sssd-krb5-common-2.9.1-2.el8 >  H  t x |   d U]qxy C|ɕmf7n5PFSJ)S~)T %:vҾ{)@PGg@R%6a,{u+@:{xKz ~PnzI"̆;z?$wmyf+Sc=YI w[̨C4S7nOerδ"hz]/Evj !(WU/I0ua'o?; ?u7&ijNȔK? ѢoI֡^}F3B0I{@?wDE慠Ɛv`^hU!=:hTscWz-OIEaeKU0 9)&_y(vnޢWpqInH KI A=Z2hY[Kw/&AURY>9rDV V276040610e0bdb4522ef6f6fc10a864f52cb85e2585f35bf4f9cc08d190e9c1441e813bca9d93e13664cf003d65742bbea8712440302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb500673065023100f413019d2bcd2eaa06d08605b03d56d76ac9b6cef3e45102822387c66de1bae2dd359af4c61eb334aab39d14bd9a9cc9023074c352c1fb81bff23b2ba86a363a6ca88ad71f7e672bd9f8953e232d0df123bdb723e668c063207768fface6773078920302047c435bb50067306502304e7b1634c1e74dbbe8635dd68cdd41dcb0e9e66999731c4137f6b9a7fbd31d41b2f8b42ec498273d9077e96e505e3617023100c9e6cec4daead2c2b2e5792cedbd919a9082ae5a75ca37bf636bb5fbc2e3dd4bc790082f1ca308413f329131f711461d0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb5006730650231008e3474c25255fd5c6824358eab8c6736ad6e4be06489738dc5507c8bcdb3b95d90280e31d24e6ad1359365feafe07c510230247e6b337fb8b18cfc4c81e323e282b8e3bec0b88446ab1200cd1feaee0fc14c00d6135e3c40a62a81e04651cd5ad32d0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b6d U]d&ǁrhmx>c':V87ѭRp=2ѝY*i҇}:Hqh!z4KKGg'f$5еQ1A r[P0zy I僟\no֋slAokyb{h0/ cyӇ#"Oީ6--DRc'WhtQGk qEQMs i}Rm$PIHln3/VeVz8*u0MV{,P=SpHY`䆆qáĞX/kNEcH8=Q9&ʩ}0UY%D \zc?"BC B+)LFeC.~:UG:UWv+ONi갮')b1wpBlOק>AҢF61x88pOXaPIFm,aF%-`֫n)o7 >PA?|d  Z   4QW_   *  <  `  )      <h(89:a6=G H I8 XDYL\d ] ^!bdeflt4 uX v|wP xt y%,06xCsssd-krb5-common2.9.12.el8SSSD helpers needed for Kerberos and GSSAPI authenticationProvides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication.d8Mppc64le-03.stream.rdu2.redhat.comCentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxppc64legetent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd''!KAAA큤Ad8;d8;d8;d8;d8 d8 d8;dud8c2ac1dc27da1746dad9a10e633072da93339e2a89535daa7ef890c3f2bf3e9f1157abbd95967c52063a66f0aeb7ff46d3633decdf151a8a29d394a58ae4220f28ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903../../../../usr/libexec/sssd/ldap_child../../../../usr/libexec/sssd/krb5_childrootrootrootrootrootrootrootrootsssdrootrootrootrootsssdsssdrootrootsssdsssd-2.9.1-2.el8.src.rpmsssd-krb5-commonsssd-krb5-common(ppc-64)@@@@@@@@@@@@@@@@@@@    @/bin/shcyrus-sasl-gssapi(ppc-64)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.25)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcom_err.so.2()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libjansson.so.4()(64bit)libjansson.so.4(libjansson.so.4)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libsss_debug.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)shadow-utilssssd-common3.0.4-14.6.0-14.0-15.2-12.9.1-2.el8sssd1.10.0-8.beta24.14.3dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh 2.9.1-2.el82.9.1-2.el8.build-id5c0ff11605d80ae93298a63452a3f961f476d5c238e87cb418285bdc9a09ecb33cc04f4548c1d1krb5_childldap_childsssd-krb5-commonCOPYINGkrb5.include.d/usr/lib//usr/lib/.build-id//usr/lib/.build-id/5c//usr/lib/.build-id/d3//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-krb5-common//var/lib/sss/pubconf/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnudirectorysetuid ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=d338e87cb418285bdc9a09ecb33cc04f4548c1d1, strippedsetuid ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=5c0ff11605d80ae93298a63452a3f961f476d5c2, strippedASCII textRRR RRR RRRRRRRR R RRR RRRR RRRRRRRRRRR R RRRutf-8d87860e15fe25b2dc34b9a9fb722ba68bf5ce8589ee55c9ac967b552ae633db3?7zXZ !#,] b2u jӫ`(y/< ,qonq5bTh}}" t+}-MB]v%:Lw$!@& w~hKSp*Lb^۲>qXC5&Q;nZś#.sDǸhj3ydԏ5xHwjs,P'S-p.J_\*<4e}ج&M|%Ⱦ.1=S__xKn8\zH[p]SW5G8РӺ&mrO<4pǝBkern +rnir>]FLosRYs7 {wHqoT';;qA\+ \>l7w;sgT^3l.0eoid(;`/~1XE[UʅLڴ` ԥ%Gt/|H$.,ۙW g|r !r'gɏo'=gjFn>V˪oBd TD?%qg rB->o>$ؘVӋ4W`ECn˓3mH"0!eTb bWfjz*&jomntW5@(uz;Z斍*ʒ)cS>ęέ0,}.3a$\N Wf6U mۖ Ad/|2}_NK~==i-E7l ~mEZ#_jA"Riu S^,L+O~zKHJuIAjZ"2 䡃+7hD[ kέد.oP|o{[V;Kռtef% jD*N'#U:D$`{Hv:4h9NE%r`ٍ+9d9'ಋ \>Z;C&[|Uk8Y"ɹäp裱0ӓA5eʫ֗rI(lxU0hM%eM]W8Xu F8&h2>ۍj5X^<&aY6k K91l̛8L|J kc)-z43d];"sNȞT`WA8'DSIhM'Y}Ӭ_Wfb3֓6ul8cB^b^lwH,Fi/)aE{}TQFu/XMwyBxy8Jug<~M_Y wdFv_9_rBF 3yEפ |(>fq1ry;[_9&O+,s"湊Y/ыpϛڪSlވ!1ٮP)wħߣ. 48ednd)r%S vxN>]aT1&嵇UzB {_:1v,b UQA8c1X /ˆkI"=M"acszptiW' ʹ1y>F67yX“ɬeL%8]y C{p0yr=rۧ|T 88Uc݄$yAk) I4BxU) P(i;098?!8H"M4QIPtX8O*kb0:NcRb]rYKHf} |/V#!k'o6Ed֞KB2c?IQo D%n~N`LP,Xևu Z)2e.ob_x^ ǐ/vjX1!B"0`& L9 $YX7k$Ǒ{nas426TW>uI*ڎDV;/ssMJ3=j4TtND3Wh"&U3cG$X6X~*pBw!X= Q (4!d&[% }fۉ۸C 5BYQWu-ur-3uح(KnfP` :kǥ6STW4*=V?tu< i(y1m2t$:\V+ =״TN`=qM9*7f?FIja`}* r8Mp 쩲YНyVˋ?cb`0{67 @RT%Zl=z]lj@nVjLɋ/r7[1|Y5λߺ-}uh76\PLk)bq+l +0\2?$odJ %󁤯A=Bwj1/T$pRݮ]dvμu$thCCZ%dncp>$II=ӣn8Qf4܍cp_omb=ǁJZN=n%]_0Y HsIeC%-^DW:r%#]\2Z\փ<~֖.1J0swÞxlI`#r ! 6$i3ߓ+Ǻ{otמXXP5WdϨZ]dxX7aШڨq+2~PhnYņ+(T\ǩ5@\% qsS$:6~Y1<\1ْzX Pɔ2uBr"}UI!0Y9P¯!^?<T^kgA=PTtԗfjq5YWSc!2&R!$1y ,9h(u*  2ϥO*RtY(pFwMfD} | ʙOczcd?J wA.j֬|H)NWF k < RM m_cB VT؋kD:~t*>1;/3 6jcT,CE=|e1SEVJݙQ}F0ށ)Ƅ.@"^vԞ4/0 JmQEke2*&> -hʛ+{Q.8{?9t1%6T[pMe=NԠ`?JpRJ4tj^آ!uyX,Szz2wIhrn|'j嘝NSpC=o4:\Qꋒw-ˈSJap%ˏx Dpzz?[OC|ʍZ;zli>`D??<nZs<0m+9HQK4@[nEUD4<]=ݡ4U"6ur{s.gR@~XlL2,F`//K|rId#crZj<;),u4noe};~FL*^TA4v?(:ֿQ#nw#Ewԡ36{!z7x_f<+sQ=X^ ,#3ɷHOLlt[ɣOXN~A׬3Fk !LZ XAw0L|86WLi"CUU[j)ԯv 5BJeQ#2,nRrLbѫp V3qR-6<ۮlp< m8ɯ)ڭ'>DPxMv*pV*#'pzXr{5^aREivsBQfQPB*zVN7 7b\iR%(lb4 8k#+b/[ۢ(rS\_0M5z~>XRaew󨁀}_Ra9n|nI&|iAϘ% #jמxiA;? ?.{p^Q[.7 NٴBgf,A5@ ]A&9U"μr\A&)I H$* py#Җȃg<JkʹZU&U Zq*tC-Fxפ|؇쩊-eDr-pS!VˋhA}{i>vMT3P~^q;íf=P K߳dt-aL (n/ >L*F~!pj- j rSjj^-GQ0Ç`LY  CPšϿ7LJ&:#Q/\AxRptcM> g t"?,yO%c j9( G,qUfqi?KouQaSV%t-EڥF:~ǧUZG˧Ò&uB&/ 8se-T{ !(Yd#auk8W Vхp]DUZe'"]OƊu0;DB,hLɔ(z>@daoɋh˿+Mė0wܠcr M|d8E.?$9_-zź/+\LcbG2(;"Meg@Њ\O%WE͑pV`= f6Z+E/kむB7OYz ^*)!Ի>T<|prI}owHr!wQqv-Qw#ٙ''Veܵ?$^+U-MH.uFر*PRi}x|Օ y8bYxLYBa? O^9NHt!h}T^Ib BNhvOdtɓ}ŃLRvce҄? @C(\޷N9H`j@o8wsWj"k@u,DW-`Gi}?`YO*w#p3J<]d3"D[b8J<q_*MP f(6-eZ7 _m$5C ׵ 'vհMmV6%2xP-ÍK4hYOzTx;lkY8% iźԐ4@UV` Li{D[8zxTo7a[ l\ ^U +l^mzTF0QQ ppFBY(W]svjjoe@=n G=h^0+{>;am{qH=N{s^ҚQt#Ă 7-Q0ԓ"8 73p`A^ |`FovM?uŔI&qNlM ZGNDpR4ˀU; 7VmL};=l.D͉G9!N 4z%7 D_\ė:n;%&&dK(3^KCnҫBm62@'mn*OgҬ oZXz#]m Z"|:ٓ!u3..^ T)Wp3vLZrWiD\05?w$@ ̯:И28 q(5\g4b|9H[3A8?vP8e{S"m m&%Iϰm*kB#WORa~\߮{|'zw-IAk"]vSo=r+rVI=iw>'ذ̆K=38UXĈ&TŞ0Uٚ?zӟ|4SN*"yk B#skל ,IڄB&3f CXo} X̋sW>XZA,K[纃 9u""d皔)wA3z]d:mmw2EEzf=WhT?ouUp>FP֯C pEdLFgd H&+ '+41T1L[{<}l=,1Y!uO+|g}u{\{|Ȗ d ܘiH Qpn5O*Iq*Vo!Xrem}?vH?3rE[];^#I?r*g;2ۓ?}&p:28fK!=2řx @*f68* r]h*M$l9 1]egDId۳>ngX/I࿫@;\uUR #GՎwzΜ<蘰\Rx9h~ k.9{Pg꘿B[qR׭`BwN?P`eJ'>M?K8 ~p>vݡ yT/ڡ5Kq RZHQ)`0s|mcl-Aږ~ KnXT-:OP45z)=o|ϲ ݝiKl}A6|x1(U$"-8gi1 8-I1_^(ԑF lYqB/ElsւYm9O5 4/cuvĽ볕ꀙ4%*@WZ;R@]#:l)s\ 5 [oFSrbI xhzڸ@i@"tŷz _Vu<:@%.L*P3-ߓh({;Ͻ# ߦ&̭˛(-Nw W_#t|X{fL>Xn%(ZT = !k^G >&EXQ9Be3↕Yv#&9WZ#dYD]bb4{\` {q[ #-6 Ɨ mv?џ]7[/1H K x_Iz/O i&ʎD9zCla>9wu>9U?+7_0 cG>(nKݸ/awI:`Ŧ`Rϒ%x򟛳GCVT 4?w R᳥㻬J+(BY豁R%6u(~JI@eCGk.0U*2:^#Od(\#<mԴr,`3vɵ! ŒdC}I՝(&{D?uhNj(߁ p~U #f$KMz)h멏$ 5#p*:(:]N+`O$Cab+|7+&?IreC!i:;4s/b@rpJe7W?eO-4ٔ@$,b;; #|KwVdԔ0)vxU;|sIɓI7 ¬ w68CCː ]>Qhx|Fv4L 1ah+o-NR詙~61vGIy܇:ɛd4L8p :kQ>00`TuG:͡B*^ԅޅ&{]1wYSiy=zc:]2n'ˈXI(fߍ"0oEE؟ qKRL/g)?I ^r("Y_>+@axnb1tLAk觊QCz7Bz.L&1QR{j$ҦB܁nA֨c!T Ar!l5u3z}8\UC< ?\ K{-c 1fED3n;Ee:!-eccwxrgRƮ-4%Aۦ]s>_LmZu}hЌ<o}!GT릀W+& K2nne.Rn@ŕ{hrA"r` f+9)IkIVjmZ84T`9BH-OF(nƍ0z_M/4m[$J шBn]f}4ܶ:b3 .8,;Ƞ\#mg Ζ? ΁-V{wVzX`_5iS"9 `%p佩O51޹ؿJ UHʯ;-ms*R@ve|*,yhbgRZjy.Y,VI6de}k>r'= ziHb9|5Xx&" mrxO-M}.;)H [BC_3ӦOP!JF FUra]PK(,"?!x/BX(ܤÃ_EF"j B.OZ$e3=>[ï75 ? ~kHRȃce7u/im&Bs~<-ਡEͿy i]xVzPbL"ZcwUh;4_5V)+rPŁJ/=~o jLҫ6 =J鄟e9-'\CtR]T~ yȋ AJ#o]x#6ә9ӠLF*Fԁka" +X28j]He^(Gwg抛׊!yZcK 95,w~Շ E? O_Rh|1Y#}9krEcSHQDzmVR9|}}J<9T5Ǩ[٧#йLsn(86gТ`m23{)l#9^Hw{,L8aqEЌG}}jVFrI`?_ÁRawҩ 9o;g~4arLac[G9nآ5aaz@%˞*oiUmQaQA V>ǐ̂u&;e_ןx~ם!f]2f\-=$IGDKzJau(Yv6`{;HXb<2;V-h;)0]5! ysBGHL(+bOyn,,ْ8)#j)1}tin͉pɰY Q,b-LK8: !<:CD$N"e/WtF;6~Sᾂ1'^1+6eۢ-=b{Dj|.d|Bj{D b߆([Z[]"έ5W7?etmPB\x3nzž=n&/06~X1i m@c0\!eMV%]"r W! Q, αN0tݥ:Ӭ+K[# Y9aIצVs 8~N)Q "#2 b ^ʤx 1uУ2\Sgp,->ߢau 7h%rv& Uhr![ g9罈M %@`:Yn6Ueb #sU #|F^01:sLZM2"늼;HI Gym(߲Xq}f$^>plw,EŒ&)-Ȅ#s5 A}E=Nm1\1 DFMh)ϱVjp{OsEX|g7CAU/ٚx[@⻽g9OA?9u*X+ 'E%OE̽> Sгw9n5pP"3W) TR}o{ #׊睂Y]燙8lW3)[]'Ayr/:-n[o=ʣ4l[&ap0\ʴ>n $ ]as`\ӝ&yIƟ_9H^gFO!?N//m fIx~ O[>/ 2gpR\)?aggG)^j)]3nٔ3E6wOxtD3M)&GGȭa]5K_9୉%46:xSfڢqZ?i&"{A%A9  eoY*z#!'$xn%KLȬݼݲ?$#VX=Q%XJp~yks&? @h%C%۸vv=o CK*ynRN#q \r`&fA~ ƫ{ %4T6yCqL]WIijsRa}OɨfFiFneQœˌL5qa] cH+B#1RP]9?dz r>m2LÊlN$oT zɧ<-00#MW iZ:A%֪b}b?`KWr͵zDŽ}ָ@Y\>DP 뫻~ 4/5H+S0AOBYz諞S'Ѕ P)LCCI ̴QU)$ŮAzB\/XZȦm s| kl{xfLH]Q92%_YIEHH  ;KF ^.?mgy 'r&;tWF8,9;.˥Gy)Tm g/xs&ɁypvWM]6PwճL^Q=!t.M0Xb]>T,ݐe`j'5_6's)vi׳TX t"2:DDUN uQl湖nn. i16I*攅ɜ>a G%i]ûw\ ~؁dpɋU_t\vzk%.VEm`)߽jCiE $]H}Lݩ.A7,3>4]ijFpr'3f d%2K1踒5ONL|Io9!IhӝOCB/b 5vJO[I˝NĮ/E%p΂pu/n[nw:zt*2A|"?zhIE@&vUK,yg۵<|Q.MSSQ/!:H~0Ί)MeꡞE5Þ[(1u8/ $m$[z_ǢuerjhN|]89XP聁wPө"7,mճ P2蘜NZ+\dXa܋4Ɏ굕-(j@)K`?/ߕ _r[JЯ}n!H:^I"~3Nb4((Pۦ+@VxOB/YX9BGF=ot/f5~N6Si _8nM\pvѐ5z9([h~rN][KM,9V1;8JUH(o2X1_=ezJi^.*9c:l`䃭˒gMb )-.,r7k/ml󑕏[hX)og\5eՂݿ%w%bbB<B^Pa4Ap&󵣏kV!l1 6ڀ<X$P\0ClQ%/P֝qՌN#oY)kivm­xНP9:@3fwƐ_0'ays85ז+3}f犅 ,XmXi,`_k[ZY'嫐޺');d Pe*ɔڌV&{B{4HbVmU' mqٝ6ͮw3G$"#18·_ BNP|^Y:G2}wlם2Wjq~&YoQl2: } p FtPJk fҸgKƠi6r)VZ Q;$ߺ[ n|QE{̄5*^4 o)S TYoa#([Ne@_c$359Tu2'CmAs\ax(N['r y2l LShONzZ٘鄬`LƨYEОH׈Vڿ -P׹ܢJF l1TFR)9phw7N ;RwhL"Bbײ6e{`8Bz|kh98h"w`A X7IRb_WAE:fo@iGAb…r/v(C\ZmS㊻^ds]:M&j)0AuqLd’PG+mBJOFع}/䕋= 1s\Cj5nЎ@UhcY|0u@'X=H H5Y2kB|Wi,h;UHpLGaJQ,Y rgie}f&ɠZtϓ~[{ ]r3h9mw1029BFy&#CQr [75CFN*G!øND$OX#tM:bV R ~Cj5',[ t-A, CL/\DZ("mCIB4{ޞIJٱ۽g? Cu)9a*7⒉_Ϭ_qftCwӻts;N}8GB,@hSouӫ"WH2R&Ҝq g[̊A8[l,ѲQc9n֯qt>BtёI oh ]jEx2p7xdpT01"j/))E2vh*W R_in(#aƳt#LI.bKF4Y74$ʼno_H@hQ rP9 l j5pQ_? `*뛫ﴶ>>),i{XzZڸK{oҥeY@/k^M֖_Tz_!ui# <ݯ:KJ(ЍنoBĥё 7"mKfS+3:zMa O3 IPdHͺ6I~[/|$َ؁=bQ۸ݡ3@8{KolD= _2Vq a'@XZQ E>_mQR_n+c; )*5R_@1A-odxv1qDLi2h ~VBA  -!o Zr+Ԗã|(Lêqt1Tp|H1Cfn\3A)#'S1NU[۟ٗ4 m vOXY:gyzGPl0?Z {G+~4kfz)!V0{ -|J/d(&ۻ>.6Gץq|s96_`whGPg鏹C,%:S:78-"4@Տ&K 2r^OD*M!!\_vdܒ6'JK=Rڝo~οE冾kr&"?&0,ENp)[Ś@Q_1ڐu{oAV!≷9 c) nni DX/VTnFaQY^.Ӳ}Ͼ bMYꗐx)jG^9I)e¢ 0p{(<\&U'_qf@J%N4#CW/Wg8̊y;d18(:AQenYLfTT"!/i Uʼn9AIGӁL!گLE"羴Kb.}s'_a$s mRʚs^v  Lͷ}]`.D .ʇ1E_X)6 *vj]ЍmnT{8v=!rf4!4R#pP>ҞM7sQMɞ:CvA%qlTs.tKzU*N4 :k,Jsϖɉ zW/S^Sg{0=}DXCc ;4')Q9;j܍>S1=XNRc6>6c2g2=Omk`qqvl`b91= 0k 7n;wӻLH%G c@/E;`IJ_ҩL>J|x υ㧭te 3Xov*5) 7Toșߎ AeYJM!Z=rnqr4 ⌙^=m-w>{G%сV7d\ 2K13S@w%=! p,e g9@ `nW:H: |UD=x0 RɆ%yc0[M\f^d Mt/ȾqZaB%:ƥlC_}d`k(5 [;7YlneJ׆T2~ SMϧ$ 9s[skew|=AItL:PAnxKĤ^Wُ> ҴLؖyÍd32q ~gY dԂwE"^īC.Q_@c]lhwe] %Dع툄ɚ#Z;p9= !qB9x*a;NƊdҌǷ2,$m1'3W |Т KŐYΑ zۨNZV_@yVGFsu+V^̜*hŲ%Y6CCLE:=įkw-I`oxfԾFmS'Tgպ@_W?2A5Pw.g1&ؗ!rWNg8&UqC=rNo过 ]\ T UՆyS-f(iP2H8W-Ge5I Q񧉚7W|YuU2on_+ W(io֓KSe>7̥eҹpp?\lqQj/T!r CL2TPQ_mj[x;E%H&Дvw^K 5Rٿ^wZ)V'uZ;\+z%eFo [uE'VwJbKt<-]UR% uf[icwS0 zt Sʍ$|BࣈJ©EI#)ce;^3dC|+= ͞E3uxr,S&SiSA;k(=95ē?ACޯ9(Lon?|g]1ÃM+zs,a[* kdYI]C Iks$ 9&\:f$  nKDBA]0ڈz@\k<CG𓮗k/*y"fZEm7hz\MT 1)zxV(س05-K{ ߣvHq+qAL pu*5yy.҆!$v&Zrsq18_"~%}ϩ#$;6ѽ||F v,x}{㪣!H.(K# "JIXKPbK.T:`p6GZ){_ALbwLkJUMH } $!c󳞙4̗&fBʢ~]}ÃTt:JuE< 8\2kB0տ\?i0\Gg4o6 }!ޠ”;ic+ wT 6qVStj^s[}4;sZ;/֐3a 'ˋ*j}kZ-?CC8IXِ&6R6hzEx (;ee3gBeVLU2qaGrPưz|Am+=#!(jfW8;XW5h=OlBf6:yCvdNܚ10٦ ̚dPq2'Sy;M3ǹIニ$ MuS#&H`f JwPuq"26ֆ-lr.CP|#Sk*8F;XT]Gpw5p̅  4 Z)e%쓤q~kQG@euۣ:e![5z55דcRsY ]d7OCf=z,Q/k{T|ڥp?7HyeU}!ʼ}\ :L !JSvI`cG6slP?ۀ*U ["26u4qrWEuziX XCQe="+׻K*[ކq-eY1}^mijV?~d6o-s߿CGTxOK FF$6. [40se TcfbDTFu鸋/S(N _Fcj;Nkd]6QWZ6 23 u5~G A|TBx pӟzZO #(ۉy_3O >h8niժ:o0b1}ev PS/kug] g3Eڌxi%5Ǥ]Y>~)d=|Ba ~>*I0έ6hO,+.Yƀ %~a΂uIt(/}k.Z.TũJ/d+7 |[YL /直?Ke=]B4wCQW^{YքA{&)ȕEH ߼I 4#>CHg!|5Ń4;*lKM8q]OSN7gN~fw3U*T~=&<32]ƚb?4-eJLw X xÖ r.>葁ȸ@JD, ;W47[ gipE^lddn''*f\ozӀf?*Xnn^ eorksg pe/<p {ܰC4&BYy?i3KX]ݿEB6B{lo+!XN@!hޣ0~V$77lZkeEFn=hZ&c_& 5߁f ٩8W,GݵeГ}TUcn B 8 {Zm0v)p7Lp@ yXn^\#N™^؏Rk$XQO5l:64 r96Kwҡw]X79tk޺׼'iG3=*Sy7fmk/xY.wձ+N\BLw$2]:Đb`bK봳C*I"3/u -cRRcxXDI4tJ_Tk."AѣF'aXY$TEHZeެ5VvPH<5xBH=;՛nhFE"6>}w1o^oRߪi0{:X}x4_OlJTc;[jinG[:Ö0$}Z g7=a?&M̑Ϳ{Q{ 2HoE4E! zZ1 M C Ϻ [/ň,$R mGL'^"mu:&x^'/]9%SHpu˧沬7U G-to%|O ,Trvb$ZY߷(sIpD@Ul %~p(D  ~,#r"hBbKOK$/FA !;yu[۔|hU!.P/ZTR [^XGLJFp^X쑻bl<Iank9+k#_>=RP3󄂫q"µ6ﻴ]1"nbY~}Ni+/EGjo!`#Lt*-tJPk$TQ%l=9}D0mU (TdriôFD &OmOzW KpTơhqo;_Ýym\ x084}xqܢj ;s*)M!zY2PQȫ}eoGՙ*!WN>3յϬ>w`WV'ك-͗wL dX8-F%D\dKoK3z,׼W,ܢTWv42%m Bv;m_\li}K z2*"q[Pj`<ገOdab} )/ w@})/F)=@R4)Q UMi#SOSLmy) W#'kTj C:xb5?L3xy;Ҁk3Y-h(;h)ja:CVWhJce&D2\I'̏Ԑ >OUDc- 6ܵzzzvaW{7% aRO Jd u9Щ{3 Gd]-v*Y3T+x}% m޴A=,D$e-; UG2}|G7s1zt[_>,,:HOZ: -0%װ;0c,y4$\ { G|C'-._ciT%adEt'4*bk}H ;Rehɰa0-(4C诘ёmC;/s?NOG}'3ƈL$G+Ϊ[MW* i;\3bA}ccθ2׬44'Y31a'%0hz{G8s_  =,${4A[mi:)>U}< rJ}_FyX^VbAVd.ĺXK5$:"T`@8,h ,[۲g4LLi'pgWsO 7M \x$dU]f{5+owIG]jߔRJli@׼HͨXWzUsS{W^I~XN\H(Ҍ@Z咍7S[mZ\;"쾰up^+Yoz4tע"Ԅ/Y >=EN=e:3̀ ;CϊjX[ a`܂;~wRud]Q'ʋ 5 9DI6RJ0sL?:>hiٕGI$a{1lE=0umZZRVL ' hiNhJ} 't.gRy)$ODɍ?a`a_,DA;%YՔ t3mZT+}XWD2:'3OtqT QbH oTq̘\Yty Rͧ8FpݢQԚ:hcI0CmE'}dt1b-m.r(G.>T~FGG{*G61g?: j@͚t| yL$fκtCl1^a.^i _aK|Ͳb qR[q4L^*S nՉ/g"b2XrUY??NN7|17;O6';-:8-\Q|]i(Yލgx[ȧT0ar9LKŒ7`&w_fUIyE瘲Y!,Ps>(Ӿ(>OתqHDq!:2WO*|0_H[/NwI!G޾Z biHdzڽ::>b:$2XDt,Ob`޲F(Hoi$u]M*4tVdsΛy!yGcyj@Ya,ٽ8 *n׏mKA/H!7a\Z\37t=T(4l # Y"7"êj]"S5PJ%=3Qqjy&G~}\:dgѩVM2|Ie[O<&?%wSꯥ/~y9h쀀 ?-VHzJh Y]/8}7sLe͎GzMR46MR? MtL\sawvVp/y/0 FZ7J],ߎcձ;!k2sr?yW}'PRM֖YR ~wƉiL*eFnXu#w(-H/ nT:ҫZGDcj0T&F:$ik5 )G6ihA0G>um^tTRCAX(}I͟nXYߧ\-b4Bu4BWVS{4Z7V,-/݉QئlL?I6܏ x ToW]Q.PGeG#ꢰ6ᑅ7-ӻ#l)/wƮ5 $oWE8sb{2Β`G= 3U%xnCbxtcɰ@ +gč `La[}w(om uq&W=Xn)[õXuYuPz!r8x\* 2V~"`ŋcH :ߣQi2 )8oI DhG_-1p8J;Z682~z(U")p"B0(Bo׬ F^M#R,)@fX[%gPZUdPŠATmQB'XȈK@D~Q2!Iu_e1t5pwuYgki~rvrV,hT̅47w5ӎ"-a-2d h6ecF0[/̓ _:ÂޟT ee*ʖ6.a 3Xdza=p[P/vtwV)&70_G!)$s|e R>ϴ=%&zx^4snQm-C?0b.ect::VNM3fgZw5̥5aoN̍lE]e'\~`:29^>ĝpt^\Ū*GU$XՖ nWCޢtymi=~`iT =6fţ-%[72Z&YQ% x7r)BD|{.؅L IJi@k;ΗQיRZ <Ǣ,@ c&2V;Q4?Z)Xm=?\Mtڦ<#9qh qu3w;9RJNV@ىS(Q( E'JiW륡J䛲7S8Gi܉ш"e 6ctN O3f,F#^ 4gI:aIs68[2n<ӣ4>i\*.5ώ?(hy!ObCЃ]Qbmfm7*ڿagFV8ۯh! 7 9KH9oˀpY=֏F!6ҥQ_ Iuo:kH]67KYP0ijs*S\zuӳ d+&vu v YxA.IPI `CC0)dV#;5&O|)MS?v!>q=O>[~RIp5}i3oowD?vUXc^X,lg\C`MT[1O.~WDI ZP:녝];L) lc-4Z;G)%6!%.b@Rzbוߕb w"#Տ{aXȻyȠ4U 42Ơ˷"UX'$4i=#Bo୊Żcm/1DuīmMF6;K_Dt^Ś H?O:FFIeC@%FĤeMjذfx,ϷwPX-8̷#̊*k%@vc{ik{ђByӺX-]vڨ8h YxRc.TTDﲱ@d_6S'ӍszDꎽ (JnÁ}Zbf\ĹEpqZR!&lS:qr}be,]4TAkEޣWyvQ@hu֌+eN`z;,P;;Ο bή$OvD/;h}$ d (͈ fr@7f2vf\afcW aB고tC9zµ=2!7U$ɟ=sZ$29w/HG8#|M๮`P .Mlf$<pxPtsLJ%u n r>Y`dCCN{6~Z鰂 Nb,l%VL3]t4MO;~C5^k1&j6 _;g٤f/UUL4PV4vv? CYNy蘿ZgAϸ2CSsu-l,6Lf #hLs ra-n}3kTkx@SF" w1%&o[ w[n,l&hJM'8Y{`x7UTbt("z  }Rg ָ+^Dʹe]mHmbkCXa}9h8дy^fBT%.{Q[4ݦHV C`:aCמ].'t<2U|u3@ϗR{4vHRǻ =0n+T ʭ)-~ M&;ǨNp$PӝM(>g5=vy>.)rE 6, ًy{0[lvG/+DQi|)<+Xn B.\׽[6 ɖA3BD`ͨ+ uX4zQ032'+/J@^يhOZcSB.DP }L ѸZ@/aBT$Xiy,L30z[Օ`bCkJT-- H`ceѢ3q%r%4cgJp7YMG+9B:8gH|#luĮHBH;'dfs_]O)(߂i\%&zhTni&3[rF!SJ_Pson,oJB1@-q\Q`}1ivK^@x9@31!:Jk50;0J(~ !IvdB, 635- &@h~|G})09YyK}[f%T ~'ujJ ".[)ٵu/D06 yb{-Bc}qM7B*tĖz#1+u]a*]0]Qh +_SwCd ScX0I0^ۉ(Za "WZ#Gq=rL;sFy%.J;$@sh3,^Ub*M9UsNtĠ|5jT\Mlw'#jcPEP3&,q{k>)PV$c|!A:C-*WQ}tnUoDU?J1f`|#l^*,~pmV]-+r-V"7źE|~ȷeI"# "BBl/?ݣmTlS*['yIkud7H3OLN70XcE_{d@g>$9iHs&+B4b0h޵[Iq2x^ew5Q gt|#tL"B2 1꣱|KEc%9ژ! XO0LqDyTh٫:wH>2|J {yf^WPtG<:?z- ʍ^v'p;c$a ےiU#r *TlJcC kC&rD>Q>̊Nէ]{捅Di٩EH mTF I~V0]ܷN{.VJچ~0LgWLY;;jbnIZW@vWV9aF BD % Ѩ8ڔK|q@Yԟ$Gqj~ؑfUlʫ,`i}v+(,LUd <9wF%i([}%{[b+ b4i )qQ]Is#¥"ZmylQo?D!FaQsa2jMaomtlgRp0g lBP; "izgoWyXU]8LGpepް&{@<4 (x9<(Di([Չ8]6@e85P(<8Cy*V̆Db$U A!zkRi{Id/!Hef˄kf47zU~3  `u>{'B{c%\#e•b~Lj7f[ 4E0<9d<,s Pop(Ҟ%\Q3|JsomwyM1 NnQy7ܶEj,"كd=ųQ ʳt!:q.o 2-Gp:_Jvta-)7{\>z,3f]~oܢ4gX<)) u!m9%<:3vdPm>ʎ_IJҫd|{6фQkĀ "aY#e6u4 RTxp sbg\H uכt!o>_+s: QdfGS̯=_(}2?"\}AkXoN!Ot3AM.r]R ۥGf$enl15QgDZӌh#u g04#9eɮ@8s8zf5l6ҹx|giFi dz幬69ׂ>ﳧu`44&si)9Gk]\txtOҧä3TU@ɟlpD;7fI q!L%=geLb7HiTCxXK!9pzP 8+A>OV*K`Z Զ#Ռ`?XK g6RF1$1ѭa:~dse.~xRTzj[,D1"D-0f-h(N,SGVR?EUPC|2)3g {3  3Q#P-Îe?"0H*ERS*&6bpjkcժ !6UH%;^y6pv閸?\}[2LICt9V3S.-0{p D[U 1('GLT.*skA1@USkuU9<ès/*F􆔰 b[>(ԙ!d}0)nyg+ܜl2\׆xkg*}Is y$7lq;.(YOsmA}"_Fk0̰UI_q[DB|>Kr/,5~H,OkXyQql]o]0sԃL\l2~E ÿBQEfdb^߂TaNݡAgd {ԡ>?21k D/0 O- P<-$>EZqsCژlI{|fv^țA#HvvvL/p`ty?r 5`Lm/5u΃b&$Z6*V9@?{"d_ )n D Ws)nXӭ'IűNir(]]{JbQ:ƲRHFI*1E>UOzMHm^(`͌uӦMyaIN.+I9?Ч)%T86N\"[)YhN]t V;snG9{SvBCc5EXuHiҢiIP6&םd;+x{)[E KU#Kk7' [XL\H#R@b1M:9β$O!}͒192fE~3ơ745k!D鐜U(³] {gJ O) 2$@#]|\4ۅ]ip7oȿ5G&hUt(`i=%+GNoDo_.W[ͺ+XM/ʮd`)ey#к.M?h9ZZxso PnX'xCJ͉;c=E(4bU. :jj*yuf^&?a'[%itj[- ܥL<# Ƥr'ߓL .r 2a%m i( <ö.oΏZ~cU,\2﨟,i tx<ZĥWWnPiT_{r!1(ktOCVv[CuaC+=iYdm;FAVI_X ,7:+ifk W$1bMH" )2p/]e^ܣln# 1YC $Pn 0^2Y7?Wxw=ڜ (B]}v˄]ŚLjO#Q-4Q35>e },DZBE̮tLr-G&Ml0.Z hμeuT;gv#ЋBmq}3ԕA˸R&;x*$!*crJ"3F l2|oZ ^ϫ\7 5.U旆﷧c -bͿ}`6r|S_AyPplG$JaЅT^X96xNso<|̴1Un_bBFPRgMH\AwExdjԳ uxQ‰*Mc%(=E+3'͏ɼ@ٍt,ΆvpB4W:[(Nx) 1,n#ǐDˉO+`&Lv *5 `Ar;6a_Q_饔2#rM|H54 +w_ID)_KcXɻ22b\9!J6V/L-oNo?62/Ǒᭋ-Ϲp.R%Jv=;W,SBln=H cPœaXS-GsP"%3:ڌ+l(R >:̀On33n%l2L%QsLsW?"4Ĕ>#Ƌzg|2a]fĦMMܧHbM^߄.UR2hOF*|s'/M(8@CnHQ#8fv.<+Lg{qK|c._X`48i&9jȤ-tbz5 gVՄ D/T8aU6۟ڦ6sŤe;Co DL&_ 5Gm׮^!X(@?D, cٟS҈ e&k#rjk@iǖy.ʥ `!7G}0Q(Cȯ0 ͝aXo -h&H7S9$އǛc`jԎ 9j.We^J7,y7Bjou8$,og d91s¦yf[,Oנ O/j?l:5m#2ㅇ\>׵N@0진o c(r& _8djWYn]uSKe[eK&bŘ$׿1;3D5%klg<4;H 3G4[9תZaϣTϪĞ@Ӓ&;2?!lOOE'C>H u-TX[IqC]HiFSʿjȫh/D.w 'Q)k{sp.ϟ{vq,6V /Y&nz/KWI꤫)~!_'qՒuyI1) Wqށ֛_>/0zt$W ]IXTDsk鑒b 4]ծa/d%P*qb!C>/}AWM Çjm:~| <ΣgrV`k;JhLx<.3:WJ)QzpFFy_qEsvͭj vyFOSGm58+*VU:?&3өMW.Q2֡l$|7g(?Nv|hosSK_몥{#,$ʼ%Y쩐IlTZ,c]W5v,\՝u!qô缱R͜^!0Z5>zI핪,-wEQ;6m ?XI^WfX?R=(V՝E;%~_^Tא>JBs(g< ě =$:#"3 g+ֻNS+|}lɀ/׀l >H5)6 jrL$P?Ă#O׎?aȌ 1̒oU\nt?u8! ypD'#+&QsBC5H.}c$&ʘ.͚]eQ{kHʄSx% 4"|'8 [#g.Q#T@A:Cv;f`̀Ũ=cL&"F+90 '|QE9$uT)YQܘ4ѥ)cv ?[`ϊ/r=u"VLW7MjĈ͚+ivX:wif(ش9Q~.f%^ .|Z tӊ= f/o|9W`VS>"ʣ楍3 qPvTH-@N¡\gsꐡ6_*򰌟+xIBcC?P>?*6mevEB;Z_ [|s+/6U_==1D(trMG#fJa+īy,Bz-*`aXv?] UJF+ iKxplN OHu[[$;}X6<2ȡ3HleY\3 ]3ڕ 7a W̝:Ib_ }0/xL}f\,^AruNrQNp5Ȓ'f84!Ѱ'~Wu.|1Kx Ĩݪ+"$i*c@lfL2P˕)S{D͈ͨ ^Zc69@.kbCݮzk, ~ d8`5 0â^&ҰU~"H"FLYnAs=)QB7&5Kأ@NXd E\nI ,'#2x\(yzrXo!G7"~*}z|MkDjyбz/ڏ?r,JQh=oX'5q?}:?Y|LSZ$ڌLTo22*?Aa*{~\ |(lU-:]a^$b g}QmVh97i5"0w+llxlPC ̀>k_!,S W](N#:HߙSi>Ip]d1[ SK6BpoZps^Ay1'@ (ٞPJI2T)+qvx0(1.B67Si; J5ԆO؞yj` tbBȎ9,} QTJ۠^B}N- 8{Z46B=%Iyhs,kBβ8ݺQ<]}:U\8|yR-.hK:6b}'Ly:D) ִSLՈ ܱ&%e@G:L ;$D [UoDIpMbeSSQs% W_95h4XËa+o.V?TPs{Ė9V`|4CbTL+2zZCZQQ%zWeqgpu*)E)8>V o RhnXѯ-\GTUF'UAg<Sȳιt9}74ZW C=ܛgj,>ݟbu:cA෣7M [g|Y o1 RUOcSfPo{l1)ݝE]_5ш~@mSyVb". 4P0݂W6DνlN 5pc]!5?iXI oIz%ᵛ?\D>/UƄy<"a)B^G[\DPQm ]';{le0^v"V>W"S RVIlѓn 4@VT1ʿ4KL֝zpt+8 :6`= H޿#3f{ ĸf\Їk]۝YFI8L[89}R^\}[sP y|O[. spe*mG횖qPf;[TG(:^B{i1ޝM; J ]2\%wP(0>s}=du J5@&|Z2F!qDݖy:i7_r3%S< "wVjU[7W~ʱѰL;DXʋ@Cs-[ي}>t$W&8J 1Xz Ԥk:xP]&me;>&RI9.Okfx_eC?|C*A\|^FC۔HEݔ ;m$Uef$jHOX/ LѻB%8>qK|5~y ۵ >o^}R[ꤸZH60ʩ_b É`NLȠAe ;6xc݊[?/nyI^<Š+$k2 % Wr﫴>v(ZY# >SuFfe+;2`UYRŤp,vgRAѾ<%'~΃El@Frq29](*XS-֠?Q';<َQ%yV` FO>kmp[C{I ٗ6=(x#O_-偾]Dn&f)3j)rsBaiS0aIe/8e6'Bf!NYV.,·qwи6Ó^ʭ&oi礁F+WL5WcfqQt7\ugnŧN@> ?ɣ՛u^SPh {HlnE׾1~ΐ=1X`})AR $ y'{4G% + .cs\'c/PTD%Q͎s;ؐuq+Egͼ]dܠJǐ^ ߑe:B]7=Y枭(D ] L=R}Uwq8DcJ[#[Ie4`IFlsJe3~H_U0/k'!FP]*n8J@@!K >=]ȈAJL%Ggok-ďj2@;2Rn\|5D3*Si7ew+aOe mpBۊۓ?m_dIa!L)l^ñMG4ؖۏ+bUH? Hs'3n]e[dﳅ Eswv? `5 #Še"J? d:][5/ T.9MHKy'MDӃoȓSB: 2?rX/Q;>}8);@z+}'BtwY$̉\+2q! wU\7=OܴwDZɃi/(7lw~`:h"ģF #!|KȿT%hF/r;5-)- l \+U:Q0{#dV{8wq 1P`,őHz4kq{ O1qk}+)4ߢdO qlza"HĈ&?@cl˨̝R9\(6! πB*l&_jz\Hv;cvi;_%ix?VemD}za)sd}iPrĶ~osm#l(ƠMp]rDp]76_I Y}B5HP&/:vŸ=쑘"p)G5mƈ;vMxnkO:Vaܛ{cVMEOꛋ8䷍I'4|Mg\ 50,F4fu+PPT?(ǬhjEFZ(ec,o As^* jŎFjx RBBT5)#QS\W),Ѓ|@Hs[͖q:,#㊖ܮSCʲ),PM InVKf尳KE!ER8&ѠǮ|"`T 55)jb 7gЕ1l_BV~9!3@WNޮc}4r\/VZ;"v/tnĉx]@؋ ϙ֣(>/FzNu-H2Λ]qxg,/}Ql_dw+6G;`,b(R9-,J:v<?^Zi]:D}U,FT#3Bӯò0s{} όy+yԜ%$HVM?,\adS[r(M~LC_ ػ;Jh+\۠|5@p(cK43R[? Lߪф؇^.Gz꒤ i±SmA %ZG;zrR͒N$TZl3&)_"\b/dBڃIIP9|^0\!c T2Qyژd Nԇ[LRuo &Ղ5bS~%Ii]URӄ$9M>q?oݩ`KJqj'uޅ7 2@U&gG Z/,K|t` 'A-ʮ1W" R«Vф2HeM,3)m#-Ms6=m w-%8їi%^MI{ Z@(_k .堳}O"6֐񲋟^-lxod~&XlQGp H Bxy}N~a>a# t'ߟ_ԏ)%OI>Ը aDKr2.h6/O}qIW>cwd2OiMٻrk!ܙ\Bڣ&If.6iXYC?CGT-k/7)I-Ԏ]Y5PN{̈׌ŒFXa&Q9DT"Pe;q37,nhE q<_, G^(hPm ֮w#E\qmfPbM&u7)*'`xQ*R^W1^`u$k]vFopyw!/buA/1>~FV?3i.MV22K7znF#ٚyrN:kr@UZ d~+FO}Y]0S/H'iUSE==F6Ӓ'_gi!uarO~FwS1'I+p0f/ _,f}Q>cJujriF8A޲gK(7L %P:3(m?kNQXa=Ʊ%,X;4tݯJDz SN1t w@li>T+VfW?[T9[UdĪSs&[Op[ܐEx$\zD.-)g &ũFIw8.1YߌbGh~%p}4.Zxh =JF:MtMyU`_GN/vc_셸.r#1 wfΥ RJrykq B6GJ^B[\Z{] ~{uVi1\]Qsl ّgoaसKoptDVy\Խ=߿b hytXE7`F)( B\[R50+oɲjؗ q?w8HG6RwLm Z\iTnʴ,a&hB}W3ɨ 1hti#}J`O`gIl9K!jPG h7!VR!A</2<Ü~Ky/G$V? `_XOa!E WrO Wk6֌fIJ}K$ UѺzͿ71RK Xys4 JM둝/KtQGNl\J_6 N"Wn7$ׯn/Ј8g"듵cSĺ&|Y :9 {| ֫`*_<Ō۱P)!l)SPj>7 A;<ɿPC{!{1|0" L$1~nρҁG z/bhޜУ| /9pi`:Tm 놛n14ZޓOj^ JUAT1+$.ą_<>x#^833|0E L ,IUʖzH4nMaNJж[d+pW Pt&)fDTJ[=oby69"s%Mo%~ h܀ #Ҭ 즪 kZ iӪ 6IN|HY'z{,Op赌.U5ʝ?j_Nr c!$Rd*_8+:OLAO]9pkv? kdsAhz*@b%]\I&?,Fn``8l͎Cy4ATZ Qμ ՐV&YŞ Gnwlx!؈:(!M *mEMl*enƵg]Xj8.5Z1٠ZYLFG2$R඾ʚ#p5 trPVIXƕ%q@d<,:[#.(|ɬ!4 }DCE:]r`)rjx5G5VF C8baQ01  Dt5TM;t[=FTjr^#WΗ޷ Zp߹FBbA+Bʧu K鏱&9qUiC:68o I~lʄ= kNf猠48sF.cPL21O$8Ggc`_PC;$Roq΃(q'-9?/h3^7~[bF,M]R,?Q2 Is}ӤZ_О" xslo52rn 5a4Tٱh~Sv]~ksyylT5<ħ]Ԥ#; 3 hz['gL0o-F-=<,b<$F?o.Sd? +'sE,j7pGo%lC!;cJ19vƾsKu$mOh?82>z/e&gH~AK.vT/G"ݐSo/w(SSpTl$-J]G1(c`0a}Z]w:!jEWu \xkK]ܵ2mDZ&,U_)wةw_uyt'հI嶿ʌ;vy;%! 31VH8I+@/VTri<{3P٘Bz,w+^U[OŠ!u84aL gDij__.}nôz+  SM~ߥ(sxǽ6z l@7X>-,>JfF\ \kJd6۰ڦ§&.XuJD$|S[תC8^jK8"tsCfnibC}װ}}7AwT\1hU6SbNOmn)xænkRbޠ5:ϯ,A:|ZGC,ioz{:WWr[Q Jjː\UO'.>Fe©SlZ7mL|nE J?0Ml1q$:qZ/>ly t~ya-|"c1ѻm@^kH2W4ʭ3zǟ6E![0kʉMI[owmGxi;^g}Z}vȟM×s%g~5ǂv6MJWTZuae i {E> |X)0IsyYV\Ͻs 3u6>EE  %02КE]0!ugPw"G" uU"OGQAؿ!%K,u+s+b w%;=y>,5U*ڴG"'v CZ-m5ȫ/퍶G_'JLjg7*,ToJCROT:66G?c8$ !VZ1-ͻ&1\/pǐ[UVHvQk{ɰqB&mܞՠ0_u%b Xjր١\)7q(3t=B3+#3D+_Ԏ=v DiiW3߇1gʐfh%yt'ӤAjfqS^0U%g3gU Wf&莂SRݖT^6BH#Μ RZILL.ј~I1y@8d,2E:3,`({l=}Nw`Y")hwM|\qfX.0QG)& 0+hjnY^  İ[6޹Pg^1{ m3,)pO3Q/:yo3SW4c@Akj"Ig" ߳ ̑D݋?ÀǗEuęSW N=옸%Von0",Ώ#4X8Z7d*a[pUx'>B0_C< U2R Zov'׃KHJ "" omY3[sw8e*Y\7:&{1@ݺGɉ {<0mkJ1J֦Oei 8v<pLk{\iȤSfRA.a돟*_u;︸?y5 ,Toqj}e/ߧN夅uډC>856ŋ0G4~|뿭o${d~p)Ud]`YCVJ[yD3y^]Y#.qW8gQEG/U>k~+XR2E`` hu ?è1Gm 0 M-~ݞ;)~dQ]TlCFBݔe|ɬěV|Ot1l9^˱PR Ο+;Bٙx_pJW=N-?:yNA0 C$p;~.'7J)r#o#g\T/nk X߾༂BC% kc%nt-#FA @qr©M>ǥZNvPy-K@7Jm9ŝZ''7 )PfSn`%a;ˈ~F$!-Dj>ԽزE%CʰUEgiYJo "3p{0h[4wEաɌL}&a84ImMrJw7"P1_F i6_~ uӢJQ5v1C1z3N߷G,SGQ>[akqy`Gv ;M(Dbs2_t ZQj%H;~^qSR$0`sd c 3&덋ohxRS>C3 $ >iy;Ѭip|Jdsa&A)U7p5S{oeK@ ?8@Sδ L]wDiQk 9m\_ dLߥII < s,2@M3d= keW }ćcHyj(G3޼59pTƃ +4yr!ܡ(:peTso~dzzMN knHNA:'kAEFCOt\@oyf#w[wUC'lE%qiKZ[6Ua4K%PRR4ww|+O7tI޶Ą;}-'Dc>"oՒ-EuKv@/陋;N˺f82!6E40&;,N俲ȔT?'I,6R cS(upּ&\&E@p>(ER4.n!* ~ 9?lXV>.ER0ն4{tPlo&<kwATkV4 q){Z֌Sz$P}K"U$UOFGVEMم)]+Pz?cPQr5ͳF(Oü3XI4`nw/{!b3~0-A^i~aõ(3Y:<* ߱;(@&g`Р:QxnW)t'3R!X5qtSu^='Gz*;rWiaef:v<۪EkܑA+ @!j+ZBkbs5#71_/1o? ^[Ze9Y),qE`Qةz޴GdҵI1ȉ ゾ Ɓz *7KRT3Ƞs,`J9* >/ٳaf ub3v"e±[ӏ e! _ oV ~ۡ36tt„W &[3 Lcn) H0s=G-op\87ksrPs*$wLm}J5=2][_\dٮHhNQdɶチɡ?>t#s穽c?znzHmN4N|(;e}5S˼Ze?Yja4>dq">Bf-2ŧ3 1 _6LĔnq f]`"LA$A -?~jC9 XB 粰EW%X ô`q2 mA5 82Di~s'(b>0VlW }8Mφ!Ҕ^x/Bd\t"o' (iC[BMZ24=}Zz EBՆtK?A@:&gvey ^/*݉=UuDOqO P]%åfQp~){<&$Fu:3‘-YTϠunNS7Avy"Ds #a)6sLc^ CIӮ/^Yp=8[S;ԛu>o* iT%p.tl;Cl-rfXٸ)1i ,hU{R68{<3ݷMd[ n;b9Dc 8۔܁_nF#+s]3$Ĩ*Us[2b)H &EL[3ƥ.=5*UWLuUm?\i8C/ NGFZq8QrV, mLj* :gr]osoiˣpS mZ?UDCV?ڟTf|&!gCl7kœՊt[@E?42U/T~ngG R0S~R Y9#C!܌]m(S0axzX (J{"أ/o܏U*7LY[!#c\%r 0 XF5"n皙O,1r ~nBlW+'m>Xi}^]˫޵ꦬ`}"1~M׬f= jdB.[!rgUuvrv'GBEO uQI 71ޱ4n)q[K+kߥ50%Sy-7F%)cZz`xlC\cW4+D7}z5S*z-UCT+,*uk{.Q{V."x(1^zp5ifJJ N;L{o/_`x _2Y}H:zi|}D3Qwe~L_!lbetU%_dٓSi%zkfhH3`'K &ޗ1xj]+8!TɌŹsp[U3y$FPg ŌbrTqFa)S^ z5˞9,P1s K%#yNQfEL f˺t Vԛ@0J&uWɴN8zU` DdIR@Gaݦ|ow5_-xKs9V!HhxqA_P l{_:>4''/ ;3jɎV@ܴ?ڒ8jXTBihR_ LOq"G-<Md}MBy[cɖdi͜P!~QńZ&;7j΀360ƴ_JЧ.~Fafu (]}yl59MQ8 r|(Maps( "-hpŁˁ"u&.')qsO_.;0Vɍ1qq::>B *j3EVa^Oh.+dռ(|dx UCvHP'*Gf8Wm @oKOYbSE3JY*b8g%ʹ'U~G>t~ ŷ;99&ycS˄ {׿\f2]j02qꐹj5-̸7 2}J5_uFצո*հH,]J2ӪZ gLJW^o9'52]C@*t[Oɟ5>˗v) 1zO1$&Ʈ< ˸"5=ocmaNfLŪr]e#j&NXa?7lp_IrnvBn/T. ]=ܖ3|Gby!}UtJ-5 :'Xen)/lbFDf l<Ї~8%hܗ@oPx˝Rey! 4*+GKpRQ2t,Tq3h&x k0nZЬ 2=FGKɘr r.?ܟmTIђ3HʠK5p.\hlkq| *P|Dg%iB4墦 @zXR>*.A| DbQ-3sWuVe8F?L[idjΕL ل$oR\㏠ϿYDeӡ4P;^0w(&}$#TlqV ҵWJƕ%`)̳,&=hۨǀ/40?epa?_d pgR(VeB~n'x549> xNwZ{25T7W|aMjLi/N3q}16 w%Oh㿄Pi|*Ɗe%4Wڎ,D!A $;G c[qq߹ A^hLxym2B|ݸ mJć2ՠ`v,8HOYhc QTթ;CwA x !uS=M~rn/>I"cJyG _xolυ x)Sׂvwtwb#zؙs +%i\-fc8VIdoZqQH×B[ӗm~r-}fK%-iOHMqM.ErՊ%rJtw@ |*M]Ϙ1bCeve+@vJ7W : '0D'Gc}SKƞk#G"]=3͵l5{4 .R+M42/cy\GRׅ@4ݱ &hDC;/-(w7:Q囵a6(@g71XT7 S\&)­MARu[]*:Rhmn[xǚRDX\x7;YA!X'nMwg' .%}iGyr xP`MXͣ;YNɄݛGIhwoc|-f7&dQr̃Ԝi_w6=5A@/ o.b<-N.w99V!="cc̲+í- |>ؑoyf$> UjBi^KŶIyW9*Tߏh_6Z|'kPur`f*ďRU3:bq+9+$Wf^|69qELZUJغ'Mѱ}E_V5#U$vVfIFK]j˜x7diS-P,U%Yl ô+W}Cuڃϴu2ü )ءoܪ/O"+ 0g5Tew4< Maj# J_ bO|CY8ӝQL  ]&B9ԏ|2gC(f;H}ˢżk2ޘ9n6PVmA^gQ&CG/hCO;&+Jugϼ h;쏄0R߄oblĄ+?DN!\kӂ*ùUFmؠ]ea-ڸ>.@Z|Kr?.x]^@Ukc`WĴ51P>)|DrxAH[yxa2SQZ\4Kw%=%#DR: ZPy!2S4Ξ: .I7r_s_Z '&@hsg%HgKh̍;'BfvL&C]=$"SEYuh(JB:&lHr]]ea@6*3?=U"_Qi'3gU/S7f26>BE+PYq{B߲02"E^j٪U>b]|}FIs1h@_H9lUV#{ 'bDm&z?if, c.;V Рe@NJ={I:L):txXv[| `z({lQ4s$293+'?<}O{.Q6d<)9W}5Oʙscy\5c{0&J[ϑM%F?X=8;"p[n. g{ni`,Bep^ϸJ+>tz@띯֍mzpkުvoeCERy3!-L?u 6FiVRgЬugXwV#f^x$V'NJn\#os_D.:i_+9|[[T[!f񧪀j\ͳNa7EKf$޿$ E a(Mg_Ew2kEaBZS_Y-z[Rv_Eq->Xpݢ'I 68%OYGVDuK8 '[f.Ih+߶.J[D B#~@05^KwfC++P۵2=t>h!XNڔ/br]LZ72N*degt]aF$/KL|0Ir;?H[nuJzUaI#TȔυᬒw]%uMlM7^~Ɯ9k493aή$:5ĀvW|y]1( M&#EȁĢ{ȹԕ*o: AL/iq~+M /s%S!$?,38 5&푬$|'ڋ3rt}T|oM̖frYg/^CFϑY5DY?e[΢D#4Mu$,@eq*IH/k1+f5  Cb:'9l ='m8&ED&=` n)Ɲ6 |ש#G᧯uޜFE$Ǵe_3 [qvn_Di Hk*1m?)eHxBdX')VdRۋPkѭX6:]$vy[>t~1NL/I-ԴRE[;k%'D uJ0Xg)VsȀhn9Yav# ù SCzxT:|Г3*eͤZk /|sՈ_l_2|g0J㶭b@y@2#n _^^GMEU~8q(7ׯ8a+ xE>/؄9Ӊ696x3o  a̠Gu}WjXwUcέ;=l1ϥkǗ*)?mr{7Y&,Cx39n]@sw!.!I=(Wk[Åu*+<c@d֦zɣ.ݞ`18glFev>O(C5]e f z vZ;2hL3-@%1N'%mSDO %3?Ö1Vhھ49kLEx.HMArX" I_cc0@&Rڥ9?! lV_?,e}/ 6RoV(,ra4Hq_nbESfֵ ijh,V~;E®|E+qy䷟W*lUi/!g=I$7Uj'Ye5k匳.?G\h!l8c(w*&D"A?P JR"(>Xj/%R?slT< \ݐJx$vuu$C8m;OK7"nyik Oc]rE֌[d_@Y""~'B7&9Tk?J!T7jnVAv&S5VnɳP\bMh"®)x6#R;{ඪ#a]ë }$ӗ+pfC/`\^X/(.&/@Z^7 hNp$H}ƌ>Ï ZF~Ǿ,Vf[%r9U 'M^_L'MY|EEh^Co MLdwLOJG r/lN ׏ǡ825FIOV]t8F"i̱i ffl)!E^!S>@5LUb/Ue ʉL1:KP!6lPy~W. 3a%IzϿCg`O0o~9$U]tU -*΂15,dٌ%-\vSjUIIRl|pb 8@]]xU~Le8"࿂ecK؛}>k!ر܇NN!jNE2?'?fL3 y0D3V(=dFЎ%ζC&%\G[ub4~Yʻ8qRw-}9W`Qu4vrEt.0~& b4Rv`fZr97?6Yժ$e_ޫ1 Xtp7 ;(hE梇&{oWy&^eS$+:"@,dk-P-Kdr֌2fV Kp >\ՃZ^{Aa<';G=?b!(/<Ȫ_Z)nW^k]uR`'$$iperj66оd@,዗SM*;"ls"(!ǹJ蒪=N3LjTN )JhX_\ .U՜v^=l^ ~ 3kn5Ծ7[yg\Iփ7?ڋ$n5Cbnku> SA%lnASԯljJcAiaE#itLsoJ9] _c3Dg3- ܖw!_QrkJ-I,PłrY~mPGPS-+=\ Ob5m,ѹf]ZvP\RUْϞ2m/%Xyy/-: Ӌ?0?tb`]N6۴ ۍA`_>\ QTTശǡ\=sH/S }ͤso_c87T%)ه kicM 쮉M̖.ko4bL7)^QJ?=46 KiLh[)'%zTlή#jf蜾f7mV߆߲EGe0~w '\x: I@ö!eT vrvM5:yY <|v#-1|} q<)*GwbFcQo 4Y`j9-6]*P0'Vg򙇠YSgõ9`0}#0ye1K ,X3J}p(!-^кuȴC SQQ}gx1a xwS p4Q3`hQ@4j!ܙ`#t98]3o\ ϷN9jP WɸJ}x"T|3 WwQnsvو% Gܻ[SnR0|ao@._ az ⅂ٯ-$`N .[ s(|K,-Т Vk:ax/mגcd& 3GBw LH):(blΝK۴folE>Fu&0JUJXwr˄?sZ%,7'oɎ##"ivܶSLkԈ͟5#ٙ0..9bKy5}(`fƒ^ ۗ@  \wV1gmeV?G'5Z(T-ILΣ8t#*nVUrWu51F2,(hx }˹Z)7V[fi֔ȮFN0[dLDS*g9[>1|V42^'` wH:2 62ާs5?}d75ȀVO6ysr?\\ZPOiBLi_ ~m2ji|2Htu 1:T~BE5KPB^+&fyO Et #8`0߂@=N ( [ ImiX]ދ9SeSJă](9Fj-KD8:Z{m3]EQPdߢ 6=׺R;ot@Z6-^.2i4RwO{^G^C'Th۳x; Sp OH6R\Ocğ_7Y_&;|[]+cЪ?XouHnTu>507XC"{`cKoM|b=p+X8yΊc{uWnX+dd VuVɍjom->.^AcBBݖȘ-Zyt0'zE~&^N|ۗ: UtGB%IB_oY 蔙t)a*Q\,mqBt%Q`-z/RǷ`+Ϗ?' OeǙag-e ?Ԥ5_y,Kh1JT Ђ _J?5SF̻ zI'=z2%yKP*q kgerVi ,XOƦ[.-hH6x[RW1:=#1Ny|fpDѠg0lLڀi KLd㞔!T`AJBX$p8`fszA0a#52g"z oL֋monVt-&[G+ U@>R4s3(A#ͅ_~yu#8S x֓'O/m㫯6ؾH9~ !fR#pAk!{Q8WhLKfTC$!i=? 绵QL4ݫ~X/j! TڡY.U8A8$3É!uUđn8R C;ߥ{w^eP5.p@.\MS-JQW%&\tUڹbCkV 2(ЙQ{kK;.\_bxG%JZt[Vh=.H)QOiO~ze6M)1d5,̫E^Se}K 8NON*ONoLr65j궕_ndؠAjF6-D8ӿQGIt7Nr); OI ̄㹟 i+z2wZIY D`ݼKT`vh`g ClAԩXmQHnc_~Ʌ*p_Xw0=ip#Uy8||`_%d9kß^. n/l)6{~y~.©@i*iij"7F_V4+!e#ᡇR!i3Qھ\ct ?;)LGfFhJq9iS).vQwk*S3'nppHkL"(aSvxD^8iww18c 7ŝ:RfE>"W`;"7!v# ֮* IU[s GjM`.)/Q6: wd2OTutx5LT'&5BM. Web\"1[Ejp>Y;٨ EmkV)zwEI[?!/ fU'UMA]Q֓El |- ͸t۲4s,ZRO?:>l"z;OS ) K<'kA @c~v1 97 6P"&ɡv+~34|^/1FU,`xK_|I^;0𪚼67T1| 2>pe1O>azu@&B_T2^X>“܉$`hZZ=eu\M"x%_h,0}yHZ#H[la{'M[` 7Rh Y6M@8C7~W42@lY6r}m_%g'#7c(싢% ;$1vPi`&birt_dLP\~.vm"CP8L^#IF&R::(;ܽö[$M}ӷHsx· c4-+Jr;"3PϏz2n)GInWஸ_#k1402/$ea`b3U4@h7TyS4YYݸD|+)sCdŲ%Wy?cХ0IQ^F;m Cɿ",Q])Ik9O5G!S"'iD;n4{!̾>A|Jfi97(R>xm) [p2 n6; 'fGwk> 4$-=XbYJ4yЪSerb%:%EM(5W&N7pR,>^}Ejw| }NʭS̱j 6 n7|CTxB|FN%?vŰ!]Uφe~S=9_o;Tg+/-Z"^\is7uvw +䵞e<]dyrQWN݇PE˛;]Z|5O߂n#˛/;66.Nb30yUp($V`ZSFG n˴w;^t=)2:@bޢt5CF66L.?S@fxQ=P2xT|]:id| sP d.ypS]HOq{QNLRk2"P9stA9ztX evų7` ̲M2Eb &tW#J* ۜ;`Xnnv=v3yɚ= j#sѧ>!@32x."˔W-5w;9](l!3Kr_QL[r2 DNA0T/<% r7>4Y5kEFL5~? _UjoSs3Yk-"h OSJTuP tj[-p (S3F6J j/Hc 1ZnDA>ѷjDeQ4q(Xh 1 J,hᓼk*P17L9.8./cJ( N+PTQ@7#@tRA{5s'pkw3Z< v Q.ퟝ;@ 2p[8O\gcYUP_`",鱥KY*L `;8묯 H4k=#Y A4J06)UE1VBIzlv\ ȮV o|3Dr qh{O7g!T g=;#skJ}a4C/!5. :}Z^BEh~Y@v6nQJN>B]%yܻdzW5m-Qg%/\ -D4S1ByLOF`I,O$@Sa]h@Ȟ,R!2tWV59ql֒Ni/a1Fn]cgx0])&u8{=?.G,9Odn0N5](%9h38\qx`:tJu#aEscb*j;hۻH,AwM}cr@cy)jNjYS񵧔SuL z~#rp/T7E"TMP{&ך{:}P:oW !c~Ѕ&οWx!GӭADً $w8I_io"]*,2\,.si/P[{̫+Wݘê00Dd}?Ⱔ;*N=E1ɢBpq{Z4̗fW!k^EU!]vF!{TPG|l>]Wbh?-[:=7AׅAغo:- m;Y=B$v(ArnfOTYɠ)Lh;+0쯢,i0x^ iڃ%BJr"R; ;Ff|ͯLhһϛJ}a7Fkap")(eor1:FJ;hG:l+MQvnÙIBhrQU.M-W7* ~ Ihu)i_g0W\ʕHZ$@%) ao˞ꌣew r|!["K`xK &i(xEV&ՇW A#HR5+YzZ[Iڨ.j`x@) nRu\O o&'# E82}~@aP4[dT='I^5.z0oךN>P:(jY]"bJrzM[itLHҥJ3p3JP@f&|8~NƊdF~QER|Ps1a=lO=:KwkOA5$I_D_}p~gQ{8 BΊ6w]}DgW<'oK*՟J̉-._ |ZyK ƁׯA :?+nSW(p<|dAeRwUK@@*Ѷf1L!+:ՐPySwTgHOx배S>&(\bADN.s@KZQW0& {Q}gv -'HjAv<9Wd;-Go͆\a$޴OxЕxokBweE}tԶF?#!s-R9]Vfqa}[/2ձqAzFH C 8]:av^lӛ[|x0&,Th[L{ͮZ6ѤebOӀ jB񸕗ܚ|506in# %f>/8J+ƳPA8Vl s߳/DZ~ پV=/.ʺ}3w|~Mq%Xf'S PTC.|rRr>;lzzc~C AVeKުp'c5RDX2˷LB@@!!TV> y eC: Q;ޡXw[cXG|M"E10E6%[-CY/C#{۪;oОV J}Vܤ͋sV>)x=A}Łs pn X% PAC]9|s=Ő/}thUA#K)KK˼n<$?Aj_!G`pf=qsEiv>6J x'ZmAvͷv1a[gF2vh'xh\ZxQ "ΐ7a^a|I±P9upvJ*)f9(q$^y!ŸQ70-4OThmp4sF|:Y}pִmm؄vt.8ܶ((%:wSxݩ p}i?pBdɃk)_y?leU<5G?X*靧zޟ]mm5!yB+%?_dcٮU]4o,IğOȇWuEl!!Y8ʼnj#gQ520I]vs,|YǞl7$fwEY~DLb嵌]c589B ԣPd0meӛQMb/+E~J0Nt{wYvQAtQ! =W<XEg tPW-O܌f1۫,ר:c#ylB Wswx/yly_66m*.B\8]O56&<2sh[&4w0#Xʆ` LPbhXnw: \ywx֪Y>IdŵH5bH_Ke@gNn%g|ou_y]Pg;"/f }Xz9Lz*O)4i1\kZ{u@Q%Tvh0=Lu]9 =i t1Iǜjka>⁵gRLY>e. }TKY3SߐH)4[/ AO.K 3*_.(TC{TvMšm`vukF8 k`9krT+;v4 0+eA?X' (C[:HR_(=sy#Kfn!5(1B*n+ 쥋DUHEOG2U*%v=,0_0 [G/{?U1.H[SۆT77bLY#5uԅگY;w*Kwwu\jnv!ú @,+cGHɅë(2Gu0Z]:r21y@;0Rd*#.F?8K^}VbTBtZl`rZJ/1s&[_׫DOq}EO!NJ:/ aP%  <5-܊4}YQ3Wef-}SiAVl]&ıLaB`(c-x={_}6HhVTh^G[N&]&'/R  LExҷK&5Z=7B~TaҸhD8GBheXR"Iil~*&*,.4|qNѾt )r# Fna3)P'<v+4ص,a WQZ>HgsMQ[ |@{?$zczxbT9<\vѝ4Hς/\fU~[sp'C QSmEFՖe83[.!+~ !Da6i<.8xGPubIԯ7D](ۋWcW= $z* ت,X9q|SƜDH“ޮݏ+Iڙ1lT¡ͮsJHdּb ™pIm zEY:3=4`N8l~vr[壐3nph›&ףJR[1堟.@2!ε& }Hגf:@g{c]AUȅ?TB5&|ozmDy2 ([(ա_4-fDQv2`p$g(5×=@著qƙ1s5Μ5zIkr3^ OӊuwuqJQG1de}K [\ƽ`/a 휲e'sC٣ S zmP6Hג>~dR)1}QK+0X0l̘ lFۙvl# l$[`2jT3<A-k5QWUW ( wt 'Mhy+TVk}m~$d[b]}Ht|>>gn{M:3*FE)ХbJՇqy 7,\Ί:|3G^{Xa 3y>97t-X} C . ;g$^Ox8I~c| 2,P ~jrFl{ AD_e:xR[;Gg&-|U+ s 㖅2wY{CV r;AK%OD ;U7LVGK#L01>+ֆ'xevSXD}Hꨮ xm$YgRjV+^=Hgھ=H=y@`c`@T,Ěwu@򦡴/I*h'e b1qMSsŲzN# :?EE[W[-5`>yBm5(Ԣ, or^ qQj5a~8(bLelgA{9K,?Ssze2bF8n4]A[ZHѡ̃=ϛ5G)ljw %>p+iԘtbD_.=Wq3-:hIs[ꝫ&<@4_yzʐ]ߝWM\JZEH=cH]g ]x[yQH&Mfp+|jC ~Hfz??/(of$:[P1/SEVhi*H04wEX&aԩ]H & Aa=1 ҨNh,1 e@:FHsSvKz_D1~(֌ +x@CK#U?ŖQ״'@8*i,5 ̡^}`͕) D=|uĆU𞀤|¾_|\yv ax6oŻ ^6=jbARۃ">+- ꗚ> XV;*ҙZ_.$ڡ ?{|J"yqx6po!Oo8e+݁wґn]fWݝ)P_v$) te=3X$Xٛ]jtlJI`^LX$R Q#)nݺaֹ|!y Mˋ'&U?6㛔qUJPC1̦^Є_OK+GV-2, 0VXBDϊN-)XUp5+8@϶c}p&_R=G+UÂj?] mw#+EzW6 E3wV%;i>4HdfQujUQ7J@qpT$V,ޏhh$g0wv-! [:u/϶S $p.?K$@=x|LxRݐ|JA*/rPb(Q(fAeMiTmYߋ o̺8ȯUnq; '9[l>SѲ3XdJ2V  >T>"@s4Tp#sH噔 NARu]M}#B7=tL,9hQCt$"eakHtW7Ԯc%-&뫦 ^gt.!G'yW[?&0:pzrJ"/~JME(_f8dצL%-8/f>;4g2rY>U 3w~w8K%i4#fQ;ߐp?!S{ZSpk 6j& ]{ANJfx䝇7laj|ߗ]{+&HU[/Z>4|jj2ɠȟUapai<#nsͅրOF-.ĆΨO ,S=< @ j"Do/"ұec; >1hO_fPTۖ#eq]y :$Oo|،2*CtEU̓{"`$ AUϧ6K~/Ɗ BX' V4n+-wMsYOi h;5e$/xPW]Pb)(^zdpJtpw*i>X6S4X%KaIT'jD935D wpr57Û>ov_/3Gn^F>sp{+=Y>udۏNihBްOTwƭs0;(,LZuDfxkKP,8tXE~`Bҗea58o0c/{hoDf|۠_ȣCZs}/LGU[VM[4X' {e]o|9dN-$BE9"I1cAhG9\yD pal!N7XidI`s<~SsY0yxzhf2>+sv2(`CvQ&D|F4jKbi;\\ۦ?{Kħb0]44Nֳ;%Gxb_0hNy`R~(͂}4&" K0s ,I5N^J|徲伬, )ãWd̷^2}EӠ3񠉗l!=NVq_,& EU)E<eIryáJ\fa˱1m;Do~ޚ{[\ЍZD+Kus=ʘaij̩g7QfSK0q!hZZ.J$h=>yO\tڣsrtJPdPfg+T&7s0~/r&>ceoqol=='P8$G]yL'iĦsC4 hxG@x>Ahls6oCtx"n=9 { $Wf8Mpww-KܬCi]۰fbZB4>$D;}f.cKk_R)F95'ݕz6~{Ͳs2`qTQu+Sb ECs&$9G|֡+M&F&;>98]:bNX,H?h)3 \^]lUsUDf4l3/yv iN ]?$\BB~Y[i@WYE [|vwC*{l $H̯;Ui7cTd%ԭ|L'f-!nyp>]uMYstNN:ҫlC-H_8YK<~j$n1Z>r*1nicw8K$JZTf puX.Э"R" Sh ut;> |l-̥[7}D:3Ț(V?KK2yFTH7axII@y[|BmƯwq/\:WpĘB`}Fw~ß@5F&$%\ v~'ln2г+ 1U#L.5 >(ΠM{ly_3i*^.$ƕ N-,!#$O%OJNos ~_2%!m:2g:s^T5(7-SD:wsQ\/&rd3{Q<ߜ]&< kji+6r*5YQQn~Y#MJ4}De\!po>+n$/W$T#t $Nllj9E^E3_rá6';7lx@L c6_;T-~Fݢčvɏk,p+]p&M8>Ջ$ PG*i(-.GM0nai'iH 5Dq,75[cELf}* )׌Llܾ,d!Ky y0s{i2n} >< HdF ^֫|k:y&z(^$ߖᱦNQwNi̚aMÅdyR#|@Gy$Mf.`; CT,*ךZ_\W$rDfVvm mKX2ORZ5 Sa smJPOvCZr.HZ܍+6Ғl,/IV٠.}sYt%G2U-n fy/y3WYrgм\ OBju*r]m rViIi qJ\j@ )@7ih]gmJvѳβXTCn :CNΝI۠MgKYz Am\KI=1o+lC͔$v+ Sq& w'uu9=| [˨ŵ_%NAU{aA)ɷ c KNى Z% v2} b+VX<:yY1qп Ch^!3`g%Wel?`wD7~so5ܣ}kYW$fNf9{"LWUTLkE9z Y`py5ORS#?,I;d/sߓa5: /̵ {,nP_8Sn-O"l3eB"W\jF0ε7-^=ϭ$i$k!}06ɤZ9] PfE˲P\q&}P<]v1&U ߥi>xQ]*;1,{M1 ~# NzN굝W -n*P%%+Q"/s0nwwͦ3Bf:9;xk施+ޞ9/ ,\;638jt@}?}LEya:|)Ii=ߕlFr'ǰD,^<4(DoPzu0:3G]O(}PIKG2"X^kR%6ZhZE&2~fVg8^ͣ֬b0˗;䱷%2")>m3j8ijΥ0Pyor6ycGl+s'v[s$X*jL9'`#hpSNVA)x>zu ık$* UV>WsrAf{bw0F,2u&So}%mFDmАp&9<tpJ 7Q ?X}~LWF:3/Q /]mϹMXTs,KI" z}ct( GX p޺i4ڕ}bm0Xwxlhy[%w\ho2`PE]/j] ^ ݎ|"k%Lc.̤KL,ڻ<{>Fh Kל3~Gv -} DT0lx UPІWB Ĵl!iwlQ }6 ho+~㌃B(&FU䠠.`9 w{J0rz gܧ\!/hhk2V,' < 2nML_u镄 9vb`!{!'C'QUpHRcްq'϶ϭh|$YWQtIhlb_F\Sg (pN37Ĺ5'|Ɯ"nȬ~uFB"t0 w& n`t-c24J7gڒk4+6SЩM+ٍhf0^:UXٹ\7/ ~-s~a!WQCSBVզFKR!m"/x)£ yuʻā(?G;'_^K%w?賫ˆ;MvNsk%MP{ #ioƱ#ޣLLl78>iK nzYw~vT*xIRbԤuOHE ם -i#<,Y#͗I[flE&6ڠwVkI碟FCgԮ,u)lGoHml\q32 Ogʋ@2m\J=}r."V8 BJs>afʧu@!n+NX2=%^4brD2bQصOb5_s%|lM'd'>&RccܴZ“頔VBnb& ѻ~p_ҒMX?+נ)WQc-YB%΍G^$R>DȘ_RL3qt B` $.ǘ] Su؟FoD_u:~)_'*D&i3`VW v;@`OzjF%!)SLy`7unmE x? `UCfs0:c#xY]z7)YԔ/W#u^^B;MÀMeaE| 4ވ'ْ0 ‹revs̨3EZݢ! (Atx^.e 2%iI΃jh X'E덠akd]fu~3t:k# ; L{;4Q3}zZtin=dWTxDWkYL!xݧ` ՛AjhQ ޯYBdƳI;'c42ڠ̱e֧1Xn/|,C[p޽ 7d?Ȍ{WӇ? +vL*mtrx?XPpi@̀>V9m-*RrALX8A᰻6 D .RlM$]Pz:9l rSHFۅKnwCƋX4'bV-)|DՈӱוnRّ}8|%=Dʵ]fiǍh!&X`Hʼn#6*S06ѻz0Jh|8܄@W8{A]Z>Klp'O)qz E|P(T-} 'Ä40-ZцgOZվ{ݐN.y?|1Y+K+aEuo[k&h:OJw+SuT0c5TUu(etLeG<\0,!x|`s^aˠ:j%[0ƄE1Jul1"n9{*a03L%B=sV!wsnkJTRNnD؈HcBISRնT1ր:/%S³ՖTz\)}CSk4"8k4ʼnlF>r=`[] Z fjn.Qn6|:,fvnl<W ]HuˆOA/]-#-uƎV+&hUm.p+yb5X[ D_8(kB}_^7)eU\t ť-ـ4ջa gU3HbIV#jw>?EgopOA4 =~g-%k﨔!_F,(jf;YX! pT%B :V9/2n6WTaz\K3wMCĐeߵ;]foįP#Հ P<=Y|%tK LԔvA F7[-Z\8Kt>|LoKv?+LcۊUX'O0P>&3x SU9=&`)GM긟*ZxJFsHiBvQ2 2PzV+A453Vޏ)Ǫ}Ղ*pl.4bNHTnV BLz"0kW09|fΠ3A V\y%M"PDk, OKJ/C*lZ"v^cz>}Q:r1;: DNHDъWna%AV^ 4A${d' 2.2dY뤽o҈Jy0[PQ+oHVJ#-XKs3/_-=*@-2o".֊u ]Z)Y"{ L߸/cɩypvu>aIӘ$JYFI%3:jVe57_qM%d 8 "x/2zaѶiA+'zO6v(6zJ;^qh{'p{}L)nDT FX7_aRTvg[YSObQ#7B䚷PJdgK_bt h-KI-8grL{ZUYd?>6 Hҽfj} !⁴a+V&luys ]U@!Bi)_e"Sal>N6ӾМ}G )z+olBc}'~7t @ZG" OiZ4kkHa ttE‡K/?e>aY%1u2s ]_! Dtܭj*>TݵmIqN{uU.6ݺID*![7Ǩ~ 4hoj㞜;Ʉy5[S'p/e)Br)*yN9o;-ȺK{e? X1 L Ln] Ŀ(US9 _HDOEO0L9ѯv?+-~ҷkW2qLwoY(^<_/ : *BFɷyLѳ+`e||G#@X[ g'sgM]@aCɻX+9I՚Z;Z!\ cZ!j $R}Z1ZC _Q6Eh]R1?1XZEer>W>,F"};Eyٖu6r;?40)hwb:A*GaCkxtL˰\edF gN܌UUu?{|R4F5뎸NRçHODo/".{Qb!p-hVnQ^@ sԥm熱4x@~S) Z+HzߛEo? L1,l%M35R`x1f Ǝ1ޕx Q^`k(#vGUY"6ۨؾ眲s ^B&Ylp~UBf %:&8z '頫[qY+4i]7AG˧T >!#jT)ZbgНbpȡ)"@< G:v XBhfX S'KY *E.­^Ct%䁦eP]-ک-2QhĐU2홼٤ddT,OH])FdUh-[mN!A߶JsZ2Cs<+X$SūT7WhGg8'R/s& r \Lg %D5̓w)9흺L'I|j)씎NA/GWZ!Ye+Nej ^\M=qxT^mFsl;pY%C|)nS!U6>ÒWJDKD5U fV9JQH /s6W4'myU?W¿A-f8 ɢc:- ;[ >p?*j7^0lqu=r($:m0;zxS-MVACQGA4Z B}lOMoFKFdݢGQ j#m<ս65B}l4Z9 U4܃fm@_WJN"l:Kc6Jd,2@4 y ZR#g{an|PxV4\O7g7t`{V0n9JMbr[Uv璆6Э6go5HPnD//tmWg'}KGe-m4/A3Zd Y33L+P ʬwY,^w{VYQџ#gk۽LHjx_}5a^64>9Qݴn˙h[kKU]F*mDΏ_i.odGCbL*> e'Ӊ{ew+;+lt?~[dїmWއT ~55Re C7&W[޲ϋ E&R'UP6j2͢@͇6žJ=`  ZL_GX(F͓"J`ȭ/1.BGG7)hS\pveOOg`37TG}{U'NRmw1"-F420W'Mx.,/A;bP_Yj,Y TγYp=`\_lV^}VaG{4cUuNBU57Ф`OӹaH5!>ykRc{&n,J*T Ur3MIؘb3;=Jѭ MBUm9k%98nH &Wm(<&$5x:R4J@jEwt2 oT G򻼧!&iM9ԗL{ Wcw^,x Ct EݧIR37 D@=0qpve5GQtq,w/TK6]pk^vk3ZY9m{zHk2QAwm}-+ w.HQ1xpFfbxQ6Fŕ- 8WX5=-c]xih_@*j.ެ0ꩈ16*I= e_b)W>$T#>0\~?~Dq׵t-`BvB`Gpn5[‰@Ğ+Kx\0J=f`xL3 `6MSb4aQ$z?'tB x5-Y 궢!H1(UnnE>\9QH${"#V7΀z|]=;M8 69qoY (9U%0͛:~=7䟋}Ex#,ahܘI!<=|3?;76IRQ Ye [8iŔkqxvz™Y<͚5NRέJy[ouÏM{YZQWbyQv kFEǑq/V$Y3 QES>Mp|wߊY[*募5NwY,q7hNqS(Wl,XZ ryW&Yڢ{fr }k7{~47B/q1cq Ⱥ,oC;Wvii %szxLoGc@c-fi(k#T@K;>z)!-'*:3 z8#LS&V/vӶ=:L"VLt:{Xoܝ{_e-NL-e Kv{߸߹2]!O] 8T'?ͅFp#ҷrV5%n E4ZKtisT<%82c+PĿ&h{$SV&"=í_X"V*˵c<1Y{i*mrIGvw.-3]:!y˛yb;63WZOdތ0msGýf7Xmo8DGRSP/ؐ j~9-SB0 :OL@M ;Zuμ27N1E)3_<yS#:_{TeXJ콱&6q*ʬ_ʄ?4\+0v^7uE8I=\dw]2NS~bv6sRa#^?+6£flx^6q=C{WlF$y,+ M)+&R?=9^w5j ^ )} uYt_9(>lSҭfap2WT+Q>q:uS6!BzDlgzbVV@ڼ= Q게䇕,DΠQf%\b)d38E\d"dpv}F9<4*WMDe OmT ,C6,$1ФZDT¨ƍX9zI_Uur A~~}t4;4*Ll询UNqUm<[N&Ռ佘-CxEJWJSV;8k:jkI(NL3gE DUz5GyZVW:XFo@ 6Gg.Сʁr}Y2 cY7320 GV<X${ugt_љ!׏1~-@[uQ-a|l$=T;ʊ$?T(c< ֱBNY.y/g:~WɕjB(V1#ͦxj)ys_#giL11nET Xq[>QC# qHՈ]rdw0lͳn˷Zc!s?x+ P2I mݕPTo($0`]h3NFFM kXVdk Ď X5'Gg_`.:3v ?A/|qeӸ=ZfǠ}dF -~P x@.$Dźʺ5?uElyNj9w8GWOSԙdha[^?&EJ4dWb5"򰰳|2O ~߼][ʤ ]*ov!Dc|ݴͭZtA{MҗWp쭧ya wQX+뙾';m: bq?3, @ Җ_'af!<:-nߐʬ@,Lm l caK]+Z+K$JhyðG:.^a=d|P_Wސ"ˣ6Vulza!5wOZ wI`xF`wnqPst!%KjO;I`*(J.ÉuXo\z pu+0r ƯoZd>$Y|ToYӝI`J'c ">O.%#cfb,\ɓla[#uw-P`.f$pO+~;O4hIrjihra)!?ENGkYWz9%pq$"d=({60ͳ [EE_ݚW *uI(ޓbEG&IjNZZ‰?LO\ pf@E؉6Ocq,]nlO{,r~gu?&ETl},/@:#NX) ĥ"ܫG% 'LP U@ULQ2O N _߰;Q G;[qm#=WJ%R1#- CPػ&-f8rIt~Ny(!*F-Rr_ԹmIdmw(a4w?QYN{& +]`:Z"#_V_+ޢoWsV V|Z-PB !O$|nTg[j⎭T z*tSC2eح|XçE&w?_*(BMEP!rMVUZgEտY+sY; E(L4{1. ~7 uȠNBv#NC M%|[Lzu8?{䓢Z6[F!b'vM%UbbqpOC{0UԽ؂ k!}Ɣ=E3۶0zx@۔):r SⷓK{z!$P %zYg$G"ȐGӵ3>D@nU[+-gqI,snUYŀO)-n>4}bJ6&*xJAe$(0AXֳ/41)SH}$WtrtČˎJ{x{RV";$0Uih!#] ش8!?J!-lYIn)P_;xYkL B Oӗ. 2* O}[]p~}G+L&LA1Mdnl\}yo,ڻ>+ڣ/J5l!|'.KkCF w: MG4/PDz/.Q YZ