ι+c/!pIiԻ?,Qq1, M-Tږ2{]th,ЯT4Ua0P5Vinx _xX" %A쭣0G aWe|.яQxO侢0~}wQϵSq;B*dqE;&[<8;n ոӸB(cgBԑ>ԡ2z_}ۂ B%/kPt3OT + c-Zh(D$MXx~C|>9Mq$prw s$v!{0o6jIqׅ|į ]#݋OxY)yvY-V#˰F㼃[EUN|/ iļ+*Tz%3dorkǕ/銽$yB?KRRP{ɑ ,/9#7ő̽5ݵPS"N4:+|aM:` 鲈)A"^Ts{{լ Rp?Y;G/IN;h*$ )˟}h<􍿇sٶ0,<L4ܗ~}AbxѨ\el%OO30"  9;]^j lDQ$k^}b,KЕed7vVJ00kj׎3Gm 3Ti'Lx5\F:H4g ,0ޱL ;p+jZ;޿3sp0~=R)2ҫ32 WH2aU c!U$LeǤ|n9ZEzru쨿Z:}$2l,^7*# haUM~X?}h+/Y~+C1l H+duyH=2*m'#|6q/IF&$VU_ FeEQ0C'tt (nd(K%jK*NUWdܦ9\۸{zVJm7(/Qu>bkb `Hg=?ReNwfJ!X8Wĝ#fxi(Iǖ [#q>Y)x: GjqNd/4fL pw`6 |!LS3~JjFjnqaCceg*ފ|<%?,Jh0s6 pΚ"}$+ 0.ǵH`՘j1dƶNf{̍DLV*B",էHs钉]ZN8$Dζm׍l~3OE;iH8&0Xc0H3Z_ ,ulSH0|(3΃aI*yGXuUg߄7 ,)%,ʠP g^fl Z)ӥWIA`AVk HEB. bF6MTY8߰ `ѝ@8VZ旾 b!nT3A;fRM{W=6=0k-|Iw" Y A\o.+_y#Z)xv%ռŴ--=C2 mA꟤)dv~$McAAg8CKM(B00D1fg7Ӻ]{ iQzpM4ʸL~=< ֯P&j)1/y-7 >[r,yx^80}aV7z:BNtQ>4'-?ּ;SAs8g/L(Tvt.A݀TӢpOSHٔau]]-eGs y 9E @wo^A7$ha?2D LdyO4TԦ)xɃ\2IVzo tcd 7^$i#x>̭߫X7ec n.չW/vO5:FAi(\2Y4cH_so 83m@¿^+8Og7I<fS$M_K VO }6'CEw045\HCE_F,'뫔816EЃ$dK>Am4k%z ц5YY$JO *f τR۝Rj %N ?naGDp+EXUq/ +,dž=esyٱfqp-)s^hS_"yl⼨#/k<^"R(4#pSXA!@_x෋\:`q[!h77ٜ`w bf\\weOiew_SQ.9̝;êS*r0; BWHSŒ&܊Xf>֧N'(X ;.ZG!1Fz yX Le-q= }]d@vrv$S4"R*3R0#ƪsZ|tMh!s  ˖~fj[L6O.*K=5I)-!wYs @m'^:g. &O(r[DuLiDOM3ziȹ'fVm }蝃Q&st&#@B!#5Sp{$y#SM(SPGU 8&E^zjDZ8UA"G~Z~~w)E B{6<%0`n= p8TAdN~p$ebԿj?h#vOR5i8?ޑKTVJMKm.]Ox#z9hUOH#%R,S ᗶ/- RCz- 6f@w0H mG=mexjn-?=+#WU ExDtነAOEٸ62RIBC p_4J=$WK<O+#;شK]kKa^"ݳCp:KRv#/240R٢6ր ͔3ͲkHOѦb\!wcp@sZrbc5DUYq%{%gfhnI"SSy;CjR6K B;&b~SpHxp'bf@)4U ^IZ>;`*/O=2T{97QlkC=8 ZHܾJ~zvbb0?6DEw'nh0b80k߮mI12UGJ?qS'mFn+K$nO6-Bҁk3vx &\]߾36m{C+?זB@ZaDm;S4K&z{$`~P 1/660!F!.h4gsF31q6*J[1?nޝAx/2ϭ) QN& v)3EP}:AWW'BwE>P0J$שF2kqs{QM-x :xv9zưBR.`!ƌ-(Liޙ9Eprf,4g"pz M*U?w<!twDUXb 3|rؕ&Xy(OVD+4n t@O."ao6T24KUZ oꃗ[Y*t1cOJH:g`8_W*kyN CNi9_NJt)s\F\ _|"(x )J͗OVD)ϝS2;'%o F]EKSS`mS<5)yLzA!Ԉ{k)#Ym+;  Sī!@.D~\lQ9M91U- ;Q@z9til$E|A t<=Ӣ%uid'5M(\U(Jk)IҫҰ-$Oc8QBPs}Uz],4@gj&|| Djogɣm4yآ}ZFHgufޜH4e;|Y +fP QneW ܥK&$3_T t!Xu?1H5Kx$ߔm~KQb8%\y(B{"v X2F.y 8]G6L, TB4F6ꊌإRdo\t_r&,m4u%| Ul2r)ST@"ACֵce}r(7N`\ 8{K?^ }n&KReS~|*θq.S]{(TT4J=G F+R(h1i+ڻl&yI_hHlAXAk۩Wj̝JgT#rU٩L ^~na< 4QW 3 r ΗFF7mx:9*r3Е(GUdL_؋p Y?Vjl(* 0LmM1C+> iM|5w5~^l%8)7{WX3/I?R~@-El>I9C=FxS;(#RoϚjrK}q=c_Uף]<8+fwiM3Ju*ȼ.Q]‰ qrtLS#H3zLf6Q(9|JBM;''uwK/5~m]2z}"TM;E{X3nr`떐gGkt"@LƧ@Wcߡt2]zˬg8h d+!cQܿixo;|P gt(!%B04 ѹrE3-AKG#j'X.Ej>%7'Ln4NxtmBi33*29 , 4mzC=6f2'Q31eyp)a*=^^?b+NXCSiOTiߋÞ9 6E.NN.?FOrk$W(X}OP>3|xAKq -"|MY%5)R)dE$.Ug?O| C>Q+lb>0>>vL\BJBV%?=rH [2[@xZ2u2$<{+4:0-O'fE{gG6=q.3E9&ɸGϱ`qnS&&k 7?p{erlyG7mr%& (Ve$(MIa@.=a 9Rigq&'HIS-g]+&_H2~~27Ynt,=5KMˏ'N]Pl#cjLS{R5.e7/5,ʁU}F6f3cb S"Kb1m/Q!~[vMlM[2kڇǏ?mGYгbQyePL;*@ƱRۛ"_ZxvIuz|g$W.mJyJ }+ 0xzeJ Dp "?RQ'szlUy gD&n#cpi`y(;| #r(jQ6GocjV![P{6A(6ՅQɥk*w ep5R>xnR(şJ.eN38\|>6 s؟ qge{aE!гRC3ja kƿRMwul{% !I*fZ &9W%$DꏜjQ_Va0Ao6XS5Rue,t5ɭ+e5&#z9V6ngШЃDf_'a<~wvuM+Ῡ7o1H;|be3)VnM}l@ti*FRV+?Rv X<[DxDB4a$c?Q ]l8ylV@ܸ9ٳxE d*cPs͂t=羰sNs ѷId&J+|du&{EAv&oP啁=܆@Ms؏Œj܊ܡ:eYm Z~Uk~RI(ȤrSWb B :ׯ{?=R_A_"9dNDx̙@ ϭ:Ǘ4ZzMGg+}[)S LjTj}*A9Y&ZR]bT1ܶx")NfHm$ ycnkr\? ?щlHTDܚA0e}@G.q5+$"M?,0?~r *-n⸭xiP1a4+w[F퍐%bR܀@6]Ho;J9?V-y?JBA jG;~OixznFD(+H:ɅǃhNQo*{;:@%*w`Z3ZxӀnʘB`# 2+  {b 0҄ b5_ʣg;/X0lEFMS7F\9ܜ5~&JrS/؅ ЂqD5  ^kJuT'[x]NRwې@RdНdg ? tZ=ax5(W:g( t0I&#R W (`jnox#B)ʸDAd j8QtVfenU`Cl:;= ,??Rfo#(x"F^Ģy5qER&!5;WzO>yh!YR:h$l@]>v.@ 2C$֤+̉fh'HJAPԎ1dK}dߗn9l*PҢ(\zP^J&NE)`IR. 5񵸾佤}&:^;%?;F>W3 ΏQ*TT jSXUG.JӢ?;F+ FUgcm0TΦRF|ȀHLJLbx479/5*HwNHs9 *=؈jk;9[x; Z< :iY,ƙ}y--2blZlB6#KoXNR#W+ M[8 +ZƗU]X;|nQ$yVt-yusg@YWBחaLa[DfX K[*VqG4! `K|p/^* s$ak+ҭely-l~zV;i7Xu  T?`DO^DoJK]Ms[qZ]qy^]z# $~rOF80Ok$WPDZsRLH7z =S>̕**xzy΁ڗ/^Oi f{8lH{q1NFi~GO,i5\S5\cL, JB;{_/`hQ=&ϯML8qRW1;NT^edESK ^DH= iC0 bp}.JUkj˷4lP}E!C˄4Й̺ b!B|AQ]I~r+k.RJ[y4u@>_m_"@X݁T<`/tva4|ى }9}FZcP_ǻaR'P%M4BKcjD}vԇeҿuCӈv"TF^Hg3cނO*bt30yAuXa? Q?dwKN8ި!|M* Ҫ7}wB':.)TpK a:z ڣ3 ,Ѣ$S(3w)Y*)Ok kkYӴ cSn. ~E*a--$("$j 5sӊ)7!9cLq0MS0FYF;zQ? "?wZ׊BI;[ӕFS&,s}hlj#$ob[ym,;1!B_dxfI7d~3W0SƙzlΡ{,|w1ZP9VΈ!͊j~wQX.@iͼ!͑m(ñ;udBQ?0h\~I4 ^j:7O4V9L0]- EǺKD#EZ>=F.l"TzYh &sMX=)Fǎ_?Fc48Gִ|l[tIKJekzL{N Z,R3KH3&b8QTÂq?cљyQmwo&C~FjZޱ杓7RHaVÍh~!f:u yWڜ3Ǧ{}0Q=ʃWNsȄ㤋y 7 -S9S͎zg%^2ŠҟkG+m_߂'maA|{C j+j9j7XoBE6z1 A+W^^0l|U+@LSSC@NW ~A@Xb# R3z\/ ٙP6Z- ? O؉ŧj|QXߝ KgoHnǥ ~X(\0~s۴\Ҿ2%l^W@x[Bs>=(@S(Qm+MUBR)0؉d":Lj48?S gLhsJW ᥚRuP!&]֘e3K^%((Bͪ*Bݢ=@gT4wdM}V:Lka{Q Dç3hҝ1,agM y ӄ ֔GCw'(XȸCnd~|TԹ6G47n$KqZl¢ݖ[Cujtxa%$@ c$y,-=#I]y9\yhP_uJ՝([mZ6GHk- X&B =,xJE2gWĊRlP2)pZ =.lW/STa !Rُ|.8oM箕B%ey`(}tC59+j CTbc( ҙ`0< AFX[ ۆ73_{޴tYwreھo6d#7+B4^{bds OeTcy؟x`ʏm(=g^^vW ' <DՔ4@`|C"\bwJudLa4p@ vB?NX65E-Q͛g0;]Hqn.dmZ&oe~D |!_^HoW+Q}dܱ'#oo{sZ哂ׅat !ׁ9n*zgp3UzOX)Ig#Y]SSnH"_Apr)g!ިsprja4~&/4854 f]# 3jipFUM%{5LҍP '>ٲPnY-I9ORFHTh೺7dᗟtsI8qdzٸ\~dGw&:e_8Ag3jΰXHbxߠ_)=<Lٻgo&aCFgƸ"y^%/h(?Gqgsz^=}} A4902jX0oyvmhef/wlwbR|Εo[_A#1mW' (1 Ò̷> do-f9u) >?{ 'XEbhܺg2PԙܹfaX 6M1YwN6C8g7Bi_p\dYu_w0=?ޠ7.6˺XyFӱ# W;^>jp>feԎv+GuNRzf%Uh};{AZ9qIn~b}FNHN׍ڤp.;wpcw CKX bK~7PY,A4F{f&D%0N3ylRjDAT t]\(nSXcͺ?͈uv*ryA+۷zeb0Ȧr2 DxMtL֠V"tS#eykW.mxgN$_qNb(\fx_`S&q4u_䅥:$˲A,eU_ = Я|Kwc\@E]@lW=X.F XڣY͡RNQp>mx _LR#_.J;$1m{PmГJt{WKFC;2ԭp~ )Z@ K?2_ Hˏ {LwˍlSEP7,j]zq z2gNϛAHOlj!͊ oI|A̭AQ-/])M%F!8mgX(Ax8A;AqqJ$NA?J`/%7_ycE^G rF)Բqhӆ&2ih3wAN-AI_t;\#0(Ix#`(›eU‰!R' ԯt"msc~q˛"-j 5e$y03KOyĨjZ \ANK+Ыg;AKf2*lrE&'Wۍ)+ ^y#WD˸li#s%W`!<j<@րmb:R5hu]V!*JJV#ekA ta=\%#yşBYe=J<X{#ǗνS#OHD40O<۔->G*1ʱu43*t9]Sj`DhN["=mKZߺb8X^ kdA=Eh3Q7kPEZ'Z/U2:9e֮o?Vtҿ=b~ %;tsj]j@9oZ9 [\^y7T$AdM-`S·hMy5-'+ue*`IsC)Zs%JT2]sIodVUl ;V"%?1E+]VH" D WQ72H)y#VWR W^6]y(~7-7 &%r&8n'4  ]9D*O) %]sƪǁݻ43݌d)f!v~Km?1SE5D_ "͞¯m>ʒz()71ѣk{֥C~< RoYp-dEzET@WAi8FLhaqyfBcKqIz׸{T x:c+>6w‹bI\^ܢv5,)XrZR:_=EeIci.$Ql`x_Yѿa̲)yij^Xcj ]+E#V:*$,ӟոw-eʳuJ 6;ͣ~LoVE\ZqMѻ~ @8O 4+C b'DQ8<6t&= - ˲7_=: <0eQonr1-f`f@q-SMY=!T7nPVXh> c('`.g%N_[֥< (z:G,mڷF}m=ZUČJTqLU ,[EԹ$"'FE B~,Эz\dQz'tU1JzOC}d?QJC4ڇ5 \fuRNuܐU{ 941yebp6|E"Ss$_Q'p 8ӗ׸?FdܼdYl&|R<ڿ9g#5Ʒc^v]kL1ipLƮlZe`4V30tv@ē l~ҔKV].*~@Kْ"n5F"OrPF2=k/XediqUN\y7?V.ʍBP}o6%Lퟤ׎XK.mmv1cUvF~˷A6 WPn@¿Z4}m6kj`c(ẘx; t[lSe(c,⾘[ 5wqFy6z$"z{ +eHa LJp^"RkXB m@9!LSz}+҅ d~*?+z%}KpWBmvO!ԗ)p RhRv&|cIzU0JJ5>&kkեQ &eˉO',|}M A^4q n^!cSn||r}FK9K3ި5UCr_Kiysw >ҐR*%j㑉{fWYIJ}LKc"Vb޶*rv pE X-bY1- <_dJԌXTB !5LoFoe %Տam*$LLxesnCqppKޜdo ri{*ǥVx99Bݙi*n ;dp]D9}Z//<8xac W -Ͱ>ٟOWWM)xPp $𭌿C \n*)KV;W<'e'f&w[>rjt\ܖ1&@i[]qK?i}DהԁW.;sO ";O4"jU]PQuėG؂N㰑Ӥً{?W_|tz=&ن/Z+}q"J/{ݙ'r:S%zFBS|ДܶsjNĨc =UwI|j@'7{$_I ]i3y );zGEaoetC-KB\hJa_;[#̲%IٿTr5Vȯ\JMXoN. t+(GLV!Y>7ϗѼd`*HeL r2;m8f﹡6c=\㫼5(y5!I XO9u6xКWC_ܦO> tU VgZG:=lXd]j2cs_ybF~HѾPhj򍵮&0o~S+o봡,zh4սŎ[j2;?㛶-M$5Z BC>DH, ~NСVYoc,r5+$$=mڝ$l0=FVRӰZ58ԽDt8ɎSE|h?Mtɗx=ڊZMwn,k*]5 v>rL^Io] ;'ID'Br*Yt\+UX,'} FYAOEiU o7 ^<,LnןzR`k<%䍅J*>^B͏z0%m{+/Œ3/bcڮbFQ-eerxC}{yG5(CԒ6Yxy Ǭ.R2xvMimSW]a;+b,^{Rԓ5ꄱ$yV0!SSEYlGYgSA-ۨ6~<>g⪉!|4&K(vk ( V]q1}R6A]qٚj{ugKmOH8;>.EdLцGgb T/$?u/J6'a:>Rufيa (QkokHĔ.W#yWA~ʼnU%{}YI Zh/jm+T;*(Z7[4P&[m0J.5)k} Ϙs ,lӾqLj[)V""V걛/|~?JqT51$:S \S8&e獐2^WMZc+Sr.>"J¹ zLq+zԦ#1yuHYKPbQ(&+BMB NAW}jq\s{sǤT!5pm6o 57V:!a#OZfj8@SǭAɿqزҕVⳄ*mpvF!n &qWftC(wA|8<>4q P8qIjϳTd0erI eG;X"t'Ӡdn#g1cFd:lL1q0hu_pǖr;I5- :I{FN{Ot|R i` La{rP࢈2-5K@I  Il] Ƞb5xcT2D.չ;qׅ|*O~x=Scִ`T eQ,)dmٳ6!@rOiS'80ˊt'hXآp[؀ѻGTOI-n`6&k匩afn#T4`yPzjx_/*h' iY4ݼZSp,RPڥɕffNo4 ^0 i]҂D㺵2ſDr{Sz"T)own T>ד`Shvz,JpG9%f 7lYYT@}+Ts@V튞iFsWsw8Ò9)L X$gzG$TvWbrq'[4"$|L9 g'y#yz{5KkUry`Qq,9e<5.gL#1;J^<3 ;ƿtʞB&`hs`"V6XmAzՊL!{˲~ k* +6|x늲NՖd z|P'>܍X`r 1$~~k̞7[I]sƣtԁE3s@G<7TTO*=w Yljnb PWz-8:ĮaQ(`ӝ<%>ygǔjZ(2QPwMY/vөxeS Q S|NBC?fq@%I\h3 L'7ο%&yv U+BZWcҕeq(H·u~jO'YJ#IfBgJ>m.긡r<ӞrnˑyMed8v7D}\Ĥz_bˠIH {&%q[?ÝfdSRfex$Hyڕ6vA;diQbD-qM6OaeyS6:xfUH|Anf#ZxҒ&54m:C7cT3X,Kv@3,񇻞JG 6 <H96_jQ_w|TGti!Kz` [n*Ĥ _Z\ 6ۑf8YZt[b}[h%7&6Hٮ ܑIѿFzӱz=QrK !)P ؾk1 ΰ>EE0 [~[ Y0+G)9Z-BB[ݘ`gzlwkJ9VWJ@)00FK@*]?Dik]H$Lt\VF{VKRl 879kX<;Auſbo ioaQ,saLZYyZU,SFd"_ rM||5bsjAtqLI\pƱSb4D%f*_'v/ `hɱ,f_XӛCm%-tQ"JߚO#"Q&/|v.m 1KYD䱾 ޑ&Zi+r @:02I$U9'[hqobĤ)Xu`t* xjٰrkfR0AJ^ Dy7\Ζ '0_ {?MI}3@G/Q @`6߯OIn3k7/#JnLk肴کbT3]7L;d~.ͬKY裠͑E@UՆO+ G@>(1K>$;/]G Cv3Q[H]tM 8u)V7GU y,*ͬC1ZUG!!ڪ"aw#Vne92%_jB61zSRaiT q4mXrkwPAZX"䚻'b7R@u(5ӳA>aX6z{^ɻ|Y j >}1+b֛#Sŗ0aF yr\'0+IGQs6%>峀9垸̎ _uUp0<,(Ep.,lHӧx<<(؞!BZ5ޓ=_ЭXɀ+nЂzr08Z c$ymГ8~1[U~ f/@4>+mǐ'FBkxUrF Kȅޭr_ 6WV|RE34Q~8hee`C҇_ GW^ mI{~C ;ccz)JjxPI3?"a V_lXm&-kU8?͹ORŝmǍ:jk8 DEFԹ1j|7g=Ҙ\gtDl {oye]dAbҪz 3#~8Kca?CKJ;䷧A%= ϰ%v_ώ?vP*//Ś׭;3 [6T2w\r]a+iҳ$qoNXZ˯ԝ QGAjbDk#=uY zlz1z ڐ'{F DZ)REjkvUa]ʛ9ZHܟp`[V$W;0'y}Td7lT vt2i.~m[Ȯi9.pc{ 7ݴ@<E)lx3`B7S'W|tMvK eHOM#!#ư&-<4{Դ|H6M U ZEįŬ81h4vz 9&셗eARbӪt|Tî2*߉h4]ɰ@W+{gPKf3N4(idwkp#:udᜤL<!nί0F-eRͅ fXг(ܿ$1[ZWhc.Cn"->9SQIb=)JX@|Ɓ$DhC-5MBAP½@R۳([.̵ bٍ`\*+a.P{:k0&_֪ ]7=3cV'xEԡwkvԹ.!ܖǧo 9#9H>9Pd}ji 4IYulgo㗜] >4Է&>XQD,r;``w#8u.JBR8/aǏ::71;9R-l"+VcTA%9>i]do3~VhI"{Ye3.:uw}G;*A4}'m w 1K b4 iq$AIZ}ѡdz(]dzcÝg{BW|KW]*내%D3ZQ88ghW=h!D_T&WuEYA 1.?A8+ӅCQ=yЕa!qL7LP,v}|mJГ2< ]=)<5))n~ (!f r |nUM;:ýދoQ4ܺI%s]bX@x9hk'{so $WBa+v)}R˰ ^iHLKMm,{\[$x@88yKG:>$Kvg/FdLGIRrDZwk9wx /PX pv/YUbDvP f2SO{XOdrД_P{ςvk$SfrF/˪ +-fֈ )7f'W I{^˝}PLRIm4 K[0 +?KУSzҥSF57Y߹Aw)r9@jtCpm3G:tcH>&n(ݰןYeb4O|~5@GqQ  q-Ju9MByDϱiR](=^l[i"cLE3XVl<_nCܑU֧դ3b3g{u[l= ibIm6N˪zP?'ux)Y1JKKfrp㔓sRC}efO{1^*$/z60a+ 2͛` 7"ʶz*ζikeL2>[r`ԉWRQў5Ƌ1Ǚ.%} j݀u@޲& 3#j83rl<i3<"QymI:{VoH7[k-sdtW]ZL!R2*F4J ,n4OVʍ]aБ5’X_K kZ *>8wgl}nľ7DJ3cE 06Oݚa)֘dt۸)n9[@t (=!]>פm1޾kf»|*Un ߞQAŐm7  #c0"CcYH>sc}Fw).Ռ֌I-PɄ^G.q;ŕg%Y7 i) /`qn=3}NBgpuu*iK^$ *EߎL,q8MY@*J@-Bef?~|=H>y ;5ժr|yғ\9}RƱKk)O7]h}Y*(1I!P"(dOjW]B$57Ŝ5w:?K,^{Ԅǃ},nr>ېRrw7AԓsA\ Uڷg S9Hl:uvGj- tܳsz)Ϭ;TfMa*-8@0%i5Lh6`1s1X_cr 3/uu:߮y.΍\C) $ئX?(!5bZ̎Hg+qA?'iRrhuċ?3Q`5Q_ZGn)uR33Ci4H9kV:tĭ$G3 c>.WO( dj[W1ֵ^3i,Hu̙u %'dCS ԓo XXm*w-AO!/eC2J徑Y$YJ&]F_$/nUȻ 4\;'{J h!WdV]+R,WHJ$ <ߢS05VbXӍ@Y})=gasC\|/@?–)\t$nrAJB<x/4"T툺[.NW|RETl :sw^wf8J KHB2pPSsCkjsITs_2;T(;)HsJ?]E V5*M?.$&G _S\̫.~YiM-s PM\{3`I Kh4P#0ضl!H „zD9r.0b{C֌Eƃ/ 7 w@0~ ߀4G%QY|#-Ia6LI': 00~sΑ|ݩU[> v*\L㦀-/\%7a+e ^+o< NӍMA<؏wHE¶>pZNј[*aPN>417x:)Q;8Mu8z(n\f%M&\BJ-H/3L=pδY;Oѕsy &p6w$u1[_@YGW9a)CP-1_0"Eg,\rZTi`,g1{V6T>:qoFN\.R oLw bEٳj kDOvO9\1xSWv :gT˽{] iWlQw6ɬNc` 2NL%y;: rj'.'6/c(+LTU$8fjiA:t#Q+qM<)6Y`Nޝy@aJ&on QpѴ@?:S)WF."ŏV%{}% HYο'<~XCצX1/R{M>})7~Q5)`Ԛ>BPX@ Z/CC_re&:E'kS_ JG>%R)4ä#ӑ\Lcd(Zj|)"/K~ff;_+A-~pZ0HWO*Ɠ;Xސ ߳v1evX6ZbwZS?E2hD\糋4/ƶFnL/`h^vl9ӯ-y)ʒJ0v}O)!ugV K FHhE_JgclHRڽ0 *63 v{#E&UU8F%-.a c331nBe ; ZI;_p;cc_q&;<4}+BTӽvfnv%3sFmR3; $(ێ} ar*_C>TdA.0Z0VTzLx7: v,$R- zgrIȱN#㻎,lh f~?fc'E@9fGSw ԡbL8~QϲJXeDGklp.(z=)]m4iOy%mWo2#ڿYFMwZ .jى`:yh]dRag]0w;&:*YD 6z? aw#euT SNZݏmEVq-,xBO&a6 ƍN,# eFɰf?UW|UTv=-5iRZFl$Z`Kϛc:y&P0#U_ ؓӋ%ٹdgIWܘ7Tb2162SeMojGa\CҮԧ:Ύؙ|ڴxJI7* KbI}lKq镵@٭=?R^Z%VqmWc0ߚHm5tF9bV,zJX8/DfnQ5`U8/NN3"5N(WM>$"[pDCI"XND=j}P3n9՝{2= 6WllهzC6'nƘTH7:>+C֛Ym14_~GM7(}i#_ MB=ۅNbh#3,Iفs0U0dL2 oLAI Ȩ5|4UW W5wys >z}hhWgҫ$7shqOCm" Y|yO7 h@>QSo#KuVhJIh} }FA jCp{%z[zQ,$(L2OyY(?&S~4>eVѲˋYl uL]K+t5vQw;&CG l4/Jm  8`mPǾ'1^yoQ RN9ZGy&.^`?\Ys|Y0!JGP?wvV۵o3˻Vԭf1?UCvs":ZF4Cz9b.ıˀ}wbiiQ 'Mf =NY<@ؤ&6k9wJMM]BBQ {M+SKj1td%Zxor[ MccE`^mC#q%tnF a) tO0ks%K)k@]ȩO#v*J #}l?-g tԇ疎egP=L+;c5X97,[^DrDc!sr&T͠sBM'%)]lpp*@w AVy,}3O88z;zfyN O3PE)6xwJ&)UlR&!8 ;F@h䡕R돔ǾLƕ)(It^a]}V Qtg2JN;py?~܇`8H⸨ϱlm8-Ů^`?^>Z(_zzLu{NlM\5I$;#p3[unժF@+&_a5ZFcfF)/0|2ČO=Ԍx?vJm.EZ3;{aL+5? UX&uY_Ύ<b2LG3UtBf2bbW HJ@4ln*\)Z|og7/X|iybW.1WC{u!|-Vc.IT |rҠ/./ ,ބb~_V%uGNxUovH؟lsßȢmxry$w@YNC?uF%,X,$x !~}.,\"O)]j[eo0AO?OXp7oB¨AʖaO$c {Aʼn|VoVz`Ƹ'r(8/Vp:]'SזѾ$&]>f0q@ꠗhb7RiUQdB9ˎb`d¸x?`Cw od=Asm[Gds zLq:6oNX^H%M 4,LG 2:GR'\h mS@CG .#{Ib"zʃ-HJ8T]{XN[M65+v@ll~sޱ ~0Z; 6ϟ{U|eniN:I_\9gՄդ~0~-#(͢3Y;bAeZPSzh0Xrh:z EԆv} 4U'ʂFwC4Ug$kʛX}JƢǗk;dZ襲 X s|^ǹ[(߯ =^wjY60kyȠ%BH<V06&^4fNZ^# ^NL*kzcqTf5|.V|{\]e=3k~x1iDB/AB/iХǂirtxf#(NQr`@5ʵ#mAfD3+!nA PS6IB`"E,9GJE3\UmJmr7oxgIӞqƃeSll[/S+ -D &KR[ָ|Ik=9y/Q!~F#?xU<5?Q8K1A ]m^?*@x30%͞UR +UiGA2g0tC~z^5-ZC-xNs-8"-OR297܆[HBz%rg=Bf[O) U/!圗"ɡrI)aX+JMY)i~.3Xau⭡rbpPDh0CO+ARb𹅳ExyKcR0^caSsKXGF=ECA=G[A@KhGt;Oi`Qt>Y~ ^T7o.x_TCsrX )lܘ @Pkv|HX"Pg,G2fꎯ P=QbeW9g^Gҷ@pzܞ-Y~rj3vݽK/*-ն.g X9R<5%)}Coɣ$U<b`EꯅwOQ %ӣ0@/j:t8d@,UUk#C@X#M^8K Ŗ]_>ӕ4kH*1'z8B|H>Q=3ē\}3} CoF"]?FpKW13V6PX:c˻<”BD][L} ! 4,+`H ޕE]ڂ' 4%_ ±Oy5srwd)>vv]X# _6Usx@x+Zu"yR)I.әNlG5k#a$El;jIʳ;1z(hޤ=\<^\߈WRax6Pr?ԫDWI,#-t#>1`Yk1?Ԩ `*S8Sz%V;܏MvBV TjJ B\e)qaDunvN * ꛍ۠$s$BwegaABo);pezPZ+8Y>eB8Oqjbʻ*Mܖ8v%*휉 췔|_12濘/ }/1=MPG"/%Z NqLf  vޡ5v=#M\7ggs/)_v=cƜlA`Ek,f@ A]shl_MRpd؉^^*|ՊW96caw="T4r]eҁu j~ݠ?mmWLJkD.|Lk+.&>_'^\Uu&AR*]8M6ܘbh;=ŋwPдG4m5Vm6#]pUR TK;rA5sALD`TveMt&>@\$DIdkE@Τ@D{V 1Zu/v&\JI3˕[lNiY ?t瞬v\>Lأ>?ty#B~0a`옅@?EmgUo{-HT>wpMG%;[+?x .g!|`/Z͚**!]l.PCfLu&^5W`y-ekĶs` }\Z㕲2jLD8k>G(l %#,hWeĒJZKro?g_ܿNi:._!Y7NgTQPwFRuņ6V\{ LW[7'FqL_h%Blv`Nk'h{CxT| SE;ile0(<`10샛|UB{`*3q֨"u?0[@h_&^x.5TwEWn(5< NE4~+،!e5dߏʏW6y}vv[/>.-~}IgAuR^]a3u1`$eG4rXl Zc񅬬'[/c[$5Ӷ 2 G48뱘_q`jVȷP:.$rӽw|H3HCg-f]>kVKP?2DSmQvݛ#zD1΂T*߰+oAWtġP?,XE. Yw]܈Kw;QRU:JP O~$$aC`GK\4\iOg+Nzd,AA0_<̀]eht8OS;aAX.RCgL.Dss$AF>$LmVJ}g+Uf Q-mO4hT㸾fҫE(9|1cƥWi'DW$fx٘ )b; ( .xPqGc}c@A%;Z%$AFoKgtzTȯ>ΑB{ $b/# 0Y/֒ ;5&=CB<퀖785AYopzFR6~ *hkPZNgOQ/E/wl\9e\ȀQZd Ҟ%N0hJL<M2tU:J!]qPԹU~M.V iNVQF5`幞=Bb)8?}CVtFX)`=6zފv2Y:HLBǨ>5` JzdmaޒCntԵ$I;Cpj#Ghs7K@]$.Rj̴S$@Jkfw0Ks?P69 2s8[^)#D+}ǒf#F$|d=kDzXM@%$!wogCU 4la2)s_[:b%ZMp } NL`\V( 8!Ĥ}:DL [a71zFf`=P3T.N\rGQaL`̫JB8\9Mkc (SRqRtm~vE:J5x)xF9rDD x-,׺5.J9p,$*P}1_=\sCs>gݠppV4ÔY")\B]:l:+jnQ?q8ݕ~L_)Pw\@|LTAp&0ðyeBEǛ6ߴq2 "sd)qHiM_YAK\^E^ A3Wt.ܔc2[V>,i ,.iGBa)vbCRrJYܣ@=dc#.USxȴ/}C9cԌ+xIwHݲS򪃤3R{JHTS]HVk uADg%u/pu|;8z Gf 7'GȠVw9l˱h>A~MQ11rsS M5jK`D;E %SX P0~1f٧5h&O$?] {NU1b n:b bVe|;vhJ$L;Yx-[(de}rSIȷtXQ<ƈ9"I:j]P/m]Sj~:[>aWY ^U9cm$ͥ!,udŊFҮ 7"/&&AD+Z*js>?%n@ ܫT]6xo;O =J6NyŨ>̴sL5ID/ >Gzܜu)C׉wJP_I[@Sv(C4oawxMRXhM?~ωLOl߮nc0; Mט2X^p\0VLPV>~~"TJδؓ\yj=]w<&7%EV05"2DhN~wTG-"`gS#3W\|XyL`!.,*qDOv%o:.|ldRKI' ؄@y9\|phE{sڣƻu0cpo~ªHaOyn.c/Qw*w*FD 6+r(C$fxcȈg7Q!Y0 Yp4(Z3n;2JQ Q ls=ƪgcX)Iӛ+]8&w%k jV\#V?.}zdD|7 xk}OBEK}跪]W=;#meBze4GcP8WҙQ:kr@1-V]J/;uS:w_ /|QfȪ -&>ySB l]ՆH0С.Ac `*[SGpZYVMGHx)׷lBdt˟ k~~>Κ 9k'#bHXK>t&jwJjI-hZPQ}=sV,) W;3]7Э@J`)m 3 @{+|C1[9,w Hx 1И1Ay؛j0d~arFPq¬96tmh+2.oHr@2xzr~p PsBy+(0.5 )幈r"y{̕j}%\ Pǟ8ZuE<|ÆL{Oh3*T,:0H,X+S=Obo޿_29t+#.Bj#VwsY' 4=Af"AkB?R,#@Ôfd-ڄ(B\p֌x%J dڮح!cSdx祣+;='VZDRg%yǨ۪0PڨP.kv.pn&1SGCl.DUM{]˟#@O\SyETl#\ٱNg[АZc SbԂH ë1mus8RgU*UĘVt7 u2ᒠd,CXNA5;6] W82k )(bIǞfwc@n}k!tW*/Viq|fN ͫ )lu]hm,%e|0g.;^ t͉?DnBh q,)3 lg9wUe:0_n4>w˚$z;UִҤppTr| 6kjO$$IdZs3 q_C*S|EX}jPǤU4SkMȭص(0AjӡVo2BśfM ګEuGJc.G_RӶBW"1Qi=h<ӡÐ9ԘG6QQqX*%9QLX,RsYqr$*R ,k'vnR?T b"8v5҉$W!#M?o_~JǔsVL3pB·=,_e^p742VFxB3GJ4t[gwpm"蜧=J: ߝC%x֚|ai՟ޖdq  Gy֨rN"\*t44~Z.vetiAj@7'Y}XvECVFw}l=>;RO[y7nvmAįa{رb+N*|}F ڳ?zg$HRoxkGc!QhhKNxz[<t~"Ϗq~uEپ[aQsxGFV1\ىr 55-W.^"3ا?_8ԔMHov[o%X9)߂3L6Yudz+teԙ١kw^p++*r\kg7ui\`SSwÐ:-"[G_}t%B~cjatRvqEEqW=[A>mscyz! =J赝Xަ6-?v xv 5NJ@?ѯVUϘtsr1^L,At@?CXbJTLw eӧ(Z*^nY'^WW|L~3) ༼ ΍4֒*.Wr'0˔ V7ƵA^Eݍ'}'_8_0~ʵ%sibQ1ӟsk@NLO׾ 2<*J@2_/`q+ەʆ8?hȶ<zh m2N[o?ǵb3R^ !'ShЯ9$}|")کnMMTxDŽ!_&e vd-fp`g’OąN䃡<8@|"|{Ï*z.k:ӐERJbteIf=%Uwmv8{l=w˕iy%s@\-ubi$1@CGlݜC G tRQORkV っi @oΤBGd^i<*؏Mk xyȦ2[ P1% KLP]ɩX,VG'@kZ0ק6!<iteg2Cjqxi t^|PlQ*`QvNxT`4{bzH3WDfkw_\^qltjvsd 4u2iۊI3bFʽf5Ըq1i1zt.̧ߪ:"$Ńzn0^.Y(̭F}sz;]r坊ݫHmbʘRƲU]W݈ sV#Ar|kfx@JQvbz -s/u4w0w"-:[(Gy ^R2r]esaG4)ȍC]#{< rk7J8\3Z7Й+ Vo!g|bsU#ZKj(vhPl0+%w2;>|K?@m߃hCKAFeS^f%vY :ۮa>QcxzbRIyg]}a8C I:;[gY>ש@ٔBi!jU~>bGh\JC*foo|Mqu46ܭfKo@VbZMP (dUӟQH2A<'[ۮj(ZshXIZaJ9dZtxJNK-l`1j !jV$Jhc4Ǧ}Aa¡m$Q|GX B ɞtm#atLYz[Tb#p8wR,Ghs{z42iNC]]8Dϝ^^=Pyv4s֭k0 5=.jԚFg%˕MrǏQ̂l&=gs+A/R#hn:XcXE U]$2;VG#X&B vHnG*L( RSv92\45_&_ʅG 틆o|x䡆tN)9_=f8lgvJ뢶J+!Fgg|>b?nikչ9*ws͔uB,xP<!KLy "DŽ6>"2?hxoq7MP(o{itS&<ӌ|w0$Fy2OYC?@iyk t6gPрqwM3ߟSW+0\UgVu{/˫p>r~?x  ~ >PtV>.@.mM<&+cà[;U/,*l ia7Q9eM:9ig&Z7X.iJkk(!/N8su: SM3){HSF@{0<#9 +wZaɀ)`Ő |MU{lQ_wnm836) i0SQ)R6jWTXtʈ;g/j326S=sd|H7۩_#a 6=G}$k7 dȁWm>a3WYBd=O,g6?ElY;ol}BTf7jDE%ҹRՄcy-jS}~IXƦ_']qnN5iΝ}L^e ri]5VSoDZKp.px椲ABa8} vle%A0͢6 %䲂DiBkS\ojk[p~Z^ζ!ÍjY w$e#l}-_Ddgy.R54{+&˸}zYdUiUilpsL&LK,0Kp%E:=_a C ]8jHe>1N@B{Ԫ?1[D5sP>!+3{f?U7FT94!5%usgq-/F uHqy>}Me>4\(7^ #f(儔ȏ^bNyC g3 qxt"0͇U+p._X' jC=}O;\M1{y&zF'GDЩ9N U߀Aq0l%~˭̹|t0B}D*\w(sXbc cU{gqz I-?IC 8+yI?-Ut}(JXkp&в,蝑p8f+;1mhv6+I$ TBwan`b<:?NC:~J0 vxJnQ!aWKYh-AH95hy }+]~,!˵TÐ,rÀ]83L n@W$B\aq|>P)moڈr;fV6y4/{0Qs#j~!R2tBT黃JгCd!])n-Xif'a]HZ~n*!f|ϪBk3"7C{}͕@qMai<c?p3.T. $<9.٣P,U#hJ2RS'{qWfwpˆT2nǶ%ƈ?Up@i:{ b"H b-(ͭ fYRH5H{ӹJ:}Xv⹇t^ghMB]T*OѿKM`JqoWB);fm EAK&+q*Pԓ=AI_)8J`|7v Ncٓ̑O>@iE{1~6TlC?VY LXJvDؑ(%"t&;Q:WHF1}f9JsTo e1R& G}sHqa:A (fs ie[ #IwhyH\y8,/Qy+;OʅNJiMě a,E)k^L {P$n2K˄<(2~%GޞD/?nnwlVl̤mBCCA:%(>܊]Z)ۉCv;;ˈu 5oQKDH5Ai3%KԊ8 (|LΜTό`hβ;ػs9!b%rU2R}xJ.>f *p +qFk+c#9\XO#2H(XoJc2c75)<5Ѝ>  D ^5&~v{)Eㆹ uv KOv!5qݍ4p?سii(;qqyɝCR٣Rzt-m osu*? ָKr-՚)(#YE=) 5E] )l[--[VNZL{51nhk iԡ;xkN;dstkM>5ouAq\WIaoCjYZ=uٹp,7n-5y-o!OyrXHDsaORfN] ̞V 6J%(.iJ@JES\lF⒛&7c"?UK( e~$Աr +uOO?q|,R"mz )3B2MD9şOE;5;6&-ř0q7B8]^zP~F2F`D|ARiZMI/_} y0~!w4dHA6dF>; I+PIpGb3=(T*%x5ʰIZ}.]Ř34"[Ӵ 3@ Q2Ame-+.}TĺH,T>+~nnxVj3i|E`5OmD,i^Fosx@Թ**+#*墖q͍ӌ 88Kxt.?^˜pظr l_Q¬€˴WRpQ|AtĺoI.Wo[Vhmǜ^jQqPl=&nS|SJYI Xr!hߨ&=P7 ݆5jVKLF7|6KO|5x~f6IBbKp=%uLrpYXZ|T\6d3=2$odEn׼'@×9ܾq4E_ū@yM=dbj6ƽg+ {xLٹ\_hTNx!07 #[zV˛vcн~2n;ފbfTICXcJA+Hz25܎[]8#gSJ*p06d*o7Tӆ1ԽyD8PfυXR ձ5jzߣok?4IX=e9h[*KHS{=9[bij*rNl4QZ,4ʹ^R豲ZMZ+[Ahu`b^ZX zte[ͼފ;S ;(rE:T9uV&cau"pOi#]nQ;Tt#w_<xNcH1T AnIK.>6(,4Acna~atHx%&b ~}K`oO6Z3=$KI g/xgá4?k)3{*hp@pEVT}z]ӜphEC"koc@C{I#-_|6$xBUglߑgfAqߺ<YF9+!%7~˝aG+LJI7N*̰AAqPY>4Z> 鹕n< Ӧ%aQE+@Nh'kv{,SeB4|c/ytl|԰5J(y4' Uܛd5 A[^:nFyGtA^Fl{g! XM+:hcNjHӬr(ObzhA./{5.T(z[\w<ɝײ/'NpQ֦fjHVu @]ؚ4>}lU=n;Ps!5uIP_PhB +aK\pf|^5)o#ƚ`qL 0s{K8ld6Xk|u׻l< m"#nv#ܽ]oc1bI 1P`,}Un|l㲑Qj B]P@XV(;)ѥf;Fq*iQVN܈NXK : B E_Cgq_AtY")K*DVZp0o%hfuWs 䄶zsDfK(n' + L6(n-l0c$T*_ԪJ90%̣S-8g':+JK82  ѡNH~D'v(cmԕ.t8,7gVhoH@vn466/Ġ lYb/Fq[A|RSIxyӋC V$הѕ|fojSTL`E”Hؓ+/:L0z*ޯMQΑV!-[[w |ĎwRtPcTIx4@|5.h7п>p,;nb %9ם# Pmv;5ó UGtt#qG<ˇ*eE6.8{C.,0JY(!\nWpr^C9^-(o n gLGET)sC~dd'Sʱ*mֻihfOϙոYhdBtaAyL_?cU-/aJf{*V@m5U )P rxc oo 01M9`RÅϦ.S/0y2x7 6˯rF)յe1te'poI!r)\HYxa鹓yHhEW>r[>;9G ϖj c S65"-| 4``mOM)Ja&<.U`rv^.P9wEᒞ|MHv\euS.Qn$Efa]kQKdT}rtkRCBcC_v^hXr0*EoLO)71)e ;ksP J^J^e^pF$;mU!"$Z=#]<(.fװ>!*^MvUO4!DQ-#hl n)sSjbeo#VqܛxUyiq?mhfajsw ?vD&[c.^ٿѹѮ?^Ti+oClga mG[lN(U&մBUi\՟f  x-_rp'&-Jғ\ C=eokp{m9Upj_9;ոtӏ2S޲(m!>ʜ8TU%1w ړH35Wh|"okUq7HKx?BKHτ6IxWg=?V(jaI\$I]TכWVG32eox>;݅Poz.Z$ۤj>vWdhG.t wŊN(0DmF3mO0OH*-޸g-1 UdeiB}cj?"NcX9C^~8AhiwmC~YF˓CREBK+̰emrBZJ{h3׭KNm,j*H`l9J*K6jdO֎kЀG#oYN?AFݔcޫQY)H,PHe? ophXtK՚(_XkD9*lM1ZQqGz^\x+/_{s+})hnUEv6,/ޭ+HJ\1~9JZL`m5P1C?vʫ]w2 obNXcr&JsK2?jK3W?&g#\ ɳ7 8Äfϯ|ьͭiCX;J]5CZXvT*Ұk>}[4D7:nb-Yr1/U_ugN\&#*]yn%sG{>c]B,56/,8x j}^/*s0K\[v#Μ /oM,c]p81X:8fiƐv:Vt:-j^!kmbul1jNe3H23<9ʣw# L[AY"֙}Lhܡ 2"oXEo.ex_G 9Př_qu^=.E,=B)gRD<[!;nO3F;at}u3؜mk̔h#Ū?pSj@ΪMf!W}9Eݫa67A4T+EVzU+xm^u|Eٕa*TEZW-kjVYk`fTZK%w_S|YFP^?KVq |ʦ#A'TapQVHN3?,t ~P@meWTDn.<\gرxJ3@Ӓ)@o6p۟oOP~BTW&mY@':*j]_X,,"]'?&=vӍca- zovG 8 ?gk~Mn/eBRE :ccEFׅeG,%2Ec*y(<̉ƣ3}\? &ɠXsxZBy\S55sC`R["FrfzsDrƱ U K@PLZ:(:30FTtS#<>#ɚ{O<_Om賢~ڟS ?:WRlB~r dp!ON.oVU٠k}ZcZ;iDŽ\#vNȞ~K:eJ0vSEq*&c:oj4Ψ ~>dM8++Z^٬0/z*!#\$ux1N-1>/={&[.?\و*<$cƯ?I$#dZ#?igإs[ T>4 IWK$ukm {x>.TykeFejxx6H؅Q"L9$%DPn]#nly c(E]'U\ݠD0 So^"f6>vt`U\E:c~i qUE>+a܏e.UԈMC )!/1Gf_SpRخ=K5eFk̲3Kym{EfŮMU$\XDsWK}+\:]˭xd!]톧1]ZCJ ᜧ(/c;#nϭg6/&ڑZujzmm>(`vJD2 _nY? 7!0u+P*, l9ЎLGVBnVc[?6 H^#VǃV뼡4Q{r0Ťo {!Ћ Oηj+=I]iFۀE>BeFc@؎8ሆ {_ҋ]Ҝ8F>W_1+n wHxtbrL|h!rn9*Ƿ PD&PRcEmE֪ؤ% F<ʝ9.!wkjn^/IOJ:ošuj[tѪiz^i/I (ť6c~lÕOf Տs>51"y[' 0s`rdqT&Al><*w~o^t.:S[LpdMZ+zu!폏3vji{t{cj^ږ/ߔt=wW:Pobh>z8@p3駀$p6j%sW%y^2][ש0B'?C ʂ"fX8S=udpW_]qCZb@;x2G[}ףѴcW#q/kؚ! pb;U xYw%s*wɜ|c7c^-q-pa)C2S#UJpA]9Ɣ^9bjb#qAbCTI< bP}5Tܒ9Jj+3HAd~*(Kp Ibi]ݚ6fjS# Q'3ty6{[NTZA q\݁r؁c)BO7~{tc̚rrmV<Ȓ2KBYVMkV L* P %La[ f f˷|^?XU>ͫ TIYiNRjGViƠp>P&O[Yb邏i;; +,R3x.Ln/TS-7̡ ne1ŗ&񲻹]0`m9?q&Im˧Q upLD=z- E'*>6 ѴSKxVOe;wϡ"7^RNGBK%*Po rA4WՄ#FnSH 04 Lmpnr\zIxZJr/R[)yٱYOśǬB!bfK9[DVOA);gde6-ݺ&ޝDAd3aR]#Qu6C\$fmPy#>K/ qaKP)aq;a2 M>f7>coEƴ;"J3 -A@Y\2<Ԕ |zlP{JATl]6H^#] 9Zᦋ#q̈́j  ?!mB}Tѹ& DJ6,p$@~sDz.Wl{B&.,\c_L2Hv 5|(THqM+`טbO.WE o{MBƛzK`rDٮ CxK_@%'r"܁}C}BHڿue큔Į:/7'||!=_ ..Bh4}MNix)#U@KHRYfѕbV`NPMJzjX>>&4P b{XB9:*Z bZVW#%ʩH,V yC^CR' ګ/oص+AӘBI$@#@r^؃yТ~óAjYz?Ϫ ŘkԤPeH-cVNF+jC׀֠x36Z{~XXw}& GX 6$d%kf 5R\yI{+P? :ql"m.^;%DdSƱ>GT𜤠ҕ Keq>uhe'w=EdЧmJA$Z#g7tf&ccX\v f:Hk8DzlKX43ՙP)5/p5'iFOz(l1PI>p6Cz {n5,.K嫜 ?;zW!rm/$Cn^gQJ>0<ݶ xBasMT/6,/$VƩ_)[;]㡛p%F] bף WxR (і&R=΋pnjzSPYOr8.4!C7XOckRκN=B?yI$0~rNZ:rdqiJ<r9( "mM2 7`i/~-'KJ9B'VڡGj?Đ_<6bV1aXa*j)0G qG98 φXy>K_~>5^=Z5AyG0E6m^C|Dl5REG8KrJ ^,|E1N' X u7e5+fUqaӄ0SJDڝtrJI^cg7oAȑnF*').WsnL Xăտ.oi4Q,hWVwy3f+rz+ɾݢ`pLgvgU)Pud1\1}kMf[t408] @CQAmQDk@?3A𘂈5ש͈VC\WΕ'&7'Y$ iy 88ae8sgf _'CoRL_g6g̤ݒXɕ HuiSP襑W#G zωz̈/k2BDr=N (+R"buc"&iV ܙ;r̆M_T]  u$=4"KB_D`O@<g8bWLjtp@r}j+"hKGap_ѣwK<aV浅i33s̺p` ykpϏ:#ykmv"%נ\K\Âİr z2o8ԓs(3_ ]h )ƾV)Fg='?oZOh 6i l#6k?< ;y"S cap9}aFV̳rЙ'vCSv ACt-難uKA F;a:DG):tjN)lM*RU&bU7"wÖM;(V.58a"i)oK y,nY}wpý5cyQōpUS '܅C;UyXv |>UmvC~=pv3nQ>Z:)SoRkOffh`ЃE H@f` 2MYy֥;= |g?)dHp:`jqithNDXyMO7D6wX>腜vBltU?+:8jC[_L `{^_VߎA4C3 8@C0/@x4y_~:GWb8$T#rO&ꚻ[5\`w45"'|5 |N*O v3 S@Bpȫ;o-Tv ' IWSzED΄g^=ڃ.I"+$fMۑڒʯY[Vg!f Aa?\; N )焅%M ?6kyP, VdOS\փ p ݤٯO_T-[?96Pɪt!m䜕;XՋvRb>S sڃY`".a,ܟN ĥqDU͊Bc= +\9ƬP؏wH~VxWI.g/Pv7(%C.o1e\C,heC90d:Q'ˈԟU!GS!Gx.b0|f?&es PmI%4 !JHrrQBJ G,Ҹ^ۚ{.?i#@dp?ڰ; x⊿H#\QnKMpȇ8O;ٿ"0CqWS<\뫖lf'/d+Xt7sϪe =\h+'c$Mbr2E;U#Z]6ӿ5&&,Ӽ5nޯ|6~@'G@ҞEkԷrZ@5mĠ< ՊR*eVŢa<)U=u4֐,'Ȍ5Hv$#q2fO %hs۬xu/8= 195ODo4=?@B?RqI=@ܩs)8)dH~F1GS@*|TDz]ZO/KoxJyʼZ,1&P&yrP6b90%l"󼇣8\ӂV q:X|7{hH~ڂ֧Nm0#`r[a[ w :\y3Kto! U?":RQ?YWq Y%UkX_vN4[vWwKұ $|SܽGRj|=q"xrGRn3%cL_Q)XW,5'nTϑdS8/DtcRɑջhyCn¤?9!QGu4K}:fN@b j#ıHHЩ|fӘI ]J WHR$Q0n.ɸi`r+ZsoT2?%p}m# ̾ƅm^8mx/]20|It_y?{,j(ˆqEl8ynZS۴%=ՠtJyt?z!\xQ fz䥐2/rO˒%ӯH.u9wD[\?/#_,qA'h]]a4Ɯݾؽ[QM/?,FJg Lo0ͧ^hڰ<<}m>;lA(2|7#,'_aqhe૗` Y}/}IRF6ԼW =aD `j<هtbHީ7>4)͈)ف;w 잺Z!e%p%% Mo2uxk}/^U=5݌՜ݰk~Uv1o8<Ա- ӕЫ>Sr-}W51W,SץC;qFd 1)yZa ]L<ұ5#;:ĭ/=EuUWmG9-NJxo@t*!C D{벃dD|qZ3;2CKDOFl޳Irs~xOM9E؋Fܶԥfu 6P1h$ޙf1 U1n?ar-2~raHx6Uh@%;S?xA,dm& \{ #r:#ឧ;]l0D%&"X,A5X!H DʤM!]g~f׷:Dzh<ރ]Lk2m_tb[5pFMGvU$L}_n30G_i[n.MbdIT7v;܃0q`c{qr!oLb))ET?#&@٢McX;D@kܕ7 ~o1Zf>^adgM+<\)j=Fw"lsRP ,rvScuˊ![ޖp?n8~|ON*=4ķOߛBLmHO5۷MMԳfC$sTВ GE; S䐗Kɿ-~ arKΖҩVUM5'  bK-`?< [Kn ~ëDL_Z68y,ǧiNCyT=xi$cGVl;|$2pOϴ8tg0T8M -ᬚ:|&F<ţYK)^j20vzfF G⩱hJ8E*/-*5bU*cVX^J {J5M53ƿʕew,.\k/Gz^{J\Qa5EuRe HJӂB0?Z/>}5_ t-B>x!;TL2k(gU^ٖÍu` '<F J'm&h7#Hȥi>A i)xyW]K13~.3 NRÈQÌ+c@FtK*(ZbZ䬋QTv!Sy(:T'Db HpTm(o/ tXleh)bͼN:@B@H.GOC@ '{ &*I7vY@;UʡO&^zE'!IaPqX? z@=e8N$raCEw}_C =+VgJdNN$u 4|CK@8/)xmgݶ1 ٲ\cXF:[z[7r-~ ei!֕Bڽ4m tvs,arWR=MPY=#rL!: oܝGl<9NILk&-r"£R:A<4"FQHZW`4B"esZpLT~b.梔5[fR4:?bdp=nئ82]| ϼ_i QE?(gfT/CB dR!M"1E%ʮ4EM+}϶>omթxkE.ꇰRqgTz=k*//rF+D1 D}#ꄑP$18U./jL$!R\? pܝi7FUr)7֯eMDDw--p~p6m=8cKAM]7 OڭMx{\! Y#ѐ ?-b;X8aF*ԡSo m(v8ӧ| -3hho 6ۤSˬOsVxnb+x]!6럇3RV8`y:gE]lNsixSܸj_˷G!b\kMVQGћHU~x+4i|_P͛4|hpf!֝<Ϲaam-Z%=ODX7/8vC.DRX8݌߷y3*ٿ%\ReV:O^+Y MQX'=BfޟyD5w)R46 %]A6_%/#@Q{? R֫jK0=XN &qJvTq d^.cC;02V:n 4kyV1w@%5J8 '짻5M+xjO$bh'ddX7YۅAfaCy-}_2&;DQ=FK;QAvoUm<>6, ظ掛Uz$gH̡.8*d *QA* =*bg#"_+bWWyV)Gj[Ü"2(?4E^7w/c"fN ' d-aUAJig\Mh)N7QV3RL4~Wjq4תg$򅉙207{ ֠Nm oLG(Ȗ-i4k-74+noϋ*(-4++wiqXn*>C"lIIqG\W4]L,Z@ړ%NE;t}o>$+ԇ@N{oz^XeCcxtg\}I@w0)NtSG/c j?E8+ D$q6v Cr.BNPEL ZQox^O4?%s/NGPFak[At:b@S;uW.^Dw*P Kחcn\cTMc;u v!upǣ2tWU[6c}چ+ۑ`?+i%TrRSOu<ȴGP:d䧎zpUGkM̵2ߙ2KZ3s?XO~"sHX۹Tȶbg>Dkء{|)?KpU"B̫RxSox]OP;lU z#u:iUA2 // 0["jZ/a*Lay9$V{|~E+FB ^ҟڻ(H 5Lɫ]+daRUf9aX0Vʸ;^5eW`FzAqs5*bZ&W3U0jf  >1Ӹ43Mu~)AYxdCt1@43:Ndܲp'O^RyPEzfoD7ԛa]ϭ?uH 3/⹇s/Ý`PksVQ YiԨǸ8#O>' hq:r>ˤ\Uha-`q|jxe@(1WIEo8Zy vua}j9eG䶥9Jʷ*G6P)9jgBF*9mL=ϯawa]~M-:?x sJna*]U5=%zSNS&V^ǚqR5Ġ +ܑt1$x&csij7T,/UD$UC0p ]d?ֈA:ZX7!x+WGU;m~؍7Lc¯RrWƯݔz4@ߎyZnrgU^Jc'Ty|ۓ %v3La8,9b[Owf)#~ ab!&,ۅ S r϶+bhK v"HBW% 63GF+dfPRID6ɸ= Zk zlԚK'᧱N1Bo PyaHf8X&0uz}(RGP*U SuoC7u=T!~&$Wеqے׬ںSܾt6ő* o%-k2'uRdWN Lo֓WQo{ U7YlCSit./%O`]¢ a"eqT}7SSΦn%NjSOH/$+|578MR3EoXJ}.bgXZ }YƖ.{^#XzB`"]`@ U*ɡGyd pMsZM}?gd<0$ Xww&{;z *[$ 4dTmcKdSEoIOVJ_e@E>ePF1[#JM;d?Z@,\\@v43#[Bө[i0 iU~1-"8[_ 3Gj7=/~s*/}&8yQUCYOvC?j CүpŽknzZGwoZԒ@2ydiC'igoG/oؐdo{nNe m Åː >-ez&e^zSbTpv B0ÀSQhZ4nIV\58Ks9EA z4޺Y* ?$Be-1K=pb%< bMf2pC7qn0,.X=S%T~0N0KHVh.r ;)p8@X!0#" פ\):׻aQ] L'sa[.ϰmak: :N~pSz"ԑ߇Ov+/>JJ_x0zC"Og%o^Gz]x.5`|mE80~_TIFSa/%4>`,XeݰN~Oad%ĉHxdcZu'U=}Y2I Z:LAB?1*,5¯ؒrӯO{ /~zޕ[(* 6ii"9;@务7i4sD{/<&x" w!px[™e(c8O!r r"u87al߃do%-*@e!l-A 7|2!Ni*3I(!otD\(-d6NH&)fFS-"e Y[lݍ%mMNmݖE7rm6#2D?1{>>Sv|#Er @Wk EnE{Bf*X#E]&˺yM>+K44AKg5&g89j89 `XbNuz_~I^p{K7el3ŊRݾ/ ~%q9?)bp(_7MVيZE&+sͨ¨\^׎tk]<\zz4Ԓ!K+({ aO6f{̉_6u@ɻimByַ`W~ 8vpwYM _27|ljs>}b:(x5f:/̱Ԕ.`͢]CᦳfF$~܍n bhE?|L f$?#k⢰Onɯ-EjpfSMg^W*Kdm`b <'2McO`q=)~/RE1/ʛdso, ,52\n,+Hl̡'k^B!K]qEM l&vk){%WDULVbtپ[3rX[]y%|`0E}NP%h rS \O%]ǛY=Vtߚ!C'm<ʜcyu U_tIݡ  tۗ8d&P-Ew84dA*j8HNϳ̈zaYSd<!axKrJe9zF(+)Ls}s斴݉ߒEE3,~X/q'CR_P,O~lyLER|GDlPxxnc*YS]rmj2.ث\?@$/厽~F }Ӂ=@yՆ?J/pȳhepha8z,Pj̜MnEzO{f.GaVI/܁MёOK5B_R@R[h)ԗ2v{`jK$퟉P9 8h2[Z#l߯_ȈPH== 8"X],Ba^A/\LFO`KϤau׫} qK8X O6pJPa_ %X6) I rHE5k@UTԭ CnpP2q.hGѬr&s7gbZ~ذcf+$sKI1p?Z):e4/MH\X ZE-}09>}8m׌ 6y 0˟(lmEľ\(ĉv8 k8iKq\vJHD=@Z49.w,y&< )8 }a\=fF6bז~E:O )B&dϾVi۳Z-Cjoyɚ{xYzF98QCűάԹ͔o\'41ܗ2k^$rPu_^J1 OGaHٓ{L3iNJ)jֽ5is[)rM&_W9,C6Hڝ-Ц2Fik]eP~PGpJJ0sN`~~ZArVąN=Kba"0Yiq^ZTgWk`|Rl=fp 4A1~eNjnYsYi*gP JV}A#.uRK!'Sg[0ӶԸ[ 3ԇo0Psw}J?Qզ[o N.!S@{[`f^=L6+'>pL} 2HO!m^Lt]f"5yP1~p ~2T\h鄲rMgaHˠ.~s޿z:&c ϐBS,Nn=sݷ``UGˆnhukHt5wgZ7RtSBR& "/1&Mξ)ynU?s#ӡ JSxӻ VFM/5DuTtnXNJ;iW3MHQܥi:b"J$RqY\YlcSň;JޏUUFcrRp28$]xSPvܜ);[7P̉4RO@ᅣ Uhu~PZsL9_*gݴ~W$) 'R yC@ś $J03P## bqiֆ#R8']V>w֠'i1E^љGqsTݭE]jU2Y-hODm ύޱFIڙ241[y32uK>/2v}?(lgJ`!>r혾HN#:u(:ipiF,E %o}E?[ ݀iml043 V )vC-zjvjeWsw-xPY;xG<=!Dcr%TBC!Eш$~.=`hk%!mr5wied`+eNNJfNam L`'XLޡ*׷(V>;+-{.<E1\%q( ȕ;PMh=ؗ٠g^G+nġ fR AaD@ - x a! k gPӊT ߕ"`AcGFQ$nuvlZZFE\%]K](j)[y4par\)ZL_^|9ݞ{Ͽkc`|!p8<7#m]~H,NlU1 ,0 +P'JMXk :ׇ֕e*,!jPݺ);~%%cTicQi6vxV]gb` Y@ cQ܎ohWFLh:,[Ʋ9z#jՏ=! <j]dړ6[ZK r"_T ni>bN./}Ϭgb*QEɸCd-,YfgMty]l@,f*c:kAh߆ؘv(q}e>z}MYAS$Ni# Wz'卶 #wrRܲbDa=gS yj2XF;XkrhԅyjXtC>4X˲ӱVd~ v!Hw <`{$\+$a0f8('3v˔NsyH'S슎},م۹UέHpɽ0(dyيí뜲u@_:4/=~x$NL2V%ᴏgޛ5a<9# ɠT|Q._g5xѦq]=UL=>_ T1ڛ!RV;]{-t17U9Z8LW#ug*7nLm`JYOӲ N:UjG\۠C t^ny|KһGB5<> Wm{)~gi7UykQ2Hcvo]SkllwyUO~K܀-s+W:G7␟[fXDLH)N-o!@hR|?FTE摺-ZՋ?A|  -(9w ÍB܄^«=!Mmpvx$U*[Ԕv 'M5~M#+,$nR |DwtPejO57:OspZnt"^BQL3jqNrG^#ꮼ0+k/P퍅H!3Oꞑ;鳺_ngKo"al0\?Iۮ/.i3\&0Dr"S3Pd;dM1ݵ.L8GU"J'rww ro}> z3µ$teU ?{Zh1ềf{w v1uR%N) $1s|JGIHE sMo>Ɂ bk?M_5?`~9uΗWvqM$ Ogp4\a Sߑs!x?A|ߢSJhp3E)pqp(w)8ݱCe@֋ȖvX.AD#զc7LŹ|8SF!^ $ɔ Li<.Hy`Wlsd{ZASRmpNo>*bSg{W 6 jƣFBKѾe(흊>8ޒPiQ4mk796twc9F>" 9ӌ{$2J"_Ll (8by4B4k ZJsx'zb8o>UXM8Z0^Ie!-}A5({}'\v~ʢg L2ֆ >^oD)x)/nF@JhSyu&iIIl5Cj H *\-yѣ^A  QutĚ'ġiSV/ >p;WaΤʣqbVY]:5i'C2~]"6gq!?0I˦z_@?OWȳ 2 KgGS$d}4 S?ٻrUu|:{רx ^#+NXE-=PD9SR;ǾwMJ߄ۣq?=[xiE3Oo[!617A.&*/sv@BK3NrģM:3w2Gle٫I|93"M7FY.R{ݳʠ'%8ΝQ c{l4X,VBQ7@19x56u* *,_LlW" q2Zp G6H[JtS*a)BJ0&Z CH8{[ "14{P ,}MĊ̐fAYw :?=/?/|t6'.Cw^̛3a W/G/hf|A#$pPouPbco#djS6#uD5QW\,9ԁ'wH.}9"ON&+09GB"]A:N+UAbfaRbn$/8b t`Xa"MHԨ [R*R5˪.C6!ΘK`qtX:c**+6Ӝc.뛮.ٯ㭳95Xg6[:3iTyp"A90i4ҀMȀe&]`<2J 6M8b9LIE.G;Bz{xvP%a0Φ`рJRglQ^ynpl 'rʢ(0̬gr W@ rJ "D`C!H:,G<_paIk.nP] ތ\[ȯ.סي*c9GB!.,S A)!`LQ2)iO"?0r>>-:T{٠b+T8S踺Fi<0uq|]H]fq&};J>G9򃮖(Т  vV_v:}Ъ|e>xg;TR4>`bpv0͂9"#gb4'*a)_{qNӌ)Grk1;4& :Tpr,s/V ]cvZ8#.YY>z/rJ>0v|5`W(cLوK-"uvc7E8]$#/ߋ6vh)cW+8VX(nXm[ /xɤסj+#mj՟5`bC2 ٴ!&7s8 5sB D EAz"ڙ x*ƺt[Kh8N2X^*|%5?+ܐw7ذY:MM暲KE&*gS\q˳_ߌ_oL%fsЀʜY`s[. >["cP5Fv BIСL'vHFFzPck>A:cLRq 66xw@qK"nȈ !/'YRZmp} - =imdnthgC3Q4_[|Fwe$\պYcPWຐ%WprZO*Y*_3Fs(Apy"/NVn 11n'Nn[>jV MIX EAxt#?Y2}Mc_3Rͽ4jI(?s((D#yfDֺbK}D()H71=0JܼQ~}Tb pK KwsWˬYx 5E;OR>j*P\ju5V]̓1V-[T :XCئb .(TDrpquSnu!ڸ!EG,WddNFʵy0*=쓏qBXM  *qd(Yk5pIvŁ s^MOg&IҀiO%+l|:~E[`B.#L*J3BTA~qD@A@!Qخ~KIPdԲKAkXŽ.J1ݘ%G#-8B **nքrob#j3K *KPP"jłtRcqݕw0SإV_DA8pA+Ǟ0\7\LUZ#;{FAt( >E_n]nxxp?zyO/v_8xo3^oᣟg!Q0:P.Ɇaq{W[<ۊ5$Ը̹,Dgs:dAaA-o M1Ν t,J1x[_vs5>Ċ b~W 6pye:$¨c(/1פ!*VoQڮm9eSOWUsh֮AES#AD/JES :(l8c ?mIg1T3sl/9#k svYpxcr2kx e<^XwۇѶV oI s*TB-t-%dvYk균ҩ8w(dXǔ1O/UL4Aϓr;!{ j0o -0d1O) .A4 2sӧS .0I|ׅevd |ONs퉗BAZK[$u +HB7 p!]B3H) Rx؆P t#>i-^G};YjhKJ kG7s V &£qĕ: h0^Cs$jQKG@# Q{Ǩ[^㴚e"eYH>y8[zg>-6Y(>堈>mf=r-({F +8Az<~sǨIƧijT ѧvE`BWfaQfy%>^_F^(q9v$s+oV.6a;hD#P nH=#a$QűB lMzgg!@dj_vw/B?Ź0+T3_>>ͼ|.fuTU1Aݙ^z5b޺07070100000006000081a40000000000000000000000015f74c3a4000035d0000000fd0000000000000000000000000000002500000000./usr/share/man/sv/man5/sssd-ad.5.gz\r6_OʹvkɎ|m5q*%/Lo!! /opOB^@/v EZqZ;3 v;=?H'ϔRAIYgxJ|!Ul'$[jR\bs!E5v0O,f?X_%B-Њ;v}|zjѓBG)p }}˂'},JYrͲř\ $p-YυveX eDj;l4 _5~}P/_XDR0\YD)],8.U/^۷oz,{ϗZ.uyX*<::zݖ`S Y/PWhk'clꗷJh/͌H8D)>K[^Br4NO.k߽)ќe{< L+cXh<$dr%'#h2Mxrr1/f <:y9|бxƦ]a's VQ.LWn"RRo>ƧףsW:!% Ψ(l&Tt . 3]Mq\mi L䙂1Lo|کٍ,U-66V-]3$\?U2( UnplQ9(fy,x[r<,P`yHEy$t!v%`jf=`#PYȢPHe *4)Ȉ޼ǰI!/VáȎ{ M(@DH"88h!oSx:Z{@yBIZfoƧ GEf obd󿯇o ZD \vwl<ƁRj (2h[ `Vǧ?A\:fqH{7% F4 xI6ӻo` ᢃq)_P'aOj ЭݶFsd`0 $es\tF\0f\(O2ZdFCx6bN#.#%GC,h4Q՗7 g*2@5t\#n4ӆhαh^n(炝+> RdM2 e30ϗrIhW0~*JƠ$8>&)5&#e N0@ni'B] 8JX R(ֲɫiskQIInX eSrXB} 6 F,TGA ED閻++uVi $=f1/GNxq29=O&Ë|~mR6FËe6:dAP98.p+oq+<0]ľ& i@ld$B;rʮr M ߞ\ذja$k,̒2)`$Fn]o5& %`ٙDk2=9$;ӮPg*dXk˦3`,LcprCI8˕KQ(ͅ)CuFv[m70q}leXڂo&^08X+ m' ȿ|6 f9t B@KVy唀E‚8Zn"2\&yUbVskj[I`EukCa | 2^L|Jo)Tna_g7/Ơ,:Z[-ɊYt]C.+mb #h x$*؂Kxqmm,'\_mZ jhGXn,pڨ WhucXm5M-]Jց8Pm.)+NHnJ3)a!hքnLT |B,eI*l0P R6ڻZh2nii}@܀C5-yO$V@I[ &~w958Uֶ۬qF6=<{,PX=؇7xlOjroCa#Hқtԏ=MqR(K9<&& /[Wn· [XD-Xs"}UP$Ę fO^uskBOG K: a U/dXʺO|h+VƞB2H`FreiF!/4,S[ %pDc>=^ /Q)&')A|%-솜CT*AXn9:E)'IFa@@h„s=N}lpO~ sZN2{2JJr5QKZٵ:D_Plrh15$jKr.rxImsnM14 nU;ڂѱ;y%X`;}s>|~>mk-LƏ,c2ui+U@ڌG,Z6]0^ (|ceȮ1|mG 9pO@["]vO٩0*,ZA+Ryb^Y#U0Yv$X)`L9HoѹteMMiKS1Z {QSiws ,un1Io wu0' ^U՚~~"|d. | +yVA0E7om+SWjw¯VrnoVWn ԲV9:3ApM1~R3B D촻ʔ. r Q>CdKD\+&ك?5XbˑKiuӄk\`)tMy$vL x J֭-,AR`nϕŃUuׯ;:f4&FpBܐ^EG9/6\Äbm{6/h}PW t2"!9`R;eѭ@VH"}F64C\MȨ, оgԭ24[i`ˇ|.,69 M_vr7+G =ZNF'`}M1 95 m`**둷) nLL+e% y `ⓥKMҹ lz}sQjftIiDrvFuPTԇn^N=Ȧ19V[߰־,d.x@wڎ=HQã}!aGbe֤n4 Mآ$$3:2):XKJbv>o K,hiQwx c7{K`=ܙ[ n0ǠZY!@\.\fc,!AR(c;BpEyX0B4Pc ?h:4cjذJ[fN~:y930;;i~IssvN+2H(.pi뀜_~}TiI·%¢ETüIb3jG_O{4ct$~!*6yIkz=A\|+%tL"y ذЊp5m#놮w2@̮tņ05ffJ^4lOӶ*LJo#vKVAmU-P GhW)Eq~ ;]赐nhP :.;Ӹ )wm>#XGt@!yNE$ځr wN/vҭGEep)J3ΟTn*<^Ez\J!n#GFdl|sWxֽh:> !EKBVN{Bό ` Ù>BʺkA럑tD`}f;Y5Bόr<Ȟv)^#f9*@hL8$2Y$?iVE;,G{ h-sdZOºO@9yc=xR^y=Gvj~PuMܥ KuSuӉ}npt;,kKax+ ^ 3|.6rR^Ө|}Pf|M'I^ đWZ^+Pv f^(|CLhFM}>koả~0zIMՖ'qke;OG_21zb{ d愞yt6{`uFv5ȁD4oL= PMGswx>UOFͪո{+b p6q|' z6qێ~ jn6{S1Ig)Ao9/]]6ЛQZPUVH}\r@歬Ż>0 K} ^tn #n =J^qw45 &E9"U4b AC_#xDnlޒz yh_'yMϒ( w-tt]ན=05H!1MG+1ikJ?qnoy]=vYQDg%e6ø}~jV;dJif/oR3mVhh\4 |+G)q7Εxc=QRfQ+ޏ% Np WSRɀ)oiP/?(1gq.X,T4lj0 %ó}[ZLIށ!Cz3_|x|SŕJd=o& xɽYRrs}Q̋F/K\ֹ4|pmy W{L'{Q2ܳx C EBgKe,nSU L"g,FoDHQVHWmMkK)i<yc`*iG#Ŵ^@ޒ ü" N碏=fTao0B8zRꎕ֝p Ƕtvm/6גkR?[WS>I0 ZEL9@Qewh 6ZjI{N"tvU-@SUJw'u:q#W^YKi UaXE# 'MN{C1RD[, Y],};L D%Rk /Υv劥Ml[Eh~LwLtca=ٻc*54CSˡUW0V@kB?0hfoAou^,VJ}As!a5d$Vd{$M"aPkpkr zwEZ='*`Y9\6W㳯˪2{{C`i4UV@DF;c*ʉP^8AҀ,CRi+¿ ^FXCR.c!щl̚bV+>@G;[>9ӓO.Ig&,)VTI > ôibأ5۴! +@Amd95\3xP#.|~? vQ`oLSv҆#h62-1)C"㰨|b"(/W]Myr-0mLJ(nL%i!>*ꯪ jnC:dMpFF{@ouqawY|X5lP?dz 0`筳ر{̀BI9HKLW،&j$ԈQ&~Kbݣo7 t: /d^^ŽbDh\Mf"~V8f[|`;,\/9;_:.kdQGdI)rkԁ@&h^ v-2t~5bpDuQW%J8U-\2+".iMJa=fQI=\Hϸx jd,R)OXReHn'iy-Z`읡9)ƺ]t L Y^=Mb90]HΡ~A^Enf :Ht30I,A:E. 2@,V-{swE+ޤȖղ:-q{;B˼BX ^WJ.zdCY]{2S\= Hձ1wk^ڴN-ῦE⊨L )8[/E׈w3&׵J4V&,_C\:j:TҀ p<1]Z]騂'_hε:u#mJ+ӌ#[U03=aN OZ߲96ቔYR#,-4p~E~f0ڎ)y8NZ_ o2C3H`vfmmz)`Mߌ+[~QW4kPŪL<=}9-GH*+w ! 3I&YLgUDcxӹp|v/ i!ܗRZPMPO.F-׀l4  ݜKޡXs6ֻ.{;EV 7N+92~ &;DA/;`ٍ1__L;*M(plM0'5.\}}ʹYڰz1ۄ$h Sv+v-0Q5Kq"(Ri\#,NUaѴ  c3.4^יIt-ds<ω$,Všejed>GVJ!,ˢbڤua:j璞|jsڴG6ဣTC+65?OrQa5iOI],Cxi.lQ` &ҝ.ys}vG;LJ{?J{#x5Dųg9&{NwNWĪ[Ha .a;ir|tpU%Wuu-@l}W9‰c1[q&R+ͧsu^\5^r():Q(sV0B4VBww3{/ju`` !s,_?4v3T/|B|ؖV}ݏidF0GdPMhƈVL8!N*0@Yu\$i$ ͈(zmU\'l5k1qJqeSGyRy">6|p&Y'4ifvi ey~kؗj+LW 0R@sf5+`|ӦKSaG{m]j?ČҺwF BLvrm)+ [K k88b!a|IҵCiiƆQrVbrNCR.i r09bnHIds"/ Hh]J[oW֌hk,u4@%; IJmpH&3IZv:+(k|Kɑ~nJUE_(&WaGgKTJ,~Sis2 bLn|Ik&׊R+tѲ?ҵ`n*PkFfs:HMNj=VΆf$\1e\4*/s ㆟lvk|M4]%<&E'(yJ.cuwÇytS~-&elHC&īz*a!/z`S}h=ČIjg!T~opr Iq0&lut_[(yr  ~@kJWk.LY5IZ61ęq# *OW/ݬjǶ) XYXΫ[p<juH+!uGe5b10}Iwϖ.&۝:c%]F&0D:q_Jv"hX(x*3FMi1 qbκyA`<P!%]0Ӧ F˯3heshptshrp)B9GmP%+.c k N3?1:,T0;w>.e5mDǑDb?J?e9Wx~TK( WW (( {cM5[2n٣2 ~ql" ڑc|Klʽr*N&GX `J J|!8 V2,&+U=9 Fi"*L"ΔMRO <'nq؟S,2h% rPbVY "{{z><<=_nm=Eϯ_mz|b拭դ}`q#zᡄ09A O8#kb[5lS[ Q0C4/Ӷrֿ8 "K4 V,8ŔY?` sgB9F, \X"ϯut4fi6Jx3ڋt&5`yu]s5^2M]Q8EQ,Voats&X[%ca$/} Ɂw-%5`NF}w3C?aHh'sqł-\la #>Al"x#Dٵb\h{ӳnR&ϋ~]e }8ٹz-{9sjI>yJ~ u?jWEb4Q?';>ßOG'~HU?(7w(.ZIƉh}b!CB`xp~(Zq^ܡ&1QUU- y'FDP94[P,@Ħ{?cPhĜXkPb[`Gњ%rX[WHYq쪆(?b=`S#&dg9&GmgeMiUn #L[NAcֆ.eΰP +"sû['d(@=bep-<{t-t.vQO9ҍ Ec 1`K ,Z[{韍@g{FFr˴(Fn/lqmK7^{rætB5Vs9i}` b9o/])@U~$zϷ2lLSy ^H3r8v36FIBz@gF׿Nb4Ye 6@j/u.4HK}l>{D/AB3sq,`)>l,\V>[rմXQŘd֫R07070100000007000081a40000000000000000000000015f74c3a40000442c000000fd0000000000000000000000000000002500000000./usr/share/man/uk/man5/sssd-ad.5.gz}s[Ǚ+^i2IֳC[,Hy&[$"@pRvK"-ʩRIT&S5(ҤxmGwݯ Il%}~SQshL ]/5hGEx\GϏvuwǣ;6T=؉/D3RlkV=+U8L1Wz \ިVoDM7ob7c6v:o0X-̩ύ5*qs ZON83߼e?v;jѲZvywOmd#ROԦZ[}ڪtzv9_YhԳrƮ͌N^8:Ŝwq (?.J5KqT֛RԼ5cpBcϕj}aīzV~B]B1Pi|X/6 N_j,LLL>;k8 -DcF4k_eKGz|܌|Y,R#?W۵ŸoʢWF4_*h8_Q3Fx- JTo QXKW7^~hS4 LsShf4~ъBs=8z;GBSatT fCv?~C+׮ u?Bh订B_ ȮuELZG-Emصlw2D[jXSէ lFfa,^lÌ@ԗ(O=8Eԫvz ?M]ekSwhM ι03wT75H,8(yzzkcjewGK}i֭^"E[\tS{iFMr&7l6sUF_̏'}K SSc /j g!.z@ Ł]@%A>%`f"b(:tꮎ=݇'jR8u3E}{x8;[0>Jjipfj:*~"x66:%uHGa6AZ1jF~kzz%\*k/(O[p7S WF@#\ JZǯ_VNNb!BB-F}E/q}.Wc'z*u;agZ] .P4AD/-:=sl#nX]C/ *aHjbUG[F<\kݚDp 4pz,e1 1N PtduMU5%!kxϒIEv0=Q ?) D׊jDj\HGa+VDАZkq ƊV(A5(·NJfbFsҁό|>wG#S ǍX%ֻcޢ^f}(W1r5u0$@D8? az& I%XrX`ʵ&lD=4̅$!RG$l8#][؊h0ygΎ05t̡ a(ff!Zñ`f0K*#8N I`HEun ]BJC3_3TuFݯr>_Pϧ? mNwU.k+LJ{3΁x v;׈(fgP6Ya,Bf.l bu!i+jVŠM2jJFF 8S-O6[W@UP,` Bn5/՛b\=_+"1 q"OT4å)Kb`-_k ٺ$ kwI pH7I8\ %- b.ܯ͞7 \(I}vJQ+u}HY/OF+|0귏A EuO\&E稤8G4Cj s !<>(m4\:}9W!$ \CNoM.v`̡Fmh4U93465<46*C@dg@/kRe!z=Y܈"|"}] k8 IzIݯϸ@@G1mWS `M&I؉31[KF5ۨhnz©13j> @"".@^s:d#F LGԄ$T:2b2Љ4Ţ@mCuiMhUX.iD%i dn2Rl77d"uuIAx M-HF:.j  v]>M0f~ozVRj=JK S+ |h2w#?{+b6Ԛ'IO fe Nlb ^.K9G&Mz&R8kZֲaXG φỌA_5#8tFlUZh׶C7Hqޑ—A;m!Òal0֕ƥ|p|OZ,Ȟq|~AsX&b/R4dH"ڗ%ym ] FIW l#5"h82"{~pAq0~+3x5 -R ե\W]؈l%|K ӈ7z.R? 7Z5~қD m[$Dt.Mfr( Y (+ VOha/=⒈,[B kAÒpG+Z)0xK6/D.$ !p=$d&R]A+v v&F,}6(E!D&?+ H'zF'8=,Iѿx$p;tk ,G ZI: P18F_Y$={4rI[uXP3{z"8 kq8 Rz- }D _Zd&~(%Bjw>*#Yjp m2ȴȁ {^?:_-8 G]6zk~aU.㡿H<[4ffdb 2B& ]c^pe⇃Gqh>QPmsa8)5͉c@tr$U2(G/2έtxU?8}}Hnw+;'JJs$/&ոr A(0eW7˅Dܴ +9'hkr޼}{y5?-6nKA&! sזnF$ FF0;LiψG6a4 ?" RhGVDA xlh|M~s~JM?4F̴~yL'gdz*v.4%2isUBgR}Ԧ2Đ%X% E{A[vF\%;\3 # X ߖa]V9L!""=A#"&uC QvzQKz" ۼuEO¿⥹~uB|qTi䪭V+^O_aag18g__LsEuo |u}sӂYDHy 4wA]8$N%n4"n%{O/j;U!)?Q$")2UdەH5N+- ~MNh+6I1LbIvM؆Z U"~\˗7|0ķΦ}N7H Rye%!R yY9HphɄ1u\4tmKB!6 0G[gDn$7*i_[BLfZKnj<&j:g#ѷbiaRwٌRG/IpvQQ_fp ^Ea dn?_U P4w3X%RD\^do6GQҗֵJ xPm4۽wXqBm9M$+"^0=HoBivaі~ k 撊F4@b1H#sz Yum 9n@@(CˈQIVǻENFu qaT?%MA>5at\hաHX,BT}4n(T:7ŶyZkGN. &ą>u x^Z3iDOR&05Wu#9%ʻds2Y]eKdbVUD!TG뺚y>PݳGH\Bl6j?~0 lz5[;ƎcQ\skA=zV O[Q64魈CNK0E49Xg$oQ~3$Zr":#Ucch_%;*YOK1f4:fZǟLLMqOZ4zzhҵ>;﹌\ `KNbhl݊LL(ّ8}va$N"RTg^ "%*I=S We&|5p0(vz/ֺkW!p?(|WJjڢ=C_5LѰQ4GM'j_U-kjRԜ-ƕL] z.Mf_h&AN0 ezR}z<N<'Y=׌)9p"g:!̷ 1!T'3!6B7ǒ8% eF@24gX}جu&"d|.׳ C̛H,t]z"<+5X!9d5_j!9XD)>w vFgRdzJ=>w'Al`#3ev+iR^a{˞4}8DbE$@4'6> {a $@FǫtCMzCd9 j֙.w<2@NE7j*Xl-Qƀ5|Kod_YHɎ=uO(VHO?|!M-jlm_t lQTi '.8ȋжcDQJr]f6ס=Fyaj0IgGVAKϹ.A햠~SnM6 )"e~Guj8@ A=Յje-낒F/{HF֫=G8 X ܱ,j&d5{Av10"½Y3d\}?*WjESȗ˷PXC?  g᧖o".͐Mc&rP@/6HU  n'6EoVN)3FZ/}f4cq6X۶t:.)lVArJXRx<ا -s&]=c^nɲwڀ7<=1hO%Aplf 1s.K%pֶNuc.y:1 ťRe! ~NhZxZ/|Yȟ7K?hX |$FmObVԼ}ú'GR튥ߔfH(1$ESL4#''Zͤ,JuHH778EE68OPX &@J>)ls^m-,slhVk4F_I.V .07Aيpη ZŻ+qS 77 7ɦ/s3gx˥Bf>L]62c UԈ եZ J׫KK:+^1ҠΑTDD`7Q(HEK֭@vW{et3ܔo{Oَ䨉<^̂K2PI^`R7)ߙ: I0uf)%Ġ^\R˴z\ Ҥ-NHT !*ͿiJXDs(u{"vvXnSf(K>Oܲ['#V=8~0/لjF9?VI:3Z:o7Rqf%K(.+>tw#]"x>*7gȆŒچTq}6 Qݴ/YP=E¬NjcQO?Y iBTQNQ"~cԔv̹ٯ;fۡpH|<3OPVpur=L #Zf%Dj9.Qcj.:u`}rm/sЭs >Uw^#gRt 4TijcqN,; ;~q,usF3 N DZ,ޥRkI[X,UbXmU:`6gREۑbQq89Hk\M*9TcMAߕͺ *nBRȑĜ@%Q$=gPYT'KC#zE&Y) -uI]Vj:w]ɚ[_rPh7J_=7 y9ox|\kr[GNtϖ‹j1k$T!R}qrTʼj}QRwnY]~ʙ/SdBRPxT.D80MCr"e/6ꊝ` tT)7XU+^35bf-j8+mZY9;75JPThP\qhZWp oMOO^UיkW.u5W-JTXM: .hVxAqFc^\6/T@x 2[bwiM^sM jA]Mo.'tMk^Ti~3ر; W(,`F<ӗupU*j1&&5@Y6ᘸBn`}1N j|TWڣs&gH8f|(&]!⣾cau/GF.pUnbAֆD" #ȁ&z%*OEcy\{ Jc d˥cB ͐vHRok_{SK+l !7wh۶!Ço'L"~{g0@̯G\t73>zX$C|64w[ {|ˤzn A>M0[x{^p4{Y͝ʝ5`-ܭlIҌA_O5k5j< \=:lt Č4r 15 :JLeJd FMB($99 ƳBzEUhc)d)T'haK^RPjfٸҧ\Skס& B?<sX k#ٙ9BjtY7&,F"[ `gJԝk]„CJjaʿ\p[È@tcM|#{աK3>gwu*lѫċmTFv9(2=u9~j[p4ulѣDWah[LE<5RI;›p@ mJ"{loKa {\L]rlicyOWKxvKa )6.5tKGX=ǭFCCp]%>ِ!S0GAAjI۰:xdN 1X^j@)4һ((`~h2^~p^NB}ܦ=[HR7+d@Rٹy8Kj(l|6.t^͌F*.]*RMWK`m1[u?>V,V]UI:bbvm &CK _0@zE0Ko\}槜^7}fnMRcjR\%tWڸ/ 06fwM es$h~WwMaK (p.Ohpȁ.StT3zqv*7@Tz0VT ~$z{Phֆ^z_K62efE$ցq(N !twX$MyȢ mS2W[1kE!_]df$ ]+>Bvיn?pDg_VB+Ϲw%I-QA) ͐(ms;da+]X1{ !A3d᫺s6IqNM`&x@QM{o@$M1j^vL*ȹ4/=ٗt+I*hzZǧ)Oq1njt3_.Jp|,V/kFp !i@|r|qC 0HZ-LE9E%\r!;U_ͮC9o8CNaǀy(ӍhF؉m=1o<ݮ$װ%n9mS'd6mCd\HL ߠΥh#LN /7h00N,)!3 ̔ՁM +t7%}Ylҡ@ZX\Ԗ@> 2|N-h =tmo&8Jg'ngSZߥ SY<N))0PXv5NioT.F"{A 9" : C7e (//)c$+<@?W4-ت] I~~#*dB!At Qۏn\`8;9$VeJ LpvlWpE,>OIJ]wDuI BJW;} MRKG[a*(x&- ԺP3 r&wP&&np'ݺFjwզ* #Or-d,CZ)+Ňh9vX}AE:rʾ2HGtMg `&&[Pc|RL, yT]xxJG#,a16J D$ @s b(3KÉL!oBmmj&46_qMP ]ɑ})#F_됬 JNS?(2ԞuVNprBֺ,;) ,poL'`ˋ-ӳ't2Ho8qn s/O,aRr#њڦN8G7Y 43v1FQZ3SFAQmZgfi)6Oe7$4AMz.l%XX`\i,1#;J9 Ak)r;W Ό1EaE"gJc3·8dKs%pfkc;2/be>-SmJtIE=4 `sDê$y0eoox!Ae/YM>rpI:Q55#%H-Ke!Ԃ9l؊) ,9HDMck>Q?whJ)$NKAItj [Ҝc9H0;udAW  WaK ^/(edt]=.S8$ߒBZpb?P!Cc4$ՀT@f*iCx63P57[wH~fz9C܄S?^"q8,Rd~ 1ӑfRLu;Prl~s o^ 拤*$7KQ?4]ud=gЪחF/Q-l4ɤ0j:^~XڶZ@Id)Kl8 'rN 5'[a1na[ @lD衣J&#XJ2ţFnKRBk&jq,ǣ|e$M(Ǎ.<P ( EBTvwPѩ8UGc|%%$hUyK 0nS'aH꺸}kF,ʗM̫GJX$dH| r >]WdVQ笰t p(ֹ&2%%ӑQDH +"/|LI/a[Nj4CE%LtcvRٿJ(8_Af!,z$\Z\\U/_Hkx<|XؽAm ˵d9j$RZ):֟!3Ĵ9o:dЉp&`(.4@ cMkin&\t"wϠZ_%%BnJ u6w@!Ҵ v@2J _wTt7R٭= ҮKT6re92 E(J1rWu*cLUWo GP52;(O*یv'y0 9H2v/3 εT^GvBHNZ0#p*Hl/17/1u`Y%G"&l/)@fǺ'MCe0:_' ,u$9"ffj7d 3wE$vptB̆-* Q$ ki!NhZCȳ*~Lcv 2J+mQ?ig;?t;\ y=/?&b!XӷM+9 i zZ/Is[SGHW#2=" ;.&`*-a"P (ǣsh1p^㪒"QƍAپiǗrn5킍'`i2a'q[H`Wd7]spE M(zJEe~_t)rl ]`ķ`\F`iiT]Q>2l$1A%+ĢGƣj AÉ Q/Bd!iBkӟ=-xnU$w;_@xTy}i l@-jh҄Ř t(̤MZsOA6 ӓ##N9NM~I~q5cEo?>U Y}=8!V2Y'K@py׺klis˕u? t$9nȃ[zi U|q/uE|kGA`;Fw: u 55f`QDP+5Q2ڬo:\6jB<:_/DzaՇj'.") "ry Ek4)z:5dnP3gF͌9 Ν={+g_>{fFϾf=+edWU?Kr]]G4ahGoJh"Z~fNp*hi@zP@( S_c<ۥHZM$b/.= wpÅ\-h%Cu8iHTZ`ͻw]P8[WoqBP aaO<gq&^,o9mx{Oʥ }-YL_WE.ierA F."S5ۚ\lGtTOe' 9] NOTDe;M{SeN(֦K5@/=#n9 [!4$i">3q1B XK/uG6m9/Ldԕ{ΟOO E UT7e,DHЙ;H5,iޅ`y|N "6]5aD O3g'^+;Z.R^ša 9QNrp*Pzİ%s'5Q.ywB@~}bQbKdaeY{ZGb⫭bGq7FZU;WtTYpGrb;/ߙp}=G xqWH2?yI/kQ- j:i<\=_=^(9s+[`?C'Mݫ<07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!uCOX]=?klx涾e0) ȟLyv YZ