sssd-dbus-1.16.2-13.el7_6.8$> tݣJ>>? d   > *>[ahp         2  < d   ,55 5( r8 |9:wx>0?8@@GH Hp I XY\ ] ^ bdrewfzl|t u vw x, yT-Csssd-dbus1.16.213.el7_6.8The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.\!x86-02.bsys.centos.org:CentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64 if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-ifp.service >/dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-ifp.service > /dev/null 2>&1 || : systemctl stop sssd-ifp.service > /dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service >/dev/null 2>&1 || : fieKO b큤A큤\\\ \\ [\\\\4601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f1018b8062fec54f73a99b3e6621a491cfd79f1d5cf7a27860d6f3d349c32fb3127b0ec0339e668883e3732ce8d60fb064956a6403d32da35bd55a95c49920456a2631eb70e5cdc8392c97e19924dc9aca4ddcf4b38a44ada079dbfd5f3b5c8738ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903e53e5f780349d60978774c468cd4b10aa3b74d20e4123d38716a0d47065cbe01bc548bd840bbc30c26e89fc218ec222530be68507ec5343f0bb69a54b3ca15bb2c0eac69c73e2d736fe09dcc8fbf69531c0499a8fdf80f883f8e2267d38a1a53be8eeefe3a961683711c136a62074e8840c866d6b946376b9683db0bc70b6916rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.16.2-13.el7_6.8.src.rpmsssd-dbussssd-dbus(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.16.2-13.el7_6.85.2-14.11.3\@\@\@\@\@\@[@[@[@[l,[b@[a[Y[Y[H@[E@[6@[0@[,[,[d@[[Z@Z@ZmZ@Z_@Z_@Z@ZyZhu@Z3@Z2gZ.s@Z*~Z'Z!D@ZZ@Z Z @Z7ZNYZ@Y@YYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.16.2-13.8Michal Židek - 1.16.2-13.7Michal Židek - 1.16.2-13.6Michal Židek - 1.16.2-13.5Michal Židek - 1.16.2-13.4Michal Židek - 1.16.2-13.3Michal Židek - 1.16.2-13.2Michal Židek - 1.16.2-13.1Jakub Hrozek - 1.16.2-13Fabiano Fidêncio - 1.16.2-12Jakub Hrozek - 1.16.2-11Jakub Hrozek - 1.16.2-10Jakub Hrozek - 1.16.2-9Jakub Hrozek - 1.16.2-8Fabiano Fidêncio - 1.16.2-7Fabiano Fidêncio - 1.16.2-6Fabiano Fidêncio - 1.16.2-5Fabiano Fidêncio - 1.16.2-4Fabiano Fidêncio - 1.16.2-3Fabiano Fidêncio - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.0-25Fabiano Fidêncio - 1.16.0-24Fabiano Fidêncio - 1.16.0-23Fabiano Fidêncio - 1.16.0-22Jakub Hrozek - 1.16.0-21Fabiano Fidêncio - 1.16.0-20Fabiano Fidêncio - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1690759 - RHEL STIG pointing sssd Packaging issue [rhel-7.6.z] - Part 2.- Resolves: rhbz#1690759 - RHEL STIG pointing sssd Packaging issue [rhel-7.6.z]- Resolves: rhbz#1683578 - sssd_krb5_locator_plugin introduces delay in cifs.upcall krb5 calls [rhel-7.6.z]- Resolves: rhbz#1659507 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI [rhel-7.6.z]- Resolves: rhbz#1659083 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust [rhel-7.6.z]- Resolves: rhbz#1656833 - sssd_nss memory leak [rhel-7.6.z]- Resolves: Bug 1649784 - SSSD not fetching all sudo rules from AD [rhel-7.6.z]- Resolves: rhbz#1645047 - sssd only sets the SELinux login context if it differs from the default [rhel-7.6.z]- Resolves: rhbz#1593756 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: rhbz#1610667 - sssd_ssh leaks file descriptors when more than one certificate is converted into an SSH key - Resolves: rhbz#1583360 - The IPA selinux provider can return an error if SELinux is completely disabled- Resolves: rhbz#1602781 - Local users failed to login with same password- Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped- Resolves: rhbz#1522928 - sssd doesn't allow user with expired password- Resolves: rhbz#1607313 - When sssd is running as non-root user, the sudo pipe is created as sssd:sssd but then the private pipe ownership fails- Resolves: rhbz#1600822 - SSSD bails out saving desktop profiles in case an invalid profile is found- Resolves: rhbz#1582975 - The search filter for detecting POSIX attributes in global catalog is too broad and can cause a high load on the servers- Resolves: rhbz#1583725 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries - Resolves: rhbz#1416528 - sssd in cross realm trust configuration should be able to use AD KDCs from a client site defined in sssd.conf or a snippet - Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd- Resolves: rhbz#1590603 - EMBARGOED CVE-2018-10852 sssd: information leak from the sssd-sudo responder [rhel-7] - Resolves: rhbz#1450778 - Full information regarding priority of lookup of principal in keytab not in man page- Resolves: rhbz#1494690 - kdcinfo files are not created for subdomains of a directly joined AD client - Resolves: rhbz#1583343 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 - Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully - Resolves: rhbz#1509691 - Document how to change the regular expression for SSSD so that group names with an @-sign can be parsed- Related: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch- Resolves: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch - Resolves: rhbz#1523019 - Reset password with two factor authentication fails - Resolves: rhbz#1534749 - Requesting an AD user's private group and then the user itself returns an emty homedir - Resolves: rhbz#1537272 - SSH public key authentication keeps working after keys are removed from ID view - Resolves: rhbz#1537279 - Certificate is not removed from cache when it's removed from the override - Resolves: rhbz#1562025 - externalUser sudo attribute must be fully-qualified - Resolves: rhbz#1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily - Resolves: rhbz#1508530 - How should sudo behave without sudoHost attribute? - Resolves: rhbz#1546754 - The man page of sss_ssh_authorizedkeys can be enhanced to better explain how the keys are retrieved and how X.509 certificates can be used - Resolves: rhbz#1572790 - getgrgid/getpwuid fails in setups with multiple domains if the first domain uses mid_id/max_id - Resolves: rhbz#1561562 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal - Resolves: rhbz#1583251 - home dir disappear in sssd cache on the IPA master for AD users - Resolves: rhbz#1514061 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set - Resolves: rhbz#1571466 - Utilizing domain_resolution_order in sssd.conf breaks SELinux user map - Resolves: rhbz#1571526 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.- Resolves: rhbz#1547782 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process- Related: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1516266 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1503802 - Smartcard authentication fails if SSSD is offline and 'krb5_store_password_if_offline = True' - Resolves: rhbz#1385665 - Incorrect error code returned from krb5_child (updated) - Resolves: rhbz#1547234 - SSSD's GPO code ignores ad_site option - Resolves: rhbz#1459348 - extend sss-certmap man page regarding priority processing - Resolves: rhbz#1220767 - Group renaming issue when "id_provider = ldap" is set - Resolves: rhbz#1538555 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000]- Resolves: rhbz#1565774 - After updating to RHEL 7.5 failing to clear the sssd cache- Resolves: rhbz#1566782 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh cadeuk1.16.2-13.el7_6.81.16.2-13.el7_6.8 org.freedesktop.sssd.infopipe.confsssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.16.2COPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/licenses//usr/share/licenses/sssd-dbus-1.16.2//usr/share/man/ca/man5//usr/share/man/de/man5//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuXML 1.0 document, ASCII textASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=aa6af2a54325fb04ea79d2568974a8ae3c867f68, strippeddirectorytroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)-R RR(R*R,RRRRRR.R R&RRRR RR+RRRRRRR#R!R$R%R-R R'R"R)R RRRRRRRR RR2? 7zXZ !#,y]"k%{f}{&-򝍪ZqN&U ݻhf57 `u6r-G\ۈ@s9,9Rgj47tXn?6QMs/i,F{_ @/4Durzn-Հ+_oرw||UOo|{k/nS*Tth6^ wI 2cˬdy@h7č͐=c/a@/X7 o 7RD%/ m p!p$-<**y>$RAwH5r⢨# o2T3#J+:2TW!L.f?نn3 T6{40Lyedfwa~QD[AN 2f[V֕Rqب. ;ލ 1Ǡ(7$QIenLЎY=}J;}^iΚKu'-WvQR|6'1p .~Y,M85u35b'yʊ3Ujn DJlxa%y3+C^C ^c 薷`X F0nbШP 7ސ;#kkʻKe4|tEB|\ )8M W ,D(W8) X@IY?aۛ0z&,zc![_ .Yb7{F:p[|Sf:ܭUFswĸcŧiMzܶi*Op.ˎ/Ķh?@FBT0o8h].bjM#K! `y6$:-ϔ]=Xxy]ӈȰʭ48_},8==1mtj H <\5nnF[ԮIҽiƿJ㸌/b $jv%"*(j XRDv+^7e&Td9L1}1{CeS76@aK!X İȷ1r-q-0y S YCҿD:/fr[I,f*~#7rj'z}@K'a,e(N4=FΧ>YAI3TlR$ h9x ]p5loTИs ;6iϴgfb0{FZdԡqZQj [T1HO0MOC;+dk0:bk¡N[%AY8qB@cU8hZRGJf4 `|&[oVٗ7>/x~câ\fv.mg'Dg[uxlC@X[; lš:FXrE=x&Ue € m[%s>4~sXѩP├o 8HLqZC%ɔLat|cҎJ` ܿ *l{TrƨV݁*-f'0I* W,+2rMv=fiړ!?&{?;U 4L4"OH+@(S)r}`Q81 <^Uk`0 9 x*劶&zz6i्TGԶc9_s9oA$`I/ht1C' ɀ޴~ՕNHHᰖ;J$x0H?۱]~$x[dȮp2T򆵄L&M+B4Y<!(`vQ0,eՑ@4>N^f"N%iJ%/j+6Iˬ^n*yu},~Zqs&7-~BPZ %fQN,_6}@kZ hX}ބ𔁃CX]/%QitE vB F `8sNO{Qx#&:mJvUNeZ2˧ 3fG=c#}D,SoLj|k4ѩwꍉx 畾(O 9;bzAWҏQQVloaQвl>< wlnJJnD*jтRBJ vCi"S i9ijpW$gZ\Ei&͕!yD}!$ok8.7F@igruN`cA>CUQqBWXi*Ѝxꁡ h NNX9a0%,џQ"[|5+)+=|R-ʷ3H2>j=) g${?\q>,)lI+Y$g]/+2G+ M<fו89<LHzEn-4a(1XƼ9܇2v9g,ok t;4}ꤠ%\d- jVG0yJ%Bb&n np svm.82n/w|Ⱥc~B"?̰ vh#t!3𛜖t;о]5)\ȫv,xjܔۄs.b!+-@+/:aQpšsQNvD}IDb_|V=TMpo[$Sͅ{PMՓ,+/' ,Gjl1dl=bI42h=>֭i}RYϤ]F, %ݸ@%C{giϣ? 1jA. j_ <<(a&ۋL%|MyDI/qMvElaij{Z!MuuEvEcຆ|w&#BT~@c^9R#^6mA%"s<^ICZ:jN$AdIpQG"Fߧ,Շdr?U m( {t焑Mv4m^u$td+>sKjHv)'EmXPpN0s=Z}kBJcKZ 2HTMx#rma&lKtps'oLPnf Aҭx!eN_2o宧~SK;ڸA(,4pyZzu TL=4AŏӤQL)xOPEz.WCt1~@&) Q#/(mvO:5OXp4C"ŠrjP|, tsИsN[SN,^i<2r*syg5fЈ8ͧO]=={lHyKݥMbN[\N !wXK lHv+ѕMn>],̿,@ٲ!mGn?[3ܪAߩaǿeNPeT-Fjpߗos3 V-#%,\>fCtITqh{g u u QzP `r= v~. ͋#頦>NdY7zF!FT9Hƞ`z8jNGQ #DLq]Qw"+B4#O`RqItQeKBK  3ٴp "gC/&%JUuc;k:I>Qt'h4=N;@"Fa HL+U*VO}Z"<e9+>uZ)IgOa9\Ryη+E`p-rAzT9NJrd)O.rOu֦0 G^91K(*3nѤ4NW #09rxvnx@#o54JmC,s00ȿ" Fp o֬9 -;6D$5\I*׊O\~\߶I)7X9uXT![@n.խ}J"Rk^6~q'꾝}ٵ/;N&`~,y#rZk'C$ܩ ,>k/ݺBԖ@aܨl}fu׫[R*ETvSN*_$p\2< Qf=_g& w_L]L>7%e<:r`IjQ3ʿ1:$1VxFy<1 o-T.\?d[RTEt۫ \ f<ɏYY$E2mp/1FIey4/;wy[2WB&@@M:+\7[sM?u)f<7xuI㳪joMRVxƭ2$<>>fJa53NpsT+=m&P%`~$Y[ -FO9=hV6t?i(Re]0|sy~ekKs^R+@kچ3,r\Db]T!ĺNjfR@Jﺳ}2cw6{B[j}$Cɻt_j΄-=*OnjQHpgڛ {];/DX[q˚`;7̓;]k91%W\@ӥ^٪ N('=a?ۇ_Nk>D07껾*-oηXXݛ0h}Q0џzt:csN"1Gerß+D<_@8n?&36 q1DA3|i/oLe$yC]Ofɾsz u#r؉ ڞ}X.e)idUmMz6 '蕂_Z5ECc?@b6۔ H S,_==7/l,M`՚k,e=76G~wVLʕG8pQ2 jZ 6%P2x_b9CB f`CS1d'=1=c)k&bn".qΡ՜M{OSwY4 =دMb *!BV\NoɵmHC{w-Lб8`DC/ }B\`jbv U1}}`R"]NZaHYvd;;,-[*͈s>P$ayAe^W0.x02yPD];%$x$!iYSlUq3ExflTPO!7s5SQM %v7e4䌠4%6ތ}aa=Ә]'(!?ϧA `|{Nb$ގ1z:ֶ=:./NP&j[>aF`LXBP`q5y!P?j !m*'C>y QP-c b3O6 5{N'\[-|,o,Na"U`,bdnֱN "%*] {Ő?~-vrV֗逎L*$ m@3C GazT,btʠ_`ߩӝ\lU^>cEӼX='0F ?"#ᎶnT{wRõcm?|l +x ,a$uGUMƪâ& SJaȍ84u 'R\(tTĵ[АN΅43*j)I[%(t\ચ(z$!X{[ϰ1F1;&n  <='OJzN&bqhzd4Mr&^f<;CdFAKZM)kdJ0j0AGGG!g`~j5ۣ#50QVQ?K`J:< NZl+1@D:5Myd#bnŠkŏߥzUzH4C2U+'^ Qn;:w! vY *Q5AQJKg  " U%uj.ĖW]HޣE|$8w"Q ZVL8H#f{W `~2A6?y~Lh?ZR䷳_1\,Q1S㐻[_.hD W5&1]v;3Q!cGSM2MQ9ߓ@oh(1xXWPZ^TQkO6%mWSv(4%Xj0EnONVMktc^*#Z| `m|Z+ę$Oɫ+:B8>yJ'hFJ42$$¨j6Z 1;CsjZ5Dxwfdd%\4267]1mTgdyjwOe^ c:Z_+m~_ِFO]o+mN|=Yy( u15$CI[ydkM [zЂۑ׬v2};#˲P,x֐[.EEfYZz.Nvr~ ∥y`.w: D,F+@-S:m :LNed^m%J~;L$ޕ:m>t+Ӳdnx|F\hK8rvܙW4Z$'i rv+8걜 ~1d7.nnxKcc*#>L!xMRjTJBJ_d#tE%RR|D23fRI^yoD@"1+Ep 'z !%};V+fleu frz% XH^0Ҿbf}ﴀc `>КTF: }5oqp0z[HB]$;EZ冨Fjj 164苔C3tA*3"/x 6wd#Cq_h(a%셏>'`S9vqwKEk>GR2prȯ>=lqwZ ohLs*D˶jd3 cY>'WVayZǴ >pkY ed!h'/&r#^]ID*O>gwsV|k:45.X)k19 f,{ L{:}oz~ D-Q ӈ{ 3-D)[nW7K Y<_)Sɚw bv*~"`&‰,)^i7c1(,u*C2&ઢ0D$R7s[ƒ"KUke80ҵ)0 /2\{֖fsZ&[9sj4 Ky;vRO= ;N-G0yw4#;cÄ:SR}:HcK9_J|k>HZa^8`p Mx5J̯3 ۺT^) nȩ d/㺓ɧPzps^R_-)3*NMZd j[^Wrۏ1?3Fh/vHgp6Qj2r8~X5%^H/]޺V9K$ݸ͘JЫ{(6K-7uqA&͘\+7Te}_(F3S"E{SkGCCz;R5sV蓌ETjKNYl 0J^mua˴]hb]f_. +˴hUMNy]Ģ#ʹڈFsCdּ$S0vQ&{5 #X_v)`'+PpD9Zu!m"R3,Ȉ @wO;7q-)eTg nc 6/fHx)Ue#Ha;_dM xnjl2xW"Iu''qtj>8~'O0M/IÜD{ŬT[!TK IZ}Yӆيve8ٟh{>]eWA'k3qĖzS><f'<(O{c~.Qf/ 1auMi9V#t1z1K=Ӈ&/vOuM$[^ۖm"_"+Q{2M|ZE">4^zgбx"y˷-3ZUXo&%|ե0AGtQ07$(THf.e&6֫?ΘZCnӁ{.-B%mW5oCKhh$TzB@Àq{$7ҽJG]Đu9Ix+`'xZآUonQ.=2lQ v؞E DZUZZE`Vz#R; Dce8LeaRiUZ#"4β;"yƕt~ɩ4 +(#ZFm鉒{-?x/b|3zB%4 OEd5^f%$=T+.5ϼAVm$Uc"Z TJ9y8;81ۻmO/f'ܘ}&.U:PBGsXo0(jcؙW |+%VmY}ϫ熕]!mWN{cn5*'a0%ʔ!\r%y&:CNt4[[gVA6de%6ӵjtiF /mRP,IXPWq J ¿+ߟA^׾c6ğq&StkE ay|Ak.F'F-ƾ.r3(!G/JJI.غg<&yJPaHhO8B y/E'ov-O[ ;#YMVX!L ؄ UO&C!x0S;|sOQkWY+P`$S?هK0%hSRZԺۋPr`TMOmRz0mBk5yTTn?HCejQa&蠫 RlA~5m]ƌl? X vc\B ku5OƳ[k q*'+q g A R1ܴwDm^ T#%qMUJ#vt.SL(E0S{+9bXG׸oSL[4ղSA6T5 d 2^m>ގz+54DO%;6tVΌgds:g縣Cك1Wp  hύڛm>z_ g5>Z/:?|KoFs,. 6XvѲz l^X<ҠvuģeqJ j!mW>km޶j<6!\uD$PrY%0wQRK%W˻b3}{M5 Z9ǒY)&s3 6/=B+_* }mTkiyG|s6a'B!u\ÝBEZ5n/Xq nD2bQXot ZLƸ\2pA~ص8Ѩ--\cXgFTEgn#6:N~\'O-<nPP-LՀ2O7nz^QOed#lZ%@ñ8hXwTIʧ7N KQDn'MttC *} BsLg[?=K!BKLM LEZ9 4Erb\DGiUEW:| TLv> 4IVZ:ʙΜ l/ /|VaYm0}˒F-›UؑMS/WrKqC7Iגr1 x'5BQ@a/w@išKy 3^0A̔"VdhO%J 筂/`2~B(CH%7 ė(k c8MJ?(Z{-\ [NdP/s~{H ~".*% >ˑ /!'AT1d1 R$諾  u-"Ca QYĐ+O~ɠ(BP}Ť1%qM[`ÄN0?xZ|kRz;$'nl8kG0%.ڀ= ')g@Go1h8LR+m!(T1#JH:]@( oXY2H6F,XoD-w>0Խȝ_҆hތl^E$wvPU#HG7s^^o)ϲux)tnQo_60[>*-:siB\cꙗG2%z$z~Qd}М5%5FxvB- .yU3kіVie02Xlytun(&.M :FsrR9/N \Q}ͺ>y`-fLlഽh(U-47!t=dGuNBvk}Uzfu?Uܙ\,?lz{cf>)֐b&R g?/[Ѻ|v1KuHjZ8T"VX>ND`V D!{>WB>;r 0JNwlAaXw*`r=/?URKU:; N,k,%Qk(j=I5g~[(8+RQz R|ߗdPjn,;Fp-t' 6`'>fd2ؚiVBZx-0 `Wu7~.ׁҞMU֠}4 kؓlp q2`qb$hPj;сx6b=Sœhog]X:=n iP̧|i~Ot~]҅^IZm\AhrCCd.{PzTYLPLt>0"@ 4<3s;e$sT*D`d6c_XFR*ưMЃ7j~$Wč͖Mw2W}xgQ LXVT*Oivi4K [{+l f )7ܼ{ї DAC|KjN  Or#;T)z)&tv qp1d9 ͹>ą8M)!!XTC{5eS9(av-cSEkfeΪV>Nʙt. ጏO0%y7GLCϮTC_'Ϻg=W޳7@?6WC :I_ P?Yw$f+&E1gTc^~2Ե7 ,3Cs )/}-Fap7~ۊDW A^ŝ".+QT*J YUrS)XG1@=%75uΚ>@Z+M_!6$r(Dk:2Pisy{L!$/UiC{IB#e_ "Gt /s_8Lf&K}8ȯ9G0O-x\E3@yk!]|O9orSos*/U@L(h͢3pF\&+d'Phb;,\2d7PZ":R:9`qN$pG1 _h3kf4;(K^%w}9|;w{f,5ZjYvs'aݍV#eH5<"Rh}%+Ϸ?#wF^GXMndJ6gѯI[=IqH^ w@=K=z.C*韚^Vm>3% :eɓ+"rܹ>'͵8Ѧ3Mz'.Gv&dA(^E- nX%H/઩FP Oh Q$&Uۚ4DܺKа{*r(zweb GU2xYQHx"yhv 3,'m۶olJ|Eo VCW}"o/:y^H}/qx^䙾Z2BgX T#pfK EӅ-P* 3݋_l¤Wj9ňscq@pR#{HӲ~mPڲ u_5t̍X¤Ë=q|(N 49&i% *T_*ڭ)U2 qt&>QmG%/ \p*\j4tS3N-r;ș?NsԊܸ6#b3)ɅNy !cnƒT|X=Nic̭F<"(5 jetz!H\BҳErp6]4vBZlL,4b%0#q8!-y,Fm X 4):4Eh-7 ",]6x BH|nqϮ mCtY5@ǒT^-"e`8_2nta낡|g@ӛcrٜ"-W+T/[rfB,cf5jUst (zsFV ތJe͝~)@: Z`u(f< ,h3R7v5G͈+L9zNbw.5쀂*2ZeR ZrQɢL##JOnffQ3mxqǚ1B9k5eĭC 1h @]ZB tt۸74< Fjvc3zGzP/CcrxD̙IZpk^퓧`ôf%-ѕgz1b,#J&u ko9IE+l5k{**8Ԛ ˝4~, 9B:[|䈎%%k[HrY(PBTJhbtÎl{7xE8L>:#^=Gb$,~[ e\& :```ץڬ.Fׅ(&BvAO!IvيsvCrsYDžeXʒ#  <_~w? O-vY1ʀu՛X0 1[ϓX\N%  P*\(8FM^mS"^h{ֵgޘS %bUhǎ4>;n=KF?vc*@qq$*WMm;/_^sȽ4 6q)92݆OT1eC`ߔprD@ h|tm8hABP $۠Wy9{_@PS5-ZlH0PMG&Wү >.¸hqPVMGvf ?uyIϫ6?`1=+.%V[XZ ["cEWA{:N7@ާz(*ҢHeQ!G<W0ѐ&~"eTiRϣ(|;-ku*XN5$|v!~T k=1 7:vJj:?W~aF9!Xo._Aw%QefL'лfF9Y-m[m3.;Jp ;+=Kt܃ d0V"Z q*-G^vCϦrfnln+@OBy0%UW2.㬵X%LfaRkإ/Y`l杉 IYL:` ^ިjQtvutNarV gZZ^t{!#f9C\[[| վ,J~L4ȋP?T @6+6D6˾swvVDUL #H&z<do&<Mac*\ouGDpiR)VS.2t)e:a.O:k][ qA'OO4h2#i8 CO @ٻ7FײpZzEЋ=;>N_$c9BqH2K CCkwx^:Q.ĢP u$sa+߆bR:$|XJXlCTrN .o2"D4u }z :o\nO3^&utu%n1PO6=3_eSϾh?廞,<4[Ԟ-=#+!/~; }7' + q.`@_Qi;45)Ф&=xzN7L ]׷_6!ho&Aج c#EK "//^PceղSZV*K!oY"rۣ7FCN \o'%<.g Ę~sכ!B.œ dW'g ')}u3V=$aMQ ['@DvlH>=f>槔p$a6%u{@E{t[ ƒaa-M.oqʳܞXQ;ܯdٚ ggy iI{\8+py {5sPr`zOQD5MN0hB[$\V6'O.ϖ>oܥ3Aվ}e&\s;ײ[yV u%D%K%HP+%"PN<U}83k\%p!k2>䳂T75zm6?zEKFm|g,^fB(IJhG[ G%8s9(ȵz1$enw IIfp^ޗ^{JF Bk&_5|eb{c-cS ~*vts[Ȭ^,CHvT!8T44cnh),A9NS R6v !3"}JF'4*hz=7XaTlPdsF 6Hȝ[+s'7xbLr X_˹!궠[k M\E=../:j;9h75o! aUE6.rO ,^r!7桞WtCgnZ w QT,NZ 6& L( ")׭ຎ^+8ELԕnA/J[Z{30Lr֟8oߴZĹb\(%;ydN@1V-4&K]嫆 q^satimgOJmBXZS(oe7 A CeRJ`饰rO+-Cҕ`t0v 7s>҃ 𳔋Hӳo g!8McY&eƶ8!._!T, F8/8;e9_h_ǔy +9\u'ӷ};L9#Y|Wwo3RwEe:Qiite#νhrR_Ūv[]#'4RlUK>ƆP6CH''SUǴfD ^8jsk!rH`{E|r3\J#vbEn2)'y.|xQPc("\ 26S+· wM;x/E6>ʹkIX5O>$Ӛ+%i}VXc/Dvv|=s\VF~3&P)Ŋaް,"3Ũ]Jzi5۟ * ?*w:S!ѸjW(y?dpVȭU]I6.2gbsc!:Gcs 6i}K/4^8x%s/p %@+37AF k22gIT>K@^A5qĽ0e262k.%&l|0Oh4#I3VZ)kXy^pvT=v0{gqPݎNH#r,eT2 xuZz٫wNBz5 W0ʖ >Ѫ2˕I"}H ^QDZN}Y:?"?Ef$1XJ?ć3Ƽckj9gQ۱$M*IhOjW7bhC0S?eڕI[l dKo[jg̔)1zQs"RU{`[`߇c36CheGfekE Qǹ(vyP&$KԿDяβɶX>~emܗvK)|+@ƫ{Ŵ]KM&uL.@*#-U"aXq5O :!z@AokܽQD(g#t8Q'MJeI#o(~udn^vC2BtuLO#/DM2,/tHt",A U[ ,H\xlD!DrZp5P›s%KhR,M?`/(/!1P7z=€1 x ~Ut!RFr eGE!J~ Gv+P5q_ GtEꜪ~,SXs:Cor@L3Q"IT\^ں~!@$,Ч{C:L9:w Ԡ6tV7K|z@8Qw1dHUٹ}P^[MT!⟣qQ6aN+kˀfn9fnPlDRN5Tc.\33+|>3߶Պ Mq$e0zd_coٌP4p V^oY`¡wdZJ(ZIY:J` )fnSĺ \~NPxV O&>!;w;e &蓎}!EHCEF&nI[aX>d Oɿ$m?NtT?ozHr9NB' ܇[oa $ڳϦa} ѹXp NcxmuBTť1\`9s/{)+7_nDk[|MŖ9Ud#KnK>@R⎨U[XDQ@9}[\͚3]ɓ )ۮ+KqSb2s#r o0~CT'nJnt<]>>c]RHK<>_x˜{/L?vEs$mt{.ʱ(Xd„ ؍@p;EA0/i[+Z-Ox6H$<$ql&bjrUȢ 0N(BmW՘EҺ*\ ;*< >^8GL*2VYR؎$Yʛ DwO1k˥WoNxUC՛akT*0BP n XnBQXFNڌVvE 8]l ^S?AQ=I^@),j׳̔]ϧl@ v!`u\m[#ЎɋݍA?`,J p|;i v[_a+8)e PY5ȱ%/-3k)R:^D4UyҘ#y(B(RidY,adhjZZ Z%2Ѝ^9~GCKy( Fpܗ"T5;4.I695 eN@vVyݸI s>A;KP֨k"nuQwWlSHfάǼCSypڜ=E@+X1A)!>֜N`OnߔŠ윹aL%qLVkth|J0>@GvӥqRE]x~.Z!D?322lXc*mRiYGn' Fycl\G4F16_,t/eCtydfq%M@dLleC keب.Wq_m~ ,3yUp rHmn9kE d"d@EFIK#?q]Nm2QyuBpȲ>&SSai3=ѷaYj/( j' s1?+FvzGIy,{([KOݙB4edH2P8S`-ʆ$(TWɠb$`tcR ܓ fTV~0b57GK{j65'A>O6$:tրP@wmV9YTkjO0RoHӅ~iF.,u,X0zC#BWf ]Ymwԗ,Ɲ(c?!Ni_R $o @(uvNZl굤C; *t3[}Fh/}F>4&GLĦ{E{zG<Ol5|*qsQQ69W:үL1)j0'Bf_JHy["_[r^_O5<7 *jCk\̫(2$cHҊةz|k;$v5_mź-%8o| OŒ CN*sZm.#W2sR@Ӛ'K^鈋D܏Wv0Lܛڤj]s|ڿI#rDB*KXɛ[J6Lpb$y9zN2{x}8T/Co=erQV=ܶsB}~sVV:y}~ :`P,z>H>qWne `ŷDwv*˥@jGʭ,JMO:"bƌXڧHn2q: 8fx2p}+EduA&+mF5K[) o%8RPY>c2 SW& y08 `陣c1Ia 'vKx?f)e*v|& _~:s#H'/Y !'xDe:rT-%AcΠp2o cTY!h&|lۋ i%JL%C^ \R:࠹U(h.17ծ=1QIXCx5X)a%逡re_@!2LYķ#!I r@Q@,aR,m8GN>G[Vlb~ᔞF(3䲜@F {z'z V|1VǠ7|v. ;RT ɛGw:@iAPK:,XX1 xDB5o-)tXs1]!!mD-Ш$<ɺ#?%}i)bsy岬;8a)[Jt*#LlԌ.h,/v4WUҥuZB>R[Z&||:\ _<+2T)uEn,.?;bѝ8lyInrM^:e@D÷a^=6:ri^`vMj ՄrXZE6Gӝy E QykKwP;o5vV]΁ Ǭ~'BJ4L _m 9!* z'l 7Boޟ*!swHRɦDA_ޔLS]%㢶^G*Z0C!Ǣg>Xs;W]uOBQ{s"/q2$oyݯvGVHHXorΒU1t<׸JFY)-I~0#Uh/ g~aeq HGqʂE zB2A(0>e8d!ɕf֩˙fX4ͲKz!acg[{ˠ }fYL U?2Bm9u`(Ytэw;" kWhX@7g㺏ķiŃ6=bb:Yb!]{5+ SΓneP2 c\?(wj˴Wa|Fksd]|2E??cgQ;DuN w@p~zqdIӡ@>kEk!Bf8?b\YΊFw*p͍!~7~|c`g\r B ݊c>*c P|l_Fn_-JxE`\x"CGx 7st21>lNJd<  簇uoCsȀ\Vf!`7FdtOeipKQIX7;~NwJt|<_g^w ɚrymLXT擬ֆ*}/uTTW>_ɂˍ5U-ِ2>ɦgˉ%0#A茆lX&`I& xהchPBrs4"|fh.;5_r  aMD(RkQx{s7W"Y0׌z;YVd^maH=; OVn'ОaU!&aXz/t KOzļ _I dQ0_Kl? ķl|3>z)^26iHGu]l3_(k_D},Ⱦ-h杕C<ʰ(/x`RJPt25dm;Џ,X9յ"vy#Yi1G'8$bp^鉀r f9Rkm>v[7.05 $w_Og -Ũ;g_.@BooJI,ݪACݕ#? (d BkiܴƝ/9φ%hDe` 9/؇z'O{T:}As#TFD[gE<&2!Y!aVpҞmtuTBШB"qHn |"v3)a`M/*Dw+ckđTQm] BٔƫZV-b<^daQq,D2F[>!ANyҊadw}vH&4/mnWfuTN,EmxR~鞙Mt,rTAu略OwX;2K +s+>7yjҝxE3Ӏ0F 1M1i9T̅6$=xaj 3VF/#熚VJN7$J"$ZY0G3 9b1˾Nea-.AjQLFN.۰tme-Z1s`EYuo iC#09Ǩx 40(ZuFB(_T)߀\ڃ1)T SMaڼ;CÂϪŲ78e@<mD&N7"O ܌ZATg\\(B-Cߏv@]'BNXǒ9@wTr:=1k7 Bfj{ȤkN>,fwN~&ȴ=t)qM(U-VBG'iou 13/E \"F Bț7do!淃 BƓ+ia`M,smTt8H-]U˩+ %UEz}M 6?0"LxXΞtX"^HXGW w[ꬆ=|Q7s\T!4)y<]M,ʟDg9醿`n}\7SG 3">3|%$mE"LP(ܚe?h=7ž "CBZto}m~Tz)Gkܧ`96+ۅ@~=t명Q??nZuQþ',]`\Fu/EfVau Gw>ncN; ~]YY;KWAHhG`uhj 4,1`rg%&8`,iҎQXWpf-/-jr6ո,t4~2(%ժ= hz:χ.Nz ד`OUER fK>G .e <9٠iTK]]27pc]]t`aֹQ86񼷆B"ʑ4Acծ7B">cFv΅YuܗnƇ>ic,W $% '2L&/$sNӞG㹮Ba>K|oҽ1湆e(b⎲#%ܧQhluSK@fdә1CG֍اC6]UW2.bK/ FgwH&3x >!)HǭR(?#3г)õ*I8zaP5o8|,x]Pչx-8ZO֙δL[t'\zyuA [/dԣe]>kD[y-D|3t0ܟ }=3kGW0l'jdZ 2@3{~"ՠHA5ԪDޠ@gsox#ÐU#`M(WvA] X}Skd|v38`LǪD`e\6,9 %[0ȚO!IV;&xqH[67AlVF㗄H;2g /K [84FR +LЇn"8я(|ڲo$ j717nozK ?x87ߏlv79JjL}M[u'ېS)a"ƫۋ")q}}k| _RAr_cj ?FszX cm3^v_/â![q/9j#;[ibL[x +EIr<6R62Xphw( L=}Vof.1u]FQaJ&ٜcuH}Kvq7OK_RJdfQyHv5P7~U/p}erF wBk )Q̭ M\7x {0xƞ%䢖mm5/ziB rc3,>^/i-]l. YGκG莵Ť-<dM BR2c:T*(^7(Ȅ8/k2i"*L*1v1x`w޷UXZe])شtZZQP : fNgGk$:Ě=l'DAIU#hwqϬ?X cQfCD8.&EyK1 I\ot 7 ұ !6؀eeocMoAhHPNЃv҃DW4 cv9ͨUϿD&B| wv,NgZE4,Sf} uUqvQ/V,${9c\Ycy?<[_msW(&yM+do?꺅ic d {!ѱJq'oþAF範w|b#"g$q,$v4*U;ֺ*-+Ж%dyFOGg\>uuwO /qFkjiz j}9F9ozoIWot͐\#Պhׅ7e?D١erҀ;xy4i{dU ޛ =+L,=w?${LgaP8۲-BϰM"]ti Ɩi`b ,Y/A/;No-KR8dJ.6N^**?6r'LբfD)-u %m#cfmr`b6eX ^J.!3#{.X "Uw9Âf0\PX:ΐ"# x$~5M$J:dL8R(w MT* X\jF"-!Ѵz+XG(_ѷ#, XyB@5:0Y>Rk"5%jw66[BR:$Ո[;LPBp;'-}bzL+]\?s =3PY* ylfgۏEDͽ@a9O 휿b͢~~6X|U?~ZXGKGUfeُWYVa G#sa p9C`RE IRsn P!!%sLeĹa^O.r63qSc 8x+38j9Ù?a|@/ {w+I#ūK y%lpmA8]7 Mdx.F\3v9.v"e}I610iN1eoF cV!:#WJݾ%{wQ8vvT7YFW:Ȃhp?^a_@z,"=gPק",lRz@vs-)7Qg#ᣢ}-Є~ 38,EWLQ ^_RE)Te37_Lh:;Y"LyEQ\כ {VZ7|2 #i/,)RM"MaԆZ(cN_qL߻|S-_>D'C]Za;g0j` ė8D[*5IxxE𺩱0ha~i)@iӾOֻp._~?Fja9B} $DՍ C@ĸ'GzݎIq=GYƒa@$lԨ *t9ىTNʋ@e65֛YRT Ik㣝aJ΍oA|5Z@3c + }f2@m~,5!}@3N,U, &oe Yie۳Vr ?ՃtCyŹ /mǽ=~Fc*iԠI>@ěz$wpmTzOI#ў`>&pN϶h7hLƏ{ޗV|\JpUl{cg$Em$ W;J(\furA1['r*./w5 % Ѐ=ɽG吾žK\F"3zB:JKDWvnDOK1y_vU ^r3B3r8yq V) ꧙Msحnjz/pukA)3A^M )ő2p+Ie]ɂ`&z1g,/(kJ&OxEJWKw,c=皍"`7'b?@"8L/+2>$dP4/toS'>?` Yn⛘pT~I_7[#h!WePBnvMGM])'*eI%g~rG n?$:~ӷU0̂q[-Q_{!t&4l-Ua"q؀?Q(¯q`~u3]z t}dHdUo*҇:+ :Q: LC4̢╦6i`PxozCt!KHG\ B4/9O-Jy´3SəqR90Jܧ*(o͆X˟xW1ntѓ̟& Ӆl:I3<,-?QΎ[\xj`UT(M+ujpx9BpR]rܬS{qG}`:O&RmN53_8Y΍oCJ>G=M̩`HF1<ߺcNKŻ%9s" ַR/^#ÍA""' g̨ 7q2O?!b QNe0e,G)KržU~,pc-sntRFAf37 }hL)u ɳ U~RT u8ojaR_0,wQINIcOa4 4Ʌ,[ f*Qxt}jc~X|Ꮨ*ÆdC4p-y ~A:»SyF1]°VJ0eO4MP:z虷'yEJo0#CYu؜T*.auƓD ٚֆ E0[!z+UNgElD4-2o(('W'!̼ *Q L 0tVMh0 LkIdtO0{dξb`vAPOP Vtk #rxle<"DD(dx?&.MFk캋ubn ҉\M+S nuG[IK!1ظ_n;et¨ Ht8M W* ga,ߩAȕ1q3\ 0?ĉʑKzüP>'( qbۙgկlnH?IMICUA34k.gH]М+ U>Ə+M; "!sSA-!WH1k=׮GQzhdPMo) J _Sݡ@m_\\[|LNO_1fJꬹ(w][b!lL|d3u}lV=e–ILOط̲,F!t!CѠdKNEd,>Đq_)m칠Tvؙ]ok'\AnrmC6q~}&7UYRPWf \zkmi&b5WO;3PGpXCQwb{kQ]Ն>4tԌ=􅻳,wr5zp( ̤G:Jt)!r w_&HE\WƫYFZ&Ğ䁒bʦ۞ٍݭl'fI3E| &>My#t@t 5*tCRYʢ[]۸HT+|t6xN 8lk?l>$ɏ_4, 1{(Sm:Lr~]gL. Dnhu2?TݓeYi=]{>G̠+Q7jL&lvM0Al}]$L4ۚ;X8#r5up`S<ު?p8uh#i`衴?7hbb2۩kFtPv[3@\ \UW-J d- c2@턩=]yh3ikT6gJMx !Qc˜̏kr_.(`KbbΆJނ[6!B+6}uEU5F4as(9DMUo(U'X`Ӓ*izhDj Ǖe', $RzD=7/uSOv+zTY즲NхmdZa>6ل MK&v\$A! `cߺqR&F鏗j>j{lG}Wg[UGԆL#tT>B-ca79(v$vs8igw#(>LC\-dHᓡp`[ !EiuۅؑYlsQuܘ}hc {KfsJ~,p)DQE(*3ORD?6dul߷CCΠ:V\$!Nhn`:ECUX3VݽZ:Nnu%>f o*]|&y-#Ϝ#GDҔ>b@_vFWg밙x?ĨR)֮FV-d)5D#`ˏ|?8xo Jj@h6tfFَhwpC)o-0!i!~ǖgY* 0^y23^bG:Bm_$O=) 5.y,NB PaH^ g l&+c4][p00ؗ?/TRt LjNIZ~0?h!b3FbP[, Sh^('lK5))WភXߖ튫=~C-嶯ކ7{?6H=P̓޶C 3AcK,$R@|J׽Sڮ ٺ+ =LFa =@qHt:Q7UU Wɤ3@OuR'eG߷28^P)W~-^rdZ<n4RS;D) QF !*8RngcR[Wa6$ʠ 8YFrk< =}{^[e3u]ü_ $= D%w1pQ:px{$-ٙQg*̱Լ&?KPA#'e;xCthӮqN<{1DqkjF֘A(FRֈ&@z.ա ȳ. p:'hxVϿDj&etOm D5`6=YfĪjV7tvsgFj_ldbrcU^r^?B* npO |A  Jvh?^N.ޣꚭ?Fك TQ,0a2̈́RHÍ˪7g7'O eZ7$AlޑZdcG/[jzvH;b%(a uj%~"ȍDK1>4ݖ;Fhnw6)C g1:Vp :v/ A Xn;ϵ,E@ :SƖ)4Cq-Tˏ5*.٨HdCyKs~`-G4U΍1JM>^?M[`tv\>*ጜV+܁D)3VDv:ABdߺA GV6RUE'}z=|}B=h;]Tm &K"fCJrtvSS"T15|-Ww(b%^D aݼl:=!Tj+ĩ/T&@*osuСNQzCДNac`]xƇ=C1kR&զ!|MupwOq$YuG; 亨_'2JmfIYh(c4il\a@To j%"Xnos۷ڙ%Zf،r1G³[u*YM)8+@)D*h}(ʁ˼n1݄8fĤ>H5 S`Y]^B;qn2r{+"-Bw e!ynZQuk1+[B@ml`Ki`ӧCWoO |wt/UdH~H>+H̷|`ިi\mQ?1 onA# .6Hq2_n8z^K1oJ>jX>-}L.BSDҴS5;[ ׁ'v&j/v_D P{]luan5CdM(„Wb:9ص7D|rZy^QG}O;SK($CBcy1e*JJg|W6|Q`ˊb]\J3OePٷl&PedS/BeU/u4S{("58D`]c"\.Jȶ|˼֪7>.iʢ[Q%reOڇ [بrsGp.N0r&M⒖h ?9ăH;s!{R! dKj8Rdr>)4]i&M <9pezI!T:nAG,y̯tC2&fqT14$xvOE6X#PpHk ⻑]K(c @o ̪q'N]MX_eYQ>|FOs>d6V_W^jP&V^Tr|;x*AwKMҲֱNYKD$z_Bϴm_jZcVf%ͦ @32ZH$Y3J㙙Յj%pA`ޕt, 5HtۃmA^?nۤ,qYRWI7,-Eza!U?a,2db6|<I;m-Ss{@Č8~$!?NĽ[F.4ʆ[x`yq#ގQp$֫|T>v 2 rA/_ww7>6ca!$t` lR3{E2ZFRN-.(U?"Xk:PJ^D:Wߍ^!^sC<&P\^j)^4"慶}x ʂXFt &XC#i]yUK_ʨDSԴ|!Tا`acJWL%D׻lHw*묉 C؍W,z7:3J|Y?jy1r㪤etױ-|¡fIǣjjYM(؉"D?Em X.|&VV]KV9c2M͠ʍ 1dr=bi"~,-"D}P=}3JNNjI0d ė30et eOp,/ʗ|w1A&a-fDPJ%<|[_, 6^1m^o,J~j<;ACrLPz jf(_(&qyQ$8'F"[ȊH;5$AaPAWCF5ˢ[q ~(lf.8^#Nꓷ-ͽs+[v2~liz)@ѿ^vWHCqԑAh:-vfL W*RpcG LIAb~U £jJ!pl(l>3bdUFl"PsZoјcžv@=q7(d) ۖ;@XT jn<JZJ qsDRy]uh&/"Uqu^\۫DNi( a(3r\1˿=Wj"Jw\ʪj/1V~/BR½okʬ`~۳ W#ʀa* XSr oOwe\8X#f&=wk*;_Q Imk}4;$jnM۸k'9WN}|6rn~$m piºFx˾ +wP6Z(kB/[( @߱ǵ7| ˽'K_EYDPc.?ta JǶE>5:^Ѧ93>(dMU8 ɷYE^o&"$5'fO*JF}WE['^Bpk@dS$C1Wt#B*2?dG b%Rree'+҃0$lxvƁgpM \MSN%'ctYg|#k`hAS'llt:]h+S't?@1[w)!BP#F 5Zԭ)=\lE$ Ea:1v}4S[~]AjF>A9h9cA@JibX}Pz y6)%Ogoҭ6C2Ϣ&'Gd͛oRg! u/ثxm#&TɻOQn jGp3=ddK,1%Dj&%!sq?5AЋsV[IhFW@hFe~p)u,+fp7L/Vmg$f?U7r8X In&_٭NZmhSQ4~N Im/Ӽ!h T.z9I|sW6q2F{D`"7LQK&/co]|+>+E@P t2JijS < =@قW xCK:ʫ )CJԇqڀBJ?&׸.>gn;ߗ\ܰYĪۗ{' L.)˼&U8IF\gK +Y:pKAvhȔu,/a]73cɁ5_8׾8b3 BZң?)!phzZdBHoWD_҅L]*AoQ"aG0=x|?굙KKM:4z伾``?2ġʳ\:Fwl-KCl4Ҫ$Ѱ9c o^II+ăȈke1ih9tB.'2jp}\WG 2$(,ZNƭCɳ.*Lsu Ն Cnvj4рӾ9*ԉG`LhhH En.Ѓn&cXv ?"mzIHjD(3.g7^Ps_Hr }q(Xvg)Ӹ0<%O٢39;R 6r_[(t= f{`5pΥ,-5%yx!r7v ~@UebPOyk 7<9S # Mn1NÛK'5Jf_z(  Ml,XRAtE"O8PN`8uzRo PÅ^Z`ݙ$OHAR:k6*ԇaq`B\g8bz/kGe 41q0޾L;:ۄi;~E,%/֐ .̓+ߕsX I9`cC#7a lK]X/)􎔓3$+_ԒdGx(~#n6dnչ +Z(H?Jm;3H-Ck)vh (T5 ${ys|~|/=>w޸EZG$ S@b 3q 0uXE %_ LsG>Las~OfWbjV~#a] :=vY͸fr!) 0<-M? aeTsfM˖gƭcc~N?aNC!T酓׎rR=g2o ԭяڍZsha-:׉vʯRqx yH*.b9|(~O/YHTx.v</aI;JC0Rg$%`##t ԣl7>Ra y#6 ZJKgY{KU*d9†񌼸#ؾ[y7 l$$I=L$a}*Q,[-CC9VL(@W(UlaQTDfV]AMZ1="U`ß\xiW F:#@ EYM۸b?݇H%ї]Ģ؁%8Ͱ95Όrwn6DY>\b]U+NOs/pL>Ny|:zZZmUa.loe4 z{Os GӴ;t~^w= WT%'qh,{=n|nSf9usX#-$on7Ϥ\åCu0BC βR- 5Z,k,,? s/o>R-VV)1oa"o6~kTNIb16s{ܯO W|#OPsQF{3 .c?]xXcH' ,YկP7Đ>?ށ |IrC!گl&jq+vUۃ=C@2__]Rx 69iQZhh{DQblm sr;= ^Vv~7-O(~$XiUÒ'͝PiʇV;A*5~xR)bۏh'V( RA"AnYґ!HT\I$   ږO[2AW^?]T{vѳ=pwulw$<=?Zaaak f[`=QPS od xԮʙ4؂0f#EŊIΙv<8LM!T3 `"ՓnkK&'BN G`*ԓ^>zQRՙqS M꒗@?L|suaC=<`Ufr*WaTM#TqrzĈ0;zp *AwCO EjT88wƹ3:x:)ΫK&- Nz5N1ф s˾ĘwHMo3my?]l4e;SFL2]ж?ƀӝBoe3uS+ܞȷ`np*w6 62GJ KN R(ƿ'/+yZ K2 tmv.P^f%ߪv(aKsױDZ0`4?Z_}QS尣iϫ8>'Z83 T"reKV>Pjc{xFR/;XL'2{΃=BJ"(M2+aqFm<𚺳:7H\O|DDSuv`c(½2D 4ջ*o Fd&lr&_[ -DQBU0G_y&"rh/q<\[7Dz3现¦U; 3B-=Ue|dABZ$YҹvRW"J6JܓZIܨV)^Y濎tzܖX"e}Rǫ<'V>+v|"fՑ䱊o:N9e$.~?δf.,SDE"okq~ÚYY5\pTX{*A`@&{xj`bB"~Ex޿RLF H.J# #-;oŜu.xe +=__GxT",=!ҫЅ5&34KJLR۩|.Jabfڌz1FxqT`|0>_ͽFIUEFLRGelA7k&"6.AHWgnj7T. : MYg@3$н6|Gm[}™7Ÿ0 #Cqc=BUA*RH:*]`=6:otq5ޏWa h? pSjW  j,Lk 2dr!O1 , 0%w;(o2"곐@O,&& vu@Eد3îKIT"y w SƩAir9'QkEULnn.!![M-i&/F&^fdj]‚P+c~Lem=,A^lC'CZD 3g{{z^y8EK;zYE?%/ʮƉ>̥\+Xx#o~ ƚy)P^2DT]j.9<^P&y7yxX8)_}b3 0)U5Lg)xJddL̯2vA-i~AJ1~[TH#6`F 폒PqI!-Гm$_dao4penJ|)Ez%a^ ՞\ tk6#'mc<M w^!#O?zZ'E< ޾. r[Ch܁WF](k\N!敱_̴PFHdL2żU ՜#2^oW:*l{!# 53'tpdISZ# e8I[e/M g7UO:#""9EżVw8"Uv54F4zln(~g>t!=-x.l320uO+D[2W]qvE/wA29>8-S*6oEy.>\MnxKuj`;++o0^IɛX[fA]b7rFԵDXIe6o˾1Au e爦T_LT\|󂫈ʃD R75X^`E> ]!ri7Lv:^.Ccs_7& RGDtIgfSOR[hS>cɴ7YpvۋQud0{cqt,s+*m1ԚL[(ξ:.Rr#Vqhbػ\K#p~C .~PНt-O/\~[[_/Ў7 I.{!Tv@4>,b8G+s+v݂bЋ,ng~ͩH%sS^*?\P'"Y'o O_pÆQ nE_LCtA nH尌Zq)-e淃&[S̬>R*-f߁t/#Oّ6IGɼ(xm D 'jv9CNTZb1 R5 qmh"1Q(A몬}/D⚃\k!.v`o=4U6b#OyH'b_4'lB}4|η.1.罫38&˲&AL |I~ S"oSl@- JvOax4le ZQEW;=,$Ip%m7 Q-l稾=#ִ.+5Ѵʷ"]mqOpL~٪TmycyxZY_X4ӂQ{HeYO[YRFZ{ v qN!Z9#[qͼuA@D#'sk))8W0}sC̋:.5KnGwiGӅBR')i`'6kHӺ ߳/IR ApόJrTY3-ґ+pޕs{Jhm䭡TM^|u)NYolER%sDwm +N=.+j(<Ka:-4t:l8]ٞu=O޴ <ɫ)^x3l*j(j7P ЍTKh]a8ja \ c% z?5%ʶJ3 r+L.)NE3V=‹njG4 ԕgYl8Xša\v@y|jŹn=hkB05ړ Չ"HDXt%V,ՙ7ڟL-$ƹH1E"PFKHNb/$֚G? NLNY8!t%`*Hjpg֬:(czk13˘h,ELkJav֯xJ:` XeiI,tWUR0l1~+H [h4JZuD3)DdzL8l̽T 7GPb΍|`BQش2I])"}d_q@lFqb,ݻVK6^e@bGiz,/XInXukZ˷w9 G0c363 ٟ#[sw\1gW$ZR+??s0ԃNWxg1_a +/_E|i*= ;7VX.q7bLAǸ'b4lձ˩,L;M3kr/pf]Jz,c `*U|uoiloMSB΃QB3E!6*t13f@ ƗWTkj1iĔT́Bw,pzwl(86 D_~LhNڳݹ)3n}YÏ5F Ü9/`DͪG0mDgIMZzX} }YZK^Vhv!t$I݆bYE$ӫ1__RG#J0aqEG ޥ(Ve]=}Ҕ-/=]%`=ے:^?AT9Fi^;f"ga9Ϫ_/b "qϞS>2yUknB!\i "P!q;l/5T{mk&C;vma0Z̟ġ(ԚNة^ I+ӼQ7>%q:}vL 7|=#QDQkx/CM?&bo#|禥(Q%R_t8+{F*\n,BsK1fQ'{]XaX{U)ie/Y}DK J T2AF5ӮNjMnZg3/SgK8HIw-"Z^JrQ uZ&j1Vм*?>P\k[\J 6ꜗ>כ bdaVޥǶF2-yER;S?Ƌ)su6ѷHf TX7/լy9ZOo^/bx;NTϋBK\>?ۂmm}v_l =#[,"e@oqo&CSrF}&/}LY˾'.$"VgRvGdTkIM2E⣵b/bR]l&6j^sgvјjCؓO _'Y8ci=ə{߷RۈFxqo4ykXp껉:.yϻ;P^dqVF~װ$E0tw[C0a_?:T= (1AZ‘~) d[,􂼹S݁ {>.ӣi:Б&C/RKӡtLU&T$2!Nק$܋k";Pl#fqpM:,ŒU;,aUJ`F]QN9:nC`ed3U9Qn@/Yc*lmsi?",Grk 6İ%n[h\&Tj5 y `=/A4:/oW'v-a6p7`,ditscBzƂnC?bvOyhI=OլP4/QSRH. n'KubB¾ 0pyEMRfEGb}1$q~_yolmř3՟l+r23'|tuR#ߒ+=#fZX] =UDZsZ!~ -l\Rn[\&il⪲~mA" LJ϶39=M.>1]s˗OݙdA. Z{~IY\V r?rG[(͛[ݣ> |>b TykT/' A@o Л[rXbZbILyBo/3-g!i@&}Bp-kP/6$o@Ͱōys-c61$A";)ϼ[C1g,hb,1Gf;E!\BXjYT oh#X 4=?9:+blv|(ӢT<>En`(휰8XH˰j Kh@Ϣz8b)f//ְDcG_+vԗ̆[*Sl82E[~ a _ l\؍b~)c|v_YtD eyr.ЇklsuE+\.^UunsU]: 8([U5R^EM%\Xߤ-7OVSƺf8fq@¡<%ft}|?ۖmV/ ^}Qa!7 8NX7q[[#^ X!ĒU&'9fl_!Qal@tz~vX hL( laHK̜#d7f]Tn<%ܢX[Oxj o+ s -+]o#SdDlk|b-=^+aMD2d{?Wy3:1ɱS$qsRHKh́"/ԅDuɴ}[-Υ*T lٚ$|AʁIqA#/t1%ʚ{g^5 =4<9%jf7%j?4 jMa"G=F%6ߚ/KD}`5дPdYN 7=`$^`$qgyF*,+4geAo:Qj(˾LE'ȋUL~PMl|KʼQ:/_dV]cg-g!@$5|rsdZ4M7]I_);@>N'#7$ˀl=0Q*o0+êHIز*nP(>_'bax`Ngx"h:&JL]X,FMT甌rDu{sD.]bmJ0+Il{ %oʑ>|Ȗ,pHq+8s U g{?9]H1f"X[9ґA7ƈ01p{nz]f{ϖ'W;DK(Y"_:: $4}T+T͗Þ+?uү,˖R80;1*Q(Sp6Iץ= ECT̓@TўU`E3ool_O`sƏqi-,g4:H8cn g0 z6ݏrQ9N7(ąc0y(|p Pti ;Wj>ME*KӀ=أ]BEXg0> .5HfxpBX;3Ý%gSzlQXŏWg6f_%7ࣀI١u06x:nz:j~6(~P/X*f=}1c^$w`f@˸cG;v0G 3:vX*L] xL($% SI͠ʉʅ=a_[H~ {V2U>MpBfkBkß>~KP=-!%Eb%5r"^.}b8~VY!ֵYeG.ۢNfچdArm=jK O(/]/uZYcaXm*D0h6̠0 pOAp~`,Qt;)1=wf[xW2/j' 1W|I Rؙcv$FYNGBI>}^Tm8}!@9 Jsf,p^ BzY[sO8(Ԙ. ^_,RHD%瀣ccp&pD]5ms]W֖ 0ߟ',O_"XfwЂdBsTw,Iեdi1&P 0:i.\6 wu/Nƶe'<ٙe|H3Z ^ȨA}]( Vɩߝ.q%bGyՌ/mdmuwB HHz^t?$o 6cɪP J[4cf|(#Tڱ gf7kst9& ӂJƨQVJwk^"|(O:#򚿐Dz5-{¤BJ)|/K;cx"k'JpFAʩz†)! 7Z]m&9E9YșuSusĖH||:a$~яD]BݿG:_njץQA4q?)E 47{7/݋8(->+CF Kg$D" EƦQc۟,imî?+HY7gS75+"A8?nSnCnI 'ĕ #_ MH2ZN6rSS>-u-U}l@q0Wո]6zST"'G^̝_`E|Jp;t+٤Dr_ \ $ycJQz-U/lC뺾͕Ìl]DGdm(<N)>֧פU)Tj_;6g)a~xIxPF:"E4Z'?Bg6)PE\17|r8}aYMR4?ꐟdݬ!qRboc[@ZͲ䗼UZNP0$]Ӟ6<'<ɱ.dǘV綊q35Lپ9QSǿTyק1w yLq0)p|~!)<;\EB_2_ٮ\5|Ekˠ,KnLlZ3 N6:߽v36dESd(r14ɏoΚV)+Ycns>r@]D 6lT?m*6- H?&a볬Lel> M,4;b K^eQi"|b5FZNg;̻kUEd2iW3Įg~5:4$ѣJ]AQUq# I+WGp+:~_73pv3_WUC`w|c:Y:auUo<|ʟ6U!%|zꔐtAm OS B/,4In%4{"@ַ4͖$B,W XcCyRIy[V(` gce_3 *OAHZcS­U̥ryD߶EV :֟BF%])jX*֐CцgZ[ /ީN6.{F܀Kq \8#kR_vWܗ,P QV6W5 %o!0N!~(ٿψe,Xb9rkj/s['j>.U}n юX6V8a?0T!rMt2F]҉JY@VfFK aaJ|D}V@fѠȬ;q|Kh6_wA8( ?>6oX+o:Wg{ :.cl57$Q#;žNyOΏHǘΘ`3nq4$~ldJ PpRW+βA( ycL뽃дGyBQt)2%U9]pOYϧ:$82 '=O3NڀIDoiWB jMmsH?s×hE 4|Ձ06Lx^ʷzg :‡~9DXhq{{ǹ_タ 6V <'όHcpd f%W OONf(1S @\6 { o;t{BOa+1XR4F<xqBc04ڒveψjUm:`pĕ} ř.PQaΛL^J邦\)]W)ЪJH轐'%%1AF=A *-ǹH}Y.mj@e1'ش9fn,tS~|t[.m_&cf˩%;'`=$( 78Dra IT%rҗu>/b3 L´vW$__\"A6s.n¶*بWi9$o~K5ïSىMcۆg=cb+"D ;vVV$8XKeNÆۊ8f~@-:/aXoK3)t=fg"g3;hPyp#ԭT!H:/i { l)ޱm=ˁ~0փ&~ @/+fPNV.|!JOmO>捁{M>VZZO9ސ:fDŜ&JK먴]j N~ն6_G~)ZDǫ8%KA?aeY-Ȏ(6">ߝaQ qOH[5REf J0Q :ncb_]UCfn]iuե.x Q3(ի0q&KxU[T0dƵ&|13Eo"7@ӭF݈vzZΫ!̝:w)KCҎAcZE3&2TGfI\w2<)6~Y?wh=gs$&{Fw̋rSiP?A1B-M j `A!Er_;YE ds~y+*e`ʭj&;CM"9XXhdHk;~^>9)b$I-z򢅐yg$K4aFvrPGZpkNξW..НOZsIjǑW1a;Wk~+sehb;:/b]W:pkEVAn jW&EݹgFGB5 ra$O(sqk,MSzɰ|mbM?)@#\?z1+Q>l ȷO. 5L7Tm7X;^FQP;^:\"kluئ_ kfN6w )w&$DDb]Z~RITAѤՉ6>Y&߮jeLlQ b eD2or #jdzyf Y3q60۷apnt1bBӝ }D6Slga:{C qD(_D|N'FHHٗnTDh]: A *F5q)5 H;8NuQa\0=J3m9~A*dh&l(J3~k[Yv/J/R򱦃<=ܜ^G?;ϛ%B!ƴG~j%q.L#>e*s)0:V: o<{MZR/P!R#Y;WNj.:I+̇ʈGp,n oatp j=sg͞'^ !Dbj=2/{`4)tti$7?k>gU#&C('|FuYTQQ|R1ō Ї*mktT h]7w_8"ui2')~Og`:!CG&LɺՖvPXɹ/mbbi$r>FD\|"'@jktPt!@W*'􅻊\B+<[^K %&eZ&4| 8،;eRѕ1 :*Z2ά+T_OmrǪ܌sҥq Dm*|nj+忐ldXxt8eau(Bbx@7,9ݾ{z O]'ڻ~o|̐,/˅(\3;#N0 qqW5UϺ3$ mŽwJ)C/))$D֕E4_[CJsz<EUmwƓSig*pw[ŷ'23 z8h]őǾ)[x>&&{Jj\5L%Q6.G̯0ik&Jvs*祝2IXDaw,Ro$J_vk E(ñ―WDG*l̍v2l $F p]Hc^ n\stݞ-?1TSoVmw‹D^ OB `:B\zKU2wK[*}Î/C.GΣrMbG^sBqfxRWzAƟ1=rU;'9_֗iS.KE-UW#3˼&\ -H~Q&l^)"8cPe8fsp8?#MZ[ʓ 2q#nuP+Os4<Ȱy:x4hj柧ΌW\)*=2Sy%/:fPʝ}f*z8˷U%Ih/ T_cU/Ka7B&B :0'8]7VcH<",HiyL]c.xGa"cLڳ"'ٟdHmv31+$K^0@<X_(Ԍt4tFf)k"ɞĜ4h#Z޹`ZK!]*hJլ%,wmoZKsFxu} Q<}$=:@4Go֢Kyi[vYj2 1 .!e6PMH,鳌Jw?F`þ.p[F )rwXIKjb*kÏ4t S,MTѬf6wfFb 6.x|b c1栂bSos#uB"WY[rtV To͇iZ;*!PYγBRMXɏP.|SWfcʤ@TM_&)'i*C?H,&TSrF&9~g{ojMj%UZN_E Pz 'hM6HgWWE ౬%x4K unrNO'9m8QPCP=0Pƒ7SUwUj)+^75|ܟIu hk[~ ^D&2SS \)l B 壧W!r#plt~ 45z;2_ ~Z:L.uFu WkanG?+Oу(n/Uj9l [8]TqƦL#/a3iW̃-:$l/ZǬBw<>Xe<;ȘZ$mu 1g\m?m15TP-o |Gwb;l+#GDKnL᳸&5r:`?#60}:MEl;J)%K;Yߧ~сU̕-~l"ZʎB]r܉nAUs} ד%R_KfUMgEsbN ]}"Ђjeh` "˳e&}J ի*:xD~k擜KCOvL[R[MZ wmIo]yrcc`/6a:?Ef- =y%%W($C)4 -@v:z} ~UyA,z,PtLxH`)y] ogG tKRZm%Jml9+%IgwKs$U5.3r+dV1uj+]nf`f\bYW#7D y㦢1\v ;[xI=֧Ku 2ߎqU A|ϊ LPD9>0i6]rԫS`D&cG510skeg0s缗\b+j6W cq[8d"5g .NQ oEAxE*+H؉%PTsb磵 _)RS 3۞oԦ5+sv" f~Ho)mo7PU.\d15H̶ؓ7"K_w7/dMjU'A=,dUΥEP*\Hz?Y.,, ˥xP[)1|F, yuOUSiDdVn C, ͵ߵ3B3J4G`)[r+Qw6u1⬼jcTgK6H=i;[՗XJ^,Ž[}%~.Șrpw]E ^ս]H <"mkPy:ΞLJ0y{XXfE{ѢL%f <"S%m {ZཫL+*6D5!>V_߼@Eʡ s] YDPH=xl:~(m3_o%fBNL'mwj;B2UX?pHW%;s!|= <0c'1:6m:I1HZ8Ta[ VGcM&9`#cşitX}y(okkg7j"WY,l2Uc-{7ژֵNi?ӛ1P$76b 6b @#kT8-~'yFJ.}gpA€ 4RuTwߢIWk2HP[H(]7rBN؎wȲFZ|5<l&^Fiҫ\d6߫ w*#o.=9 *,m~9o%Q)08 XU:=F$ BXcu'`~Gqh LMb=WcjU)"5>$powFy*TXU\dյ>PHgP>x}z->7!b}bRAoFRbۚqi_wkUԭtl!fe(>q^*ojf<=tsiŹo{(m/.>I-x60wQ;=>cS3٬[4l%[f\'vy,_tiI6>~-Vd>DX&(F"]Du[96r. `ΉMLB]hVred a2:B4ȆF|WM1}\l,љ Vܱz6Ǘ;:SLȶtG%r7ypEI>ѧ+Cx3JmžH\D/mt2<.x128>\QIbJR dST uֻ;ɼ=Ŝ)ƶ!ƓreXZJZU LL\ /EY[0y-~1d&0YZ=\~092'Uv kS2~;딭u*JxhǞ*z 6:D cjA73͵ .@n#HZ] iiX FY- ZP݇ xlv.@GXE7Y-mTlWHms2f>lm۰ʃB$b0Lp0(dZ 5Zfpf/vĺ+X<2&{,Jx>{ĕpo6U 4qz!Y8yi]eu# IV%:2% ;rd/"SǥNͩQ`QT Aɣ&Х_u "+ tk2 NX {v Yd<q/@=uX< |ǰ5Dcj__TJlHx}@>KF PikA[RnNL.QLDxEFAX5Fc^^k}AetN W`Yҡ*^gŠ*Yp w* 'g1e~&;(Qn3N$`Pq{c028Vb6\,{h[@|X]X(dvU|hz9:²];-#W#یNCUϽ8vЖ֊y.[u듉%ذ,ŹM_cn!k*-%h>NDihy,r8`23N%٤(>߀ S@'\iQ5n3iǴML"#fp.˿pĎzb ĻV+oFՃR9 X}?8q-"^(]_B'׎c k(z1tW3 'HhŸ[%*03nD83?Ë׼gϱDQ@&$`Mo'<_ \2}-vɌ"g>5/%@eKX as2 ^fī ZtMW72g+BQn{bG"9Xn.p(r`;Y-?4qC΋w۹v.cl ܂TuwO2\s3O!?\p9d~SBCje5CxPJEc|Q (${^}q^<+ٛ 3mͱ>{IuQB=<2(hk~.'X<OD%!.y4x,{e^غ{xK9% +_>606N(:`4-?<$mX@cH&uUusK:1olJ`EjqdC\ySi>h@F; .-JPÙ`K8z|c2B4Vzɦ 1 xaj.~kzM~ȕImc `*$fSA)RNP% "fY,ZಇUl[ UCN=SfbdTƠJ/MܿHk0Jv`TyccX->ڽ$fNt!hOڏp(Zz|e'ivxA&ON%e=RQvTq4rQy7&6J$՟}D:ЄĒm9]*yo640>;3SH=~ j0 &a]۫o8ݐ;)KlO\K%xǤ\WB5]J s5]!d;Q'(m(d$ޥ1})O>Tڟ=%)gTN9h:f++V3ɗFj|<8ВمǙŽMW?K ?O|rn*qH,d #joHƊ}㎄Vr#fHlsD4e@KC[+dGZtH-P:䎈%SN{ߠ;Vg5"o&.^EhLӽXS/M%qRa䛇->m@=!5gq%xUyf&'\ oiJub*w51a.P>k.rBW%:4 2J,="&!M۾J kb#`kVeWT9d@WK]tsMN/ fe7Ck}XxrӒd=.ةU':TQ w OSIRUz2&d}+PWcMMېʹ! @m?ؾрcT]d6ga*م9(=$xӆ }T;&c8BT#NzY;EY@&,C{9BϪܳC.S *NeoiTJ/ QŠqhV,1u"bQB+{8v"6 +u ~>QZTǿtKa$ߎVG~C&u^k&6H* ˼3VF`1:j9X ԜtF]ظyf۰ARM*L9^v1,H.$yG eVqNx`Z@ӳ/FqY@%K},`.wOC%r2JuމOXuCq>l/P`2p:N8ګ@~@ D-xrL]AhT`GNĊg *h0V8 b_+?^<3=V[P@v-$4k`BR6R&MK+dHzX53fzCYW` y?' %&W?tKڞOq;&o>S_WTC@$liMgW >ק<[& _ sP)Xq7 YC2ig_8*} lDT܇GQ Q" ugx jl-+lbmE!vBq4Ɠ&[I#~8ȝ {@n >fzy6żJ a Y ?{DUBalf5x-t8 R浂d<фk1CZ5~ ~ ,.~ 8F]b;׌#'7:p 6Nܣzn_۲v3Xss%㊣s Z[{}/<6 Jb:aʵ}.5+Q2 ROM'JG^/:s|a۲wz/k ^LeɁ^"grZMʦ|^)!^$ނo~,:X)}"AOLY'ĆeR3;F -"z) |-]|Y_ laQJ]@:ICqXgo_(m L o器ŲQQwT >?=̤iȋ?քcб|r/ ͛@e ')3:r6޾6 q :g/Ðcߢ@r/zً⿜в+@N^1'T^}O[T -0/qfi>=VƏ"S1aٻ,L(kttm8Eߋ7矣|ױdΥɭi2wef S|NVfco /؋줡eJ<#ZÐm Iٙ $q`B['GQ/9d9+3xpD'rOЬ_F9Ozd= Vȫ>AxKXz'6r[r@I/kÁxECF7elnt[l`DϽ3ф^ >Taר$,RaSpC0+V:iPʥV2y[ |J=慎S ,CX!P<|Z;ʞ5!$QK RwgHn@ֲnd#1_:!h*-{ϧխX}Z;kSֽٛp="m$})Ԗq ]J4\,-_?#f#k!J7/HJ'pK}/SĚ-ۇ<֯XA.֡1FGO aa>S\]O,@FAX! W^kLn]T V'L8)#Jn*\^\;JIwWazU _Bx[t!ܲEO\37nBJN6R;rY4A3_rst#c%Bqk^=cxgS~3fk7#/:w-y"vt:>4aMyJ>PYX?Bϗ89 MxQ;])#/60mv^dh?~_嶂䊪gzAcgo[h?:DxS J.N8z⯦d]V?qIsV!%]QG ġ_W ={`974E߽S|< Kݒpvg/WL{t(F#`rQ*7 F*#uF ښub}M1HQ:F./袲StoF=R'@e/bT6EVӦl>=Kϻ/I7x pGϜ* "  Ν}x!F8*^Ic [֙ ko'0n5DEK8 ";`ȅV tΒnge6f)AxRIȉ 4f\Ljj' /,,Yh-]/(pgM+NMOSB}?]J:W7ꡮ׸8KbDr#rWzn5Vlɔ;u>gau9dVM2U.2gj<Rep>kUE#,#;/w8>7ludrP`]J-G/OHx.r)kc_7)7Z aI^hR-B}>†:Uٰ[ߦdBҸzILngQKԪ"!&[\[ ܜތ4wqte͖*꾭H܆2J.NjQ4=` X7Kkqa?Qyi]*b;؜etTځ޲RF,*'ҶRcdH.z[o|[7Jz_Q?$ }:)'#1$sWK@+߫:RCW6W z6#mލ`~*G jG^^ x̽jv@4j&Ջ״Enw VB7|_wn-yǒ}9>,qװBed_U~v<=y?wf;X}gEy*nZ?dnBh;/UOg&02QFXL{G-RR0~F"-=\<@3 Ac*$\z+LZ 6~).5ܠN4#d ~1mTj)w_gL6 c5qo,7t?Vo{ (ބ!?ʁjqO#pQ!j ?tkoƧ(]@d)gV3NEG|K&49&l|jDDPx P&\:-d~oyڶkgv_N.k5{Wj lqe= >6Mpm'%~ca '=)BA#/pnSCI_>.rۭ}uºa頀bOW*2~u<%C|ve~U!܅rĤՊ+ﴹ~&O0)(Uz0W!I wU?9>mْ4S Wԏ([j"Qţ|:XIq׍g<4Q?f$ܤ:,'ѵ=գgME!lJ](Sye@c\N') 9C_.RC;8oIJT= &,B]G6&d :)X3H-Lp05WƃsiW7RrAԮ>V2P&pQ?`}ތ9vJL,T9!Fc'jTp4~*; < nt}xR9L6B\zhњJߡ='h%bQ bPj@H6oNj٫>?9,";^NZ6]q"]Q Tif 5.Rmi#`'8BeoC~[ ^>L}IT?NC!q'P `Dҁ1l!9ԚP@_>ƈZeqA`Wj>dn[mmN~g`iAM:440J̮pkzOcWWp`!d߈jT34vR5㟋hzBiY1f?M+g ̶[S@]N}%>DBg3:GTC)c.5+󐍩x ^e`njSn, ɠz0ۺ\LS(`]vh umb.peGY4;xSЦ_cdZ/uIw-2me,݀O+K5~̶fH܌7$+IIX T_-Ok]!CV=":K{gj VWw(xfټ3zO1qDA2wÉj|x}/"a(<|VV=C7N[V]|^݉4S"ƸUaBRDIrP5g u ̽F½8ޅ+6<!{}~ݨǮ|r[DT-7U?:1xJUguMMAz ދb1{ 0 Lq|m%Ọt%g>]Tap?Uٓa"5ۇ!s:B4?˞s=<+[M(@`귅ƭ}@X Ϡ5Jq^|L嬰J GW"8N //@DGދ8OT̪e_ߙ4B/^1?[#OJPӃO>f1 {@<ՃElZ[. ~ޓ!AwZ^d#,;3>e80՝rgCmGbByU[Dy6ǣ4 Ula(Lc #0znwLU\zm>9 f  5/ 9͸5 w ouyK>Q1K }Z m`7C񮼉{R*x7#de>|N!p{swѫ5s>wuRB*&25Y&EBi8g&TLB=WMT6XRG%X6ߠ>D^MhѼsH:w9hS"rvBm(a٬l@d&*iN k~tfDdmm/t ՁLUJd lgKX?b'*Je4r*;sQ :cELt@`v.PswQ#:}f[Um!ʃ'@P-4 )W잟šh:~ـon֒::2+ګ*c/sYF$D6^/Vxt{imzx(jQB%᧺Z+LiSYi~o#6J'<(sl9[l0\ ʔ9֞Q&Q4}R*X);q3ܗLOD0:}Pmѕ ۱l%n@F܉8A~}^È0S=auEEA#,+2= ֵI/"~tuO O&ƪpP6ij޺Mq,lG}8$ [O$"]Y,ԁ,q 0-{e%xYHhnT_ҵ_9GmqA $UU- 7l`B!S/p|LݙqvSНtWtk U_JJT6RRR^۠raoryɻM5]/㥒t%_Y_쨅gHZke;6%y !? VmVַ=ibVѴ u}%LC3Jxv`7dɛUo'ٔk씭"_&Ơ;8Xc^pywtMԻt'pGެ7 0޿o@˱aоvRfsVI,,XO^e#1H|)Hn>x |Ŷw YF~U~'P XXC=౴6GZ;4 jvYpޠ]6 Ph~s! YK>i^'y,VmiG첑,9gx!Z +5GJ@'Õp_V'%r8Bc|-je۰I{`oŵCG tg9L9񻹙+õwI‘7}T.RSݢ鶁>k< `dr8/5/u~RS Qhps Lq@^ZnI!/ )%T=ʈQDC~>r m=$QHAJA[=壀/[c"4$<9w8U;QUx"23+hRU פpZMwJQ_K8: #C7Y4w"`RgmJO7XmwHG/Mbzi$Gq7 %kX=-vwR}1xbEفY3KwOwI AI =|^;Qס S/EQkEWǒp3&"i?Q`cUhrDT5E&Ú2{.LWj 93&:0M`Bg>'E9e <{_av hnv~jGUsu09mjdg2%E6@-mGx%|W_bۿ]UyEӥ.+pnxQ\f<,(e=K5؞[A ( qD@T԰}6ۓva2gAH'+O"ʽ~(߱*ǔlD Lˀ|w_ٟƹSpnfg)a9^O@`EW.dAc=Y >|i߄LQ7,?fx;GN&^= *RդD11C4[nH7BQZ^9U[ 1 Yq/Y>~O9kFJQΈf*4Ͼ܍CߕaIn}H-@Zn]N}ُ9%Pm;<0 ZGsM ~ܐ1z$v")=JbWlk3zc$, k ÿW/Kk ZpW@D|n[b 5ST6@!R)Iu6+.}Q+E`[ŷuaMvģ$pA=J{ 7"y~]*$qu?  -e,Gx_?;@FJ+$%JΝMGh۽ā``(h3 I ٔy`X 0+duj"oIze2ĈB'ULa`Ia֏8?qc82fM<ҧo,㾱qnS&ѨIW*@{76600$,`:bTY۸d]<w,w&}E+Oy[1dzhqT..gpjHNPDaYT̝;%Ф9K\D79]6pX&SxܒLTCNc.&fDKgod-{R5崋ʖp_aRo9;HwvWBrA ]2S@ntsk x f(@Sw'3Fzȯv75~"^XbzíeLNXn i ӗێjuy׵Μ. x ڊ+j> /a-`lSä LCP謙|9{"'ٷU(^QB)yel쌟G~5ƎYD po#KhfgND ıaS֧@NܭuL9}.5lyxT] 8OIi72\ayS~c.KNnakS;SU{ h5rKB"<͵ zu'hŘ@~A[Ca玱kW%%It~rCUF yJ卓߅¶}.8P0_:FsGVo qh]ljJw3o׺n`W?`(4BUy6JrRcmNQ-v|鴏A=5&[tgB6o=iO2зq3cd^jLLqZP`nWij0{klNgƷoVT $x #%nG.7L'om91ZsC 9kzK0jQ/ӦSa܅)6p9غD>@KU]qť"[Hﲋ ]Yt48]Y.EO  '%nm[}EO~|E9YvY ! ^uqRK (GG2?!\ȯ7fJ񾴺 al30{Dto k$YE>6N{(A&Zr?]Z[!ޯCzggLύp*bf~"+<˦*@ fÝT?@l~oǡA/f_N"Iwa k5Q*1O(VZF{x$~Eof U%8 ʙ8eٔg_ |Jg1Nx"pn:WDo1zW);:I\_| z k$1=n! 't`۰x]Dڴ z_֟ <#*Zq3˽񢝔TWMA٭FL N~&'+$6!K] t⇩:0eN +>RF;^-hx5o]IU n 9軥EJJs\c(MeLJغ\s#+W֤yis\IM ydp 'c}IPL:St$]>2h,DD$Ion-1纔FȚ iz1iLmjBs T 6]p ]&2?-Nxi)# &Sÿ=%2ucV/ J .3ٝ*Tܦ4c~|5/ŵ`,I=Ld|1|E^Teyk(<KyzДi pЁ^Cu%\ ͧD20#j`w j):X1J|ri>kI ߠzNhsy)',p AmaWTѾNɝ] 0e"Va Hv^X:U#5u:1\}V͸%c~.)ɕLiD"'}2&[GX ȧQ)w[ M a./%u!f'7Ǩ\R[jz]N}`b+wLj.7ݽfJ,M E|s66+t 0`H`;ٴ*WVs|?ƫV}k4{ r!7+{z2_Ӿ$^Q1Z%~˻ M)/6~+YMaN!8y@bt ϾՔ'*yO9ĎX@E_TH6- [i1BEv v}B*L}$ɵd_@;-Xhz1ϠȈV?\Cj+n/\Sg_Uzvl!cZ){QO;2z>b\U~A)|,\uaێU=3[̷0,J,r|BB,:`W6m9]Z3i֫(!F0 a49^|QTS&"O]βB.3/I\o_ĠИ@'rl}J\T .bj>j֕AJs5ro`dyT%ʜ PlIPӴ#to# "/O' n"-Ƥ[كN6`bs٭7/erˀ|Slx Y\=^$Bnd-wy4=hg| +>(2c "ቴq%dhXz+W8ńhFM ǻ9ӽ՞՞h*=T'wꄺu_ >$'[{!Љy {/M@#e KD}ETB}*EQGt#m="jh臈-qV-(lj%eN/LO-Sap|ޏ^d[D%~PۃU|̰Z*|dIG#<6*xz !<>v6B1ڈ:MyAX:uڨ:9(..!/!S\r&uGq!ʴisFGl!b8- R8V'w ͌0?*Md!^Vz p^>{oC-#@ v6UMtlρ_e!muBA#\!_X#Sn[p /o َm*𶓕r,f>G0"E7pёW\`RmN Be $+ٻbiHkzWn(E*zr^J o~iH`ɭRqIG.Zծ_'kƽt%?I/N !n-SeBO e >Țhg),r|;C5[Ad/=nMފih%.RV+pOd2݃qq4VkQ6?ARɿIB6gŸ7A,Ts oS' \ XͯD/Y 4՘mSR/זnwZLsyODot*k:L=:< z a5?U=a&? ] 0J\% c5dQWl JFDU>F[m,Q]#߿wHd-7X '9O$N2BoX71b 3:惞2kW]jݩIY.eKYMB 1K߄i|N|*n&(^1I{Ip?nAW9 ]Ě=L{߀1t; wP7(Y8*Q&9J8JN'nȺKܚ sum %[`R߻?#V,T ; %p:ZGqBu; R'+nb- aԾb+MDNh"KuQr>l[d_1ZKj\ɋ:Җ~swEgIFo4CP"?> ^_Xg]>iSvPt vL|~ՀM@ByvEn/%E70ɏz-B''PHKmdJNuC 4lBPV$$}"KejIv4QDUw m j/=}@V*Rj餿E>̿T#yy#w1 cpz \ sl?i⟹纬rX^=}ʣzOVu]ya^+yT\3] 12joHT0TTtSPc;Zѽ m3zk0!Bu%әmzZ[o;~Ggf)0S[?Cت+rJbUcց䥌3IV' vFr kUO[P}:Kֱ=BO we`$ B~Q0dO4` evr"/%{xj: 7Jֳ]0eO>L*I6έ>Id=rNWvFFOID˸Sq QMyr@UoIJ'֖I>Hv\G.a4sڕ-1P9ﲀ&\'%e!QUP|+RexCqIFN0,%v_oPp/s]n*lɟJmH{UHG!MP(,dN=Tz z lU flq 2##i B!_>0LA8r'F*U#n#3H#t&{:Fqo+{>wxbUVUNZ7.;NϷmF>iUU4MNIzͭ9_{GlZ~:L["ݳpt 7\#{وTE"2l?~ŮЎg䖬$AG!T-1Uչex#XC=éV\[~C[gtCK?iҁh~1֘c;w1άa:VF0c0 sF*i%%$ ]*.O\+m8JfO6$xpߏM!"cIC)i4Ґbq6:wM \Kߕ>-EY?2>WJ>6k 8.k/+Eq:;1^LHiĒ*G?0V0=D99SSyB6L,/pp||IS T)i 2Ro+6"ąLeۗ*Fw drEZBl$AѦBRVi/4>VTjY.0G R}\s*IAe)0 ҆#ZD4òUy2Oڃi>WǯE-,r1SI'gmzIvB]M?2* {k| \d9N53Ճ&-fٞybqL'j!Z!)($8bЀK`[-pLΊOH1b?lCKMCtP}^:!ٜr VUf @nvXpCc鳰}<>ly%{j`-VѰ O3 }ҀDW4eNK)Ӫ] U(=i崻}&+ͺ{2n%~QO p& gwr6Pӥn`8=v/bIHmuʲYoRɈ|0^MRk}D,]Kךo=Z`UI&+^"Ehn+ddZjܥw A.IGB_ؚX{PƯ&SɺC1Цa}`_ԭ 셵a2t}pkzRީچS]kU q&ԯE0V$=Hٿy}TSYd4ZQ\v T׉&uk?y o2yq 1*Z)q,O]5-(ۃ꣡=iiB;v9H&84u;YGGӓ&=]v}axtǒjB̍&jic08^%2Y;CV)dVƵ+%/OgG=4(r"nZ=yK0Jp0~t;* [Y[\pɊ-ڍ;wHGwȍ~]>qV܁b|}LIVzzqk*6(u%!hI(ܺ yg1.3qA̟H5\c.)ne0,?|Ÿ25YGs`3ڧw?JJ@6_و7"I?rĸ4YLI㠚Ue#[ LG$"szOHLu0ۨS8 F@^ a\/ܶ^睷w;#5п2|zeR ,og&pUz(VIT?f2 !b7#QBOBlz&O2ф.Ǘmv',c4U/@cGCOjddO I#W[6NN ygvcC9VX63d~]ڛCBVd5?0W Q"9V <>2^<ܨZi]ǔݹGBQ@ pOQxzhvgQ dl­/B@*]z .4V6-0aY;%6kFUjU(Huh$mtL ҕKfA$YD;m B Ss$Q {T<]RkOozd;,GX%?yt;*('wUymol#NB)ZW\4%\VꟽA#.n \#"2j3~I /(yV~lςg" .341`)cfz*y]?hu}0JmJ K)fCj'aeMd㐼 fy0imt`h`'$-y||.4KCߝ;0w9r$zOO YG$🃔"?#0;"oj]]dI0W>7sE08̧#@e .F"6,(p"Vx3Kl` _9ͷ1!C^~K(~9 ?ٛN금H<30mK{jvXܑ a< 7gb ?4ThEN@?6=1^W'HeY)"{U,C_مqI<#Ķ"1J1TN"ȗx.Z[jsd6s٦_L$&YKlȆQG A&dԮp56=qn0Y2#ga-Aiw 1H-fW(z19 eUq[_HWZDK)#`^?b<,"n탕Iz;rmX$Uzs7"!<<_d@w_*Raqط̪>~Ewhʁ!SimYo% qU*K08:]ŜNv{.&eF^y5!^;-tESmXS+]5C]aN?~8qj9&3lX~+̴-qoc;K0L2">qv 3&LSI"+BJe¢QwT(ɵ}L@|H ޡ9LWF|oCd?tq g6/wo%;xI@Ƅ䌳7 Vƫ3Sd)ܼ@tVZ:I6<Ä!mNm }Ho0^4 Ym1 sG_ @?rJ%AqS5o]Bv RlTrxŲoק/4dV 7=,/6yksjl@t隺`i)O3ƮVFc}rR鉎)nkCR10.1{%,Y ʲZD׺`LN9{&j$F='o\C0EdZʰe#fV=3m7X 'qlRcʈft +&GlQޒ!R!)uP[k+*KKӅYtZqҊRm{s@ D$n ~:yP)ǥ<8B'I;' p%[TǬk%Fj%@I 9%"\O6Љ3謦UUɦ+%{9M{[>87,Ը ˡ\ w9`#dpGBC#mȐg; h|u$vVxgPKo7[0 -eVžH)mRvsુCfY9W#JEJ|(6Ǹޑ~7YLLZ ơC J  P j"gmq:2ܸVXUfRQ)'bHUqwHq 9E̾Nz Z(g\.{C  <,AoXb+jO'}^P[ 5#wXApbe 1@ٟ\ ߵ:{"|kD"oN-96"Pyt&a:g΁_̲p޽(ZUۀ|H~Ԋ>^SݦI4jŮ#Ro?筄#8wTTz]~r>}AH&,xL$}Si\3=qٺ+uWW"OCP0ضٚdvdd4.S R@̷ өψohWC6vN! Aup3!,LiW4?kSYdcWoF 6YyBg'b4&eas(.t#/>.`״X043f*31Չ69\&IǬCұj9d|GΩ$NO3!CcW:6"ȠȟdVio BP2끣֏Y rl{ڍ|DClVA0yzCp;Ehh5z%2@HOw+jFv`ȅ@.،@9:N]`gng577Dϓ#K5yd{tc[5*08LorXetJXs0jn%!4^{9i^+'C%"np6ŶjkOP t1NjxK}OepLVܚqK{ܝK nB{b3.ec29gw rw.r<܍M᳈38Ϊޅ; *nkg:>0N;|GJ#/Hװ gaս]%/ҭKqxփ/e)n ϛR"?S`Y'aGET=ǩGQi"׷(P ѧU4u΢_CZ ~K76jWa>J iLzt(b>b- $ M/RUU+FTu-9ܒet'}\}jG7(Nm'/Uڍ<Ao5Ȇ,Xṅ-JivW&}D `x1)Z%"-  s 0vwkp/\F xDƒ 1% +ō*.S'C5S φCTs$mA$5%AAwpA V}QYe{Do0ՆO-+w91=8<[GywBZsUM/hZ>2+㇠P3ϻF2 R:qFW;ro% z$ŏ|%Mr57)^v1,DmΔ6wwPwf e6J(S}%$j(,G^ox UR ;4?e1LLr oy?skTZ}]KKz_ýs&]1F.0VS5& K!#-T/XI˥8XWC:.㞣hrt,H24&8OF7s^w+@l8l rk6 p3)1zz9}lcMw(hȻ<`wj$cGY_Wְ=g1D.,k?F+ eÖU><*B8G@ȑ 7daɰ]ٲ.NՎ:;9THæ'GJI3Z8|O{mQW>lѺrQ労̡*QV0ٖ( V/bMC:o`3 PMiVG~wePKV)z"9ŕGY )7V)U 5!KKeYU_ӞFujhxG]WHӑR{, Jݾ/ OM0>+I s'RFc Α`6%YCLybĄa}fHjSU6 Ck_1/%Ӯ!%)Q6"M =&:Xv>UTyHA6Cp6Pr_c!_ת y2³O,.F+akj~Z])E)/5BMh Mo8ȼrh vk6Z%HkO ĖZ*621q s9YEU#-X9عiuSQSxo8ޙYJۯN+\OJҳ)p,rח ]Q =-3n7>W {,‚~IPK${ R_ۡ z xuA~r,d.H#E¬ږ}*C ]%}Eh.\0a KG1vc;BžA#x`E Of" Uk|7[U e @ܘ/IX'H̵5yTR.w<F\@IDǑt mꦒL}]9IgJۣ{]hгDyOk|u8h@BC$IS^li6!7\>HX"sreT!wͅ,S<^c a}<22iBWW1p 9B M>:i$BH*Rqx0{"y&@)ѿΜv(tb "Q7skS<?]/aIG]Tл[~f&HJoMaAQSa9^~u3TXlF T*i;kYT Q$Dg@O Avyicnnj.-"mVd;G@7ѳq <ۉ@oO@+Ҕ{ct2nqְ!3>zɩ&Zh+۪"Pʕ\$.JV .EgdJJ]hK'֋౛ȈZG~,[;+Vt_}gsc"[U6/CFU=N4| g\0cߢEnlu["4“wUX%9ɑH ޿Dְ{&S6*L-v{Z3R_|~G,A$V-@fJOQ([] :[=vb*;Wz./5$i_P]w[!H4 Atݢ ) 8ڋ"AґU_=X$pGU(nj3m52iin{8||CkJKP#xK6\e4c #%=BSbޮږ$ U@E8JJBw'r/ 9d{\'TW_y$UM:vsnl̈́e.}cg0F2IPHZۼУTSzA)u\U+vOjJZlR ^z&tȒypKˡLw6JPEZbpuP?/(s@HF'2f=zv 9w=UQR(3*h 0)fd$֛ա ̧q46#lq#Ex %nNSF{w@=\{H9yh޷B2`v`!䷝$NrmiQc@LN&xe b5TtT""Aѽ$R*.Rd5HW)2#z }{@(@F=:A`4H̝pduWmrf.#^zv= /uŮ\U+{?ro)%ԈSg Z\lX5iʹjHP$B.jGR4%**y&4Dz<,5(o@]Ou:#M<2'A#.š \`g=.a}CvBgr[lPl ?N#)Ռ#e%.ub *95V+6G.6޶ҴS >C}kwZwHS㘺1 f9VtL=_8qǪ°>8S>$ rq-4 W<#y@F~iKi>V{@۰ȳgmP:r (3BT w2TT {A 2җ" $iל:CIO'uf-O' _IԚ[]iQ[wQ 7 c|7X C<<$Bu1)gc.^|,Pq Dw?5&'BQ!%nlcQ%ߪ/]h ?L!YFlOVPm\j:oAiسC&(Jd(%?@-7QyaRo.Йi*70>KLX2[Vs*TJ@nY "&w,De N9S='{g$㻖mIm[V]^4p^W$}`ܖzV%cHdmF|D,6yu?&~0ٝ}G SLQ&kkxa V 6鏟 Ԩj.+kP0Ζ"NFM`D?|zwtq&NNUh*2e"%te(ܘRdmv/i3"s$A]!n:Ԙ{a`~?tI"j41^qo&@I\-*ȣrc ki .ρ ?!LQŐUЊC(~*I|Ϟ/$^L#pѨr)U6X^